From 9d1e3f6a006257c7af27557ffa34622357c0e037 Mon Sep 17 00:00:00 2001 From: Noah Pendleton Date: Fri, 3 May 2024 11:02:22 -0400 Subject: [PATCH 0001/1080] mbedtls_net_send API description typo fix Signed-off-by: Noah Pendleton --- include/mbedtls/net_sockets.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 85c11971d8..8e69bc0fb3 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -229,7 +229,7 @@ int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); /** * \brief Write at most 'len' characters. If no error occurs, - * the actual amount read is returned. + * the actual amount written is returned. * * \param ctx Socket * \param buf The buffer to read from From ac2cf1f26c9f1af70dbc99bb5627d199a338742f Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 10 Mar 2024 02:11:03 +0000 Subject: [PATCH 0002/1080] Defragment incoming TLS handshake messages Signed-off-by: Deomid rojer Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 2 + include/mbedtls/ssl.h | 2 + library/ssl_misc.h | 8 ++- library/ssl_msg.c | 99 ++++++++++++++++++++++++++++---- library/ssl_tls.c | 17 +++++- 5 files changed, 113 insertions(+), 15 deletions(-) create mode 100644 ChangeLog.d/tls-hs-defrag-in.txt diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt new file mode 100644 index 0000000000..8c57200119 --- /dev/null +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -0,0 +1,2 @@ +Change + * Defragment incoming TLS handshake messages. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fff53399b7..eb60c78fa7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1808,6 +1808,8 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ + unsigned char *MBEDTLS_PRIVATE(in_hshdr); /*!< original handshake header start */ + size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated hs fragments length */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5bda91a281..309e924ce8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1829,7 +1829,13 @@ void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl); +static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) +{ + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); +} void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform); void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 7000e93e53..1c548ecaca 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3225,7 +3225,11 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INVALID_RECORD; } - ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); + if (ssl->in_hslen == 0) { + ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); + ssl->in_hsfraglen = 0; + ssl->in_hshdr = ssl->in_hdr; + } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" @@ -3291,10 +3295,59 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* With TLS we don't handle fragmentation (for now) */ - if (ssl->in_msglen < ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + { + int ret; + const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen); + + MBEDTLS_SSL_DEBUG_MSG(3, + ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" + MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, + ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen, + ssl->in_hslen, ssl->in_msglen)); + (void) msg_hslen; + if (ssl->in_msglen < hs_remain) { + ssl->in_hsfraglen += ssl->in_msglen; + ssl->in_hdr = ssl->in_msg + ssl->in_msglen; + ssl->in_msglen = 0; + mbedtls_ssl_update_in_pointers(ssl); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } + if (ssl->in_hshdr != ssl->in_hdr) { + /* + * At ssl->in_hshdr we have a sequence of records that cover the next handshake + * record, each with its own record header that we need to remove. + * Note that the reassembled record size may not equal the size of the message, + * there maybe bytes from the next message following it. + */ + size_t merged_rec_len = 0; + unsigned char *p = ssl->in_hshdr, *q = NULL; + do { + mbedtls_record rec; + ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); + if (ret != 0) { + return ret; + } + merged_rec_len += rec.data_len; + p = rec.buf + rec.buf_len; + if (q != NULL) { + memmove(q, rec.buf + rec.data_offset, rec.data_len); + q += rec.data_len; + } else { + q = p; + } + } while (merged_rec_len < ssl->in_hslen); + ssl->in_hdr = ssl->in_hshdr; + mbedtls_ssl_update_in_pointers(ssl); + ssl->in_msglen = merged_rec_len; + /* Adjust message length. */ + MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); + ssl->in_hsfraglen = 0; + ssl->in_hshdr = NULL; + MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", + ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); + } } return 0; @@ -4639,6 +4692,16 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } + if (ssl->in_hsfraglen != 0) { + /* Not all handshake fragments have arrived, do not consume. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", + ssl->in_hsfraglen, ssl->in_hslen, + ssl->in_hslen - ssl->in_hsfraglen)); + return 0; + } + /* * Get next Handshake message in the current record */ @@ -4664,6 +4727,7 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) ssl->in_msglen -= ssl->in_hslen; memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen, ssl->in_msglen); + MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record", ssl->in_msg, ssl->in_msglen); @@ -5338,7 +5402,7 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) } else #endif { - ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + ssl->in_ctr = ssl->in_buf; ssl->in_len = ssl->in_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_cid = ssl->in_len; @@ -5354,24 +5418,35 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) * Setup an SSL context */ -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) +void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl) +{ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + ssl->in_hdr = ssl->in_buf; + } else +#endif + { + ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + } + + /* Derive other internal pointers. */ + mbedtls_ssl_update_in_pointers(ssl); +} + +void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl) { /* Set the incoming and outgoing record pointers. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_hdr = ssl->out_buf; - ssl->in_hdr = ssl->in_buf; } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->out_ctr = ssl->out_buf; - ssl->out_hdr = ssl->out_buf + 8; - ssl->in_hdr = ssl->in_buf + 8; + ssl->out_hdr = ssl->out_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; } - /* Derive other internal pointers. */ mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); - mbedtls_ssl_update_in_pointers(ssl); } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae4fd89f6a..70621b5ccc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -343,12 +343,17 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, size_t out_buf_new_len) { int modified = 0; - size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; + size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; + size_t hshdr_in = 0; if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; + hdr_in = ssl->in_hdr - ssl->in_buf; + if (ssl->in_hshdr != NULL) { + hshdr_in = ssl->in_hshdr - ssl->in_buf; + } if (downsizing ? ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : ssl->in_buf_len < in_buf_new_len) { @@ -380,7 +385,10 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, } if (modified) { /* Update pointers here to avoid doing it twice. */ - mbedtls_ssl_reset_in_out_pointers(ssl); + ssl->in_hdr = ssl->in_buf + hdr_in; + mbedtls_ssl_update_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); + /* Fields below might not be properly updated with record * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; @@ -390,6 +398,9 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, ssl->in_msg = ssl->in_buf + written_in; ssl->in_len = ssl->in_buf + len_offset_in; ssl->in_iv = ssl->in_buf + iv_offset_in; + if (ssl->in_hshdr != NULL) { + ssl->in_hshdr = ssl->in_buf + hshdr_in; + } } } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ @@ -1483,6 +1494,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_hslen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; + ssl->in_hshdr = NULL; + ssl->in_hsfraglen = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->next_record_offset = 0; From 5f7c2c21825518d87912aafc8ad5bda5ad0f320b Mon Sep 17 00:00:00 2001 From: Deomid Ryabkov Date: Wed, 15 Jan 2025 19:26:47 +0000 Subject: [PATCH 0003/1080] Update ChangeLog.d/tls-hs-defrag-in.txt Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com> Signed-off-by: Deomid Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 8c57200119..3555a789d8 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,2 +1,2 @@ -Change +Changes * Defragment incoming TLS handshake messages. From cad11ada7f7d0b79ac1a49d2d9e0484ce42613a1 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sat, 18 Jan 2025 15:58:57 +0200 Subject: [PATCH 0004/1080] Review comments Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1c548ecaca..d0b755d9d3 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3298,15 +3298,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen); - MBEDTLS_SSL_DEBUG_MSG(3, ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" MBEDTLS_PRINTF_SIZET " of %" MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, - ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + + (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), ssl->in_hslen, ssl->in_msglen)); - (void) msg_hslen; if (ssl->in_msglen < hs_remain) { ssl->in_hsfraglen += ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen; @@ -5424,7 +5423,7 @@ void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->in_hdr = ssl->in_buf; } else -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; } From 3dfe75e1158bdfe3225acda6612e47bdf397002d Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 26 Jan 2025 10:43:42 +0200 Subject: [PATCH 0005/1080] Remove mbedtls_ssl_reset_in_out_pointers Signed-off-by: Deomid rojer Ryabkov --- library/ssl_misc.h | 7 +------ library/ssl_tls.c | 6 ++++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 309e924ce8..45aaea59a3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1830,15 +1830,10 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl); -static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_reset_in_pointers(ssl); - mbedtls_ssl_reset_out_pointers(ssl); -} void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform); -void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 70621b5ccc..450c397c78 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1419,7 +1419,8 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } - mbedtls_ssl_reset_in_out_pointers(ssl); + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); #if defined(MBEDTLS_SSL_DTLS_SRTP) memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); @@ -1484,7 +1485,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, /* Cancel any possibly running timer */ mbedtls_ssl_set_timer(ssl, 0); - mbedtls_ssl_reset_in_out_pointers(ssl); + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); /* Reset incoming message parsing */ ssl->in_offt = NULL; From aaa152ed91d445e233e71c8d7c3f2aa5b3b72a1a Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 26 Jan 2025 11:10:54 +0200 Subject: [PATCH 0006/1080] Allow fragments less HS msg header size (4 bytes) Except the first Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d0b755d9d3..36a8611109 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3219,7 +3219,8 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + /* First handshake fragment must at least include the header. */ + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen)); return MBEDTLS_ERR_SSL_INVALID_RECORD; From b70e76a1e6ffd1596915bc337d8975b904bdd8f6 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Mon, 27 Jan 2025 22:37:37 +0400 Subject: [PATCH 0007/1080] Add a safety check for in_hsfraglen Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 36a8611109..3eb49e2b26 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3297,6 +3297,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { + if (ssl->in_hsfraglen > ssl->in_hslen) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, From afa11db62010d7d0fd23087f228890e264fa66d0 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sat, 1 Feb 2025 15:33:37 +0200 Subject: [PATCH 0008/1080] Remove obselete checks due to the introduction of handhsake defragmen... tation. h/t @waleed-elmelegy-arm https://github.com/Mbed-TLS/mbedtls/pull/9928/commits/909e71672f6a11219e12347c2d7d2429b98e6500 Signed-off-by: Waleed Elmelegy Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls12_server.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9e7c52c5e6..8aad2b888a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1060,23 +1060,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u", (unsigned) handshake_len)); - - /* The record layer has a record size limit of 2^14 - 1 and - * fragmentation is not supported, so buf[1] should be zero. */ - if (buf[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0", - (unsigned) buf[1])); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* We don't support fragmentation of ClientHello (yet?) */ - if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + handshake_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u", - (unsigned) msg_len, - (unsigned) mbedtls_ssl_hs_hdr_len(ssl), - (unsigned) handshake_len)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } } #if defined(MBEDTLS_SSL_PROTO_DTLS) From eb77e5b1c7789939a3135a5ca2e96bbdaf148084 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Tue, 4 Feb 2025 12:08:15 +0200 Subject: [PATCH 0009/1080] Update the changelog message Signed-off-by: Deomid rojer Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 3555a789d8..55103c9a42 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,2 +1,5 @@ -Changes - * Defragment incoming TLS handshake messages. +Bugfix + * Support re-assembly of fragmented handshake messages in TLS, as mandated + by the spec. Lack of support was causing handshake failures with some + servers, especially with TLS 1.3 in practice (though both protocol + version could be affected in principle, and both are fixed now). From cf4e6a18e6645968355c9fead96f4a46da5b5265 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:11:06 +0000 Subject: [PATCH 0010/1080] Remove unused variable in ssl_server.c Signed-off-by: Waleed Elmelegy Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls12_server.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8aad2b888a..aca37fd2bb 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1056,11 +1056,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - { - size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u", - (unsigned) handshake_len)); - } #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { From dd14c0a11eeefb0b37db4ba6bd3967746488aff4 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Thu, 13 Feb 2025 13:41:51 +0300 Subject: [PATCH 0011/1080] Remove in_hshdr The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it. Signed-off-by: Deomid rojer Ryabkov --- include/mbedtls/ssl.h | 4 ++-- library/ssl_msg.c | 20 +++++++++----------- library/ssl_tls.c | 10 +--------- 3 files changed, 12 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index eb60c78fa7..0e0bee54c7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1808,8 +1808,8 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ - unsigned char *MBEDTLS_PRIVATE(in_hshdr); /*!< original handshake header start */ - size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated hs fragments length */ + size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments + (up to in_hslen) */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3eb49e2b26..a920e46dbf 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3229,7 +3229,6 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); ssl->in_hsfraglen = 0; - ssl->in_hshdr = ssl->in_hdr; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" @@ -3296,10 +3295,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - if (ssl->in_hsfraglen > ssl->in_hslen) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } + if (ssl->in_hsfraglen <= ssl->in_hslen) { int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, @@ -3317,15 +3313,16 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) mbedtls_ssl_update_in_pointers(ssl); return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } - if (ssl->in_hshdr != ssl->in_hdr) { + if (ssl->in_hsfraglen > 0) { /* - * At ssl->in_hshdr we have a sequence of records that cover the next handshake + * At in_first_hdr we have a sequence of records that cover the next handshake * record, each with its own record header that we need to remove. * Note that the reassembled record size may not equal the size of the message, - * there maybe bytes from the next message following it. + * there may be more messages after it, complete or partial. */ + unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + unsigned char *p = in_first_hdr, *q = NULL; size_t merged_rec_len = 0; - unsigned char *p = ssl->in_hshdr, *q = NULL; do { mbedtls_record rec; ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); @@ -3341,16 +3338,17 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) q = p; } } while (merged_rec_len < ssl->in_hslen); - ssl->in_hdr = ssl->in_hshdr; + ssl->in_hdr = in_first_hdr; mbedtls_ssl_update_in_pointers(ssl); ssl->in_msglen = merged_rec_len; /* Adjust message length. */ MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); ssl->in_hsfraglen = 0; - ssl->in_hshdr = NULL; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); } + } else { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 450c397c78..991b431179 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -345,15 +345,11 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, int modified = 0; size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; - size_t hshdr_in = 0; if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; hdr_in = ssl->in_hdr - ssl->in_buf; - if (ssl->in_hshdr != NULL) { - hshdr_in = ssl->in_hshdr - ssl->in_buf; - } if (downsizing ? ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : ssl->in_buf_len < in_buf_new_len) { @@ -398,9 +394,6 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, ssl->in_msg = ssl->in_buf + written_in; ssl->in_len = ssl->in_buf + len_offset_in; ssl->in_iv = ssl->in_buf + iv_offset_in; - if (ssl->in_hshdr != NULL) { - ssl->in_hshdr = ssl->in_buf + hshdr_in; - } } } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ @@ -1494,10 +1487,9 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_msgtype = 0; ssl->in_msglen = 0; ssl->in_hslen = 0; + ssl->in_hsfraglen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; - ssl->in_hshdr = NULL; - ssl->in_hsfraglen = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->next_record_offset = 0; From b14141dd71c81f16a6790d13542255811ecc6f84 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 15:17:32 +0000 Subject: [PATCH 0012/1080] Move programs out of Mbed TLS This commit moves demo_common.sh, dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c, zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework. Signed-off-by: Harry Ramsey --- programs/demo_common.sh | 137 ------ programs/test/dlopen_demo.sh | 42 -- programs/test/metatest.c | 484 ---------------------- programs/test/query_compile_time_config.c | 66 --- programs/test/query_config.h | 34 -- programs/test/query_included_headers.c | 29 -- programs/test/zeroize.c | 72 ---- tests/scripts/test_zeroize.gdb | 64 --- 8 files changed, 928 deletions(-) delete mode 100644 programs/demo_common.sh delete mode 100755 programs/test/dlopen_demo.sh delete mode 100644 programs/test/metatest.c delete mode 100644 programs/test/query_compile_time_config.c delete mode 100644 programs/test/query_config.h delete mode 100644 programs/test/query_included_headers.c delete mode 100644 programs/test/zeroize.c delete mode 100644 tests/scripts/test_zeroize.gdb diff --git a/programs/demo_common.sh b/programs/demo_common.sh deleted file mode 100644 index d8fcda5544..0000000000 --- a/programs/demo_common.sh +++ /dev/null @@ -1,137 +0,0 @@ -## Common shell functions used by demo scripts programs/*/*.sh. - -## How to write a demo script -## ========================== -## -## Include this file near the top of each demo script: -## . "${0%/*}/../demo_common.sh" -## -## Start with a "msg" call that explains the purpose of the script. -## Then call the "depends_on" function to ensure that all config -## dependencies are met. -## -## As the last thing in the script, call the cleanup function. -## -## You can use the functions and variables described below. - -set -e -u - -## $root_dir is the root directory of the Mbed TLS source tree. -root_dir="${0%/*}" -# Find a nice path to the root directory, avoiding unnecessary "../". -# The code supports demo scripts nested up to 4 levels deep. -# The code works no matter where the demo script is relative to the current -# directory, even if it is called with a relative path. -n=4 # limit the search depth -while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do - if [ $n -eq 0 ]; then - echo >&2 "This doesn't seem to be an Mbed TLS source tree." - exit 125 - fi - n=$((n - 1)) - case $root_dir in - .) root_dir="..";; - ..|?*/..) root_dir="$root_dir/..";; - ?*/*) root_dir="${root_dir%/*}";; - /*) root_dir="/";; - *) root_dir=".";; - esac -done - -## $programs_dir is the directory containing the sample programs. -# Assume an in-tree build. -programs_dir="$root_dir/programs" - -## msg LINE... -## msg &2 < -#include -#include -#include "test/helpers.h" -#include "test/threading_helpers.h" -#include "test/macros.h" -#include "test/memory.h" -#include "common.h" - -#include -#include - -#if defined(MBEDTLS_THREADING_C) -#include -#endif - - -/* This is an external variable, so the compiler doesn't know that we're never - * changing its value. - */ -volatile int false_but_the_compiler_does_not_know = 0; - -/* Hide calls to calloc/free from static checkers such as - * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about - * code where we do mean to cause a runtime error. */ -void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc; -void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free; - -/* Set n bytes at the address p to all-bits-zero, in such a way that - * the compiler should not know that p is all-bits-zero. */ -static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n) -{ - memset((void *) p, false_but_the_compiler_does_not_know, n); -} - -/* Simulate an access to the given object, to avoid compiler optimizations - * in code that prepares or consumes the object. */ -static void do_nothing_with_object(void *p) -{ - (void) p; -} -void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) = - do_nothing_with_object; - - -/****************************************************************/ -/* Test framework features */ -/****************************************************************/ - -static void meta_test_fail(const char *name) -{ - (void) name; - mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); -} - -static void meta_test_not_equal(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_EQUAL(left, right); -exit: - ; -} - -static void meta_test_not_le_s(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_LE_S(left, right); -exit: - ; -} - -static void meta_test_not_le_u(const char *name) -{ - size_t left = 20; - size_t right = 10; - - (void) name; - - TEST_LE_U(left, right); -exit: - ; -} - -/****************************************************************/ -/* Platform features */ -/****************************************************************/ - -static void null_pointer_dereference(const char *name) -{ - (void) name; - volatile char *volatile p; - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (read from null data pointer) */ - mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p); -} - -static void null_pointer_call(const char *name) -{ - (void) name; - unsigned(*volatile p)(void); - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (execute null function pointer) */ - /* The pointer representation may be truncated, but we don't care: - * the only point of printing it is to have some use of the pointer - * to dissuade the compiler from optimizing it away. */ - mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p()); -} - - -/****************************************************************/ -/* Memory */ -/****************************************************************/ - -static void read_after_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (read after free) */ - mbedtls_printf("%u\n", (unsigned) *p); -} - -static void double_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (double free) */ - free_but_the_compiler_does_not_know((void *) p); -} - -static void read_uninitialized_stack(const char *name) -{ - (void) name; - char buf[1]; - if (false_but_the_compiler_does_not_know) { - buf[0] = '!'; - } - char *volatile p = buf; - if (*p != 0) { - /* Unspecified result (read from uninitialized memory) */ - mbedtls_printf("%u\n", (unsigned) *p); - } -} - -static void memory_leak(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - mbedtls_printf("%u\n", (unsigned) *p); - /* Leak of a heap object */ -} - -/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)" - * Poison a region starting at start from an 8-byte aligned origin, - * encompassing count bytes. Access the region at offset from the start. - * %(start), %(offset) and %(count) are decimal integers. - * %(direction) is either the character 'r' for read or 'w' for write. - */ -static void test_memory_poison(const char *name) -{ - size_t start = 0, offset = 0, count = 0; - char direction = 'r'; - if (sscanf(name, - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "_%c", - &start, &offset, &count, &direction) != 4) { - mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name); - return; - } - - union { - long long ll; - unsigned char buf[32]; - } aligned; - memset(aligned.buf, 'a', sizeof(aligned.buf)); - - if (start > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start, sizeof(aligned.buf)); - return; - } - if (start + count > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start+count=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start + count, sizeof(aligned.buf)); - return; - } - if (offset >= count) { - mbedtls_fprintf(stderr, - "%s: offset=%" MBEDTLS_PRINTF_SIZET - " >= count=%" MBEDTLS_PRINTF_SIZET, - __func__, offset, count); - return; - } - - MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count); - - if (direction == 'w') { - aligned.buf[start + offset] = 'b'; - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - } else { - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]); - } -} - - -/****************************************************************/ -/* Threading */ -/****************************************************************/ - -static void mutex_lock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_unlock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_free_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_init(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_free(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_leak(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); -#endif - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ -} - - -/****************************************************************/ -/* Command line entry point */ -/****************************************************************/ - -typedef struct { - /** Command line argument that will trigger that metatest. - * - * Conventionally matches "[a-z0-9_]+". */ - const char *name; - - /** Platform under which that metatest is valid. - * - * - "any": should work anywhere. - * - "asan": triggers ASan (Address Sanitizer). - * - "msan": triggers MSan (Memory Sanitizer). - * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS, - * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test - * framework (see framework/tests/src/threading_helpers.c). - */ - const char *platform; - - /** Function that performs the metatest. - * - * The function receives the name as an argument. This allows using the - * same function to perform multiple variants of a test based on the name. - * - * When executed on a conforming platform, the function is expected to - * either cause a test failure (mbedtls_test_fail()), or cause the - * program to abort in some way (e.g. by causing a segfault or by - * triggering a sanitizer). - * - * When executed on a non-conforming platform, the function may return - * normally or may have unpredictable behavior. - */ - void (*entry_point)(const char *name); -} metatest_t; - -/* The list of available meta-tests. Remember to register new functions here! - * - * Note that we always compile all the functions, so that `metatest --list` - * will always list all the available meta-tests. - * - * See the documentation of metatest_t::platform for the meaning of - * platform values. - */ -metatest_t metatests[] = { - { "test_fail", "any", meta_test_fail }, - { "test_not_equal", "any", meta_test_not_equal }, - { "test_not_le_s", "any", meta_test_not_le_s }, - { "test_not_le_u", "any", meta_test_not_le_u }, - { "null_dereference", "any", null_pointer_dereference }, - { "null_call", "any", null_pointer_call }, - { "read_after_free", "asan", read_after_free }, - { "double_free", "asan", double_free }, - { "read_uninitialized_stack", "msan", read_uninitialized_stack }, - { "memory_leak", "asan", memory_leak }, - { "test_memory_poison_0_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_w", "poison", test_memory_poison }, - { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized }, - { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized }, - { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized }, - { "mutex_double_init", "pthread", mutex_double_init }, - { "mutex_double_free", "pthread", mutex_double_free }, - { "mutex_leak", "pthread", mutex_leak }, - { NULL, NULL, NULL } -}; - -static void help(FILE *out, const char *argv0) -{ - mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0); - mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n"); - mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n"); -} - -int main(int argc, char *argv[]) -{ - const char *argv0 = argc > 0 ? argv[0] : "metatest"; - if (argc != 2) { - help(stderr, argv0); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* Support "-help", "--help", "--list", etc. */ - const char *command = argv[1]; - while (*command == '-') { - ++command; - } - - if (strcmp(argv[1], "help") == 0) { - help(stdout, argv0); - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - if (strcmp(argv[1], "list") == 0) { - for (const metatest_t *p = metatests; p->name != NULL; p++) { - mbedtls_printf("%s %s\n", p->name, p->platform); - } - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_init(); -#endif - - for (const metatest_t *p = metatests; p->name != NULL; p++) { - if (strcmp(argv[1], p->name) == 0) { - mbedtls_printf("Running metatest %s...\n", argv[1]); - p->entry_point(argv[1]); -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_check(); -#endif - int result = (int) mbedtls_test_get_result(); - - mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], result); - mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? - MBEDTLS_EXIT_SUCCESS : - MBEDTLS_EXIT_FAILURE); - } - } - - mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n", - argv0, command); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); -} diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c deleted file mode 100644 index a70e6daef3..0000000000 --- a/programs/test/query_compile_time_config.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Query the Mbed TLS compile time configuration - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#define USAGE \ - "usage: %s [ -all | -any | -l ] ...\n\n" \ - "This program takes command line arguments which correspond to\n" \ - "the string representation of Mbed TLS compile time configurations.\n\n" \ - "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \ - "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \ - "returned. Macro expansions of configurations will be printed (if any).\n" \ - "-l\tPrint all available configuration.\n" \ - "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \ - "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \ - "-h\tPrint this usage\n" - -#include -#include "query_config.h" - -int main(int argc, char *argv[]) -{ - int i; - - if (argc < 2 || strcmp(argv[1], "-h") == 0) { - mbedtls_printf(USAGE, argv[0]); - return MBEDTLS_EXIT_FAILURE; - } - - if (strcmp(argv[1], "-l") == 0) { - list_config(); - return 0; - } - - if (strcmp(argv[1], "-all") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - return 0; - } - - if (strcmp(argv[1], "-any") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) == 0) { - return 0; - } - } - return 1; - } - - for (i = 1; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - - return 0; -} diff --git a/programs/test/query_config.h b/programs/test/query_config.h deleted file mode 100644 index 43f120bf01..0000000000 --- a/programs/test/query_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Query Mbed TLS compile time configurations from mbedtls_config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H -#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H - -#include "mbedtls/build_info.h" - -/** Check whether a given configuration symbol is enabled. - * - * \param config The symbol to query (e.g. "MBEDTLS_RSA_C"). - * \return \c 0 if the symbol was defined at compile time - * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h), - * \c 1 otherwise. - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -int query_config(const char *config); - -/** List all enabled configuration symbols - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -void list_config(void); - -#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */ diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c deleted file mode 100644 index cdafa16204..0000000000 --- a/programs/test/query_included_headers.c +++ /dev/null @@ -1,29 +0,0 @@ -/* Ad hoc report on included headers. */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -int main(void) -{ - - /* Which PSA platform header? */ -#if defined(PSA_CRYPTO_PLATFORM_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n"); -#endif -#if defined(PSA_CRYPTO_PLATFORM_ALT_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n"); -#endif - - /* Which PSA struct header? */ -#if defined(PSA_CRYPTO_STRUCT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_H\n"); -#endif -#if defined(PSA_CRYPTO_STRUCT_ALT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n"); -#endif - -} diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c deleted file mode 100644 index c1cee0d840..0000000000 --- a/programs/test/zeroize.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Zeroize application for debugger-driven testing - * - * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler - * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last - * return statement in the main() function of this program. The debugger - * facilities are then used to manually inspect the memory and verify that the - * call to mbedtls_platform_zeroize() was not eliminated. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include - -#include "mbedtls/platform.h" - -#include "mbedtls/platform_util.h" - -#define BUFFER_LEN 1024 - -static void usage(void) -{ - mbedtls_printf("Zeroize is a simple program to assist with testing\n"); - mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n"); - mbedtls_printf("debugger. This program takes a file as input and\n"); - mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN); - mbedtls_printf(" zeroize \n"); -} - -int main(int argc, char **argv) -{ - int exit_code = MBEDTLS_EXIT_FAILURE; - FILE *fp; - char buf[BUFFER_LEN]; - char *p = buf; - char *end = p + BUFFER_LEN; - int c; - - if (argc != 2) { - mbedtls_printf("This program takes exactly 1 argument\n"); - usage(); - mbedtls_exit(exit_code); - } - - fp = fopen(argv[1], "r"); - if (fp == NULL) { - mbedtls_printf("Could not open file '%s'\n", argv[1]); - mbedtls_exit(exit_code); - } - - while ((c = fgetc(fp)) != EOF && p < end - 1) { - *p++ = (char) c; - } - *p = '\0'; - - if (p - buf != 0) { - mbedtls_printf("%s\n", buf); - exit_code = MBEDTLS_EXIT_SUCCESS; - } else { - mbedtls_printf("The file is empty!\n"); - } - - fclose(fp); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment! -} diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb deleted file mode 100644 index 57f771f56a..0000000000 --- a/tests/scripts/test_zeroize.gdb +++ /dev/null @@ -1,64 +0,0 @@ -# test_zeroize.gdb -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Run a test using the debugger to check that the mbedtls_platform_zeroize() -# function in platform_util.h is not being optimized out by the compiler. To do -# so, the script loads the test program at programs/test/zeroize.c and sets a -# breakpoint at the last return statement in main(). When the breakpoint is -# hit, the debugger manually checks the contents to be zeroized and checks that -# it is actually cleared. -# -# The mbedtls_platform_zeroize() test is debugger driven because there does not -# seem to be a mechanism to reliably check whether the zeroize calls are being -# eliminated by compiler optimizations from within the compiled program. The -# problem is that a compiler would typically remove what it considers to be -# "unnecessary" assignments as part of redundant code elimination. To identify -# such code, the compilar will create some form dependency graph between -# reads and writes to variables (among other situations). It will then use this -# data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_platform_zeroize(), an -# intelligent compiler could determine that this function clears a block of -# memory that is not accessed later in the program, so removing the call to -# mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_platform_zeroize() to check whether -# the block of memory was correctly zeroed would force the compiler to not -# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then -# the compiler potentially has a bug. -# -# Note: This test requires that the test program is compiled with -g3. - -set confirm off - -file ./programs/test/zeroize - -search GDB_BREAK_HERE -break $_ - -set args ./programs/test/zeroize.c -run - -set $i = 0 -set $len = sizeof(buf) -set $buf = buf - -while $i < $len - if $buf[$i++] != 0 - echo The buffer at was not zeroized\n - quit 1 - end -end - -echo The buffer was correctly zeroized\n - -continue - -if $_exitcode != 0 - echo The program did not terminate correctly\n - quit 1 -end - -quit 0 From 2543ec0608ad601d0171d893d6848891a49979ba Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 11 Feb 2025 14:06:44 +0000 Subject: [PATCH 0013/1080] Update paths for moved program files in makefiles This commit updates the file paths necessary for dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c and zeroize.c. This commit also adds a CFLAG to find header files now contained in the framework. Signed-off-by: Harry Ramsey --- programs/Makefile | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index c177c28a25..07638a7c04 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -1,4 +1,5 @@ MBEDTLS_TEST_PATH = ../tests +FRAMEWORK = ${MBEDTLS_PATH}/framework include ../scripts/common.make ifeq ($(shell uname -s),Linux) @@ -24,6 +25,8 @@ else BUILD_DLOPEN = endif +LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs + ## The following assignment is the list of base names of applications that ## will be built on Windows. Extra Linux/Unix/POSIX-only applications can ## be declared by appending with `APPS += ...` afterwards. @@ -301,7 +304,7 @@ ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP) SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \ - test/query_config.h \ + $(FRAMEWORK)/tests/programs/query_config.h \ ssl/ssl_test_lib.h \ ssl/ssl_test_common_source.c \ $(DEP) @@ -322,7 +325,7 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(SSL_TEST_DEPS) echo " CC ssl/ssl_server2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o test/query_config.h $(DEP) +ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC ssl/ssl_context_info.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -363,17 +366,17 @@ test/dlopen$(EXEXT): test/dlopen.c $(DEP) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@ endif -test/metatest$(EXEXT): test/metatest.c $(DEP) - echo " CC test/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/metatest.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_config.o: test/query_config.c test/query_config.h $(DEP) +test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC test/query_config.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ -test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP) - echo " CC test/query_included_headers.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_included_headers$(EXEXT): $(FRAMEWORK)/tests/programs/query_included_headers.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_included_headers.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/selftest$(EXEXT): test/selftest.c $(DEP) echo " CC test/selftest.c" @@ -383,13 +386,13 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) echo " CC test/udp_proxy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/zeroize$(EXEXT): test/zeroize.c $(DEP) - echo " CC test/zeroize.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/zeroize$(EXEXT): $(FRAMEWORK)/tests/programs/zeroize.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/zeroize.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.o test/query_config.h $(DEP) - echo " CC test/query_compile_time_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_compile_time_config$(EXEXT): $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_compile_time_config.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ util/pem2der$(EXEXT): util/pem2der.c $(DEP) echo " CC util/pem2der.c" From c19b8e80e7ed024297f394b4f0124f40a7bbb1cf Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 11 Feb 2025 14:14:00 +0000 Subject: [PATCH 0014/1080] Update include paths in C files Signed-off-by: Harry Ramsey --- programs/ssl/ssl_test_lib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index a8387d7196..6fc3d73072 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -66,7 +66,7 @@ #include -#include "../test/query_config.h" +#include "query_config.h" #define ALPN_LIST_SIZE 10 #define GROUP_LIST_SIZE 25 From 53ba6ad106128eb72f9177bd8eda1b47ced21787 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 10:18:51 +0000 Subject: [PATCH 0015/1080] Update paths for moved program files in CMakeLists This commit fixes the paths of program files which were moved to the MbedTLS Framework. Signed-off-by: Harry Ramsey --- programs/ssl/CMakeLists.txt | 10 +++++----- programs/test/CMakeLists.txt | 13 ++++++++++--- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index a27c6262b5..65f65b9bdd 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -35,7 +35,7 @@ foreach(exe IN LISTS executables) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") list(APPEND extra_sources ssl_test_lib.c - ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c) endif() add_executable(${exe} @@ -45,14 +45,13 @@ foreach(exe IN LISTS executables) ${extra_sources}) set_base_compile_options(${exe}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs + ${MBEDTLS_FRAMEWORK_DIR}/tests/include ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") if(GEN_FILES) add_dependencies(${exe} generate_query_config_c) endif() - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test) endif() endforeach() @@ -62,7 +61,8 @@ if(THREADS_FOUND) $ $) set_base_compile_options(ssl_pthread_server) - target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + target_include_directories(ssl_pthread_server PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs + ${MBEDTLS_FRAMEWORK_DIR}/tests/include ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) list(APPEND executables ssl_pthread_server) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index dec1e8c28a..9c781a6b49 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -76,17 +76,24 @@ else() endif() foreach(exe IN LISTS executables_libs executables_mbedcrypto) + set(source ${exe}.c) set(extra_sources "") + if(NOT EXISTS ${source} AND + EXISTS ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + set(source ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + endif() + if(exe STREQUAL "query_compile_time_config") list(APPEND extra_sources - ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) endif() - add_executable(${exe} ${exe}.c $ + add_executable(${exe} ${source} $ ${extra_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) + PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core) From d096793c3f355abd09c739d0aa397d7524740d00 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 20:29:33 +0000 Subject: [PATCH 0016/1080] Update paths for moved program files in components-build-system.sh This commit updates the paths for dlopen_demo.sh in components-build-system.sh as the file has been moved to the framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-build-system.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index d6ad88ab82..91a999e10a 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -13,7 +13,7 @@ component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 TEST_CPP=1 all check ldd programs/util/strerror | grep libmbedcrypto - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } component_test_cmake_shared () { @@ -22,7 +22,7 @@ component_test_cmake_shared () { make ldd programs/util/strerror | grep libtfpsacrypto make test - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } support_test_cmake_out_of_source () { From ec4af6c6e2f99821e9a60fb0d2f2ea10abef828b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 20:56:34 +0000 Subject: [PATCH 0017/1080] Update paths for moved programs in generate_visualc_files.pl This commit updates the paths for moved programs in generate_visualc_files.pl. Signed-off-by: Harry Ramsey --- scripts/generate_visualc_files.pl | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index d0fcb7d60f..053040a9c5 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -22,6 +22,7 @@ my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; my $mbedtls_programs_dir = "programs"; +my $framework_programs_dir = "framework/tests/programs"; my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs"; my $mbedtls_header_dir = 'include/mbedtls'; @@ -59,6 +60,7 @@ tf-psa-crypto/drivers/everest/include/everest/kremlib tests/include framework/tests/include + framework/tests/programs ); my $include_directories = join(';', map {"../../$_"} @include_directories); @@ -125,6 +127,7 @@ sub check_dirs { && -d $tls_test_header_dir && -d $test_drivers_header_dir && -d $mbedtls_programs_dir + && -d $framework_programs_dir && -d $tfpsacrypto_programs_dir; } @@ -164,7 +167,14 @@ sub gen_app { (my $appname = $path) =~ s/.*\\//; my $is_test_app = ($path =~ m/^test\\/); - my $srcs = ""; + my $srcs; + if( $appname eq "metatest" or $appname eq "query_compile_time_config" or + $appname eq "query_included_headers" or $appname eq "zeroize" ) { + $srcs = ""; + } else { + $srcs = ""; + } + if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or $appname eq "query_compile_time_config" ) { $srcs .= "\n "; @@ -283,6 +293,7 @@ sub main { $tls_source_dir, $crypto_core_source_dir, $crypto_source_dir, + $framework_programs_dir, @thirdparty_header_dirs, ); my @headers = (map { <$_/*.h> } @header_dirs); From 9b4035cc9ebbe8a0ef6611e6fb813e69f6b7481c Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 10:00:11 +0000 Subject: [PATCH 0018/1080] Update path for moved test_zeroize.gdb script This commit updates the path for the moved test_zeroize.gdb script which has been moved to MbedTLS-Framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-compiler.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 469c62cb09..74543b13e9 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -136,7 +136,7 @@ component_test_zeroize () { for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log grep "The buffer was correctly zeroized" test_zeroize.log not grep -i "error" test_zeroize.log rm -f test_zeroize.log From f6fb2f0cb41a273b689b9e53f6c45c529ac48eb4 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 18 Feb 2025 17:52:45 +0000 Subject: [PATCH 0019/1080] Update documentation regarding test_zeroize This commit updates the paths in documentation for test_zeroize since it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- docs/architecture/testing/invasive-testing.md | 2 +- programs/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 464f7611f2..bf8d631d79 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -275,7 +275,7 @@ This section lists some strategies that are currently used for invasive testing, Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer. -Solution ([debugger](#debugger-based-testing)): implemented in `tests/scripts/test_zeroize.gdb`. +Solution ([debugger](#debugger-based-testing)): implemented in `framework/tests/programs/test_zeroize.gdb`. Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away. diff --git a/programs/README.md b/programs/README.md index f53bde5611..a58037d097 100644 --- a/programs/README.md +++ b/programs/README.md @@ -53,7 +53,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu ## Random number generator (RNG) examples -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. +* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. * [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. @@ -96,7 +96,7 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. -* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). +* [`test/zeroize.c`](../framework/tests/programs/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`test_zeroize.gdb`](../framework/tests/programs/test_zeroize.gdb). ## Development utilities From 21506fd7f19257315d10cf278bbea2c331f7a4dd Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 14:47:10 +0000 Subject: [PATCH 0020/1080] Update documentation regarding metatest This commit updates the paths in the documentation for metatest.c as it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- tests/suites/test_suite_test_helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_test_helpers.function b/tests/suites/test_suite_test_helpers.function index 8c5d5adf65..0139faf14f 100644 --- a/tests/suites/test_suite_test_helpers.function +++ b/tests/suites/test_suite_test_helpers.function @@ -15,7 +15,7 @@ /* Test that poison+unpoison leaves the memory accessible. */ /* We can't test that poisoning makes the memory inaccessible: * there's no sane way to catch an Asan/Valgrind complaint. - * That negative testing is done in programs/test/metatest.c. */ + * That negative testing is done in framework/tests/programs/metatest.c. */ void memory_poison_unpoison(int align, int size) { unsigned char *buf = NULL; From 48d1374a2cfe0b99ccf44e76f1d456fb3291ae2a Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 10:01:43 +0000 Subject: [PATCH 0021/1080] Update framework pointer Signed-off-by: Harry Ramsey --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 9c2eb756ca..523a12d05b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9c2eb756ca8c8edbbc100ac2530c3066833952a7 +Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 From 5befe36d2aeb4f4b9893c25427cb087b14070358 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 15:27:49 +0000 Subject: [PATCH 0022/1080] Update TF-PSA-Crypto pointer Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index da76c6b191..67212566e9 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit da76c6b1915c75e9dd9efc32f7d206a05b5d36c8 +Subproject commit 67212566e95c936f8375eb634c249dd71dea582d From aa2594a52e9bddb6a21f7353a2c0965eec3b3415 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:42:13 +0100 Subject: [PATCH 0023/1080] Make ticket_alpn field private An omission in 3.x. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e0c0eae4e2..9029078566 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1295,8 +1295,8 @@ struct mbedtls_ssl_session { #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) - char *ticket_alpn; /*!< ALPN negotiated in the session - during which the ticket was generated. */ + char *MBEDTLS_PRIVATE(ticket_alpn); /*!< ALPN negotiated in the session + during which the ticket was generated. */ #endif #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) From 86a66edcd021556e13cc4b714ab4dbc159770482 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Feb 2025 23:11:09 +0100 Subject: [PATCH 0024/1080] Fix Doxygen markup Pacify `clang -Wdocumentation`. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_lib.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index a8387d7196..3bbddd76e4 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -243,8 +243,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, * - free the provided PK context and re-initilize it as an opaque PK context * wrapping the PSA key imported in the above step. * - * \param[in/out] pk On input the non-opaque PK context which contains the - * key to be wrapped. On output the re-initialized PK + * \param[in,out] pk On input, the non-opaque PK context which contains the + * key to be wrapped. On output, the re-initialized PK * context which represents the opaque version of the one * provided as input. * \param[in] psa_alg The primary algorithm that will be associated to the From eb63613347312ae8976016ac94884e34c058926f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 12:58:24 +0100 Subject: [PATCH 0025/1080] Make guards more consistent between X.509-has-certs and SSL-has-certs Fix some build errors when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED is false but MBEDTLS_X509_CRT_PARSE_C is enabled. This is not a particularly useful configuration, but for quick testing, it's convenient for it to work. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_common_source.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 6c7eed5e58..e194b58dff 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -315,7 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function * for more info. */ @@ -350,9 +350,7 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, return (int) (size - n); #endif /* MBEDTLS_X509_REMOVE_INFO */ } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static void mbedtls_print_supported_sig_algs(void) { mbedtls_printf("supported signature algorithms:\n"); From 58b399e81ed3bff008672a76b227ffbf2c3a288f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 21:23:22 +0100 Subject: [PATCH 0026/1080] Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23b692c723..ce661fcc83 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -475,6 +475,11 @@ detect_required_features() { requires_certificate_authentication;; esac + case " $CMD_LINE " in + *\ ca_callback=1\ *) + requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;; + esac + case " $CMD_LINE " in *"programs/ssl/dtls_client "*|\ *"programs/ssl/ssl_client1 "*) @@ -2217,7 +2222,6 @@ run_test "TLS: password protected server key, two certificates" \ "$P_CLI" \ 0 -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "CA callback on client" \ "$P_SRV debug_level=3" \ "$P_CLI ca_callback=1 debug_level=3 " \ @@ -2226,7 +2230,6 @@ run_test "CA callback on client" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "CA callback on server" \ @@ -6279,7 +6282,6 @@ run_test "Authentication: send alt hs DN hints in CertificateRequest" \ # Tests for auth_mode, using CA callback, these are duplicated from the authentication tests # When updating these tests, modify the matching authentication tests accordingly -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client required" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -6291,7 +6293,6 @@ run_test "Authentication, CA callback: server badcert, client required" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -6303,7 +6304,6 @@ run_test "Authentication, CA callback: server badcert, client optional" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -6322,7 +6322,6 @@ run_test "Authentication, CA callback: server badcert, client none" \ # occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a # different means to have the server ignoring the client's supported curve list. -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ @@ -6333,7 +6332,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p -c "! Certificate verification flags" \ -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ @@ -6344,7 +6342,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p -c "! Certificate verification flags"\ -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ @@ -6356,7 +6353,6 @@ run_test "Authentication, CA callback: client SHA384, server required" \ -c "Supported Signature Algorithm found: 04 " \ -c "Supported Signature Algorithm found: 05 " -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA256, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ @@ -6368,7 +6364,6 @@ run_test "Authentication, CA callback: client SHA256, server required" \ -c "Supported Signature Algorithm found: 04 " \ -c "Supported Signature Algorithm found: 05 " -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client badcert, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6390,7 +6385,6 @@ run_test "Authentication, CA callback: client badcert, server required" \ # detect that its write end of the connection is closed and abort # before reading the alert message. -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client cert not trusted, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ @@ -6408,7 +6402,6 @@ run_test "Authentication, CA callback: client cert not trusted, server requir -s "! mbedtls_ssl_handshake returned" \ -s "X509 - Certificate verification failed" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6429,7 +6422,6 @@ run_test "Authentication, CA callback: client badcert, server optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int chain, client default" \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ @@ -6440,7 +6432,6 @@ run_test "Authentication, CA callback: server max_int chain, client default" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int+1 chain, client default" \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ @@ -6451,7 +6442,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ @@ -6463,7 +6453,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ @@ -6474,7 +6463,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int+1 chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ @@ -6485,7 +6473,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ From 95fe2a6df4efca8680200f8a0110fbeae4a795cb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:12:29 +0100 Subject: [PATCH 0027/1080] Add a flags field to mbedtls_ssl_context Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 6 ++++++ library/ssl_tls.c | 1 + 2 files changed, 7 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9029078566..7c3a3d9433 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1669,6 +1669,12 @@ struct mbedtls_ssl_context { * Miscellaneous */ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ + + /** Mask of `MBEDTLS_SSL_CONTEXT_FLAG_XXX`. + * This field is not saved by mbedtls_ssl_session_save(). + */ + uint32_t MBEDTLS_PRIVATE(flags); + #if defined(MBEDTLS_SSL_RENEGOTIATION) int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 60f2e1cd6d..4744db3d49 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1411,6 +1411,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + ssl->flags = 0; ssl->tls_version = ssl->conf->max_tls_version; mbedtls_ssl_session_reset_msg_layer(ssl, partial); From e5054e495aa69f4556147fc250d9204e597e4ed9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Feb 2025 21:50:53 +0100 Subject: [PATCH 0028/1080] mbedtls_ssl_set_hostname tests: baseline Test the current behavior. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_client2.c | 39 ++++++++- tests/ssl-opt.sh | 157 +++++++++++++++++++++++++++++++++++++ 2 files changed, 192 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f009a3169b..fa61c6cb1f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -68,6 +68,7 @@ int main(void) #define DFL_MAX_VERSION -1 #define DFL_SHA1 -1 #define DFL_AUTH_MODE -1 +#define DFL_SET_HOSTNAME 1 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC -1 #define DFL_RECSPLIT -1 @@ -403,6 +404,9 @@ int main(void) #define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ + " set_hostname=%%s call mbedtls_ssl_set_hostname()?" \ + " options: no, server_name, NULL\n" \ + " default: server_name (but ignored if certs disabled)\n" \ USAGE_IO \ USAGE_KEY_OPAQUE \ USAGE_CA_CALLBACK \ @@ -505,6 +509,8 @@ struct options { int max_version; /* maximum protocol version accepted */ int allow_sha1; /* flag for SHA-1 support */ int auth_mode; /* verify mode for connection */ + int set_hostname; /* call mbedtls_ssl_set_hostname()? */ + /* 0=no, 1=yes, -1=NULL */ unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* negotiate truncated hmac or not */ int recsplit; /* enable record splitting? */ @@ -953,6 +959,7 @@ int main(int argc, char *argv[]) opt.max_version = DFL_MAX_VERSION; opt.allow_sha1 = DFL_SHA1; opt.auth_mode = DFL_AUTH_MODE; + opt.set_hostname = DFL_SET_HOSTNAME; opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; opt.recsplit = DFL_RECSPLIT; @@ -1344,6 +1351,16 @@ int main(int argc, char *argv[]) } else { goto usage; } + } else if (strcmp(p, "set_hostname") == 0) { + if (strcmp(q, "no") == 0) { + opt.set_hostname = 0; + } else if (strcmp(q, "server_name") == 0) { + opt.set_hostname = 1; + } else if (strcmp(q, "NULL") == 0) { + opt.set_hostname = -1; + } else { + goto usage; + } } else if (strcmp(p, "max_frag_len") == 0) { if (strcmp(q, "512") == 0) { opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; @@ -2052,10 +2069,24 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", - ret); - goto exit; + switch (opt.set_hostname) { + case -1: + if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", + ret); + goto exit; + } + break; + case 0: + /* Skip the call */ + break; + default: + if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", + ret); + goto exit; + } + break; } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ce661fcc83..e541a81983 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5938,6 +5938,163 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" +# The next few tests check what happens if the server has a valid certificate +# that does not match its name (impersonation). + +run_test "Authentication: hostname match, client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhost debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (wrong), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (empty), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name= debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (truncated), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhos debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (last char), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhoss debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (trailing), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhostt debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch, client optional" \ + "$P_SRV" \ + "$P_CLI auth_mode=optional server_name=wrong-name debug_level=1" \ + 0 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch, client none" \ + "$P_SRV" \ + "$P_CLI auth_mode=none server_name=wrong-name debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname null, client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required set_hostname=NULL debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname null, client optional" \ + "$P_SRV" \ + "$P_CLI auth_mode=optional set_hostname=NULL debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname null, client none" \ + "$P_SRV" \ + "$P_CLI auth_mode=none set_hostname=NULL debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client optional" \ + "$P_SRV" \ + "$P_CLI auth_mode=optional set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client none" \ + "$P_SRV" \ + "$P_CLI auth_mode=none set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ + "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ + "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because # the client informs the server about the supported curves - it does, though, in the From 4ac4008fa09e0be09a8bfabbb43c966bcc54119f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:13:58 +0100 Subject: [PATCH 0029/1080] Access ssl->hostname through abstractions in certificate verification New abstractions to access ssl->hostname: mbedtls_ssl_has_set_hostname_been_called(), mbedtls_ssl_free_hostname(). Use these abstractions to access the hostname with the opportunity for extra checks in mbedtls_ssl_verify_certificate(). No behavior change except for a new log message. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 66 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4744db3d49..dd1beb98b7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2516,6 +2516,36 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, } #if defined(MBEDTLS_X509_CRT_PARSE_C) + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +/** Whether mbedtls_ssl_set_hostname() has been called. + * + * \param[in] ssl SSL context + * + * \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl + * (including `mbedtls_ssl_set_hostname(ssl, NULL)`), + * otherwise \c 0. + */ +static int mbedtls_ssl_has_set_hostname_been_called( + const mbedtls_ssl_context *ssl) +{ + /* We can't tell the difference between the case where + * mbedtls_ssl_set_hostname() has not been called at all, and + * the case where it was last called with NULL. For the time + * being, we assume the latter, i.e. we behave as if there had + * been an implicit call to mbedtls_ssl_set_hostname(ssl, NULL). */ + return ssl->hostname != NULL; +} +#endif + +static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl) +{ + if (ssl->hostname != NULL) { + mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); + } + ssl->hostname = NULL; +} + int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) { /* Initialize to suppress unnecessary compiler warning */ @@ -2533,10 +2563,7 @@ int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) /* Now it's clear that we will overwrite the old hostname, * so we can free it safely */ - - if (ssl->hostname != NULL) { - mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); - } + mbedtls_ssl_free_hostname(ssl); /* Passing NULL as hostname shall clear the old one */ @@ -5295,9 +5322,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_X509_CRT_PARSE_C) - if (ssl->hostname != NULL) { - mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); - } + mbedtls_ssl_free_hostname(ssl); #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) @@ -8845,6 +8870,21 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, return ret; } +static int get_hostname_for_verification(mbedtls_ssl_context *ssl, + const char **hostname) +{ + if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname")); + } + + *hostname = ssl->hostname; + if (*hostname == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification")); + } + + return 0; +} + int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, int authmode, mbedtls_x509_crt *chain, @@ -8870,7 +8910,13 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, p_vrfy = ssl->conf->p_vrfy; } - int ret = 0; + const char *hostname = ""; + int ret = get_hostname_for_verification(ssl, &hostname); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret); + return ret; + } + int have_ca_chain_or_callback = 0; #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) if (ssl->conf->f_ca_cb != NULL) { @@ -8883,7 +8929,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, ssl->conf->f_ca_cb, ssl->conf->p_ca_cb, ssl->conf->cert_profile, - ssl->hostname, + hostname, &ssl->session_negotiate->verify_result, f_vrfy, p_vrfy); } else @@ -8910,7 +8956,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, chain, ca_chain, ca_crl, ssl->conf->cert_profile, - ssl->hostname, + hostname, &ssl->session_negotiate->verify_result, f_vrfy, p_vrfy, rs_ctx); } From 6a9cf113611de1d8ac18f49563883a639ae7c7d6 Mon Sep 17 00:00:00 2001 From: Stefan Gloor Date: Fri, 21 Feb 2025 10:30:02 +0100 Subject: [PATCH 0030/1080] fix: remove superfluous BEFORE_COLON in x509_crl.c BEFORE_COLON and BC defines with the accompanying comment are only required in x509_crt and x509_csr, but not used in x509_crl.c. Signed-off-by: Stefan Gloor --- library/x509_crl.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index e67fde7210..bc4fdbb884 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -582,11 +582,6 @@ int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Return an informational string about the certificate. - */ -#define BEFORE_COLON 14 -#define BC "14" /* * Return an informational string about the CRL. */ From b5c079b13c4977bdba8593d174d7851e41b5788e Mon Sep 17 00:00:00 2001 From: Stefan Gloor Date: Fri, 21 Feb 2025 10:33:51 +0100 Subject: [PATCH 0031/1080] fix: rename BEFORE_COLON and BC to avoid conflicts Namespace BEFORE_COLON and BC defines by prepending MBEDTLS_ and expanding BC to BEFORE_COLON_STR. This is to avoid naming conflicts with third-party code. No functional change. Signed-off-by: Stefan Gloor --- library/x509_crt.c | 12 ++++++------ library/x509_csr.c | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 113eb1b072..5d26ebbbc1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1743,15 +1743,15 @@ static int x509_info_cert_policies(char **buf, size_t *size, /* * Return an informational string about the certificate. */ -#define BEFORE_COLON 18 -#define BC "18" +#define MBEDTLS_BEFORE_COLON 18 +#define MBEDTLS_BEFORE_COLON_STR "18" int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[MBEDTLS_BEFORE_COLON]; p = buf; n = size; @@ -1805,13 +1805,13 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, mbedtls_pk_get_name(&crt->pk))) != 0) { return ret; } - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&crt->pk)); + ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits", + prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&crt->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* diff --git a/library/x509_csr.c b/library/x509_csr.c index 3a78268685..8e5fdb6813 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -519,8 +519,8 @@ int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -#define BEFORE_COLON 14 -#define BC "14" +#define MBEDTLS_BEFORE_COLON 14 +#define MBEDTLS_BEFORE_COLON_STR "14" /* * Return an informational string about the CSR. */ @@ -530,7 +530,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[MBEDTLS_BEFORE_COLON]; p = buf; n = size; @@ -551,13 +551,13 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, csr->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, mbedtls_pk_get_name(&csr->pk))) != 0) { return ret; } - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&csr->pk)); + ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits\n", + prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&csr->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* From 34b4aa1f585d2dfce06401d9a2a3e02e28579b38 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Feb 2025 10:21:28 +0100 Subject: [PATCH 0032/1080] programs: move benchmark to tf-psa-crypto repo This commit also removes references from Makefile and README.md. Signed-off-by: Valerio Setti --- programs/Makefile | 5 - programs/README.md | 3 - programs/test/CMakeLists.txt | 1 - programs/test/benchmark.c | 1272 ---------------------------------- 4 files changed, 1281 deletions(-) delete mode 100644 programs/test/benchmark.c diff --git a/programs/Makefile b/programs/Makefile index 07638a7c04..79bb402f1b 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -79,7 +79,6 @@ APPS = \ ssl/ssl_mail_client \ ssl/ssl_server \ ssl/ssl_server2 \ - test/benchmark \ test/metatest \ test/query_compile_time_config \ test/query_included_headers \ @@ -345,10 +344,6 @@ ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP) echo " CC ssl/mini_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/benchmark$(EXEXT): test/benchmark.c $(DEP) - echo " CC test/benchmark.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh echo " Gen test/cpp_dummy_build.cpp" test/generate_cpp_dummy_build.sh diff --git a/programs/README.md b/programs/README.md index a58037d097..5e5f40a4c3 100644 --- a/programs/README.md +++ b/programs/README.md @@ -90,8 +90,6 @@ In addition to providing options for testing client-side features, the `ssl_clie ## Test utilities -* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms. - * [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. @@ -115,4 +113,3 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL). * [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR). - diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 9c781a6b49..089f8a67e8 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -13,7 +13,6 @@ add_dependencies(${programs_target} ${executables_libs}) add_dependencies(${ssl_opt_target} udp_proxy) set(executables_mbedcrypto - benchmark zeroize ) add_dependencies(${programs_target} ${executables_mbedcrypto}) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c deleted file mode 100644 index c878e3426d..0000000000 --- a/programs/test/benchmark.c +++ /dev/null @@ -1,1272 +0,0 @@ -/* - * Benchmark demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_HAVE_TIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_HAVE_TIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" - -#include "mbedtls/des.h" -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/camellia.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cmac.h" -#include "mbedtls/poly1305.h" - -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" - -#include "mbedtls/rsa.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecdh.h" - -#include "mbedtls/error_common.h" - -/* *INDENT-OFF* */ -#ifndef asm -#define asm __asm -#endif -/* *INDENT-ON* */ - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -#include -#include - -struct _hr_time { - struct timeval start; -}; - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#ifdef MBEDTLS_TIMING_ALT -void mbedtls_set_alarm(int seconds); -unsigned long mbedtls_timing_hardclock(void); -extern volatile int mbedtls_timing_alarmed; -#else -static void mbedtls_set_alarm(int seconds); -static unsigned long mbedtls_timing_hardclock(void); -#endif - -/* - * For heap usage estimates, we need an estimate of the overhead per allocated - * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block, - * so use that as our baseline. - */ -#define MEM_BLOCK_OVERHEAD (2 * sizeof(size_t)) - -/* - * Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined. - */ -#define HEAP_SIZE (1u << 16) /* 64k */ - -#define BUFSIZE 1024 -#define HEADER_FORMAT " %-24s : " -#define TITLE_LEN 25 - -#define OPTIONS \ - "md5, ripemd160, sha1, sha256, sha512,\n" \ - "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ - "des3, des, camellia, chacha20,\n" \ - "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \ - "aes_cmac, des3_cmac, poly1305\n" \ - "ctr_drbg, hmac_drbg\n" \ - "rsa, dhm, ecdsa, ecdh.\n" - -#if defined(MBEDTLS_ERROR_C) -#define PRINT_ERROR \ - mbedtls_printf("Error code: %d", ret); -/* mbedtls_strerror(ret, (char *) tmp, sizeof(tmp)); \ - mbedtls_printf("FAILED: %s\n", tmp); */ -#else -#define PRINT_ERROR \ - mbedtls_printf("FAILED: -0x%04x\n", (unsigned int) -ret); -#endif - -#define TIME_AND_TSC(TITLE, CODE) \ - do { \ - unsigned long ii, jj, tsc; \ - int ret = 0; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - \ - mbedtls_set_alarm(1); \ - for (ii = 1; ret == 0 && !mbedtls_timing_alarmed; ii++) \ - { \ - ret = CODE; \ - } \ - \ - tsc = mbedtls_timing_hardclock(); \ - for (jj = 0; ret == 0 && jj < 1024; jj++) \ - { \ - ret = CODE; \ - } \ - \ - if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%9lu KiB/s, %9lu cycles/byte\n", \ - ii * BUFSIZE / 1024, \ - (mbedtls_timing_hardclock() - tsc) \ - / (jj * BUFSIZE)); \ - } \ - } while (0) - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - -/* How much space to reserve for the title when printing heap usage results. - * Updated manually as the output of the following command: - * - * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c | - * awk '{print length+3}' | sort -rn | head -n1 - * - * This computes the maximum length of a title +3, because we appends "/s" and - * want at least one space. (If the value is too small, the only consequence - * is poor alignment.) */ -#define TITLE_SPACE 17 - -#define MEMORY_MEASURE_INIT \ - size_t max_used, max_blocks, max_bytes; \ - size_t prv_used, prv_blocks; \ - size_t alloc_cnt, free_cnt, prv_alloc, prv_free; \ - mbedtls_memory_buffer_alloc_cur_get(&prv_used, &prv_blocks); \ - mbedtls_memory_buffer_alloc_max_reset(); - -#define MEMORY_MEASURE_RESET \ - mbedtls_memory_buffer_alloc_count_get(&prv_alloc, &prv_free); - -#define MEMORY_MEASURE_PRINT(title_len) \ - mbedtls_memory_buffer_alloc_max_get(&max_used, &max_blocks); \ - mbedtls_memory_buffer_alloc_count_get(&alloc_cnt, &free_cnt); \ - ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \ - while (ii--) mbedtls_printf(" "); \ - max_used -= prv_used; \ - max_blocks -= prv_blocks; \ - max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ - mbedtls_printf("%6u heap bytes, %6u allocs", \ - (unsigned) max_bytes, \ - (unsigned) (alloc_cnt - prv_alloc)); - -#else -#define MEMORY_MEASURE_INIT -#define MEMORY_MEASURE_RESET -#define MEMORY_MEASURE_PRINT(title_len) -#endif - -#define TIME_PUBLIC(TITLE, TYPE, CODE) \ - do { \ - unsigned long ii; \ - int ret; \ - MEMORY_MEASURE_INIT; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - mbedtls_set_alarm(3); \ - \ - ret = 0; \ - for (ii = 1; !mbedtls_timing_alarmed && !ret; ii++) \ - { \ - MEMORY_MEASURE_RESET; \ - CODE; \ - } \ - \ - if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) \ - { \ - mbedtls_printf("Feature Not Supported. Skipping.\n"); \ - ret = 0; \ - } \ - else if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%6lu " TYPE "/s", ii / 3); \ - MEMORY_MEASURE_PRINT(sizeof(TYPE) + 1); \ - mbedtls_printf("\n"); \ - } \ - } while (0) - -#if !defined(MBEDTLS_TIMING_ALT) -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tsc; - __asm rdtsc - __asm mov[tsc], eax - return tsc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ - -/* some versions of mingw-64 have 32-bit longs even on x84_64 */ -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__i386__) || ( \ - (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __i386__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo | (hi << 32); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __amd64__ || __x86_64__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tbl, tbu0, tbu1; - - do { - asm volatile ("mftbu %0" : "=r" (tbu0)); - asm volatile ("mftb %0" : "=r" (tbl)); - asm volatile ("mftbu %0" : "=r" (tbu1)); - } while (tbu0 != tbu1); - - return tbl; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __powerpc__ || __ppc__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc64__) - -#if defined(__OpenBSD__) -#warning OpenBSD does not allow access to tick register using software version instead -#else -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile ("rdpr %%tick, %0;" : "=&r" (tick)); - return tick; -} -#endif /* __OpenBSD__ */ -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile (".byte 0x83, 0x41, 0x00, 0x00"); - asm volatile ("mov %%g1, %0" : "=r" (tick)); - return tick; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc__ && !__sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__alpha__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long cc; - asm volatile ("rpcc %0" : "=r" (cc)); - return cc & 0xFFFFFFFF; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __alpha__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__ia64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long itc; - asm volatile ("mov %0 = ar.itc" : "=r" (itc)); - return itc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __ia64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \ - !defined(EFIX64) && !defined(EFI32) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - LARGE_INTEGER offset; - - QueryPerformanceCounter(&offset); - - return (unsigned long) (offset.QuadPart); -} -#endif /* !HAVE_HARDCLOCK && _WIN32 && !EFIX64 && !EFI32 */ - -#if !defined(HAVE_HARDCLOCK) - -#define HAVE_HARDCLOCK - -static int hardclock_init = 0; -static struct timeval tv_init; - -static unsigned long mbedtls_timing_hardclock(void) -{ - struct timeval tv_cur; - - if (hardclock_init == 0) { - gettimeofday(&tv_init, NULL); - hardclock_init = 1; - } - - gettimeofday(&tv_cur, NULL); - return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U - + (tv_cur.tv_usec - tv_init.tv_usec); -} -#endif /* !HAVE_HARDCLOCK */ - -volatile int mbedtls_timing_alarmed = 0; - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -/* It's OK to use a global because alarm() is supposed to be global anyway */ -static DWORD alarmMs; - -static void TimerProc(void *TimerContext) -{ - (void) TimerContext; - Sleep(alarmMs); - mbedtls_timing_alarmed = 1; - /* _endthread will be called implicitly on return - * That ensures execution of thread function's epilogue */ -} - -static void mbedtls_set_alarm(int seconds) -{ - if (seconds == 0) { - /* No need to create a thread for this simple case. - * Also, this shorcut is more reliable at least on MinGW32 */ - mbedtls_timing_alarmed = 1; - return; - } - - mbedtls_timing_alarmed = 0; - alarmMs = seconds * 1000; - (void) _beginthread(TimerProc, 0, NULL); -} - -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -static void sighandler(int signum) -{ - mbedtls_timing_alarmed = 1; - signal(signum, sighandler); -} - -static void mbedtls_set_alarm(int seconds) -{ - mbedtls_timing_alarmed = 0; - signal(SIGALRM, sighandler); - alarm(seconds); - if (seconds == 0) { - /* alarm(0) cancelled any previous pending alarm, but the - handler won't fire, so raise the flag straight away. */ - mbedtls_timing_alarmed = 1; - } -} - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ -#endif /* !MBEDTLS_TIMING_ALT */ - -static int myrand(void *rng_state, unsigned char *output, size_t len) -{ - size_t use_len; - int rnd; - - if (rng_state != NULL) { - rng_state = NULL; - } - - while (len > 0) { - use_len = len; - if (use_len > sizeof(int)) { - use_len = sizeof(int); - } - - rnd = rand(); - memcpy(output, &rnd, use_len); - output += use_len; - len -= use_len; - } - - return 0; -} - -#define CHECK_AND_CONTINUE(R) \ - { \ - int CHECK_AND_CONTINUE_ret = (R); \ - if (CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) { \ - mbedtls_printf("Feature not supported. Skipping.\n"); \ - continue; \ - } \ - else if (CHECK_AND_CONTINUE_ret != 0) { \ - mbedtls_exit(1); \ - } \ - } - -#if defined(MBEDTLS_ECP_C) -static int set_ecp_curve(const char *string, mbedtls_ecp_curve_info *curve) -{ - const mbedtls_ecp_curve_info *found = - mbedtls_ecp_curve_info_from_name(string); - if (found != NULL) { - *curve = *found; - return 1; - } else { - return 0; - } -} -#endif - -unsigned char buf[BUFSIZE]; - -typedef struct { - char md5, ripemd160, sha1, sha256, sha512, - sha3_224, sha3_256, sha3_384, sha3_512, - des3, des, - aes_cbc, aes_cfb128, aes_cfb8, aes_ctr, aes_gcm, aes_ccm, aes_xts, chachapoly, - aes_cmac, des3_cmac, - aria, camellia, chacha20, - poly1305, - ctr_drbg, hmac_drbg, - rsa, dhm, ecdsa, ecdh; -} todo_list; - - -int main(int argc, char *argv[]) -{ - int i; - unsigned char tmp[200]; - char title[TITLE_LEN]; - todo_list todo; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[HEAP_SIZE] = { 0 }; -#endif -#if defined(MBEDTLS_ECP_C) - mbedtls_ecp_curve_info single_curve[2] = { - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - }; - const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list(); -#endif - -#if defined(MBEDTLS_ECP_C) - (void) curve_list; /* Unused in some configurations where no benchmark uses ECC */ -#endif - - if (argc <= 1) { - memset(&todo, 1, sizeof(todo)); - } else { - memset(&todo, 0, sizeof(todo)); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "md5") == 0) { - todo.md5 = 1; - } else if (strcmp(argv[i], "ripemd160") == 0) { - todo.ripemd160 = 1; - } else if (strcmp(argv[i], "sha1") == 0) { - todo.sha1 = 1; - } else if (strcmp(argv[i], "sha256") == 0) { - todo.sha256 = 1; - } else if (strcmp(argv[i], "sha512") == 0) { - todo.sha512 = 1; - } else if (strcmp(argv[i], "sha3_224") == 0) { - todo.sha3_224 = 1; - } else if (strcmp(argv[i], "sha3_256") == 0) { - todo.sha3_256 = 1; - } else if (strcmp(argv[i], "sha3_384") == 0) { - todo.sha3_384 = 1; - } else if (strcmp(argv[i], "sha3_512") == 0) { - todo.sha3_512 = 1; - } else if (strcmp(argv[i], "des3") == 0) { - todo.des3 = 1; - } else if (strcmp(argv[i], "des") == 0) { - todo.des = 1; - } else if (strcmp(argv[i], "aes_cbc") == 0) { - todo.aes_cbc = 1; - } else if (strcmp(argv[i], "aes_cfb128") == 0) { - todo.aes_cfb128 = 1; - } else if (strcmp(argv[i], "aes_cfb8") == 0) { - todo.aes_cfb8 = 1; - } else if (strcmp(argv[i], "aes_ctr") == 0) { - todo.aes_ctr = 1; - } else if (strcmp(argv[i], "aes_xts") == 0) { - todo.aes_xts = 1; - } else if (strcmp(argv[i], "aes_gcm") == 0) { - todo.aes_gcm = 1; - } else if (strcmp(argv[i], "aes_ccm") == 0) { - todo.aes_ccm = 1; - } else if (strcmp(argv[i], "chachapoly") == 0) { - todo.chachapoly = 1; - } else if (strcmp(argv[i], "aes_cmac") == 0) { - todo.aes_cmac = 1; - } else if (strcmp(argv[i], "des3_cmac") == 0) { - todo.des3_cmac = 1; - } else if (strcmp(argv[i], "aria") == 0) { - todo.aria = 1; - } else if (strcmp(argv[i], "camellia") == 0) { - todo.camellia = 1; - } else if (strcmp(argv[i], "chacha20") == 0) { - todo.chacha20 = 1; - } else if (strcmp(argv[i], "poly1305") == 0) { - todo.poly1305 = 1; - } else if (strcmp(argv[i], "ctr_drbg") == 0) { - todo.ctr_drbg = 1; - } else if (strcmp(argv[i], "hmac_drbg") == 0) { - todo.hmac_drbg = 1; - } else if (strcmp(argv[i], "rsa") == 0) { - todo.rsa = 1; - } else if (strcmp(argv[i], "dhm") == 0) { - todo.dhm = 1; - } else if (strcmp(argv[i], "ecdsa") == 0) { - todo.ecdsa = 1; - } else if (strcmp(argv[i], "ecdh") == 0) { - todo.ecdh = 1; - } -#if defined(MBEDTLS_ECP_C) - else if (set_ecp_curve(argv[i], single_curve)) { - curve_list = single_curve; - } -#endif - else { - mbedtls_printf("Unrecognized option: %s\n", argv[i]); - mbedtls_printf("Available options: " OPTIONS); - } - } - } - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - memset(buf, 0xAA, sizeof(buf)); - memset(tmp, 0xBB, sizeof(tmp)); - - /* Avoid "unused static function" warning in configurations without - * symmetric crypto. */ - (void) mbedtls_timing_hardclock; - -#if defined(MBEDTLS_MD5_C) - if (todo.md5) { - TIME_AND_TSC("MD5", mbedtls_md5(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if (todo.ripemd160) { - TIME_AND_TSC("RIPEMD160", mbedtls_ripemd160(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA1_C) - if (todo.sha1) { - TIME_AND_TSC("SHA-1", mbedtls_sha1(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA256_C) - if (todo.sha256) { - TIME_AND_TSC("SHA-256", mbedtls_sha256(buf, BUFSIZE, tmp, 0)); - } -#endif - -#if defined(MBEDTLS_SHA512_C) - if (todo.sha512) { - TIME_AND_TSC("SHA-512", mbedtls_sha512(buf, BUFSIZE, tmp, 0)); - } -#endif -#if defined(MBEDTLS_SHA3_C) - if (todo.sha3_224) { - TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28)); - } - if (todo.sha3_256) { - TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32)); - } - if (todo.sha3_384) { - TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48)); - } - if (todo.sha3_512) { - TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64)); - } -#endif - -#if defined(MBEDTLS_DES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.des3) { - mbedtls_des3_context des3; - - mbedtls_des3_init(&des3); - if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("3DES", - mbedtls_des3_crypt_cbc(&des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des3_free(&des3); - } - - if (todo.des) { - mbedtls_des_context des; - - mbedtls_des_init(&des); - if (mbedtls_des_setkey_enc(&des, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("DES", - mbedtls_des_crypt_cbc(&des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des_free(&des); - } - -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CMAC_C) - if (todo.des3_cmac) { - unsigned char output[8]; - const mbedtls_cipher_info_t *cipher_info; - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB); - - TIME_AND_TSC("3DES-CMAC", - mbedtls_cipher_cmac(cipher_info, tmp, 192, buf, - BUFSIZE, output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_DES_C */ - -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aes_cbc) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) - if (todo.aes_cfb128) { - int keysize; - size_t iv_off = 0; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, - &iv_off, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } - if (todo.aes_cfb8) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - if (todo.aes_ctr) { - int keysize; - mbedtls_aes_context aes; - - uint8_t stream_block[16]; - size_t nc_off; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CTR-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - memset(stream_block, 0, sizeof(stream_block)); - nc_off = 0; - - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, mbedtls_aes_crypt_ctr(&aes, BUFSIZE, &nc_off, tmp, stream_block, - buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) - if (todo.aes_xts) { - int keysize; - mbedtls_aes_xts_context ctx; - - mbedtls_aes_xts_init(&ctx); - for (keysize = 128; keysize <= 256; keysize += 128) { - mbedtls_snprintf(title, sizeof(title), "AES-XTS-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_xts_setkey_enc(&ctx, tmp, keysize * 2)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE, - tmp, buf, buf)); - - mbedtls_aes_xts_free(&ctx); - } - } -#endif -#if defined(MBEDTLS_GCM_C) - if (todo.aes_gcm) { - int keysize; - mbedtls_gcm_context gcm; - - mbedtls_gcm_init(&gcm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-GCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_gcm_crypt_and_tag(&gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, 16, tmp)); - - mbedtls_gcm_free(&gcm); - } - } -#endif -#if defined(MBEDTLS_CCM_C) - if (todo.aes_ccm) { - int keysize; - mbedtls_ccm_context ccm; - - mbedtls_ccm_init(&ccm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_ccm_setkey(&ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_ccm_encrypt_and_tag(&ccm, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, tmp, 16)); - - mbedtls_ccm_free(&ccm); - } - } -#endif -#if defined(MBEDTLS_CHACHAPOLY_C) - if (todo.chachapoly) { - mbedtls_chachapoly_context chachapoly; - - mbedtls_chachapoly_init(&chachapoly); - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - mbedtls_snprintf(title, sizeof(title), "ChaCha20-Poly1305"); - - mbedtls_chachapoly_setkey(&chachapoly, tmp); - - TIME_AND_TSC(title, - mbedtls_chachapoly_encrypt_and_tag(&chachapoly, - BUFSIZE, tmp, NULL, 0, buf, buf, tmp)); - - mbedtls_chachapoly_free(&chachapoly); - } -#endif -#if defined(MBEDTLS_CMAC_C) - if (todo.aes_cmac) { - unsigned char output[16]; - const mbedtls_cipher_info_t *cipher_info; - mbedtls_cipher_type_t cipher_type; - int keysize; - - for (keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; - keysize <= 256; - keysize += 64, cipher_type++) { - mbedtls_snprintf(title, sizeof(title), "AES-CMAC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(cipher_type); - - TIME_AND_TSC(title, - mbedtls_cipher_cmac(cipher_info, tmp, keysize, - buf, BUFSIZE, output)); - } - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - TIME_AND_TSC("AES-CMAC-PRF-128", - mbedtls_aes_cmac_prf_128(tmp, 16, buf, BUFSIZE, - output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_AES_C */ - -#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aria) { - int keysize; - mbedtls_aria_context aria; - - mbedtls_aria_init(&aria); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_aria_setkey_enc(&aria, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_aria_crypt_cbc(&aria, MBEDTLS_ARIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_aria_free(&aria); - } -#endif - -#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.camellia) { - int keysize; - mbedtls_camellia_context camellia; - - mbedtls_camellia_init(&camellia); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_camellia_setkey_enc(&camellia, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_camellia_crypt_cbc(&camellia, MBEDTLS_CAMELLIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_camellia_free(&camellia); - } -#endif - -#if defined(MBEDTLS_CHACHA20_C) - if (todo.chacha20) { - TIME_AND_TSC("ChaCha20", mbedtls_chacha20_crypt(buf, buf, 0U, BUFSIZE, buf, buf)); - } -#endif - -#if defined(MBEDTLS_POLY1305_C) - if (todo.poly1305) { - TIME_AND_TSC("Poly1305", mbedtls_poly1305_mac(buf, buf, BUFSIZE, buf)); - } -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if (todo.ctr_drbg) { - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("CTR_DRBG (NOPR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON); - TIME_AND_TSC("CTR_DRBG (PR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - } -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) && \ - (defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C)) - if (todo.hmac_drbg) { - mbedtls_hmac_drbg_context hmac_drbg; - const mbedtls_md_info_t *md_info; - - mbedtls_hmac_drbg_init(&hmac_drbg); - -#if defined(MBEDTLS_SHA1_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-1 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-1 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - -#if defined(MBEDTLS_SHA256_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-256 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-256 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - mbedtls_hmac_drbg_free(&hmac_drbg); - } -#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (todo.rsa) { - int keysize; - mbedtls_rsa_context rsa; - - for (keysize = 2048; keysize <= 4096; keysize += 1024) { - mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize); - - mbedtls_rsa_init(&rsa); - mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537); - - TIME_PUBLIC(title, " public", - buf[0] = 0; - ret = mbedtls_rsa_public(&rsa, buf, buf)); - - TIME_PUBLIC(title, "private", - buf[0] = 0; - ret = mbedtls_rsa_private(&rsa, myrand, NULL, buf, buf)); - - mbedtls_rsa_free(&rsa); - } - } -#endif - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C) - if (todo.dhm) { - int dhm_sizes[] = { 2048, 3072 }; - static const unsigned char dhm_P_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - static const unsigned char dhm_P_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN; - static const unsigned char dhm_G_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - static const unsigned char dhm_G_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN; - - const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; - const size_t dhm_P_size[] = { sizeof(dhm_P_2048), - sizeof(dhm_P_3072) }; - - const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 }; - const size_t dhm_G_size[] = { sizeof(dhm_G_2048), - sizeof(dhm_G_3072) }; - - mbedtls_dhm_context dhm; - size_t olen; - size_t n; - mbedtls_mpi P, G; - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - - for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { - mbedtls_dhm_init(&dhm); - - if (mbedtls_mpi_read_binary(&P, dhm_P[i], - dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&G, dhm_G[i], - dhm_G_size[i]) != 0 || - mbedtls_dhm_set_group(&dhm, &P, &G) != 0) { - mbedtls_exit(1); - } - - n = mbedtls_dhm_get_len(&dhm); - mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - - if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "DHE-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= mbedtls_dhm_make_public(&dhm, (int) n, buf, n, - myrand, NULL); - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "DH-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_dhm_free(&dhm); - mbedtls_mpi_free(&P), mbedtls_mpi_free(&G); - } - } -#endif - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) - if (todo.ecdsa) { - mbedtls_ecdsa_context ecdsa; - const mbedtls_ecp_curve_info *curve_info; - size_t sig_len; - - memset(buf, 0x2A, sizeof(buf)); - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, - "sign", - ret = - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, - curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, - NULL)); - - mbedtls_ecdsa_free(&ecdsa); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0 || - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, "verify", - ret = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size, - tmp, sig_len)); - - mbedtls_ecdsa_free(&ecdsa); - } - } -#endif - -#if defined(MBEDTLS_ECDH_C) - if (todo.ecdh) { - mbedtls_ecdh_context ecdh_srv, ecdh_cli; - unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; - const mbedtls_ecp_curve_info *curve_info; - size_t params_len, publen, seclen; - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); - TIME_PUBLIC(title, - "ephemeral handshake", - const unsigned char *p_srv = buf_srv; - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - mbedtls_ecdh_free(&ecdh_cli); - ); - - mbedtls_ecdh_free(&ecdh_srv); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - const unsigned char *p_srv = buf_srv; - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name); - TIME_PUBLIC(title, - "static handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - ); - - mbedtls_ecdh_free(&ecdh_cli); - mbedtls_ecdh_free(&ecdh_srv); - } - } -#endif - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); -#endif - - mbedtls_exit(0); -} - -#endif /* MBEDTLS_HAVE_TIME */ From f8244d49b074f19f3007862722f0c47b1b352ab4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Feb 2025 10:35:41 +0100 Subject: [PATCH 0033/1080] programs: update .gitignore Remove entry for benchmark program since it was moved to the tf-psa-crypto repo. Signed-off-by: Valerio Setti --- programs/.gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/.gitignore b/programs/.gitignore index c3e61c16bd..939e405952 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -46,7 +46,6 @@ ssl/ssl_mail_client ssl/ssl_pthread_server ssl/ssl_server ssl/ssl_server2 -test/benchmark test/cpp_dummy_build test/cpp_dummy_build.cpp test/dlopen From 69d078157655691de1aa5798cc8333a9231d1446 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Feb 2025 11:07:44 +0100 Subject: [PATCH 0034/1080] scripts: move ecc-heap.sh to tf-psa-crypto Since benchmark programs was moved to tf-psa-crypto, this script should be moved as well. Signed-off-by: Valerio Setti --- scripts/ecc-heap.sh | 87 --------------------------------------------- 1 file changed, 87 deletions(-) delete mode 100755 scripts/ecc-heap.sh diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh deleted file mode 100755 index 3eb2ff4492..0000000000 --- a/scripts/ecc-heap.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh - -# Measure heap usage (and performance) of ECC operations with various values of -# the relevant tunable compile-time parameters. -# -# Usage (preferably on a 32-bit platform): -# cmake -D CMAKE_BUILD_TYPE=Release . -# scripts/ecc-heap.sh | tee ecc-heap.log -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' - -if [ -r $CONFIG_H ]; then :; else - echo "$CONFIG_H not found" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then :; else - echo "Needs Cmake" >&2 - exit 1 -fi - -if git status | grep -F $CONFIG_H >/dev/null 2>&1; then - echo "mbedtls_config.h not clean" >&2 - exit 1 -fi - -CONFIG_BAK=${CONFIG_H}.bak -cp $CONFIG_H $CONFIG_BAK - -cat << EOF >$CONFIG_H -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_DEBUG - -#define MBEDTLS_TIMING_C - -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_SHA256_C // ECDSA benchmark needs it -#define MBEDTLS_SHA224_C // SHA256 requires this for now -#define MBEDTLS_ECDH_C - -// NIST curves >= 256 bits -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -// SECP "koblitz-like" curve >= 256 bits -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -// Brainpool curves (no specialised "mod p" routine) -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -// Montgomery curves -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -#define MBEDTLS_HAVE_ASM // just make things a bit faster -#define MBEDTLS_ECP_NIST_OPTIM // faster and less allocations - -//#define MBEDTLS_ECP_WINDOW_SIZE 4 -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -EOF - -for F in 0 1; do - for W in 2 3 4; do - scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W - scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F - make benchmark >/dev/null 2>&1 - echo "fixed point optim = $F, max window size = $W" - echo "--------------------------------------------" - programs/test/benchmark ecdh ecdsa - done -done - -# cleanup - -mv $CONFIG_BAK $CONFIG_H -make clean From aa380c4a829d051eb840b15ab88aff9f9362ad57 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 21 Feb 2025 11:31:33 +0100 Subject: [PATCH 0035/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 67212566e9..2cfed8e711 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 67212566e95c936f8375eb634c249dd71dea582d +Subproject commit 2cfed8e711554ffc9432209caa62244938a7da7b From 79a8ded3159821b08cde22713f42e3db2819b7bb Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 24 Jan 2025 17:39:58 +0000 Subject: [PATCH 0036/1080] Add TLS Hanshake defragmentation tests Tests uses openssl s_server with a mix of max_send_frag and split_send_frag options. Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 84 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23b692c723..a926f50bce 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13872,6 +13872,90 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -c "Handshake was completed" \ -s "dumping .client hello, compression. (2 bytes)" +# Handshake defragmentation testing + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (512)" \ + "$O_SRV -max_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (513)" \ + "$O_SRV -max_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (256)" \ + "$O_SRV -mtu 32 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (128)" \ + "$O_SRV -mtu 32 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (64)" \ + "$O_SRV -mtu 32 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (36)" \ + "$O_SRV -mtu 32 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (32)" \ + "$O_SRV -mtu 32 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (16)" \ + "$O_SRV -mtu 32 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (13)" \ + "$O_SRV -mtu 32 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (5)" \ + "$O_SRV -mtu 32 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 0e0d5d4dc84d81e5d3fc98026c1e6dc0e0beb2a5 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 28 Jan 2025 16:47:21 +0000 Subject: [PATCH 0037/1080] Improve TLS handshake defragmentation tests * Add tests for the server side. * Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3. * Use latest version of openSSL to make sure -max_send_frag & -split_send_frag flags are supported. Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 131 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 100 insertions(+), 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a926f50bce..8d1ec9e4e9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,87 +13874,156 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (512)" \ - "$O_SRV -max_send_frag 512 " \ +run_test "Client Hanshake defragmentation (512)" \ + "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (513)" \ - "$O_SRV -max_send_frag 513 " \ +run_test "Client Hanshake defragmentation (513)" \ + "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (256)" \ - "$O_SRV -mtu 32 -split_send_frag 256 " \ +run_test "Client Hanshake defragmentation (256)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (128)" \ - "$O_SRV -mtu 32 -split_send_frag 128 " \ +run_test "Client Hanshake defragmentation (128)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (64)" \ - "$O_SRV -mtu 32 -split_send_frag 64 " \ +run_test "Client Hanshake defragmentation (64)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (36)" \ - "$O_SRV -mtu 32 -split_send_frag 36 " \ +run_test "Client Hanshake defragmentation (36)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (32)" \ - "$O_SRV -mtu 32 -split_send_frag 32 " \ +run_test "Client Hanshake defragmentation (32)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (16)" \ - "$O_SRV -mtu 32 -split_send_frag 16 " \ +run_test "Client Hanshake defragmentation (16)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (13)" \ - "$O_SRV -mtu 32 -split_send_frag 13 " \ +run_test "Client Hanshake defragmentation (13)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (5)" \ - "$O_SRV -mtu 32 -split_send_frag 5 " \ +run_test "Client Hanshake defragmentation (5)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " + +run_test "Server Hanshake defragmentation (512)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -max_send_frag 512 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (513)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -max_send_frag 513 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (256)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (128)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (64)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (36)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (32)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (16)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (13)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (5)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From c0118d87b93231b1e0bffb3f6d6d1a8567c45d98 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 16:23:40 +0000 Subject: [PATCH 0038/1080] Fix typo in TLS Handshake defrafmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d1ec9e4e9..fd196cd099 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,7 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -run_test "Client Hanshake defragmentation (512)" \ +run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13882,7 +13882,7 @@ run_test "Client Hanshake defragmentation (512)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (513)" \ +run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13890,7 +13890,7 @@ run_test "Client Hanshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (256)" \ +run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13898,7 +13898,7 @@ run_test "Client Hanshake defragmentation (256)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (128)" \ +run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13906,7 +13906,7 @@ run_test "Client Hanshake defragmentation (128)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (64)" \ +run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13914,7 +13914,7 @@ run_test "Client Hanshake defragmentation (64)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (36)" \ +run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13922,7 +13922,7 @@ run_test "Client Hanshake defragmentation (36)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (32)" \ +run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13930,7 +13930,7 @@ run_test "Client Hanshake defragmentation (32)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (16)" \ +run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13939,7 +13939,7 @@ run_test "Client Hanshake defragmentation (16)" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (13)" \ +run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13947,7 +13947,7 @@ run_test "Client Hanshake defragmentation (13)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (5)" \ +run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13955,70 +13955,70 @@ run_test "Client Hanshake defragmentation (5)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Server Hanshake defragmentation (512)" \ +run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 512 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (513)" \ +run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 513 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (256)" \ +run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (128)" \ +run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (64)" \ +run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (36)" \ +run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (32)" \ +run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (16)" \ +run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (13)" \ +run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (5)" \ +run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ 0 \ From fccd014c2d9f5f154d7a813dafc9168503b9d2eb Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 16:58:58 +0000 Subject: [PATCH 0039/1080] Remove unnecessary string check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fd196cd099..d59d681216 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13878,7 +13878,6 @@ run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13886,7 +13885,6 @@ run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13894,7 +13892,6 @@ run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13902,7 +13899,6 @@ run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13910,7 +13906,6 @@ run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13918,7 +13913,6 @@ run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13926,7 +13920,6 @@ run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13934,7 +13927,6 @@ run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13943,7 +13935,6 @@ run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13951,7 +13942,6 @@ run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " From f9120311e34cb45d03a752e4f515d7ed13c45c25 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 17:01:55 +0000 Subject: [PATCH 0040/1080] Require openssl to support TLS 1.3 in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d59d681216..a9fd77c836 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,6 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -13881,6 +13882,7 @@ run_test "Client Handshake defragmentation (512)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ @@ -13888,6 +13890,7 @@ run_test "Client Handshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13895,6 +13898,7 @@ run_test "Client Handshake defragmentation (256)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13902,6 +13906,7 @@ run_test "Client Handshake defragmentation (128)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -13909,6 +13914,7 @@ run_test "Client Handshake defragmentation (64)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -13916,6 +13922,7 @@ run_test "Client Handshake defragmentation (36)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -13923,6 +13930,7 @@ run_test "Client Handshake defragmentation (32)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -13930,7 +13938,7 @@ run_test "Client Handshake defragmentation (16)" \ -c "<= handshake" \ -c "handshake fragment: " - +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -13938,6 +13946,7 @@ run_test "Client Handshake defragmentation (13)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -13945,6 +13954,7 @@ run_test "Client Handshake defragmentation (5)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 512 " \ @@ -13952,6 +13962,7 @@ run_test "Server Handshake defragmentation (512)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 513 " \ @@ -13959,6 +13970,7 @@ run_test "Server Handshake defragmentation (513)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ @@ -13966,6 +13978,7 @@ run_test "Server Handshake defragmentation (256)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ @@ -13973,6 +13986,7 @@ run_test "Server Handshake defragmentation (128)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ @@ -13980,6 +13994,7 @@ run_test "Server Handshake defragmentation (64)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ @@ -13987,6 +14002,7 @@ run_test "Server Handshake defragmentation (36)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ @@ -13994,6 +14010,7 @@ run_test "Server Handshake defragmentation (32)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ @@ -14001,6 +14018,7 @@ run_test "Server Handshake defragmentation (16)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ @@ -14008,6 +14026,7 @@ run_test "Server Handshake defragmentation (13)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ From 48874b3abaf2ea71d869f2b7f4541fe90dc4676b Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 17:13:34 +0000 Subject: [PATCH 0041/1080] Add client authentication to handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a9fd77c836..68c9f3f06d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13957,7 +13957,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -max_send_frag 512 " \ + "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13965,7 +13965,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -max_send_frag 513 " \ + "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13973,7 +13973,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13981,7 +13981,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13989,7 +13989,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13997,7 +13997,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14005,7 +14005,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14013,7 +14013,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14021,7 +14021,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14029,7 +14029,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " From 39d83dd38dfb9b4a26dafc5bcdee1a14eb6fc820 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 18:28:56 +0000 Subject: [PATCH 0042/1080] Remove unneeded mtu option from handshake fragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 68c9f3f06d..7d9f7fe259 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13892,7 +13892,7 @@ run_test "Client Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ + "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13900,7 +13900,7 @@ run_test "Client Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (128)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ + "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13908,7 +13908,7 @@ run_test "Client Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (64)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ + "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13916,7 +13916,7 @@ run_test "Client Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (36)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ + "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13924,7 +13924,7 @@ run_test "Client Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (32)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ + "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13932,7 +13932,7 @@ run_test "Client Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (16)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ + "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13940,7 +13940,7 @@ run_test "Client Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (13)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ + "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13948,7 +13948,7 @@ run_test "Client Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (5)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ + "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13973,7 +13973,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13981,7 +13981,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13989,7 +13989,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13997,7 +13997,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14005,7 +14005,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14013,7 +14013,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14021,7 +14021,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14029,7 +14029,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " From 61b8e2d225da7e59bf759bab1708660ac4c7b1af Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 30 Jan 2025 12:02:12 +0000 Subject: [PATCH 0043/1080] Enforce client authentication in handshake fragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7d9f7fe259..5e20d32aa2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13956,7 +13956,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13964,7 +13964,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13972,7 +13972,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13980,7 +13980,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13988,7 +13988,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13996,7 +13996,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14004,7 +14004,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14012,7 +14012,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14020,7 +14020,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14028,7 +14028,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ From f162249e87be8a431928f5eb7a76c9d9ff8bfcd8 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 30 Jan 2025 17:53:02 +0000 Subject: [PATCH 0044/1080] Add a comment to elaborate using split_send_frag in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5e20d32aa2..9a2622e418 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13890,6 +13890,9 @@ run_test "Client Handshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " +# OpenSSL does not allow max_send_frag to be less than 512 +# so we use split_send_frag instead for tests lower than 512 below. + requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ From a75c7e09c81599b1a25cde85352e3932ed6d76b5 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:25:43 +0000 Subject: [PATCH 0045/1080] Add guard to handshake defragmentation tests for client certificate Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a2622e418..51844f2a65 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13894,6 +13894,7 @@ run_test "Client Handshake defragmentation (513)" \ # so we use split_send_frag instead for tests lower than 512 below. requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13902,6 +13903,7 @@ run_test "Client Handshake defragmentation (256)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13910,6 +13912,7 @@ run_test "Client Handshake defragmentation (128)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -13918,6 +13921,7 @@ run_test "Client Handshake defragmentation (64)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -13926,6 +13930,7 @@ run_test "Client Handshake defragmentation (36)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -13934,6 +13939,7 @@ run_test "Client Handshake defragmentation (32)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -13942,6 +13948,7 @@ run_test "Client Handshake defragmentation (16)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -13950,6 +13957,7 @@ run_test "Client Handshake defragmentation (13)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -13958,6 +13966,7 @@ run_test "Client Handshake defragmentation (5)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13966,6 +13975,7 @@ run_test "Server Handshake defragmentation (512)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13974,6 +13984,7 @@ run_test "Server Handshake defragmentation (513)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13982,6 +13993,7 @@ run_test "Server Handshake defragmentation (256)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13990,6 +14002,7 @@ run_test "Server Handshake defragmentation (128)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13998,6 +14011,7 @@ run_test "Server Handshake defragmentation (64)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14006,6 +14020,7 @@ run_test "Server Handshake defragmentation (36)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14014,6 +14029,7 @@ run_test "Server Handshake defragmentation (32)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14022,6 +14038,7 @@ run_test "Server Handshake defragmentation (16)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14030,6 +14047,7 @@ run_test "Server Handshake defragmentation (13)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From 5f21537c2ada87522334932c9908052a696c5629 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:50:08 +0000 Subject: [PATCH 0046/1080] Test Handshake defragmentation only for TLS 1.3 only for small values Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 51844f2a65..4659fcdb22 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13893,8 +13893,12 @@ run_test "Client Handshake defragmentation (513)" \ # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. +# There is an issue with OpenSSL when fragmenting with values less +# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. + requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13904,6 +13908,7 @@ run_test "Client Handshake defragmentation (256)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13913,6 +13918,7 @@ run_test "Client Handshake defragmentation (128)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -13922,6 +13928,7 @@ run_test "Client Handshake defragmentation (64)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -13931,6 +13938,7 @@ run_test "Client Handshake defragmentation (36)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -13940,6 +13948,7 @@ run_test "Client Handshake defragmentation (32)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -13949,6 +13958,7 @@ run_test "Client Handshake defragmentation (16)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -13958,6 +13968,7 @@ run_test "Client Handshake defragmentation (13)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -13985,6 +13996,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13994,6 +14006,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14003,6 +14016,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14012,6 +14026,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14021,6 +14036,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14030,6 +14046,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14039,6 +14056,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14048,6 +14066,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From 4028cfd9ca2bae151203f26c457fcd702fc328f2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 14:44:13 +0000 Subject: [PATCH 0047/1080] Add missing client certificate check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4659fcdb22..da4e6eb527 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13875,6 +13875,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -13883,6 +13884,7 @@ run_test "Client Handshake defragmentation (512)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ From 270dd7462e5a4bdff3a302112d247ed99e639726 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 5 Feb 2025 15:23:14 +0000 Subject: [PATCH 0048/1080] ssl-opt: Updated the keywords to look up during handshake fragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 80 ++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index da4e6eb527..46751afdf0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13880,8 +13880,8 @@ run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13889,8 +13889,8 @@ run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -13905,8 +13905,8 @@ run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13915,8 +13915,8 @@ run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13925,8 +13925,8 @@ run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13935,8 +13935,8 @@ run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13945,8 +13945,8 @@ run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13955,8 +13955,8 @@ run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13965,8 +13965,8 @@ run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13975,8 +13975,8 @@ run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13984,8 +13984,8 @@ run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13993,8 +13993,8 @@ run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14003,8 +14003,8 @@ run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14013,8 +14013,8 @@ run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14023,8 +14023,8 @@ run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14033,8 +14033,8 @@ run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14043,8 +14043,8 @@ run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14053,8 +14053,8 @@ run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14063,8 +14063,8 @@ run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14073,8 +14073,8 @@ run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From a1b9117f176e552574cd92304093bf5f71ca59f7 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Feb 2025 14:10:18 +0000 Subject: [PATCH 0049/1080] ssl-opt: Added requires_openssl_3_x to defragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 80 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 60 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 46751afdf0..0fc099a23e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,6 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Client Handshake defragmentation (512)" \ @@ -13881,8 +13882,10 @@ run_test "Client Handshake defragmentation (512)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Client Handshake defragmentation (513)" \ @@ -13890,7 +13893,8 @@ run_test "Client Handshake defragmentation (513)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -13898,6 +13902,7 @@ run_test "Client Handshake defragmentation (513)" \ # There is an issue with OpenSSL when fragmenting with values less # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13906,8 +13911,10 @@ run_test "Client Handshake defragmentation (256)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13916,8 +13923,10 @@ run_test "Client Handshake defragmentation (128)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13926,8 +13935,10 @@ run_test "Client Handshake defragmentation (64)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13936,8 +13947,10 @@ run_test "Client Handshake defragmentation (36)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13946,8 +13959,10 @@ run_test "Client Handshake defragmentation (32)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13956,8 +13971,10 @@ run_test "Client Handshake defragmentation (16)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13966,8 +13983,10 @@ run_test "Client Handshake defragmentation (13)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13976,8 +13995,10 @@ run_test "Client Handshake defragmentation (5)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Server Handshake defragmentation (512)" \ @@ -13985,8 +14006,10 @@ run_test "Server Handshake defragmentation (512)" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Server Handshake defragmentation (513)" \ @@ -13994,8 +14017,10 @@ run_test "Server Handshake defragmentation (513)" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14004,8 +14029,10 @@ run_test "Server Handshake defragmentation (256)" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14014,8 +14041,10 @@ run_test "Server Handshake defragmentation (128)" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14024,8 +14053,10 @@ run_test "Server Handshake defragmentation (64)" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14034,8 +14065,10 @@ run_test "Server Handshake defragmentation (36)" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14044,8 +14077,10 @@ run_test "Server Handshake defragmentation (32)" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14054,8 +14089,10 @@ run_test "Server Handshake defragmentation (16)" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14064,8 +14101,10 @@ run_test "Server Handshake defragmentation (13)" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14074,7 +14113,8 @@ run_test "Server Handshake defragmentation (5)" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From a8a298c9d60d70bb5faa28de8e91547bd2e87280 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Feb 2025 17:06:18 +0000 Subject: [PATCH 0050/1080] ssl-opt: Adjusted the wording on handshake fragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0fc099a23e..269f6b45d2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13877,7 +13877,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Client Handshake defragmentation (512)" \ +run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13888,7 +13888,7 @@ run_test "Client Handshake defragmentation (512)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Client Handshake defragmentation (513)" \ +run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13906,7 +13906,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (256)" \ +run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13918,7 +13918,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (128)" \ +run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13930,7 +13930,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (64)" \ +run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13942,7 +13942,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (36)" \ +run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13954,7 +13954,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (32)" \ +run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13966,7 +13966,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (16)" \ +run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13978,7 +13978,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (13)" \ +run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13990,7 +13990,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (5)" \ +run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14001,7 +14001,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Server Handshake defragmentation (512)" \ +run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14012,7 +14012,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Server Handshake defragmentation (513)" \ +run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14024,7 +14024,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (256)" \ +run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14036,7 +14036,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (128)" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14048,7 +14048,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (64)" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14060,7 +14060,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (36)" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14072,7 +14072,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (32)" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14084,7 +14084,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (16)" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14096,7 +14096,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (13)" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14108,7 +14108,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (5)" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ From a4dde77cbe57d0b68039c44acedae55e4851fde4 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 8 Feb 2025 23:31:43 +0000 Subject: [PATCH 0051/1080] ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 96 ++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 56 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 269f6b45d2..7c9aea9873 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13875,10 +13875,10 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13886,10 +13886,10 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "waiting for more fragments (512 of [0-9]\\+" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13903,11 +13903,10 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 256 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13915,11 +13914,10 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "waiting for more fragments (256 of [0-9]\\+" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 128 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13927,11 +13925,10 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "waiting for more fragments (128" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 64 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13939,11 +13936,10 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "waiting for more fragments (64" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 36 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13951,11 +13947,10 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "waiting for more fragments (36" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 32 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13963,11 +13958,10 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "waiting for more fragments (32" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 16 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13975,11 +13969,10 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ -c "waiting for more fragments (16" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 13 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13987,11 +13980,10 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "waiting for more fragments (13" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 5 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13999,118 +13991,110 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "waiting for more fragments (5" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ From 85fe73d55db762af5c3ab0f74a2a92fee82fa2fd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 9 Feb 2025 23:37:34 +0000 Subject: [PATCH 0052/1080] ssl-opt: Added tls 1.2 tests for HS defragmentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 221 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 221 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7c9aea9873..d22bccafb1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13885,6 +13885,17 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13896,6 +13907,17 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -13913,6 +13935,17 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13924,6 +13957,17 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13935,6 +13979,17 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13946,6 +14001,17 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13957,6 +14023,17 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13968,6 +14045,17 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13979,6 +14067,17 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13990,6 +14089,17 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14001,6 +14111,17 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14012,6 +14133,17 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14023,6 +14155,18 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14034,6 +14178,17 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14045,6 +14200,17 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14056,6 +14222,17 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14067,6 +14244,17 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14078,6 +14266,17 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14089,6 +14288,17 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14100,6 +14310,17 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 41782a9cd0d2fc0e77879e1aab737294edfa8190 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:21:22 +0000 Subject: [PATCH 0053/1080] ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d22bccafb1..855e3c0c3c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13873,6 +13873,15 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -s "dumping .client hello, compression. (2 bytes)" # Handshake defragmentation testing +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ + "$O_NEXT_SRV" \ + "$P_CLI debug_level=4 " \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" requires_openssl_3_x requires_protocol_version tls13 @@ -14100,6 +14109,16 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication From 1c106afd22bf51b13dbcde8b7919a02cc4f86a72 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:33:22 +0000 Subject: [PATCH 0054/1080] ssl-opt: Added handshake fragmentation tests for 4 byte fragments. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 855e3c0c3c..7d57c4a3f0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14109,7 +14109,6 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" -requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ @@ -14340,6 +14339,28 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 74ce7498d7063958b0036e509d790ebd2e73ad82 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:41:18 +0000 Subject: [PATCH 0055/1080] ssl-opt: Added negative tests for handshake fragmentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7d57c4a3f0..8268fde352 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14109,6 +14109,27 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "=> ssl_tls13_process_server_hello" \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ @@ -14361,6 +14382,41 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ + "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "The SSL configuration is tls12 only" \ + -s "bad client hello message" \ + -s "SSL - A message could not be parsed due to a syntactic error" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 36c81f5f05878c717620095874a1c14d52c86db2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 09:44:46 +0000 Subject: [PATCH 0056/1080] ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8268fde352..f6795f6b6a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13894,9 +13894,13 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" +# Since the removal of the DHE-RSA key exchange, the default openssl server +# certificate does not match what is provided by the testing client. Those +# use-cases are out of scope for defregmentation testing, and should be skipped. requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -13919,6 +13923,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ @@ -13947,6 +13952,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13969,6 +13975,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13991,6 +13998,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -14013,6 +14021,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -14035,6 +14044,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -14057,6 +14067,7 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -14123,6 +14134,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ From d708a63857c3fa0462ca61432400693dd08b3b2b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:28:27 +0000 Subject: [PATCH 0057/1080] ssl-opt: Updated documentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f6795f6b6a..54b0065d33 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13873,6 +13873,11 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -s "dumping .client hello, compression. (2 bytes)" # Handshake defragmentation testing + +# To warrant that the handhake messages are large enough and need to be split +# into fragments, the tests require certificate authentication. The party in control +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) +# either from O_NEXT_SRV or test data. requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13932,12 +13937,6 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -# OpenSSL does not allow max_send_frag to be less than 512 -# so we use split_send_frag instead for tests lower than 512 below. - -# There is an issue with OpenSSL when fragmenting with values less -# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. - requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14405,11 +14404,13 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" +# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From eddbb5a829e4b22e21a02ffe62eb7c00b4165d02 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 19 Feb 2025 11:37:39 +0000 Subject: [PATCH 0058/1080] ChangeLog: Updated the entry for tls-hs-defragmentation Signed-off-by: Minos Galanakis --- ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 55103c9a42..4fd4a4e372 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -3,3 +3,10 @@ Bugfix by the spec. Lack of support was causing handshake failures with some servers, especially with TLS 1.3 in practice (though both protocol version could be affected in principle, and both are fixed now). + The initial fragment for each handshake message must be at least 4 bytes. + + Server-side, defragmentation of the ClientHello message is only + supported if the server accepts TLS 1.3 (regardless of whether the + ClientHello is 1.3 or 1.2). That is, servers configured (either + at compile time or at runtime) to only accept TLS 1.2 will + still fail the handshake if the ClientHello message is fragmented. From a5a8c9f5c9a06a6043cff3778620f5309fae0528 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 20:27:51 +0000 Subject: [PATCH 0059/1080] ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 57 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 54b0065d33..cf7dc2412c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14055,7 +14055,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication -run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ +run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14067,7 +14067,7 @@ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ +run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14119,6 +14119,28 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14210,13 +14232,12 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" - requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14228,8 +14249,11 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" +# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14251,7 +14275,8 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "waiting for more fragments (64" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14273,7 +14298,8 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "waiting for more fragments (36" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14295,7 +14321,8 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "waiting for more fragments (32" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14317,7 +14344,8 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "waiting for more fragments (16" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14339,7 +14367,8 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "waiting for more fragments (13" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14361,7 +14390,8 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "waiting for more fragments (5" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14371,6 +14401,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ @@ -14404,8 +14435,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14422,7 +14451,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 99ca6680f29dfe7754c87b3cb9580886aed094fd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 23:24:34 +0000 Subject: [PATCH 0060/1080] ssl-opt: Replaced max_send_frag with split_send_frag Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index cf7dc2412c..818d50dc95 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13892,7 +13892,7 @@ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13907,7 +13907,7 @@ requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13918,7 +13918,7 @@ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13930,7 +13930,7 @@ requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14177,7 +14177,7 @@ requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -14188,7 +14188,7 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -14199,7 +14199,7 @@ requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -14210,7 +14210,7 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ From cd6a24b28895a277fe5fa5236c3dce09143d9928 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 24 Feb 2025 09:27:09 +0000 Subject: [PATCH 0061/1080] ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 818d50dc95..d09005b667 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14086,6 +14086,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -14108,6 +14109,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -14130,6 +14132,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -c "waiting for more fragments (4" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication From 434016e2eb6812be245277ceda39a56713be284c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:49:59 +0100 Subject: [PATCH 0062/1080] Keep track of whether mbedtls_ssl_set_hostname() has been called No behavior change apart from now emitting a different log message depending on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 ++ library/ssl_misc.h | 6 ++++++ library/ssl_tls.c | 9 +++----- tests/ssl-opt.sh | 50 ++++++++++++++++++++++++++++++++----------- 4 files changed, 48 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7c3a3d9433..fa46fa7451 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1671,6 +1671,8 @@ struct mbedtls_ssl_context { int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ /** Mask of `MBEDTLS_SSL_CONTEXT_FLAG_XXX`. + * See `mbedtls_ssl_context_flags_t` in ssl_misc.h. + * * This field is not saved by mbedtls_ssl_session_save(). */ uint32_t MBEDTLS_PRIVATE(flags); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9f91861f64..2d54172818 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -51,6 +51,12 @@ extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED #endif +/** Flag values for mbedtls_ssl_context::flags. */ +typedef enum { + /** Set if mbedtls_ssl_set_hostname() has been called. */ + MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1, +} mbedtls_ssl_context_flags_t; + #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dd1beb98b7..998cac2ce4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2529,12 +2529,7 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, static int mbedtls_ssl_has_set_hostname_been_called( const mbedtls_ssl_context *ssl) { - /* We can't tell the difference between the case where - * mbedtls_ssl_set_hostname() has not been called at all, and - * the case where it was last called with NULL. For the time - * being, we assume the latter, i.e. we behave as if there had - * been an implicit call to mbedtls_ssl_set_hostname(ssl, NULL). */ - return ssl->hostname != NULL; + return (ssl->flags & MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) != 0; } #endif @@ -2580,6 +2575,8 @@ int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) ssl->hostname[hostname_len] = '\0'; } + ssl->flags |= MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET; + return 0; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e541a81983..ecff16ec8d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5943,9 +5943,11 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" run_test "Authentication: hostname match, client required" \ "$P_SRV" \ - "$P_CLI auth_mode=required server_name=localhost debug_level=1" \ + "$P_CLI auth_mode=required server_name=localhost debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -5997,7 +5999,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \ run_test "Authentication: hostname mismatch, client optional" \ "$P_SRV" \ - "$P_CLI auth_mode=optional server_name=wrong-name debug_level=1" \ + "$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \ 0 \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ @@ -6005,93 +6007,115 @@ run_test "Authentication: hostname mismatch, client optional" \ run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ - "$P_CLI auth_mode=none server_name=wrong-name debug_level=1" \ + "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client required" \ "$P_SRV" \ - "$P_CLI auth_mode=required set_hostname=NULL debug_level=1" \ + "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client optional" \ "$P_SRV" \ - "$P_CLI auth_mode=optional set_hostname=NULL debug_level=1" \ + "$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client none" \ "$P_SRV" \ - "$P_CLI auth_mode=none set_hostname=NULL debug_level=1" \ + "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ - "$P_CLI auth_mode=required set_hostname=no debug_level=1" \ + "$P_CLI auth_mode=required set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ - "$P_CLI auth_mode=optional set_hostname=no debug_level=1" \ + "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ - "$P_CLI auth_mode=none set_hostname=no debug_level=1" \ + "$P_CLI auth_mode=none set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" From 59a51170727c0a903c9a6dcbd4707b500d9cdaa3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 13:46:03 +0100 Subject: [PATCH 0063/1080] Create error code for mbedtls_ssl_set_hostname not called Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa46fa7451..0eaec5c8ca 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -169,6 +169,39 @@ #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /** Invalid value in SSL config */ #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 +/* Error space gap */ +/** Attempt to verify a certificate without an expected hostname. + * This is usually insecure. + * + * In TLS clients, when a client authenticates a server through its + * certificate, the client normally checks three things: + * - the certificate chain must be valid; + * - the chain must start from a trusted CA; + * - the certificate must cover the server name that is expected by the client. + * + * Omitting any of these checks is generally insecure, and can allow a + * malicious server to impersonate a legitimate server. + * + * The third check may be safely skipped in some unusual scenarios, + * such as networks where eavesdropping is a risk but not active attacks, + * or a private PKI where the client equally trusts all servers that are + * accredited by the root CA. + * + * You should call mbedtls_ssl_set_hostname() with the expected server name + * before starting a TLS handshake on a client (unless the client is + * set up to only use PSK-based authentication, which does not rely on the + * host name). If you have determined that server name verification is not + * required for security in your scenario, call mbedtls_ssl_set_hostname() + * with \p NULL as the server name. + * + * This error is raised if all of the following conditions are met: + * + * - A TLS client is configured with the authentication mode + * #MBEDTLS_SSL_VERIFY_REQUIRED (default). + * - Certificate authentication is enabled. + * - The client does not call mbedtls_ssl_set_hostname(). + */ +#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80 /* * Constants from RFC 8446 for TLS 1.3 PSK modes From 488b91929dc20d186913eb896202d634c769dbc4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 14:39:02 +0100 Subject: [PATCH 0064/1080] Require calling mbedtls_ssl_set_hostname() for security In a TLS client, when using certificate authentication, the client should check that the certificate is valid for the server name that the client expects. Otherwise, in most scenarios, a malicious server can impersonate another server. Normally, the application code should call mbedtls_ssl_set_hostname(). However, it's easy to forget. So raise an error if mandatory certificate authentication is in effect and mbedtls_ssl_set_hostname() has not been called. Raise the new error code MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy identification. But don't raise the error if the backward compatibility option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is enabled. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 4 ++++ tests/ssl-opt.sh | 17 ++++++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 998cac2ce4..6c401b59bd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8872,6 +8872,10 @@ static int get_hostname_for_verification(mbedtls_ssl_context *ssl, { if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) { MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname")); + if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT && + ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { + return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME; + } } *hostname = ssl->hostname; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ecff16ec8d..8d417afb1a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6049,12 +6049,13 @@ run_test "Authentication: hostname null, client none" \ run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ "$P_CLI auth_mode=required set_hostname=no debug_level=2" \ - 0 \ + 1 \ -C "does not match with the expected CN" \ -c "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "! mbedtls_ssl_handshake returned" \ + -c "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client optional" \ @@ -6080,10 +6081,11 @@ run_test "Authentication: hostname unset, client none" \ run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 0 \ + 1 \ -C "does not match with the expected CN" \ -c "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" @@ -6091,10 +6093,11 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 0 \ + 1 \ -C "does not match with the expected CN" \ -c "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" From 856a3706286b313cd0f22b07b9233348d53c620f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 17:28:49 +0100 Subject: [PATCH 0065/1080] Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 44e07efb63..b89ca215f3 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -855,6 +855,10 @@ int mbedtls_test_ssl_endpoint_init( ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); TEST_ASSERT(ret == 0); + if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { + ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); From 640512eb90a129187aa24ae4f7e742224d63ad2e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 21:46:00 +0100 Subject: [PATCH 0066/1080] mbedtls_ssl_set_hostname tests: add tests with CA callback Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d417afb1a..8a44687c52 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5952,6 +5952,18 @@ run_test "Authentication: hostname match, client required" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +run_test "Authentication: hostname match, client required, CA callback" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ + -c "use CA callback for X.509 CRT verification" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + run_test "Authentication: hostname mismatch (wrong), client required" \ "$P_SRV" \ "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \ @@ -6058,6 +6070,19 @@ run_test "Authentication: hostname unset, client required" \ -c "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +run_test "Authentication: hostname unset, client required, CA callback" \ + "$P_SRV" \ + "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \ + 1 \ + -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ + -C "use CA callback for X.509 CRT verification" \ + -C "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \ From 825c3d075a7ac6e11505dfc4a59140282884e1a0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 17:41:54 +0100 Subject: [PATCH 0067/1080] Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0eaec5c8ca..b15bbb6665 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2015,6 +2015,17 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl); * \note The PSA crypto subsystem must have been initialized by * calling psa_crypto_init() before calling this function. * + * \note After setting up a client context, if certificate-based + * authentication is enabled, you should call + * mbedtls_ssl_set_hostname() to specifiy the expected + * name of the server. Otherwise, if server authentication + * is required (which is the case by default) and the + * selected key exchange involves a certificate (i.e. is not + * based on a pre-shared key), the certificate authentication + * will fail. See + * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + * for more information. + * * \param ssl SSL context * \param conf SSL configuration to use * From 02e303ec8669d6691404b09a48bd0e6e0c4fad80 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 17:49:20 +0100 Subject: [PATCH 0068/1080] Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients Signed-off-by: Gilles Peskine --- ChangeLog.d/mbedtls_ssl_set_hostname.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt new file mode 100644 index 0000000000..f5f0fa7e05 --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -0,0 +1,15 @@ +Default behavior changes + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Security + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. From 96073fb997dd6d7ef978f30bb390738691577f69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 19:12:04 +0100 Subject: [PATCH 0069/1080] Improve documentation of mbedtls_ssl_set_hostname Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b15bbb6665..0fe2399d3a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3937,16 +3937,19 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** * \brief Set or reset the hostname to check against the received - * server certificate. It sets the ServerName TLS extension, - * too, if that extension is enabled. (client-side only) + * peer certificate. On a client, this also sets the + * ServerName TLS extension, if that extension is enabled. + * On a TLS 1.3 client, this also sets the server name in + * the session resumption ticket, if that feature is enabled. * * \param ssl SSL context - * \param hostname the server hostname, may be NULL to clear hostname - - * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. + * \param hostname The server hostname. This may be \c NULL to clear + * the hostname. + * + * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN. * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * * Hostname set to the one provided on success (cleared From eb2d29eb6bdce5b90e31ce2a8a4eb1826ee5d8b7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 19:12:16 +0100 Subject: [PATCH 0070/1080] Document the need to call mbedtls_ssl_set_hostname Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0fe2399d3a..31540249d5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3948,6 +3948,16 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, * * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN. * + * \note If the hostname is \c NULL on a client, then the server + * is not authenticated: it only needs to have a valid + * certificate, not a certificate matching its name. + * Therefore you should always call this function on a client, + * unless the connection is set up to only allow + * pre-shared keys, or in scenarios where server + * impersonation is not a concern. See the documentation of + * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + * for more details. + * * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. From fd89acc7357c53b432141bb2d341ca104f77bc85 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 Feb 2025 18:45:49 +0100 Subject: [PATCH 0071/1080] ssl_session_reset: preserve HOSTNAME_SET flag When we don't reset `ssl->hostname`, we must not reset the `MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET` flag either. Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 10 ++++++++++ library/ssl_tls.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2d54172818..fd01aacac7 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -57,6 +57,16 @@ typedef enum { MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1, } mbedtls_ssl_context_flags_t; +/** Flags from ::mbedtls_ssl_context_flags_t to keep in + * mbedtls_ssl_session_reset(). + * + * The flags that are in this list are kept until explicitly updated or + * until mbedtls_ssl_free(). The flags that are not listed here are + * reset to 0 in mbedtls_ssl_session_reset(). + */ +#define MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION \ + (MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) + #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6c401b59bd..0b072e6a76 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1411,7 +1411,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ssl->state = MBEDTLS_SSL_HELLO_REQUEST; - ssl->flags = 0; + ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION; ssl->tls_version = ssl->conf->max_tls_version; mbedtls_ssl_session_reset_msg_layer(ssl, partial); From c8709c6a85c5d9b2ce88533d60b87b4b95d7b70e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 24 Feb 2025 23:43:07 +0000 Subject: [PATCH 0072/1080] ssl-opt: Removed redundant dependencies: requires_openssl_3_x Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 132 +++++++++++++++-------------------------------- 1 file changed, 41 insertions(+), 91 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d09005b667..6b9ef1d225 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13878,8 +13878,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) # either from O_NEXT_SRV or test data. -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ @@ -13888,8 +13887,7 @@ run_test "Handshake defragmentation on client (no fragmentation, for referenc -C "reassembled record" \ -C "waiting for more fragments" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ @@ -13902,8 +13900,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ # Since the removal of the DHE-RSA key exchange, the default openssl server # certificate does not match what is provided by the testing client. Those # use-cases are out of scope for defregmentation testing, and should be skipped. -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ @@ -13914,8 +13911,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ @@ -13925,8 +13921,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ @@ -13937,8 +13932,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ @@ -13948,8 +13942,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ @@ -13960,8 +13953,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ @@ -13971,8 +13963,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ @@ -13983,8 +13974,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ @@ -13994,8 +13984,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ @@ -14006,8 +13995,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ @@ -14017,8 +14005,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ @@ -14029,8 +14016,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ @@ -14040,8 +14026,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ @@ -14052,8 +14037,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ @@ -14063,8 +14047,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ @@ -14075,8 +14058,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ @@ -14087,8 +14069,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "waiting for more fragments (13" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ @@ -14098,8 +14079,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ @@ -14110,8 +14090,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "waiting for more fragments (5" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ @@ -14121,8 +14100,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ @@ -14133,8 +14111,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ -c "waiting for more fragments (4" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ @@ -14144,8 +14121,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -c "waiting for more fragments (4" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ @@ -14155,8 +14131,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ @@ -14166,7 +14141,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14175,8 +14150,7 @@ run_test "Handshake defragmentation on server (no fragmentation, for referenc -C "reassembled record" \ -C "waiting for more fragments" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14186,8 +14160,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14197,8 +14170,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14208,8 +14180,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14219,8 +14190,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14230,8 +14200,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14241,8 +14210,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14254,7 +14222,6 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ # Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14266,8 +14233,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14277,7 +14243,6 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14289,8 +14254,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14300,7 +14264,6 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14312,8 +14275,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14323,7 +14285,6 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14335,8 +14296,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14346,7 +14306,6 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14358,8 +14317,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14369,7 +14327,6 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14381,8 +14338,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14392,7 +14348,6 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14404,8 +14359,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14415,7 +14369,6 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14427,8 +14380,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14438,7 +14390,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14450,7 +14401,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication From 17170a5ed22954eab7ab65ac0b564582934dfb3a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 11:40:33 +0000 Subject: [PATCH 0073/1080] ssl-opt: Updated documentation of HS-Defrag tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6b9ef1d225..52ae002655 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14225,7 +14225,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14246,7 +14246,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14267,7 +14267,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14288,7 +14288,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14309,7 +14309,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14330,7 +14330,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14351,7 +14351,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14372,7 +14372,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14393,7 +14393,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -14404,7 +14404,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 19dbbe095894a623f5ac32393f57219ef60a647c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 11:45:02 +0000 Subject: [PATCH 0074/1080] analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. Signed-off-by: Minos Galanakis --- tests/scripts/analyze_outcomes.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index e68c2cbf09..7a5c506a95 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -50,6 +50,11 @@ def _has_word_re(words: typing.Iterable[str], # TLS doesn't use restartable ECDH yet. # https://github.com/Mbed-TLS/mbedtls/issues/7294 re.compile(r'EC restart:.*no USE_PSA.*'), + # Temporary disable Handshake defragmentation tests until mbedtls + # pr #10011 has been merged. + 'Handshake defragmentation on client: len=4, TLS 1.2', + 'Handshake defragmentation on client: len=5, TLS 1.2', + 'Handshake defragmentation on client: len=13, TLS 1.2' ], 'test_suite_config.mbedtls_boolean': [ # Missing coverage of test configurations. From 76957cceabebc87acbb363c3971403939d692104 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 14:43:17 +0000 Subject: [PATCH 0075/1080] ssl-opt: Minor typos and documentation fixes. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 52ae002655..84b72e8b4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,10 +13874,9 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -# To warrant that the handhake messages are large enough and need to be split +# To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) -# either from O_NEXT_SRV or test data. +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ @@ -13897,9 +13896,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" -# Since the removal of the DHE-RSA key exchange, the default openssl server -# certificate does not match what is provided by the testing client. Those -# use-cases are out of scope for defregmentation testing, and should be skipped. +#The server uses an ECDSA cert, so make sure we have a compatible key exchange requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -14220,12 +14217,12 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" -# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14246,7 +14243,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14267,7 +14264,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14288,7 +14285,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14309,7 +14306,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14330,7 +14327,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14351,7 +14348,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14372,7 +14369,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14393,7 +14390,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -14404,7 +14401,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From d01ac30cfa941141e49c5c0d561a48565c7a5627 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 15:11:09 +0000 Subject: [PATCH 0076/1080] ssl-opt: Adjusted reference hs defragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 84b72e8b4c..7fdab715f8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13877,7 +13877,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ @@ -14138,14 +14137,13 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" + -S "reassembled record" \ + -S "waiting for more fragments" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication From 0dd57a99137a32ce1eae4dd20f452f32248543a4 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 18:02:33 +0000 Subject: [PATCH 0077/1080] ssl-opt: Removed dependencies for HS defrag negative tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7fdab715f8..b758aa2960 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14118,7 +14118,6 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ @@ -14128,8 +14127,6 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ -c "SSL - An invalid SSL record was received" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ @@ -14397,7 +14394,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> -s "SSL - An invalid SSL record was received" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ From 4354dc646feb66e32a50e6fb793966934d88c901 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 22:36:58 +0000 Subject: [PATCH 0078/1080] ssl-opt: Re-introduce certificate dependency for HS negative tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b758aa2960..5fc17a4cbd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14118,6 +14118,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ From 886fa8d71a718079ded28f32fb3008117cf90e69 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Mar 2025 15:31:55 +0100 Subject: [PATCH 0079/1080] psasim: add support for psa_export_public_key_iop This commit also includes regenerated C and H files. Signed-off-by: Valerio Setti --- .../psasim/src/psa_functions_codes.h | 4 + .../psasim/src/psa_sim_crypto_client.c | 318 ++++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 348 ++++++++++++++++++ .../psasim/src/psa_sim_serialise.c | 36 ++ .../psasim/src/psa_sim_serialise.h | 43 +++ .../psasim/src/psa_sim_serialise.pl | 3 +- 6 files changed, 751 insertions(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 4be53c5973..7cb8ea80bd 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -39,6 +39,10 @@ enum { PSA_DESTROY_KEY, PSA_EXPORT_KEY, PSA_EXPORT_PUBLIC_KEY, + PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, + PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, + PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, + PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, PSA_GENERATE_KEY, PSA_GENERATE_KEY_CUSTOM, PSA_GENERATE_KEY_IOP_ABORT, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index f6efd620cf..e6368ccc6a 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -2725,6 +2725,324 @@ psa_status_t psa_export_public_key( } +psa_status_t psa_export_public_key_iop_abort( + psa_export_public_key_iop_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_export_public_key_iop_complete( + psa_export_public_key_iop_t *operation, + uint8_t *data, size_t data_size, + size_t *data_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(*data_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer( + &pos, &remaining, + data, data_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t( + &pos, &remaining, + *data_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t( + &rpos, &rremain, + data_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +uint32_t psa_export_public_key_iop_get_num_ops( + psa_export_public_key_iop_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + uint32_t value = 0; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + value = 0; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_uint32_t( + &rpos, &rremain, + &value); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return value; +} + + +psa_status_t psa_export_public_key_iop_setup( + psa_export_public_key_iop_t *operation, + mbedtls_svc_key_id_t key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 599e55f3e4..cf09842b62 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -3035,6 +3035,354 @@ int psa_export_public_key_wrapper( return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_export_public_key_iop_t operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_public_key_iop_abort( + &operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_complete_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_export_public_key_iop_t operation; + uint8_t *data = NULL; + size_t data_size; + size_t data_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer( + &pos, &remaining, + &data, &data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t( + &pos, &remaining, + &data_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_public_key_iop_complete( + &operation, + data, data_size, + &data_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(data_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer( + &rpos, &rremain, + data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t( + &rpos, &rremain, + data_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(data); + + return 1; // success + +fail: + free(result); + + free(data); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_get_num_ops_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + uint32_t value = 0; + psa_export_public_key_iop_t operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + value = psa_export_public_key_iop_get_num_ops( + &operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_uint32_t_needs(value) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_uint32_t( + &rpos, &rremain, + value); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_export_public_key_iop_t operation; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_public_key_iop_setup( + &operation, + key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_generate_key_wrapper( uint8_t *in_params, size_t in_params_len, diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index cd081e479b..0dde934ada 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -1696,6 +1696,42 @@ int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, return 1; } +size_t psasim_serialise_psa_export_public_key_iop_t_needs( + psa_export_public_key_iop_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + void psa_sim_serialize_reset(void) { memset(hash_operation_handles, 0, diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index a224d82589..3b6f08e19d 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -1387,3 +1387,46 @@ int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, size_t *remaining, psa_generate_key_iop_t *value); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_export_public_key_iop_t() + * to serialise a `psa_export_public_key_iop_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_export_public_key_iop_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_export_public_key_iop_t_needs( + psa_export_public_key_iop_t value); + +/** Serialise a `psa_export_public_key_iop_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t value); + +/** Deserialise a `psa_export_public_key_iop_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_export_public_key_iop_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 0dba81e1ef..0c9faf42ef 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -50,7 +50,8 @@ psa_verify_hash_interruptible_operation_t mbedtls_svc_key_id_t psa_key_agreement_iop_t - sa_generate_key_iop_t); + psa_generate_key_iop_t + psa_export_public_key_iop_t); grep(s/-/ /g, @types); From 1027c4cc3c383f88cba78c51ebe436750da6cf0c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Mar 2025 15:36:00 +0100 Subject: [PATCH 0080/1080] psasim: add support for psa_can_do_hash() This commit also includes regenerated C and H files. Signed-off-by: Valerio Setti --- .../psasim/src/psa_functions_codes.h | 1 + .../psasim/src/psa_sim_crypto_client.c | 62 +++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 87 +++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 2 + 4 files changed, 152 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 7cb8ea80bd..74746b653b 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -26,6 +26,7 @@ enum { PSA_AEAD_VERIFY, PSA_ASYMMETRIC_DECRYPT, PSA_ASYMMETRIC_ENCRYPT, + PSA_CAN_DO_HASH, PSA_CIPHER_ABORT, PSA_CIPHER_DECRYPT, PSA_CIPHER_DECRYPT_SETUP, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index e6368ccc6a..635a70545a 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -1544,6 +1544,68 @@ psa_status_t psa_asymmetric_encrypt( } +int psa_can_do_hash( + psa_algorithm_t hash_alg + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + int value = 0; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(hash_alg); + + ser_params = malloc(needed); + if (ser_params == NULL) { + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + hash_alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CAN_DO_HASH, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_CAN_DO_HASH server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_int( + &rpos, &rremain, + &value); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return value; +} + + psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index cf09842b62..bd121c5433 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -1705,6 +1705,73 @@ int psa_asymmetric_encrypt_wrapper( return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_can_do_hash_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + int value = 0; + psa_algorithm_t hash_alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &hash_alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + value = psa_can_do_hash( + hash_alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_int_needs(value); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_int( + &rpos, &rremain, + value); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_cipher_abort_wrapper( uint8_t *in_params, size_t in_params_len, @@ -8826,6 +8893,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_asymmetric_encrypt_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_CAN_DO_HASH: + ok = psa_can_do_hash_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_CIPHER_ABORT: ok = psa_cipher_abort_wrapper(in_params, in_params_len, &out_params, &out_params_len); @@ -8878,6 +8949,22 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_export_public_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_EXPORT_PUBLIC_KEY_IOP_ABORT: + ok = psa_export_public_key_iop_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE: + ok = psa_export_public_key_iop_complete_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS: + ok = psa_export_public_key_iop_get_num_ops_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_EXPORT_PUBLIC_KEY_IOP_SETUP: + ok = psa_export_public_key_iop_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_GENERATE_KEY: ok = psa_generate_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index fbceddf8d2..5490337cf8 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -1107,11 +1107,13 @@ sub get_functions my $ret_name = ""; $ret_name = "status" if $ret_type eq "psa_status_t"; $ret_name = "value" if $ret_type eq "uint32_t"; + $ret_name = "value" if $ret_type eq "int"; $ret_name = "(void)" if $ret_type eq "void"; die("ret_name for $ret_type?") unless length($ret_name); my $ret_default = ""; $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t"; $ret_default = "0" if $ret_type eq "uint32_t"; + $ret_default = "0" if $ret_type eq "int"; $ret_default = "(void)" if $ret_type eq "void"; die("ret_default for $ret_type?") unless length($ret_default); From 4773333dc6c32963db11f077c9162fc5806a31b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:28:20 +0100 Subject: [PATCH 0081/1080] New generated file: tests/opt-testcases/handshake-generated.sh Signed-off-by: Gilles Peskine --- framework | 2 +- scripts/make_generated_files.bat | 1 + tests/.gitignore | 1 + tests/CMakeLists.txt | 18 ++++++++++++++++++ tests/Makefile | 7 +++++++ tests/scripts/check-generated-files.sh | 1 + 6 files changed, 29 insertions(+), 1 deletion(-) diff --git a/framework b/framework index 523a12d05b..11e4f5ac1c 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 +Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 4982f77dba..bef198f361 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -32,4 +32,5 @@ python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\s python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1 python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 +python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 diff --git a/tests/.gitignore b/tests/.gitignore index 997101cc80..a4a0309fa8 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -18,6 +18,7 @@ ###START_GENERATED_FILES### # Generated source files +/opt-testcases/handshake-generated.sh /opt-testcases/tls13-compat.sh /suites/*.generated.data /suites/test_suite_config.mbedtls_boolean.data diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 950c365973..a56a707f41 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -57,6 +57,24 @@ if(GEN_FILES) # change too often in ways that don't affect the result # ((un)commenting some options). ) + + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py + ) + add_custom_target(handshake-generated.sh + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) + set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO) + add_dependencies(${ssl_opt_target} handshake-generated.sh) + add_custom_command( OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh diff --git a/tests/Makefile b/tests/Makefile index 7bd9953422..b6f2f8caff 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -64,6 +64,13 @@ GENERATED_FILES += ../framework/tests/include/test/test_keys.h \ # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt +opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py +opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py + echo " Gen $@" + $(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@ +GENERATED_FILES += opt-testcases/handshake-generated.sh +ssl-opt: opt-testcases/handshake-generated.sh + opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py echo " Gen $@" $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@ diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 8cc341d177..ba10024ee8 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -179,6 +179,7 @@ if in_mbedtls_repo; then check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c + check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't From b40d33b7c86c07849001f61d3aa0577d4b2ab016 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:26:51 +0100 Subject: [PATCH 0082/1080] Move most TLS handshake defragmentation tests to a separate file Prepare for those test cases to be automatically generated by a script. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 519 +++++++++++++++++++++++ tests/ssl-opt.sh | 520 +----------------------- 2 files changed, 520 insertions(+), 519 deletions(-) create mode 100644 tests/opt-testcases/handshake-manual.sh diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh new file mode 100644 index 0000000000..8496c0d871 --- /dev/null +++ b/tests/opt-testcases/handshake-manual.sh @@ -0,0 +1,519 @@ +# To guarantee that the handhake messages are large enough and need to be split +# into fragments, the tests require certificate authentication. The party in control +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). +requires_certificate_authentication +run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ + "$O_NEXT_SRV" \ + "$P_CLI debug_level=4 " \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + +#The server uses an ECDSA cert, so make sure we have a compatible key exchange +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "=> ssl_tls13_process_server_hello" \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_certificate_authentication +run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -S "reassembled record" \ + -S "waiting for more fragments" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + +# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5fc17a4cbd..40d15152c3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,525 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -# To guarantee that the handhake messages are large enough and need to be split -# into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_certificate_authentication -run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ - "$O_NEXT_SRV" \ - "$P_CLI debug_level=4 " \ - 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" - -#The server uses an ECDSA cert, so make sure we have a compatible key exchange -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ - 1 \ - -c "=> ssl_tls13_process_server_hello" \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ - 1 \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_certificate_authentication -run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -S "reassembled record" \ - -S "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" - -# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" +# Most test cases are in opt-testcases/handshake-generated.sh requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication From aaab090ad87b5c504e5e4f349c8b235faf3aac34 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 13:53:18 +0100 Subject: [PATCH 0083/1080] Normalize whitespace in defragmentation test cases Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 98 ++++++++++++------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 8496c0d871..1b7b9799f3 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -4,7 +4,7 @@ requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ - "$P_CLI debug_level=4 " \ + "$P_CLI debug_level=4" \ 0 \ -C "reassembled record" \ -C "waiting for more fragments" @@ -12,8 +12,8 @@ run_test "Handshake defragmentation on client (no fragmentation, for referenc requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -24,8 +24,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -34,8 +34,8 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -45,8 +45,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -55,8 +55,8 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ @@ -66,8 +66,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ @@ -76,8 +76,8 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ @@ -87,8 +87,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ @@ -97,8 +97,8 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ @@ -108,8 +108,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ @@ -118,8 +118,8 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ @@ -129,8 +129,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ @@ -139,8 +139,8 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ @@ -150,8 +150,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ @@ -160,8 +160,8 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ @@ -171,8 +171,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ @@ -181,8 +181,8 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ @@ -192,8 +192,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ @@ -202,8 +202,8 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ @@ -213,8 +213,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ @@ -223,8 +223,8 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ @@ -234,8 +234,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ @@ -244,8 +244,8 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ + "$P_CLI debug_level=4" \ 1 \ -c "=> ssl_tls13_process_server_hello" \ -c "handshake message too short: 3" \ @@ -253,8 +253,8 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \ + "$P_CLI debug_level=4" \ 1 \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" From 46cb8a2aa91b4f7ff146b6a6c940d9807ee2e313 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:12:02 +0100 Subject: [PATCH 0084/1080] Normalize messages in defragmentation test cases Make some test case descriptions and log patterns follow more systematic patterns. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 94 ++++++++++++------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 1b7b9799f3..087cf66fce 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -2,7 +2,7 @@ # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). requires_certificate_authentication -run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ +run_test "Handshake defragmentation on client: no fragmentation, for reference" \ "$O_NEXT_SRV" \ "$P_CLI debug_level=4" \ 0 \ @@ -17,7 +17,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" + -c "waiting for more fragments (512 of" #The server uses an ECDSA cert, so make sure we have a compatible key exchange requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -29,7 +29,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" + -c "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -39,7 +39,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" + -c "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -50,7 +50,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" + -c "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -60,7 +60,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" + -c "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -71,7 +71,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" + -c "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -81,7 +81,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" + -c "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -92,7 +92,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" + -c "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -102,7 +102,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" + -c "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -113,7 +113,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" + -c "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -123,7 +123,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" + -c "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -134,7 +134,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" + -c "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -144,7 +144,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" + -c "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -155,7 +155,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" + -c "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -165,7 +165,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" + -c "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -176,7 +176,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" + -c "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -186,7 +186,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" + -c "waiting for more fragments (13 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -197,7 +197,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" + -c "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -207,7 +207,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" + -c "waiting for more fragments (5 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -218,7 +218,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" + -c "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -228,7 +228,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" + -c "waiting for more fragments (4 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -239,7 +239,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" + -c "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -260,7 +260,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "SSL - An invalid SSL record was received" requires_certificate_authentication -run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ +run_test "Handshake defragmentation on server: no fragmentation, for reference" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -275,7 +275,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" + -s "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -285,7 +285,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" + -s "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -295,7 +295,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" + -s "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -305,7 +305,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" + -s "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -315,7 +315,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" + -s "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -325,7 +325,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" + -s "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -335,7 +335,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" + -s "waiting for more fragments (128 of" # Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. @@ -348,7 +348,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Clie 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" + -s "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -358,7 +358,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" + -s "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -369,7 +369,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" + -s "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -379,7 +379,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" + -s "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -390,7 +390,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" + -s "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -400,7 +400,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" + -s "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -411,7 +411,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" + -s "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -421,7 +421,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" + -s "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -432,7 +432,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" + -s "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -442,7 +442,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" + -s "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -453,7 +453,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" + -s "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -463,7 +463,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" + -s "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -474,7 +474,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" + -s "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -484,7 +484,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" + -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -495,7 +495,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" + -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -510,7 +510,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 5071a253209921c1bf334b3b961cde1299413a4f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 16:38:50 +0100 Subject: [PATCH 0085/1080] Normalize requirements in defragmentation test cases Be more uniform in where certificate authentication and ECDSA are explicitly required. A few test cases now run in PSK-only configurations where they always could. Add a missing requirement on ECDSA to test cases that are currently skipped. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 087cf66fce..1e118e59c1 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -1,7 +1,6 @@ # To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_certificate_authentication run_test "Handshake defragmentation on client: no fragmentation, for reference" \ "$O_NEXT_SRV" \ "$P_CLI debug_level=4" \ @@ -191,6 +190,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ "$P_CLI debug_level=4" \ @@ -212,6 +212,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ "$P_CLI debug_level=4" \ @@ -233,6 +234,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ "$P_CLI debug_level=4" \ @@ -242,7 +244,6 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ "$P_CLI debug_level=4" \ @@ -259,7 +260,6 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_certificate_authentication run_test "Handshake defragmentation on server: no fragmentation, for reference" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -498,7 +498,6 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -509,7 +508,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From f89bc276033d10b28429d8be04d1f6799fac3251 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 16:48:33 +0100 Subject: [PATCH 0086/1080] Switch to generated handshake tests Replace `tests/opt-testcases/handshake-manual.sh` by `tests/opt-testcases/handshake-generated.sh`. They are identical except for comments. Signed-off-by: Gilles Peskine --- framework | 2 +- tests/opt-testcases/handshake-manual.sh | 517 ------------------------ 2 files changed, 1 insertion(+), 518 deletions(-) delete mode 100644 tests/opt-testcases/handshake-manual.sh diff --git a/framework b/framework index 11e4f5ac1c..f88eb21ff1 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea +Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9 diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh deleted file mode 100644 index 1e118e59c1..0000000000 --- a/tests/opt-testcases/handshake-manual.sh +++ /dev/null @@ -1,517 +0,0 @@ -# To guarantee that the handhake messages are large enough and need to be split -# into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -run_test "Handshake defragmentation on client: no fragmentation, for reference" \ - "$O_NEXT_SRV" \ - "$P_CLI debug_level=4" \ - 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of" - -#The server uses an ECDSA cert, so make sure we have a compatible key exchange -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ - "$P_CLI debug_level=4" \ - 1 \ - -c "=> ssl_tls13_process_server_hello" \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \ - "$P_CLI debug_level=4" \ - 1 \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -run_test "Handshake defragmentation on server: no fragmentation, for reference" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -S "reassembled record" \ - -S "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128 of" - -# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" From 5328d8f55c23a8d77f10d5b3e0c6f51e23f46fac Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Mar 2025 15:37:47 +0100 Subject: [PATCH 0087/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 2cfed8e711..25742030e4 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 2cfed8e711554ffc9432209caa62244938a7da7b +Subproject commit 25742030e4eddfb29913cb82642703ee0fe5d0d7 From e0bd20bd585a018b6497dac14934ea9a530a9d1f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 14:10:08 +0100 Subject: [PATCH 0088/1080] Generate handshake defragmentation test cases: update analyze_outcomes Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7a5c506a95..3946017625 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -34,6 +34,13 @@ def _has_word_re(words: typing.Iterable[str], re.DOTALL) IGNORED_TESTS = { + 'handshake-generated': [ + # Temporary disable Handshake defragmentation tests until mbedtls + # pr #10011 has been merged. + 'Handshake defragmentation on client: len=4, TLS 1.2', + 'Handshake defragmentation on client: len=5, TLS 1.2', + 'Handshake defragmentation on client: len=13, TLS 1.2' + ], 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. @@ -50,11 +57,6 @@ def _has_word_re(words: typing.Iterable[str], # TLS doesn't use restartable ECDH yet. # https://github.com/Mbed-TLS/mbedtls/issues/7294 re.compile(r'EC restart:.*no USE_PSA.*'), - # Temporary disable Handshake defragmentation tests until mbedtls - # pr #10011 has been merged. - 'Handshake defragmentation on client: len=4, TLS 1.2', - 'Handshake defragmentation on client: len=5, TLS 1.2', - 'Handshake defragmentation on client: len=13, TLS 1.2' ], 'test_suite_config.mbedtls_boolean': [ # Missing coverage of test configurations. From 2d23a9a4643ca88d9ca541f4a0af556785040878 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Mar 2025 18:51:27 +0100 Subject: [PATCH 0089/1080] Update framework Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index f88eb21ff1..4a009d4b3c 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9 +Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b From 540e7f3738c1133ac75d2e1a06ea970a8a7e5e4a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:29:32 +0100 Subject: [PATCH 0090/1080] programs: remove dh_client and dh_server These sample programs depend on MBEDTLS_DHM_C which is being removed, so they should be as well. Signed-off-by: Valerio Setti --- programs/Makefile | 10 -- programs/README.md | 2 - programs/pkey/CMakeLists.txt | 15 +- programs/pkey/dh_client.c | 288 --------------------------------- programs/pkey/dh_server.c | 306 ----------------------------------- 5 files changed, 1 insertion(+), 620 deletions(-) delete mode 100644 programs/pkey/dh_client.c delete mode 100644 programs/pkey/dh_server.c diff --git a/programs/Makefile b/programs/Makefile index 79bb402f1b..9a4237c3a1 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -41,9 +41,7 @@ APPS = \ hash/generic_sum \ hash/hello \ hash/md_hmac_demo \ - pkey/dh_client \ pkey/dh_genprime \ - pkey/dh_server \ pkey/ecdh_curve25519 \ pkey/ecdsa \ pkey/gen_key \ @@ -177,18 +175,10 @@ hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP) echo " CC hash/md_hmac_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP) - echo " CC pkey/dh_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP) echo " CC pkey/dh_genprime.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP) - echo " CC pkey/dh_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP) echo " CC pkey/ecdh_curve25519.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/README.md b/programs/README.md index 5e5f40a4c3..2d9c187efa 100644 --- a/programs/README.md +++ b/programs/README.md @@ -41,8 +41,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu ### Diffie-Hellman key exchange examples -* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key. - * [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. ### Bignum (`mpi`) usage examples diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index c782ad4655..df63ffc89c 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,16 +1,3 @@ -set(executables_mbedtls - dh_client - dh_server -) -add_dependencies(${programs_target} ${executables_mbedtls}) - -foreach(exe IN LISTS executables_mbedtls) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - set(executables_mbedcrypto dh_genprime ecdh_curve25519 @@ -40,6 +27,6 @@ foreach(exe IN LISTS executables_mbedcrypto) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() -install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} +install(TARGETS ${executables_mbedcrypto} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c deleted file mode 100644 index a3bc49d3f8..0000000000 --- a/programs/pkey/dh_client.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (client side) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net_sockets.h" -#include "mbedtls/aes.h" -#include "mbedtls/dhm.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha256.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#define SERVER_NAME "localhost" -#define SERVER_PORT "11999" - -#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " - "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); - mbedtls_exit(0); -} - -#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) -int main(void) -{ - mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - FILE *f; - - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned int mdlen; - size_t n, buflen; - mbedtls_net_context server_fd; - - unsigned char *p, *end; - unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - mbedtls_mpi N, E; - const char *pers = "dh_client"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_rsa_context rsa; - mbedtls_dhm_context dhm; - mbedtls_aes_context aes; - - mbedtls_net_init(&server_fd); - mbedtls_dhm_init(&dhm); - mbedtls_aes_init(&aes); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&E); - - /* - * 1. Setup the RNG - */ - mbedtls_printf("\n . Seeding the random number generator"); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - /* - * 2. Read the server's public RSA key - */ - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - mbedtls_rsa_init(&rsa); - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - /* - * 3. Initiate the connection - */ - mbedtls_printf("\n . Connecting to tcp/%s/%s", SERVER_NAME, - SERVER_PORT); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME, - SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - /* - * 4a. First get the buffer length - */ - mbedtls_printf("\n . Receiving the server's DH parameters"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - n = buflen = (buf[0] << 8) | buf[1]; - if (buflen < 1 || buflen > sizeof(buf)) { - mbedtls_printf(" failed\n ! Got an invalid buffer length\n\n"); - goto exit; - } - - /* - * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P - */ - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - p = buf, end = buf + buflen; - - if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret); - goto exit; - } - - n = mbedtls_dhm_get_len(&dhm); - if (n < 64 || n > 512) { - mbedtls_printf(" failed\n ! Invalid DHM modulus size\n\n"); - goto exit; - } - - /* - * 5. Check that the server's RSA signature matches - * the SHA-256 hash of (P,G,Ys) - */ - mbedtls_printf("\n . Verifying the server's RSA signature"); - fflush(stdout); - - p += 2; - - if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n"); - goto exit; - } - - mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); - if (mdlen == 0) { - mbedtls_printf(" failed\n ! Invalid digest type\n\n"); - goto exit; - } - - if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - mdlen, hash, p)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret); - goto exit; - } - - /* - * 6. Send our public value: Yc = G ^ Xc mod P - */ - mbedtls_printf("\n . Sending own public value to server"); - fflush(stdout); - - n = mbedtls_dhm_get_len(&dhm); - if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - /* - * 7. Derive the shared secret: K = Ys ^ Xc mod P - */ - mbedtls_printf("\n . Shared secret: "); - fflush(stdout); - - if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret); - goto exit; - } - - for (n = 0; n < 16; n++) { - mbedtls_printf("%02x", buf[n]); - } - - /* - * 8. Setup the AES-256 decryption key - * - * This is an overly simplified example; best practice is - * to hash the shared secret with a random value to derive - * the keying material for the encryption/decryption keys, - * IVs and MACs. - */ - mbedtls_printf("...\n . Receiving and decrypting the ciphertext"); - fflush(stdout); - - ret = mbedtls_aes_setkey_dec(&aes, buf, 256); - if (ret != 0) { - goto exit; - } - - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf); - if (ret != 0) { - goto exit; - } - buf[16] = '\0'; - mbedtls_printf("\n . Plaintext is \"%s\"\n\n", (char *) buf); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_net_free(&server_fd); - - mbedtls_aes_free(&aes); - mbedtls_rsa_free(&rsa); - mbedtls_dhm_free(&dhm); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&E); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c deleted file mode 100644 index 26b48e3ff2..0000000000 --- a/programs/pkey/dh_server.c +++ /dev/null @@ -1,306 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (server side) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net_sockets.h" -#include "mbedtls/aes.h" -#include "mbedtls/dhm.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha256.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#define SERVER_PORT "11999" -#define PLAINTEXT "==Hello there!==" - -#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " - "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - FILE *f; - - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned int mdlen; - size_t n, buflen; - mbedtls_net_context listen_fd, client_fd; - - unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - unsigned char buf2[2]; - const char *pers = "dh_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_rsa_context rsa; - mbedtls_dhm_context dhm; - mbedtls_aes_context aes; - - mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G; - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_dhm_init(&dhm); - mbedtls_aes_init(&aes); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P); - mbedtls_mpi_init(&dhm_G); - /* - * 1. Setup the RNG - */ - mbedtls_printf("\n . Seeding the random number generator"); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - /* - * 2a. Read the server's private RSA key - */ - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - mbedtls_rsa_init(&rsa); - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - /* - * 2b. Get the DHM modulus and generator - */ - mbedtls_printf("\n . Reading DH parameters from dh_prime.txt"); - fflush(stdout); - - if ((f = fopen("dh_prime.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open dh_prime.txt\n" \ - " ! Please run dh_genprime first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 || - (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) { - mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - /* - * 3. Wait for a client to connect - */ - mbedtls_printf("\n . Waiting for a remote connection"); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - /* - * 4. Setup the DH parameters (P,G,Ys) - */ - mbedtls_printf("\n . Sending the server's DH parameters"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - if ((ret = - mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret); - goto exit; - } - - /* - * 5. Sign the parameters and send them - */ - - mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); - if (mdlen == 0) { - mbedtls_printf(" failed\n ! Invalid digest type\n\n"); - goto exit; - } - - if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); - goto exit; - } - - const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa); - buf[n] = (unsigned char) (rsa_key_len >> 8); - buf[n + 1] = (unsigned char) (rsa_key_len); - - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_MD_SHA256, mdlen, - hash, buf + n + 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret); - goto exit; - } - - buflen = n + 2 + rsa_key_len; - buf2[0] = (unsigned char) (buflen >> 8); - buf2[1] = (unsigned char) (buflen); - - if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 || - (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - /* - * 6. Get the client's public value: Yc = G ^ Xc mod P - */ - mbedtls_printf("\n . Receiving the client's public value"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - n = mbedtls_dhm_get_len(&dhm); - if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret); - goto exit; - } - - /* - * 7. Derive the shared secret: K = Ys ^ Xc mod P - */ - mbedtls_printf("\n . Shared secret: "); - fflush(stdout); - - if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret); - goto exit; - } - - for (n = 0; n < 16; n++) { - mbedtls_printf("%02x", buf[n]); - } - - /* - * 8. Setup the AES-256 encryption key - * - * This is an overly simplified example; best practice is - * to hash the shared secret with a random value to derive - * the keying material for the encryption/decryption keys - * and MACs. - */ - mbedtls_printf("...\n . Encrypting and sending the ciphertext"); - fflush(stdout); - - ret = mbedtls_aes_setkey_enc(&aes, buf, 256); - if (ret != 0) { - goto exit; - } - memcpy(buf, PLAINTEXT, 16); - ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf); - if (ret != 0) { - goto exit; - } - - if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf("\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P); - mbedtls_mpi_free(&dhm_G); - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_aes_free(&aes); - mbedtls_rsa_free(&rsa); - mbedtls_dhm_free(&dhm); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ From 73cd415c0b95bc815ff17427b9eaba9988c9336f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:46:54 +0100 Subject: [PATCH 0091/1080] programs: remove DHM_C from ssl_client2 and ssl_server2 MBEDTLS_DHM_C is being removed so all its occurencies should be removed as well. Signed-off-by: Valerio Setti --- programs/ssl/ssl_client2.c | 22 ---------------- programs/ssl/ssl_server2.c | 51 +------------------------------------- 2 files changed, 1 insertion(+), 72 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f009a3169b..6742925f2a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -71,7 +71,6 @@ int main(void) #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC -1 #define DFL_RECSPLIT -1 -#define DFL_DHMLEN -1 #define DFL_RECONNECT 0 #define DFL_RECO_SERVER_NAME NULL #define DFL_RECO_DELAY 0 @@ -234,13 +233,6 @@ int main(void) #define USAGE_MAX_FRAG_LEN "" #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_DHM_C) -#define USAGE_DHMLEN \ - " dhmlen=%%d default: (library default: 1024 bits)\n" -#else -#define USAGE_DHMLEN -#endif - #if defined(MBEDTLS_SSL_ALPN) #define USAGE_ALPN \ " alpn=%%s default: \"\" (disabled)\n" \ @@ -433,7 +425,6 @@ int main(void) USAGE_GROUPS \ USAGE_SIG_ALGS \ USAGE_EARLY_DATA \ - USAGE_DHMLEN \ USAGE_KEY_OPAQUE_ALGS \ "\n" @@ -508,7 +499,6 @@ struct options { unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* negotiate truncated hmac or not */ int recsplit; /* enable record splitting? */ - int dhmlen; /* minimum DHM params len in bits */ int reconnect; /* attempt to resume session */ const char *reco_server_name; /* hostname of the server (re-connect) */ int reco_delay; /* delay in seconds before resuming session */ @@ -956,7 +946,6 @@ int main(int argc, char *argv[]) opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; opt.recsplit = DFL_RECSPLIT; - opt.dhmlen = DFL_DHMLEN; opt.reconnect = DFL_RECONNECT; opt.reco_server_name = DFL_RECO_SERVER_NAME; opt.reco_delay = DFL_RECO_DELAY; @@ -1388,11 +1377,6 @@ int main(int argc, char *argv[]) if (opt.recsplit < 0 || opt.recsplit > 1) { goto usage; } - } else if (strcmp(p, "dhmlen") == 0) { - opt.dhmlen = atoi(q); - if (opt.dhmlen < 0) { - goto usage; - } } else if (strcmp(p, "query_config") == 0) { opt.query_config_mode = 1; query_config_ret = query_config(q); @@ -1898,12 +1882,6 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_DHM_C) - if (opt.dhmlen != DFL_DHMLEN) { - mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen); - } -#endif - #if defined(MBEDTLS_SSL_ALPN) if (opt.alpn_string != NULL) { if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d9e57018ae..dc7ca8f51c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -58,7 +58,6 @@ int main(void) #endif #include "mbedtls/pk.h" -#include "mbedtls/dhm.h" /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ @@ -127,7 +126,6 @@ int main(void) #define DFL_EARLY_DATA -1 #define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1) #define DFL_SIG_ALGS NULL -#define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_COOKIES 1 #define DFL_ANTI_REPLAY -1 @@ -192,9 +190,7 @@ int main(void) " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \ " preloaded certificate(s) and key(s) are used if available\n" \ " key_pwd2=%%s Password for key specified by key_file2 argument\n" \ - " default: none\n" \ - " dhm_file=%%s File containing Diffie-Hellman parameters\n" \ - " default: preloaded parameters\n" + " default: none\n" #else #define USAGE_IO \ "\n" \ @@ -675,7 +671,6 @@ struct options { const char *groups; /* list of supported groups */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *alpn_string; /* ALPN supported protocols */ - const char *dhm_file; /* the file with the DH parameters */ int extended_ms; /* allow negotiation of extended MS? */ int etm; /* allow negotiation of encrypt-then-MAC? */ int transport; /* TLS or DTLS? */ @@ -1590,9 +1585,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) ssl_async_key_context_t ssl_async_keys; #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_context dhm; -#endif #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context cache; #endif @@ -1681,9 +1673,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) memset(&ssl_async_keys, 0, sizeof(ssl_async_keys)); #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_init(&dhm); -#endif #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init(&cache); #endif @@ -1793,7 +1782,6 @@ int main(int argc, char *argv[]) opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE; #endif opt.sig_algs = DFL_SIG_ALGS; - opt.dhm_file = DFL_DHM_FILE; opt.transport = DFL_TRANSPORT; opt.cookies = DFL_COOKIES; opt.anti_replay = DFL_ANTI_REPLAY; @@ -1943,8 +1931,6 @@ int main(int argc, char *argv[]) opt.key_file2 = q; } else if (strcmp(p, "key_pwd2") == 0) { opt.key_pwd2 = q; - } else if (strcmp(p, "dhm_file") == 0) { - opt.dhm_file = q; } #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) else if (strcmp(p, "async_operations") == 0) { @@ -2787,21 +2773,6 @@ int main(int argc, char *argv[]) key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - mbedtls_printf(" . Loading DHM parameters..."); - fflush(stdout); - - if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif - #if defined(SNI_OPTION) if (opt.sni != NULL) { mbedtls_printf(" . Setting up SNI information..."); @@ -3269,22 +3240,6 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_DHM_C) - /* - * Use different group than default DHM group - */ -#if defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm); - } -#endif - if (ret != 0) { - mbedtls_printf(" failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } -#endif - if (opt.min_version != DFL_MIN_VERSION) { mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version); } @@ -4284,10 +4239,6 @@ int main(int argc, char *argv[]) #endif #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_free(&dhm); -#endif - #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { if (ssl_async_keys.slots[i].pk_owned) { From 12e67eaa5b2f9033ba9cee368e1d13660070fd5e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:51:31 +0100 Subject: [PATCH 0092/1080] programs: remove DHM_C usage from selftest Signed-off-by: Valerio Setti --- programs/test/selftest.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index e72386f023..41252b6e4c 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -10,7 +10,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/hmac_drbg.h" #include "mbedtls/ctr_drbg.h" -#include "mbedtls/dhm.h" #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" #include "mbedtls/cmac.h" @@ -350,9 +349,6 @@ const selftest_t selftests[] = #if defined(MBEDTLS_ECJPAKE_C) { "ecjpake", mbedtls_ecjpake_self_test }, #endif -#if defined(MBEDTLS_DHM_C) - { "dhm", mbedtls_dhm_self_test }, -#endif #if defined(MBEDTLS_ENTROPY_C) { "entropy", mbedtls_entropy_self_test_wrapper }, #endif From c56cda7ad68c5658405fa1db96898fb1dd36a797 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:54:02 +0100 Subject: [PATCH 0093/1080] scripts: query_config.fmt: do not include "dhm.h" The file is being removed together with the removal of MBEDTLS_DHM_C. Signed-off-by: Valerio Setti --- scripts/data_files/query_config.fmt | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index b60aba010d..9be9674c1d 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -34,7 +34,6 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/debug.h" #include "mbedtls/des.h" -#include "mbedtls/dhm.h" #include "mbedtls/ecdh.h" #include "mbedtls/ecdsa.h" #include "mbedtls/ecjpake.h" From eb63eb2a6a5ba7135ae798e923660729bd95d88d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:32:49 +0100 Subject: [PATCH 0094/1080] etests: remove MBEDTLS_DHM_C/DHM occurrencies Signed-off-by: Valerio Setti --- tests/include/test/certs.h | 2 +- .../components-configuration-crypto.sh | 19 ++++--------------- tests/scripts/components-configuration-tls.sh | 1 - tests/scripts/set_psa_test_dependencies.py | 1 - 4 files changed, 5 insertions(+), 18 deletions(-) diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h index db69536a6f..31f4477c2b 100644 --- a/tests/include/test/certs.h +++ b/tests/include/test/certs.h @@ -1,7 +1,7 @@ /** * \file certs.h * - * \brief Sample certificates and DHM parameters for testing + * \brief Sample certificates for testing */ /* * Copyright The Mbed TLS Contributors diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 34b3107815..8ba4161870 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -668,9 +668,6 @@ component_test_psa_crypto_config_accel_ffdh () { # start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_DHM_C - # Build # ----- @@ -679,7 +676,7 @@ component_test_psa_crypto_config_accel_ffdh () { helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o + not grep mbedtls_psa_ffdh_key_agreement ${BUILTIN_SRC_PATH}/psa_crypto_ffdh.o # Run the tests # ------------- @@ -1178,12 +1175,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" - scripts/config.py unset MBEDTLS_DHM_C - else - # When testing ECC and DH instead, we disable DHM. - if [ "$driver_only" -eq 1 ]; then - scripts/config.py unset MBEDTLS_DHM_C - fi fi # Restartable feature is not yet supported by PSA. Once it will in @@ -1255,16 +1246,15 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled + # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o # Run the tests # ------------- - msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM" + msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" make test @@ -1362,10 +1352,9 @@ component_test_tfm_config_p256m_driver_accel_ec () { not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled + # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o # Check that p256m was built grep -q p256_ecdsa_ library/libmbedcrypto.a diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 83795012f3..917ceefaa9 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -469,7 +469,6 @@ component_test_tls13_only_psk () { scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_DHM_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index f68dfcb72b..2267311e44 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -58,7 +58,6 @@ 'MBEDTLS_CMAC_C', 'MBEDTLS_CTR_DRBG_C', 'MBEDTLS_DES_C', - 'MBEDTLS_DHM_C', 'MBEDTLS_ECDH_C', 'MBEDTLS_ECDSA_C', 'MBEDTLS_ECJPAKE_C', From 461899e382d7f4280b9b1a2923fe4ac1033731ca Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:34:25 +0100 Subject: [PATCH 0095/1080] analyze_outcomes.py: remove exceptions for MBEDTLS_DHM_C Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index e68c2cbf09..5f8f910a62 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -474,7 +474,7 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum' IGNORED_SUITES = [ # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm', + 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', 'bignum.generated', 'bignum.misc', # Unit tests for the built-in implementation @@ -483,7 +483,6 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): IGNORED_TESTS = { 'test_suite_config': [ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), ], @@ -516,11 +515,7 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): REFERENCE = 'test_psa_crypto_config_reference_ffdh' DRIVER = 'test_psa_crypto_config_accel_ffdh' - IGNORED_SUITES = ['dhm'] IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), - ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component From 15fd5c99250740b741f560f9b12f70cbb6d274aa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:38:24 +0100 Subject: [PATCH 0096/1080] ssl: remove support for MBEDTLS_DHM_C Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 56 ---------------------------- library/ssl_misc.h | 4 -- library/ssl_tls.c | 86 ------------------------------------------- 3 files changed, 146 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e0c0eae4e2..958ee9bce7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -24,10 +24,6 @@ #include "mbedtls/x509_crl.h" #endif -#if defined(MBEDTLS_DHM_C) -#include "mbedtls/dhm.h" -#endif - #include "mbedtls/md.h" #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) @@ -1562,11 +1558,6 @@ struct mbedtls_ssl_config { const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ -#if defined(MBEDTLS_DHM_C) - mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */ - mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ -#endif - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field @@ -1642,10 +1633,6 @@ struct mbedtls_ssl_config { unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */ -#endif - /** User data pointer or handle. * * The library sets this to \p 0 when creating a context and does not @@ -3753,49 +3740,6 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the Diffie-Hellman public P and G values - * from big-endian binary presentations. - * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN) - * - * \param conf SSL configuration - * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form - * \param P_len Length of DHM modulus - * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form - * \param G_len Length of DHM generator - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len); - -/** - * \brief Set the Diffie-Hellman public P and G values, - * read from existing context (server-side only) - * - * \param conf SSL configuration - * \param dhm_ctx Diffie-Hellman-Merkle context - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx); -#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Set the minimum length for Diffie-Hellman parameters. - * (Client-side only.) - * (Default: 1024 bits.) - * - * \param conf SSL configuration - * \param bitlen Minimum bit length of the DHM prime - */ -void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, - unsigned int bitlen); -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ - /** * \brief Set the allowed groups in order of preference. * diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9f91861f64..9ff0fcaf75 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -763,10 +763,6 @@ struct mbedtls_ssl_handshake_params { const uint16_t *sig_algs; #endif -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_psa_bits; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 60f2e1cd6d..ec4272a05f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -911,9 +911,6 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) handshake->update_checksum = ssl_update_checksum_start; -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_init(&handshake->dhm_ctx); -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) handshake->psa_pake_ctx = psa_pake_operation_init(); handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; @@ -2431,57 +2428,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type return PSA_SUCCESS; } -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) -int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - - if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || - (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - return ret; - } - - return 0; -} - -int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - - if ((ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_P, - &conf->dhm_P)) != 0 || - (ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_G, - &conf->dhm_G)) != 0) { - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) -/* - * Set the minimum length for Diffie-Hellman parameters - */ -void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, - unsigned int bitlen) -{ - conf->dhm_min_bitlen = bitlen; -} -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) /* @@ -4537,10 +4483,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) psa_hash_abort(&handshake->fin_sha384_psa); #endif -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_free(&handshake->dhm_ctx); -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) psa_pake_abort(&handshake->psa_pake_ctx); /* @@ -5551,10 +5493,6 @@ static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs) int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, int endpoint, int transport, int preset) { -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif - #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) { mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n"); @@ -5629,21 +5567,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, memset(conf->renego_period + 2, 0xFF, 6); #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - const unsigned char dhm_p[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_g[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - - if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, - dhm_p, sizeof(dhm_p), - dhm_g, sizeof(dhm_g))) != 0) { - return ret; - } - } -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) @@ -5733,10 +5656,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ conf->group_list = ssl_preset_default_groups; - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - conf->dhm_min_bitlen = 1024; -#endif } return 0; @@ -5751,11 +5670,6 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) return; } -#if defined(MBEDTLS_DHM_C) - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); -#endif - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; From ddc4b042f8016df08c1c7c31f021f5faf8f835e6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:49:32 +0100 Subject: [PATCH 0097/1080] scripts: generate_errors: remove DHM occurrence Signed-off-by: Valerio Setti --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index c05184227c..aae1fc8870 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -40,7 +40,7 @@ ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); -my @high_level_modules = qw( CIPHER DHM ECP MD +my @high_level_modules = qw( CIPHER ECP MD PEM PK PKCS12 PKCS5 RSA SSL X509 PKCS7 ); From d7a465431c20175267e1b5c526d9184c999053eb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 14:33:59 +0100 Subject: [PATCH 0098/1080] library: do not include dhm.c in the build The file was cancelled from the tf-psa-crypto repo following the removal of MBEDTLS_DHM_C. Signed-off-by: Valerio Setti --- library/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index b874acf27a..61b2623e2a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -139,7 +139,6 @@ OBJS_CRYPTO= \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/constant_time.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ctr_drbg.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/des.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/dhm.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdh.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdsa.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecjpake.o \ From 28c645b951c444aee819d9ff33cf33d7f642f515 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 14:34:54 +0100 Subject: [PATCH 0099/1080] docs: remove references to DHM Signed-off-by: Valerio Setti --- doxygen/input/doc_encdec.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index cf77690b36..068e716bf4 100644 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -39,8 +39,6 @@ * and \c mbedtls_des3_crypt_cbc()). * - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init()) * - Asymmetric: - * - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public() - * and \c mbedtls_dhm_calc_secret()). * - RSA (see \c mbedtls_rsa_public() and \c mbedtls_rsa_private()). * - Elliptic Curves over GF(p) (see \c mbedtls_ecp_point_init()). * - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c mbedtls_ecdsa_init()). From 05c23fbf86b92061326bfb83f16838a0a1e3a010 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Feb 2025 10:02:41 +0100 Subject: [PATCH 0100/1080] ChangeLog: add note for removal of DHM related functions in SSL Signed-off-by: Valerio Setti --- ChangeLog.d/9956.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/9956.txt diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt new file mode 100644 index 0000000000..cea4af1ec6 --- /dev/null +++ b/ChangeLog.d/9956.txt @@ -0,0 +1,6 @@ +Removals + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen From 371a1aab87dbd730f21dbcec330e3a5cd40ff5e9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 4 Mar 2025 10:14:29 +0100 Subject: [PATCH 0101/1080] psasim: update README file The README file content dates back to the early stages of PSASIM development. Since then a lot of things have changed, so the README file required a complete rewrite. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/README.md | 77 +++++++++--------------- 1 file changed, 29 insertions(+), 48 deletions(-) diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md index 1b950d6b1d..db49ae9473 100644 --- a/tests/psa-client-server/psasim/README.md +++ b/tests/psa-client-server/psasim/README.md @@ -1,61 +1,42 @@ # psasim -This tool simulates a PSA Firmware Framework implementation. -It allows you to develop secure partitions and their clients on a desktop computer. -It should be able to run on all systems that support POSIX and System V IPC: -e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2. +PSASIM holds necessary C source and header files which allows to test Mbed TLS in a "pure crypto client" scenario, i.e `MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C`. +In practical terms it means that this allow to build PSASIM with Mbed TLS sources and get 2 Linux applications, a client and a server, which are connected through Linux's shared memeory, and in which the client relies on the server to perform all PSA Crypto operations. -Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular: +The goal of PSASIM is _not_ to provide a ready-to-use solution for anyone looking to implement the pure crypto client structure (see [Limitations](#limitations) for details), but to provide an example of TF-PSA-Crypto RPC (Remote Procedure Call) implementation using Mbed TLS. +## Limitations -* This simulator is not intended to pass or demonstrate compliance. -* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients. +In the current implementation: -## Building +- Only Linux PC is supported. +- There can be only 1 client connected to 1 server. +- Shared memory is the only communication medium allowed. Others can be implemented (ex: net sockets), but in terms of simulation speed shared memory proved to be the fastest. +- Server is not secure at all: keys and operation structs are stored on the RAM, so they can easily be dumped. -To build and run the test program make sure you have `make`, `python` and a -C compiler installed and then enter the following commands: +## Testing -```sh -make run -``` +Please refer to `tests/scripts/components-psasim.sh` for guidance on how to build & test PSASIM: -Optionally the `DEBUG=1` command line option can be enabled to increase verbosity: +- `component_test_psasim()`: builds the server and a couple of test clients which are used to evaluate some basic PSA Crypto API commands. +- `component_test_suite_with_psasim()`: builds the server and _all_ the usual test suites (those found under the `/tests/suites/*` folder) which are used by the CI and runs them. A small subset of test suites (`test_suite_constant_time_hmac`,`test_suite_lmots`,`test_suite_lms`) are being skipped, for CI turnover time optimization. They can be run locally if required. -```sh -make DEBUG=1 run -``` +## How to update automatically generated files -Once done with the test, it is possible to clean all the generated files with: +A significant portion of the intermediate code of PSASIM is auto-generated using Perl. In particular: -```sh -make clean -``` +- `psa_sim_serialise.[c|h]`: + - Generated by `psa_sim_serialise.pl`. + - These files provide the serialisation/deserialisation support that is required to pass functions' parameters between client and server. +- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: + - Generated by `psa_sim_generate.pl`. + - `psa_sim_crypto_[client|server].c` provide interfaces for PSA Crypto APIs on client and server sides, while `psa_functions_codes.h` simply enumerates all PSA Crypto APIs. -## Features +These files need to be regenerated whenever some PSA Crypto API is added/deleted/modified. The procedure is as follows: -The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress: - -* `psa_notify` support -* "strict" policy in manifest - -The only supported "interrupts" are POSIX signals, which act -as a "virtual interrupt". - -The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc). - -## Design - -The code is designed to be readable rather than fast or secure. -In this implementation only one message is delivered to a -RoT service at a time. -The code is not thread-safe. - -## Unsupported features - -Because this is a simulator there are a few things that -can't be reasonably emulated: - -* Manifest MMIO regions are unsupported -* Manifest priority field is ignored -* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime, - making it infeasible to populate pid.h with correct values. +- `psa_sim_serialise.[c|h]`: + - go to `/tests/psa-client-server/psasim/src/` + - run `./psa_sim_serialise.pl h > psa_sim_serialise.h` + - run `./psa_sim_serialise.pl c > psa_sim_serialise.c` +- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: + - go to Mbed TLS' root folder + - run `./tests/psa-client-server/psasim/src/psa_sim_generate.pl` From fc42c22c7b67eea5c717aaecbd3c028dd1892102 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 5 Feb 2025 17:28:03 +0100 Subject: [PATCH 0102/1080] Migrate RSA key exchange tests Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 171 ++++++++----------------------- tests/suites/test_suite_ssl.data | 96 ++++++++--------- 2 files changed, 81 insertions(+), 186 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23b692c723..7972ae5c32 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2502,20 +2502,6 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: RSA-" \ - "$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-RSA-" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-RSA-" \ - -S "error" \ - -C "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 @@ -3618,7 +3604,7 @@ run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" run_test "Encrypt then MAC: default" \ "$P_SRV debug_level=3 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -3630,7 +3616,7 @@ run_test "Encrypt then MAC: default" \ run_test "Encrypt then MAC: client enabled, server disabled" \ "$P_SRV debug_level=3 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 etm=1" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -3642,7 +3628,7 @@ run_test "Encrypt then MAC: client enabled, server disabled" \ run_test "Encrypt then MAC: client enabled, aead cipher" \ "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI debug_level=3 etm=1" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -3654,7 +3640,7 @@ run_test "Encrypt then MAC: client enabled, aead cipher" \ run_test "Encrypt then MAC: client disabled, server enabled" \ "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 etm=0" \ 0 \ -C "client hello, adding encrypt_then_mac extension" \ @@ -3740,7 +3726,7 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ run_test "CBC Record splitting: TLS 1.2, no splitting" \ "$P_SRV force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ request_size=123" \ 0 \ -s "Read from client: 123 bytes read" \ @@ -7776,20 +7762,6 @@ run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ # Tests for keyUsage in leaf certificates, part 2: # client-side checking of server cert -# -# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange. -# In 4.0 this will probably change as all TLS 1.2 key exchanges will use -# signatures too, following the removal of RSA #8170 and static ECDH #9201. - -run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ @@ -7801,16 +7773,6 @@ run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (hard)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ @@ -7846,31 +7808,6 @@ run_test "keyUsage cli 1.2: DigitalSignature, ECDHE-RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=3 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=3 auth_mode=optional \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" \ - -C "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \ @@ -8981,14 +8918,14 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ run_test "Small client packet TLS 1.2 BlockCipher" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -9002,14 +8939,14 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM-8" \ 0 \ -s "Read from client: 1 bytes read" @@ -9035,7 +8972,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls12" \ "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" @@ -9043,7 +8980,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" @@ -9051,13 +8988,13 @@ run_test "Small client packet DTLS 1.2, without EtM" \ run_test "Small server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -c "Read from server: 1 bytes read" @@ -9069,13 +9006,13 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 1 bytes read" run_test "Small server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 1 bytes read" @@ -9099,7 +9036,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.2" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" @@ -9107,7 +9044,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" @@ -9121,7 +9058,7 @@ fragments_for_write() { run_test "Large client packet TLS 1.2 BlockCipher" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9129,7 +9066,7 @@ run_test "Large client packet TLS 1.2 BlockCipher" \ run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9144,7 +9081,7 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9152,7 +9089,7 @@ run_test "Large client packet TLS 1.2 AEAD" \ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9178,13 +9115,13 @@ run_test "Large client packet TLS 1.3 AEAD shorter tag" \ # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. run_test "Large server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI etm=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" @@ -9197,20 +9134,20 @@ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 16384 bytes read" @@ -9542,7 +9479,7 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt, delay=0" \ "$P_SRV \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" @@ -9551,38 +9488,12 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt, delay=1" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign callback not present" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_version=tls12; [ \$? -eq 1 ] && - $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -S "Async sign callback" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "The own private key or pre-shared key is not set, but needed" \ - -s "Async resume (slot [0-9]): decrypt done, status=0" \ - -s "Successful connection" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt callback not present" \ - "$P_SRV debug_level=1 \ - async_operations=s async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; - [ \$? -eq 1 ] && $P_CLI force_version=tls12" \ - 0 \ - -S "Async decrypt callback" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "got no RSA private key" \ - -s "Async resume (slot [0-9]): sign done, status=0" \ - -s "Successful connection" - # key1: ECDSA, key2: RSA; use key1 from slot 0 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key1" \ @@ -9673,7 +9584,7 @@ run_test "SSL async private: decrypt, error in start" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ async_private_error=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "Async decrypt callback: injected error" \ -S "Async resume" \ @@ -9685,7 +9596,7 @@ run_test "SSL async private: decrypt, cancel after start" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ async_private_error=2" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "Async decrypt callback: using key slot " \ -S "Async resume" \ @@ -9696,7 +9607,7 @@ run_test "SSL async private: decrypt, error in resume" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ async_private_error=3" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "Async decrypt callback: using key slot " \ -s "Async resume callback: decrypt done but injected error" \ @@ -9797,7 +9708,7 @@ run_test "SSL async private: renegotiation: client-initiated, decrypt" \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ exchanges=2 renegotiation=1" \ "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" @@ -9809,7 +9720,7 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ exchanges=2 renegotiation=1 renegotiate=1" \ "$P_CLI exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" @@ -9817,10 +9728,10 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \ # Tests for ECC extensions (rfc 4492) requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED run_test "Force a non ECC ciphersuite in the client side" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ + "$P_SRV debug_level=3 psk=73776f726466697368" \ + "$P_CLI debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \ 0 \ -C "client hello, adding supported_groups extension" \ -C "client hello, adding supported_point_formats extension" \ @@ -9828,10 +9739,10 @@ run_test "Force a non ECC ciphersuite in the client side" \ -S "found supported point formats extension" requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED run_test "Force a non ECC ciphersuite in the server side" \ - "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ - "$P_CLI debug_level=3" \ + "$P_SRV debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \ + "$P_CLI debug_level=3 psk=73776f726466697368" \ 0 \ -C "found supported_point_formats extension" \ -S "server hello, supported_point_formats extension" @@ -11792,11 +11703,11 @@ run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 -run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ +run_test "DTLS proxy: 3d, \"short\" ECDHE-RSA handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index cd0c303e91..1d07c42adf 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -368,9 +368,9 @@ Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 -Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 +Handshake, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -396,9 +396,9 @@ DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 -DTLS Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 +DTLS Handshake, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -435,22 +435,6 @@ Handshake min/max version check, all -> 1.3 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 -Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 @@ -712,53 +696,53 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=512, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=1024, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=2048, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=4096, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=512, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=1024, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=2048, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=4096, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=512, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=1024, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=2048, PSK-WITH-AES-128-CCM depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=4096, PSK-WITH-AES-128-CCM depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From 00ab71035e1398b5fb2328de84989e1151c7223b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 12 Feb 2025 17:52:22 +0100 Subject: [PATCH 0103/1080] Delete SSL async decryption tests Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 78 ------------------------------------------------ 1 file changed, 78 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7972ae5c32..9cec49641d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9475,25 +9475,6 @@ run_test "SSL async private: sign, SNI" \ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, delay=0" \ - "$P_SRV \ - async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, delay=1" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - # key1: ECDSA, key2: RSA; use key1 from slot 0 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key1" \ @@ -9579,41 +9560,6 @@ run_test "SSL async private: sign, error in resume" \ -S "Async cancel" \ -s "! mbedtls_ssl_handshake returned" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, error in start" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: injected error" \ - -S "Async resume" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, cancel after start" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=2" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: using key slot " \ - -S "Async resume" \ - -s "Async cancel" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, error in resume" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=3" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume callback: decrypt done but injected error" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: cancel after start then operate correctly" \ "$P_SRV force_version=tls12 \ @@ -9701,30 +9647,6 @@ run_test "SSL async private: renegotiation: server-initiated, sign" \ -s "Async sign callback: using key slot " \ -s "Async resume (slot [0-9]): sign done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: client-initiated, decrypt" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1" \ - "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: server-initiated, decrypt" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1 renegotiate=1" \ - "$P_CLI exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - # Tests for ECC extensions (rfc 4492) requires_hash_alg SHA_256 From 9d7fd3dfe1f45cf5e654b6bda6b3088f8cd25865 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 13 Feb 2025 13:30:23 +0100 Subject: [PATCH 0104/1080] Migrate the RSA key exchage tests Migrate to ECDHE-ECDSA instead of PSK Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 72 ++++++++++++++++---------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1d07c42adf..7772c74fc8 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -696,53 +696,53 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=512, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=1024, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=2048, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=4096, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=512, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=1024, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=2048, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=4096, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=512, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=1024, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=2048, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=4096, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From dd7c0f1e661395e3dde5c6b1540fdf9be9d00b2c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 17 Feb 2025 13:42:46 +0100 Subject: [PATCH 0105/1080] Fix ciphersuit Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9cec49641d..75ab93861b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8939,14 +8939,14 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -s "Read from client: 1 bytes read" @@ -9006,13 +9006,13 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 1 bytes read" run_test "Small server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 1 bytes read" @@ -9081,7 +9081,7 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9089,7 +9089,7 @@ run_test "Large client packet TLS 1.2 AEAD" \ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9141,13 +9141,13 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 16384 bytes read" From ff9b2e742ae5371669fd92a817ec29bf7a26481d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 17 Feb 2025 13:44:13 +0100 Subject: [PATCH 0106/1080] Delete test cases Only RSA cipgersuits are accepted for these tests and there is no ECDHE-RSA alternative for AES-128-CCM so delete them. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 48 -------------------------------- 1 file changed, 48 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7772c74fc8..7ba79ee6da 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -696,54 +696,6 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" From 973a712dd8d664262a60d6fa7c9dd90200c02410 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 18 Feb 2025 12:31:25 +0100 Subject: [PATCH 0107/1080] Migrate to a usable ciphersuite Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7ba79ee6da..fadff46b16 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -368,9 +368,9 @@ Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 -Handshake, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:0 +Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -396,9 +396,9 @@ DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 -DTLS Handshake, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:1 +DTLS Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From cdd34742cfd35e311f3c17ce78ab1296594c4302 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 21 Feb 2025 18:07:41 +0100 Subject: [PATCH 0108/1080] Fix test case name Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index fadff46b16..ed6f816a46 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -368,7 +368,7 @@ Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 -Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:0 @@ -396,7 +396,7 @@ DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 -DTLS Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +DTLS Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:1 From ab02cd5e7b7d3a8ffbb26bd800cb7fdfd8351d03 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 21 Feb 2025 18:10:45 +0100 Subject: [PATCH 0109/1080] Revert "Delete test cases" This reverts commit ecc5d31139dc6877f135e8090e805c250e32a31d. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 48 ++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ed6f816a46..818997a55b 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -696,6 +696,54 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" From 8adcfc8240146288c2e5691031720255ae12d3c8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 17:37:33 +0100 Subject: [PATCH 0110/1080] Add ECDSA ciphersuite support for `resize_buffer` tests Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 12 ++++++++++++ tests/suites/test_suite_ssl.function | 10 ++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 818997a55b..c3c5866b8d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -613,39 +613,51 @@ DTLS serialization with MFL=4096 resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096 DTLS no legacy renegotiation with MFL=512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=1024 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=4096 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=1024 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=4096 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy break handshake renegotiation with MFL=512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=1024 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=4096 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2b50f0e3f2..7479f9ba95 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2825,7 +2825,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { @@ -2843,6 +2843,12 @@ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, } options.resize_buffers = 1; + const mbedtls_ssl_ciphersuite_t *ciphersuite = + mbedtls_ssl_ciphersuite_from_string(cipher); + if (ciphersuite != NULL) { + options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); + } + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ @@ -2862,7 +2868,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { From c27757b1ebeb171d6b3541ad7c4405e5ab476dd6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 11:30:11 +0100 Subject: [PATCH 0111/1080] Add new test component New test component added to run test cases with ECDHE_ECDSA ciphersuits and without TLS 1.3. Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration-tls.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 83795012f3..f2ac152634 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -277,6 +277,10 @@ component_full_without_ecdhe_ecdsa_and_tls13 () { MBEDTLS_SSL_PROTO_TLS1_3" } +component_full_without_tls13 () { + build_full_minus_something_and_test_tls "MBEDTLS_SSL_PROTO_TLS1_3" +} + component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full From 92e49e1bca7b4fd8f679aa9118d04ad44eeab81f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 4 Mar 2025 11:57:08 +0100 Subject: [PATCH 0112/1080] Update comment Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration-tls.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index f2ac152634..293e88e8f3 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -242,8 +242,8 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" } -# Common helper for component_full_without_ecdhe_ecdsa() and -# component_full_without_ecdhe_ecdsa_and_tls13() which: +# Common helper for component_full_without_ecdhe_ecdsa(), +# component_full_without_ecdhe_ecdsa_and_tls13() and component_full_without_tls13 which: # - starts from the "full" configuration minus the list of symbols passed in # as 1st parameter # - build From dcbe4ce9db23b5cff44ff9a9b002c2415857b8ee Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 4 Mar 2025 11:58:02 +0100 Subject: [PATCH 0113/1080] Update dependencies Pre-existing but not having TLS 1.3 in the build does not seem to be necessary actually. These test functions set the dtls flag when calling `test_resize_buffers` and then `test_resize_buffers` sets the `options.dtls` flag which eventually forces the TLS 1.2 version of the protocol (in `mbedtls_test_ssl_endpoint_init()` call of `mbedtls_ssl_config_defaults()` with `MBEDTLS_SSL_TRANSPORT_DATAGRAM` as the transport). Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7479f9ba95..08ecd672f1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_serialize_mfl(int mfl) { test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, @@ -2868,7 +2868,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { From ea4df49272119ee10af7ef42f41ff504793d882a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 4 Mar 2025 17:17:09 +0100 Subject: [PATCH 0114/1080] Update test dependencies Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c3c5866b8d..565588bea6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -709,51 +709,51 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_K resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 From 2e5a7ea9bc4301745c0234225b18218f4af3edc3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Feb 2025 23:11:09 +0100 Subject: [PATCH 0115/1080] Fix Doxygen markup Pacify `clang -Wdocumentation`. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_lib.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 6fc3d73072..bc5cce51a0 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -243,8 +243,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, * - free the provided PK context and re-initilize it as an opaque PK context * wrapping the PSA key imported in the above step. * - * \param[in/out] pk On input the non-opaque PK context which contains the - * key to be wrapped. On output the re-initialized PK + * \param[in,out] pk On input, the non-opaque PK context which contains the + * key to be wrapped. On output, the re-initialized PK * context which represents the opaque version of the one * provided as input. * \param[in] psa_alg The primary algorithm that will be associated to the From 9bdc8aa80b3d8df7286273cf2710e1d658d147c5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 21:29:59 +0100 Subject: [PATCH 0116/1080] Tweak "waiting for more handshake fragments" log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "waiting for more handshake fragments" log message in ssl_consume_current_message(), and add a similar one in mbedtls_ssl_prepare_handshake_record(). Assert both. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a87785cfea..a9310aa976 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3054,6 +3054,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl->in_hdr = ssl->in_msg + ssl->in_msglen; ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); + MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments %" + MBEDTLS_PRINTF_SIZET "/%" MBEDTLS_PRINTF_SIZET, + ssl->in_hsfraglen, ssl->in_hslen)); return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } if (ssl->in_hsfraglen > 0) { @@ -4438,11 +4441,9 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) if (ssl->in_hsfraglen != 0) { /* Not all handshake fragments have arrived, do not consume. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", - ssl->in_hsfraglen, ssl->in_hslen, - ssl->in_hslen - ssl->in_hsfraglen)); + MBEDTLS_SSL_DEBUG_MSG(3, ("Consume: waiting for more handshake fragments %" + MBEDTLS_PRINTF_SIZET "/%" MBEDTLS_PRINTF_SIZET, + ssl->in_hsfraglen, ssl->in_hslen)); return 0; } From 07027722cbe091f2fe8f446e4805dcc93f604bda Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 16:46:10 +0100 Subject: [PATCH 0117/1080] Tweak handshake fragment log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "handshake fragment:" log message. This changes what information is displayed when a record contains data beyond the expected end of the handshake message. This case is currently untested and its handling will change in a subsequent commit. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a9310aa976..12d46c305a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3042,13 +3042,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, - ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" - MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, + ("handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + - (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), - ssl->in_hslen, ssl->in_msglen)); + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); if (ssl->in_msglen < hs_remain) { ssl->in_hsfraglen += ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen; From 7a17696c3414d10970fedc135dac7f8bcdf893a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 21:59:12 +0100 Subject: [PATCH 0118/1080] mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep Minor refactoring of the initial checks and preparation when receiving the first fragment. Use `ssl->in_hsfraglen` to determine whether there is a pending handshake fragment, for consistency, and possibly for more robustness in case handshake fragments are mixed with non-handshake records (although this is not currently supported anyway). Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 12d46c305a..a8c79172fc 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2962,16 +2962,19 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - /* First handshake fragment must at least include the header. */ - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } + if (ssl->in_hsfraglen == 0) { + /* The handshake message must at least include the header. + * We may not have the full message yet in case of fragmentation. + * To simplify the code, we insist on having the header (and in + * particular the handshake message length) in the first + * fragment. */ + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } - if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - ssl->in_hsfraglen = 0; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" From 235eae9e0381c889b0d011971fe2c8123652a073 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 22:02:52 +0100 Subject: [PATCH 0119/1080] mbedtls_ssl_prepare_handshake_record(): log offsets after decryption Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a8c79172fc..cba6096eb4 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2982,6 +2982,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen)); + if (ssl->transform_in != NULL) { + MBEDTLS_SSL_DEBUG_MSG(4, ("decrypted handshake message:" + " iv-buf=%d hdr-buf=%d hdr-buf=%d", + (int) (ssl->in_iv - ssl->in_buf), + (int) (ssl->in_hdr - ssl->in_buf), + (int) (ssl->in_msg - ssl->in_buf))); + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From e85ece6584d9fae3a3f3661619d0223e6482acff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 22:24:56 +0100 Subject: [PATCH 0120/1080] Handshake defragmentation: reassemble incrementally Reassemble handshake fragments incrementally instead of all at the end. That is, every time we receive a non-initial handshake fragment, append it to the initial fragment. Since we only have to deal with at most two handshake fragments at the same time, this simplifies the code (no re-parsing of a record) and is a little more memory-efficient (no need to store one record header per record). This commit also fixes a bug. The previous code did not calculate offsets correctly when records use an explicit IV, which is the case in TLS 1.2 with CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and ChachaPoly). This led to the wrong data when an encrypted handshake message was fragmented (Finished or renegotiation). The new code handles this correctly. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 162 ++++++++++++++++++++---------- tests/scripts/analyze_outcomes.py | 7 -- 2 files changed, 110 insertions(+), 59 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cba6096eb4..454b1ebbdd 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3049,64 +3049,122 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if (ssl->in_hsfraglen <= ssl->in_hslen) { - int ret; - const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - MBEDTLS_SSL_DEBUG_MSG(3, - ("handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, - ssl->in_hslen)); - if (ssl->in_msglen < hs_remain) { - ssl->in_hsfraglen += ssl->in_msglen; - ssl->in_hdr = ssl->in_msg + ssl->in_msglen; - ssl->in_msglen = 0; - mbedtls_ssl_update_in_pointers(ssl); + { + unsigned char *const reassembled_record_start = + ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + unsigned char *const payload_start = + reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl); + unsigned char *payload_end = payload_start + ssl->in_hsfraglen; + + if (ssl->in_hsfraglen != 0) { + /* We already had a handshake fragment. Prepare to append + * to the initial segment. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); + + const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + if (ssl->in_msglen > hs_remain) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %" + MBEDTLS_PRINTF_SIZET " but only %" + MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET " remain", + ssl->in_msglen, + hs_remain, + ssl->in_hslen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } + } else if (ssl->in_msglen == ssl->in_hslen) { + /* This is the sole fragment. */ + /* Emit a log message in the same format as when there are + * multiple fragments, for ease of matching. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); + } else { + /* This is the first fragment of many. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); + } + + /* Move the received handshake fragment to have the whole message + * (at least the part received so far) in a single segment at a + * known offset in the input buffer. + * - When receiving a non-initial handshake fragment, append it to + * the initial segment. + * - Even the initial handshake fragment is moved, if it was + * encrypted with an explicit IV: decryption leaves the payload + * after the explicit IV, but here we move it to start where the + * IV was. + */ +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + size_t const in_buf_len = ssl->in_buf_len; +#else + size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; +#endif + if (payload_end + ssl->in_hsfraglen > ssl->in_buf + in_buf_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Shouldn't happen: no room to move handshake fragment %" + MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" + MBEDTLS_PRINTF_SIZET ")", + ssl->in_msglen, + ssl->in_msg, payload_end, + ssl->in_buf, in_buf_len)); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + memmove(payload_end, ssl->in_msg, ssl->in_msglen); + + ssl->in_hsfraglen += ssl->in_msglen; + payload_end += ssl->in_msglen; + + if (ssl->in_hsfraglen < ssl->in_hslen) { MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments %" - MBEDTLS_PRINTF_SIZET "/%" MBEDTLS_PRINTF_SIZET, + MBEDTLS_PRINTF_SIZET "/%" + MBEDTLS_PRINTF_SIZET, ssl->in_hsfraglen, ssl->in_hslen)); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } - if (ssl->in_hsfraglen > 0) { - /* - * At in_first_hdr we have a sequence of records that cover the next handshake - * record, each with its own record header that we need to remove. - * Note that the reassembled record size may not equal the size of the message, - * there may be more messages after it, complete or partial. - */ - unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - unsigned char *p = in_first_hdr, *q = NULL; - size_t merged_rec_len = 0; - do { - mbedtls_record rec; - ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); - if (ret != 0) { - return ret; - } - merged_rec_len += rec.data_len; - p = rec.buf + rec.buf_len; - if (q != NULL) { - memmove(q, rec.buf + rec.data_offset, rec.data_len); - q += rec.data_len; - } else { - q = p; - } - } while (merged_rec_len < ssl->in_hslen); - ssl->in_hdr = in_first_hdr; + ssl->in_hdr = payload_end; + ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); - ssl->in_msglen = merged_rec_len; - /* Adjust message length. */ - MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } else { + ssl->in_msglen = ssl->in_hsfraglen; ssl->in_hsfraglen = 0; + ssl->in_hdr = reassembled_record_start; + mbedtls_ssl_update_in_pointers(ssl); + + /* Update the record length in the fully reassembled record */ + if (ssl->in_msglen > 0xffff) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Shouldn't happen: in_msglen=%" + MBEDTLS_PRINTF_SIZET " > 0xffff", + ssl->in_msglen)); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); + MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", - ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); + ssl->in_hdr, + mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen); } - } else { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 3946017625..e68c2cbf09 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -34,13 +34,6 @@ def _has_word_re(words: typing.Iterable[str], re.DOTALL) IGNORED_TESTS = { - 'handshake-generated': [ - # Temporary disable Handshake defragmentation tests until mbedtls - # pr #10011 has been merged. - 'Handshake defragmentation on client: len=4, TLS 1.2', - 'Handshake defragmentation on client: len=5, TLS 1.2', - 'Handshake defragmentation on client: len=13, TLS 1.2' - ], 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. From 90a9593bbd3ec343e16d73cbaf998f8e5768a9b6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Feb 2025 23:57:20 +0100 Subject: [PATCH 0121/1080] Fix dodgy printf calls Pacify `clang -Wformat-pedantic`. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 454b1ebbdd..9d8857dfa6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3127,8 +3127,8 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" MBEDTLS_PRINTF_SIZET ")", ssl->in_msglen, - ssl->in_msg, payload_end, - ssl->in_buf, in_buf_len)); + (void *) ssl->in_msg, (void *) payload_end, + (void *) ssl->in_buf, in_buf_len)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } memmove(payload_end, ssl->in_msg, ssl->in_msglen); From 36edd48c61c9c86edd9d3774496c83d12d2cfaa5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Mar 2025 17:41:59 +0100 Subject: [PATCH 0122/1080] Document the limitations of TLS handshake message defragmentation Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0c0c8bb4d2..85255498b2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4360,6 +4360,24 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * with \c mbedtls_ssl_read()), not handshake messages. * With DTLS, this affects both ApplicationData and handshake. * + * \note Defragmentation of incoming handshake messages in TLS + * (excluding DTLS) is supported with some limitations: + * - On an Mbed TLS server that only accepts TLS 1.2, + * the initial ClientHello message must not be fragmented. + * A TLS 1.2 ClientHello may be fragmented if the server + * also accepts TLS 1.3 connections (meaning + * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the + * accepted versions have not been restricted with + * mbedtls_ssl_conf_max_tls_version() or the like). + * - A ClientHello message that initiates a renegotiation + * must not be fragmented. + * - The first fragment of a handshake message must be + * at least 4 bytes long. + * - Non-handshake records must not be interleaved between + * the fragments of a handshake message. (This is permitted + * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it + * even in TLS 1.2.) + * * \note This sets the maximum length for a record's payload, * excluding record overhead that will be added to it, see * \c mbedtls_ssl_get_record_expansion(). From 1b785e2201b9c3047cee8a86caa3ba2718aeee3b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Mar 2025 17:44:20 +0100 Subject: [PATCH 0123/1080] Refer to the API documentation for details Signed-off-by: Gilles Peskine --- ChangeLog.d/tls-hs-defrag-in.txt | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 4fd4a4e372..748f95c104 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,12 +1,7 @@ Bugfix - * Support re-assembly of fragmented handshake messages in TLS, as mandated - by the spec. Lack of support was causing handshake failures with some - servers, especially with TLS 1.3 in practice (though both protocol - version could be affected in principle, and both are fixed now). - The initial fragment for each handshake message must be at least 4 bytes. - - Server-side, defragmentation of the ClientHello message is only - supported if the server accepts TLS 1.3 (regardless of whether the - ClientHello is 1.3 or 1.2). That is, servers configured (either - at compile time or at runtime) to only accept TLS 1.2 will - still fail the handshake if the ClientHello message is fragmented. + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_conf_max_frag_len() for details. From e4a3fc2f5818729fc13739448c9518f41094d627 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 17:53:53 +0100 Subject: [PATCH 0124/1080] Update framework Changed log messages and added more tests in `tests/opt-testcases/handshake-generated.sh`. Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a009d4b3c..8d85112a44 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b +Subproject commit 8d85112a44d052a5d89cb0a135e162384da42584 From 0851ec93444b55b1dbb0db7cec3c4845f9cefcd3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 15:15:20 +0100 Subject: [PATCH 0125/1080] Fix end check before memmove Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 9d8857dfa6..ad3bf57592 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3121,7 +3121,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) #else size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - if (payload_end + ssl->in_hsfraglen > ssl->in_buf + in_buf_len) { + if (payload_end + ssl->in_msglen > ssl->in_buf + in_buf_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("Shouldn't happen: no room to move handshake fragment %" MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" From 149509362b9fe44001e523492dfb56cac94550ae Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 6 Mar 2025 16:06:42 +0100 Subject: [PATCH 0126/1080] TLS context serialization needs an AEAD ciphersuite Signed-off-by: Gabor Mezei --- tests/include/test/ssl_helpers.h | 7 +++++++ tests/suites/test_suite_ssl.function | 29 ++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index e5b8d74416..910329dd0d 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -70,6 +70,13 @@ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif + +#if defined(PSA_WANT_ALG_GCM) ||\ + defined(PSA_WANT_ALG_CCM) ||\ + defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#define MBEDTLS_TEST_HAS_AEAD_ALG +#endif + enum { #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ tls13_label_ ## name, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 08ecd672f1..7d8bf90efd 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2858,13 +2858,34 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_serialize_mfl(int mfl) { + /* Choose an AEAD ciphersuite */ + const int *ciphersuites = mbedtls_ssl_list_ciphersuites(); + const mbedtls_ssl_ciphersuite_t *ciphersuite = NULL; + int i = 0; + while (ciphersuites[i] != 0) { + ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuites[i]); + + if (ciphersuite->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { + const mbedtls_ssl_mode_t mode = +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) + mbedtls_ssl_get_mode_from_ciphersuite(0, ciphersuite); +#else + mbedtls_ssl_get_mode_from_ciphersuite(ciphersuite); +#endif + if (mode == MBEDTLS_SSL_MODE_AEAD) + break; + } + + i++; + } + + TEST_ASSERT(ciphersuite != NULL); + test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, - (char *) ""); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; + (char *) ciphersuite->name); } /* END_CASE */ From 15c072f0de4555c4810acec14e074c01ddf871de Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 19:03:00 +0100 Subject: [PATCH 0127/1080] Fix handshake defragmentation when the record has multiple messages A handshake record may contain multiple handshake messages, or multiple fragments (there can be the final fragment of a pending message, then zero or more whole messages, and an initial fragment of an incomplete message). This was previously untested, but supported, so don't break it. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ad3bf57592..acd05b0382 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3055,6 +3055,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) unsigned char *const payload_start = reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl); unsigned char *payload_end = payload_start + ssl->in_hsfraglen; + /* How many more bytes we want to have a complete handshake message. */ + const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + /* How many bytes of the current record are part of the first + * handshake message. There may be more handshake messages (possibly + * incomplete) in the same record; if so, we leave them after the + * current record, and ssl_consume_current_message() will take + * care of consuming the next handshake message. */ + const size_t hs_this_fragment_len = + ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; if (ssl->in_hsfraglen != 0) { /* We already had a handshake fragment. Prepare to append @@ -3066,21 +3075,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) " of %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hsfraglen + hs_this_fragment_len, ssl->in_hslen)); - - const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - if (ssl->in_msglen > hs_remain) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %" - MBEDTLS_PRINTF_SIZET " but only %" - MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET " remain", - ssl->in_msglen, - hs_remain, - ssl->in_hslen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } else if (ssl->in_msglen == ssl->in_hslen) { + } else if (hs_this_fragment_len == ssl->in_hslen) { /* This is the sole fragment. */ /* Emit a log message in the same format as when there are * multiple fragments, for ease of matching. */ @@ -3091,7 +3088,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) " of %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hsfraglen + hs_this_fragment_len, ssl->in_hslen)); } else { /* This is the first fragment of many. */ @@ -3102,7 +3099,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) " of %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hsfraglen + hs_this_fragment_len, ssl->in_hslen)); } @@ -3154,16 +3151,24 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) /* Update the record length in the fully reassembled record */ if (ssl->in_msglen > 0xffff) { MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: in_msglen=%" + ("Shouldn't happen: in_hslen=%" MBEDTLS_PRINTF_SIZET " > 0xffff", ssl->in_msglen)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); + size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", - ssl->in_hdr, - mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen); + ssl->in_hdr, record_len); + if (ssl->in_hslen < ssl->in_msglen) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("More handshake messages in the record: " + "%" MBEDTLS_PRINTF_SIZET " + " + "%" MBEDTLS_PRINTF_SIZET, + ssl->in_hslen, + ssl->in_msglen - ssl->in_hslen)); + } } } From afb254c5fed409cf3811e468aae82a72198f38ae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 19:23:22 +0100 Subject: [PATCH 0128/1080] Unify handshake fragment log messages There is no longer any different processing at this point, just near-identical log messages. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 51 +++++++++++++---------------------------------- 1 file changed, 14 insertions(+), 37 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index acd05b0382..851c0df394 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3065,43 +3065,20 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) const size_t hs_this_fragment_len = ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; - if (ssl->in_hsfraglen != 0) { - /* We already had a handshake fragment. Prepare to append - * to the initial segment. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + hs_this_fragment_len, - ssl->in_hslen)); - } else if (hs_this_fragment_len == ssl->in_hslen) { - /* This is the sole fragment. */ - /* Emit a log message in the same format as when there are - * multiple fragments, for ease of matching. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + hs_this_fragment_len, - ssl->in_hslen)); - } else { - /* This is the first fragment of many. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + hs_this_fragment_len, - ssl->in_hslen)); - } + MBEDTLS_SSL_DEBUG_MSG(3, + ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + (ssl->in_hsfraglen != 0 ? + "subsequent" : + hs_this_fragment_len == ssl->in_hslen ? + "sole" : + "initial"), + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + hs_this_fragment_len, + ssl->in_hslen)); /* Move the received handshake fragment to have the whole message * (at least the part received so far) in a single segment at a From b8f1e4bae3fa26743ee3dfe43f22c2425dbb2db9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 21:32:08 +0100 Subject: [PATCH 0129/1080] Pacify uncrustify Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 851c0df394..3c7ff8279f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3141,8 +3141,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) if (ssl->in_hslen < ssl->in_msglen) { MBEDTLS_SSL_DEBUG_MSG(3, ("More handshake messages in the record: " - "%" MBEDTLS_PRINTF_SIZET " + " - "%" MBEDTLS_PRINTF_SIZET, + "%" MBEDTLS_PRINTF_SIZET " + %" MBEDTLS_PRINTF_SIZET, ssl->in_hslen, ssl->in_msglen - ssl->in_hslen)); } From dab1cb5b4515c683e0016b381afc0b1bd30b797b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 21:30:23 +0100 Subject: [PATCH 0130/1080] Note unused variables when debugging is disabled Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3c7ff8279f..cc133be273 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3064,6 +3064,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) * care of consuming the next handshake message. */ const size_t hs_this_fragment_len = ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; + (void) hs_this_fragment_len; MBEDTLS_SSL_DEBUG_MSG(3, ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET @@ -3136,6 +3137,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen; + (void) record_len; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", ssl->in_hdr, record_len); if (ssl->in_hslen < ssl->in_msglen) { From 692d855b4dbb1f361b67f5e945f4c4108c4ff62f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 15:53:19 +0100 Subject: [PATCH 0131/1080] tf-psa-crypto: udpate reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 25742030e4..7d60bf1078 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 25742030e4eddfb29913cb82642703ee0fe5d0d7 +Subproject commit 7d60bf1078578bfc809f1516c195c54cefdb510d From e34ec86370b340bc845a91ea0b08e016c84c9d92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 10:43:39 +0100 Subject: [PATCH 0132/1080] Fix a log message Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cc133be273..d91e8300a6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3129,7 +3129,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) /* Update the record length in the fully reassembled record */ if (ssl->in_msglen > 0xffff) { MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: in_hslen=%" + ("Shouldn't happen: in_msglen=%" MBEDTLS_PRINTF_SIZET " > 0xffff", ssl->in_msglen)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 8829aa336c6c9398a52225948380ff8170a31e07 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 7 Mar 2025 13:21:37 +0100 Subject: [PATCH 0133/1080] Fix code style Signed-off-by: Gabor Mezei --- tests/include/test/ssl_helpers.h | 4 ++-- tests/suites/test_suite_ssl.function | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 910329dd0d..ef4927f72e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -71,8 +71,8 @@ #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif -#if defined(PSA_WANT_ALG_GCM) ||\ - defined(PSA_WANT_ALG_CCM) ||\ +#if defined(PSA_WANT_ALG_GCM) || \ + defined(PSA_WANT_ALG_CCM) || \ defined(PSA_WANT_ALG_CHACHA20_POLY1305) #define MBEDTLS_TEST_HAS_AEAD_ALG #endif diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7d8bf90efd..e9584dcc1f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2875,8 +2875,9 @@ void resize_buffers_serialize_mfl(int mfl) #else mbedtls_ssl_get_mode_from_ciphersuite(ciphersuite); #endif - if (mode == MBEDTLS_SSL_MODE_AEAD) + if (mode == MBEDTLS_SSL_MODE_AEAD) { break; + } } i++; From 816b7126806f2faf63eb0b3b8207d5c6b071f10c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 7 Mar 2025 17:20:59 +0000 Subject: [PATCH 0134/1080] TLS1.2: Check for failures in Finished calculation If the calc_finished function returns an error code, don't ignore it but instead return the error code to stop the handshake as the Finished message may be incorrect. Signed-off-by: David Horstmann --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0b072e6a76..b740358c13 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7570,6 +7570,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); + return ret; } /* @@ -7683,6 +7684,7 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); + return ret; } if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { From 6408113fe2f11d8ed3a35ee721761d9c8ab54da6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 10:33:58 +0100 Subject: [PATCH 0135/1080] tests: move component_test_tf_psa_crypto_cmake_as_package to tf-psa-crypto Signed-off-by: Valerio Setti --- tests/scripts/components-build-system.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index 91a999e10a..3108aa7b92 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -123,27 +123,6 @@ component_test_cmake_as_package () { fi } -component_test_tf_psa_crypto_cmake_as_package () { - # Remove existing generated files so that we use the ones CMake - # generates - make neat - - msg "build: cmake 'as-package' build" - root_dir="$(pwd)" - cd tf-psa-crypto/programs/test/cmake_package - build_variant_dir="$(pwd)" - cmake . - make - ./cmake_package - if [[ "$OSTYPE" == linux* ]]; then - PKG_CONFIG_PATH="${build_variant_dir}/tf-psa-crypto/pkgconfig" \ - ${root_dir}/framework/scripts/pkgconfig.sh \ - tfpsacrypto - # This is the EXPECTED package name. Renaming it could break consumers - # of pkg-config, consider carefully. - fi -} - support_test_cmake_as_package () { support_test_cmake_out_of_source } From 0cfe54e4e07736a00e4f4810130bf994d1739552 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 5 Mar 2025 15:49:08 +0000 Subject: [PATCH 0136/1080] remove RNG parameters from SSL API's Signed-off-by: Ben Taylor --- include/mbedtls/ssl_cookie.h | 4 +--- include/mbedtls/ssl_ticket.h | 5 ----- library/ssl_cookie.c | 6 +----- library/ssl_ticket.c | 22 +++++++++++++--------- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_server.c | 2 -- programs/ssl/dtls_server.c | 3 +-- programs/ssl/ssl_server2.c | 5 +---- 8 files changed, 18 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index afeb07b0fd..ec54f614d3 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -55,9 +55,7 @@ void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Setup cookie context (generate keys) */ -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Set expiration delay for cookies diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index ef97e8f024..5a2e4876e5 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -68,8 +68,6 @@ typedef struct mbedtls_ssl_ticket_context { uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); @@ -90,8 +88,6 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * \brief Prepare context to be actually used * * \param ctx Context to be set up - * \param f_rng RNG callback function (mandatory) - * \param p_rng RNG callback context * \param alg AEAD cipher to use for ticket protection. * \param key_type Cryptographic key type to use. * \param key_bits Cryptographic key size to use in bits. @@ -116,7 +112,6 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * or a specific MBEDTLS_ERR_XXX error code */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 01b90e14b1..11811ee30f 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -81,16 +81,12 @@ void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx)); } -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t alg; - (void) f_rng; - (void) p_rng; alg = mbedtls_md_psa_alg_from_type(COOKIE_MD); if (alg == 0) { diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 8653e2ddda..c10d36fb59 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -75,11 +75,15 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, */ key->lifetime = ctx->ticket_lifetime; - if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) { + if ((ret = psa_crypto_init()) != 0) { return ret; } - if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) { + if ((ret = psa_generate_random(key->name, sizeof(key->name))) != 0) { + return ret; + } + + if ((ret = psa_generate_random(buf, sizeof(buf))) != 0) { return ret; } @@ -185,7 +189,6 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, * Setup context for actual use */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime) { @@ -199,9 +202,6 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - ctx->f_rng = f_rng; - ctx->p_rng = p_rng; - ctx->ticket_lifetime = lifetime; ctx->keys[0].alg = alg; @@ -254,7 +254,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, *tlen = 0; - if (ctx == NULL || ctx->f_rng == NULL) { + if (ctx == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -278,7 +278,11 @@ int mbedtls_ssl_ticket_write(void *p_ticket, memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) { + if ((ret = psa_crypto_init()) != 0) { + goto cleanup; + } + + if ((ret = psa_generate_random(iv, TICKET_IV_BYTES)) != 0) { goto cleanup; } @@ -355,7 +359,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (ctx == NULL || ctx->f_rng == NULL) { + if (ctx == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index c2dbef86c6..d215f7ac7f 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -108,7 +108,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif - if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) { + if (mbedtls_ssl_cookie_setup(&cookie_ctx) != 0) { goto exit; } diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 28f9e336ca..09436542e6 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -132,8 +132,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) if (options & 0x4) { if (mbedtls_ssl_ticket_setup(&ticket_ctx, //context - dummy_random, //f_rng - &ctr_drbg, //p_rng PSA_ALG_GCM, //alg PSA_KEY_TYPE_AES, //key_type 256, //key_bits diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 6430ed2a2f..e881c91aee 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -216,8 +216,7 @@ int main(void) goto exit; } - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) { printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index dc7ca8f51c..a81cc88c0c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2971,8 +2971,6 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_HAVE_TIME */ { if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx, - rng_get, - &rng, opt.ticket_alg, opt.ticket_key_type, opt.ticket_key_bits, @@ -3014,8 +3012,7 @@ int main(int argc, char *argv[]) if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { #if defined(MBEDTLS_SSL_COOKIE_C) if (opt.cookies > 0) { - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx, - rng_get, &rng)) != 0) { + if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) { mbedtls_printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); goto exit; } From 857144c9c2983cc7f30bd6c8019674cf6979acb5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 10 Mar 2025 13:45:22 +0000 Subject: [PATCH 0137/1080] removed psa_crypto_init from library as this is supposed to be called by the application Signed-off-by: Ben Taylor --- library/ssl_ticket.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index c10d36fb59..7b0391924a 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -75,10 +75,6 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, */ key->lifetime = ctx->ticket_lifetime; - if ((ret = psa_crypto_init()) != 0) { - return ret; - } - if ((ret = psa_generate_random(key->name, sizeof(key->name))) != 0) { return ret; } @@ -278,10 +274,6 @@ int mbedtls_ssl_ticket_write(void *p_ticket, memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - if ((ret = psa_crypto_init()) != 0) { - goto cleanup; - } - if ((ret = psa_generate_random(iv, TICKET_IV_BYTES)) != 0) { goto cleanup; } From 5e838bd0e8a3f432dc2d7b7efe03eeb99518a874 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 14:37:33 +0100 Subject: [PATCH 0138/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 7d60bf1078..7d941e84a5 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 7d60bf1078578bfc809f1516c195c54cefdb510d +Subproject commit 7d941e84a5b5c77f642186075ef45b3cc3214d57 From e26a060194d347ade965050fe94bfb665b8f4d83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Mar 2025 12:52:18 +0100 Subject: [PATCH 0139/1080] Cleanly reject non-HS in-between HS fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d91e8300a6..f5ea8dd277 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4889,6 +4889,18 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* If we're in the middle of a fragmented TLS handshake message, + * we don't accept any other message type. For TLS 1.3, the spec forbids + * interleaving other message types between handshake fragments. For TLS + * 1.2, the spec does not forbid it but we do. */ + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM && + ssl->in_hsfraglen != 0 && + ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-handshake message in the middle" + " of a fragmented handshake message")); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } + /* * Handle particular types of records */ From d8f9e22b5e7f5aa896c2a923fe0e67c160b0c3af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:45:27 +0100 Subject: [PATCH 0140/1080] Move the defragmentation documentation to mbedtls_ssl_handshake Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 85255498b2..41dc13f627 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4360,23 +4360,9 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * with \c mbedtls_ssl_read()), not handshake messages. * With DTLS, this affects both ApplicationData and handshake. * - * \note Defragmentation of incoming handshake messages in TLS - * (excluding DTLS) is supported with some limitations: - * - On an Mbed TLS server that only accepts TLS 1.2, - * the initial ClientHello message must not be fragmented. - * A TLS 1.2 ClientHello may be fragmented if the server - * also accepts TLS 1.3 connections (meaning - * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the - * accepted versions have not been restricted with - * mbedtls_ssl_conf_max_tls_version() or the like). - * - A ClientHello message that initiates a renegotiation - * must not be fragmented. - * - The first fragment of a handshake message must be - * at least 4 bytes long. - * - Non-handshake records must not be interleaved between - * the fragments of a handshake message. (This is permitted - * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it - * even in TLS 1.2.) + * \note Defragmentation of TLS handshake messages is supported + * with some limitations. See the documentation of + * mbedtls_ssl_handshake() for details. * * \note This sets the maximum length for a record's payload, * excluding record overhead that will be added to it, see @@ -4867,6 +4853,24 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * currently being processed might or might not contain further * DTLS records. * + * \note Defragmentation of incoming handshake messages in TLS + * (excluding DTLS) is supported with some limitations: + * - On an Mbed TLS server that only accepts TLS 1.2, + * the initial ClientHello message must not be fragmented. + * A TLS 1.2 ClientHello may be fragmented if the server + * also accepts TLS 1.3 connections (meaning + * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the + * accepted versions have not been restricted with + * mbedtls_ssl_conf_max_tls_version() or the like). + * - A ClientHello message that initiates a renegotiation + * must not be fragmented. + * - The first fragment of a handshake message must be + * at least 4 bytes long. + * - Non-handshake records must not be interleaved between + * the fragments of a handshake message. (This is permitted + * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it + * even in TLS 1.2.) + * * \note The PSA crypto subsystem must have been initialized by * calling psa_crypto_init() before calling this function. */ From 80facedad9742ee83584bfcfe6ebdc30af223563 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:47:14 +0100 Subject: [PATCH 0141/1080] ClientHello may be fragmented in renegotiation Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 41dc13f627..469364d3f7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4862,8 +4862,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). - * - A ClientHello message that initiates a renegotiation - * must not be fragmented. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From d9c858039e524f5f3460bed520991cf09575ab2e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:47:49 +0100 Subject: [PATCH 0142/1080] Clarify DTLS Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 469364d3f7..e28c8ee73d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4854,7 +4854,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * DTLS records. * * \note Defragmentation of incoming handshake messages in TLS - * (excluding DTLS) is supported with some limitations: + * is supported with some limitations: * - On an Mbed TLS server that only accepts TLS 1.2, * the initial ClientHello message must not be fragmented. * A TLS 1.2 ClientHello may be fragmented if the server @@ -4862,6 +4862,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). + * This limitation does not apply to DTLS. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From 5ea94e6cd1ab8a89ee75284144412e2495607cf7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 11 Mar 2025 15:52:48 +0000 Subject: [PATCH 0143/1080] Add changelog entry for TLS 1.2 Finished fix Signed-off-by: David Horstmann --- ChangeLog.d/tls12-check-finished-calc.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/tls12-check-finished-calc.txt diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt new file mode 100644 index 0000000000..cd52d32ffd --- /dev/null +++ b/ChangeLog.d/tls12-check-finished-calc.txt @@ -0,0 +1,6 @@ +Security + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 From 2b78a5abfa2a19b6ec38066a080a6b6d10ad23fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Mar 2025 10:07:33 +0100 Subject: [PATCH 0144/1080] State globally that the limitations don't apply to DTLS Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e28c8ee73d..4547976e30 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4853,8 +4853,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * currently being processed might or might not contain further * DTLS records. * - * \note Defragmentation of incoming handshake messages in TLS - * is supported with some limitations: + * \note In TLS, reception of fragmented handshake messages is + * supported with some limitations (those limitations do + * not apply to DTLS, where defragmentation is fully + * supported): * - On an Mbed TLS server that only accepts TLS 1.2, * the initial ClientHello message must not be fragmented. * A TLS 1.2 ClientHello may be fragmented if the server @@ -4862,7 +4864,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). - * This limitation does not apply to DTLS. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From 4c30cd8e492e9230a68afa2f85a83368449f7eec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Mar 2025 10:08:14 +0100 Subject: [PATCH 0145/1080] Update the location of defragmentation limitations Signed-off-by: Gilles Peskine --- ChangeLog.d/tls-hs-defrag-in.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 748f95c104..6bab02a029 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -4,4 +4,4 @@ Bugfix some servers, especially with TLS 1.3 in practice. There are a few limitations, notably a fragmented ClientHello is only supported when TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_conf_max_frag_len() for details. + mbedtls_ssl_handshake() for details. From 122105269ad0299a0df0b140df13d5f3f0bcf658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 16:22:33 +0100 Subject: [PATCH 0146/1080] Run test_suite_debug without MBEDTLS_SSL_TLS_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move the suite's global dependency on MBEDTLS_SSL_TLS_C to the individual test cases. Add an preprocesor guard around string_debug to prevent warning about unused functions. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.function | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index a71db14eca..b4692ca1f3 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -9,6 +9,7 @@ struct buffer_data { char *ptr; }; +#if defined(MBEDTLS_SSL_TLS_C) static void string_debug(void *data, int level, const char *file, int line, const char *str) { struct buffer_data *buffer = (struct buffer_data *) data; @@ -44,14 +45,15 @@ static void string_debug(void *data, int level, const char *file, int line, cons buffer->ptr = p; } +#endif /* MBEDTLS_SSL_TLS_C */ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C + * depends_on:MBEDTLS_DEBUG_C * END_DEPENDENCIES */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void debug_print_msg_threshold(int threshold, int level, char *file, int line, char *result_str) { @@ -89,7 +91,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, char *result_str) { @@ -124,7 +126,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void mbedtls_debug_print_buf(char *file, int line, char *text, data_t *data, char *result_str) { @@ -159,7 +161,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, char *prefix, char *result_str) { @@ -199,7 +201,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_BIGNUM_C */ void mbedtls_debug_print_mpi(char *value, char *file, int line, char *prefix, char *result_str) { From c6a8bf0f8e10aa853969161f88a2c4c7e0bf4333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 22:32:15 +0100 Subject: [PATCH 0147/1080] Test handling of format macros defined in debug.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 7 +++++++ tests/suites/test_suite_debug.function | 28 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index c8f40a0c5b..af153b9013 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,3 +1,10 @@ +# printf_int_expr expects a smuggled string expression as its first parameter +printf "%" MBEDTLS_PRINTF_SIZET, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index b4692ca1f3..a8a8c68fa3 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -53,6 +53,34 @@ static void string_debug(void *data, int level, const char *file, int line, cons * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ + intmax_t sizeof_x, intmax_t x, char *result) +{ + const char *format = (char *) ((uintptr_t) smuggle_format_expr); + char *output = NULL; + const size_t n = strlen(result); + + /* Nominal case: buffer just large enough */ + TEST_CALLOC(output, n + 1); + if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x)); + } else if (sizeof_x == sizeof(long)) { + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x)); + } else if (sizeof_x == sizeof(long long)) { + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x)); + } else { + TEST_FAIL( + "sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)"); + } + TEST_MEMORY_COMPARE(result, n + 1, output, n + 1); + +exit: + mbedtls_free(output); + output = NULL; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void debug_print_msg_threshold(int threshold, int level, char *file, int line, char *result_str) From 154066d118f64058a088f77670cdaa1a20157c5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sun, 2 Mar 2025 00:58:11 +0100 Subject: [PATCH 0148/1080] Add testcase for MBEDTLS_PRINTF_MS_TIME MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 3 +++ tests/suites/test_suite_debug.function | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index af153b9013..e7bdf69a8f 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -5,6 +5,9 @@ printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" +printf "%" MBEDTLS_PRINTF_MS_TIME, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:MBEDTLS_MS_TIME_SIZE:0:"0" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index a8a8c68fa3..af91ea43f0 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -4,6 +4,15 @@ #include "mbedtls/pk.h" #include +// Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store +// doesn't exclude entries based on depends_on headers, which would cause failures +// in builds without MBEDTLS_HAVE_TIME +#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) +# define MBEDTLS_MS_TIME_SIZE sizeof(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) +#else +# define MBEDTLS_MS_TIME_SIZE sizeof(int64_t) +#endif + struct buffer_data { char buf[2000]; char *ptr; From 58bb7ecd9486daaf3d954a15a1f7d0e72de37617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sun, 2 Mar 2025 01:17:02 +0100 Subject: [PATCH 0149/1080] Disable fatal assertions in Windows printf tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Windows CRT treats any invalid format specifiers passed to the CRT as fatal assertion failures. Disable thie behaviour temporarily while testing if the format specifiers we use are supported. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.function | 40 ++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index af91ea43f0..36ab9bde23 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -4,6 +4,11 @@ #include "mbedtls/pk.h" #include +#if defined(_WIN32) +# include +# include +#endif + // Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store // doesn't exclude entries based on depends_on headers, which would cause failures // in builds without MBEDTLS_HAVE_TIME @@ -55,6 +60,23 @@ static void string_debug(void *data, int level, const char *file, int line, cons buffer->ptr = p; } #endif /* MBEDTLS_SSL_TLS_C */ + +#if defined(_WIN32) +static void noop_invalid_parameter_handler( + const wchar_t *expression, + const wchar_t *function, + const wchar_t *file, + unsigned int line, + uintptr_t pReserved) +{ + (void) expression; + (void) function; + (void) file; + (void) line; + (void) pReserved; +} +#endif /* _WIN32 */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -66,6 +88,17 @@ static void string_debug(void *data, int level, const char *file, int line, cons void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ intmax_t sizeof_x, intmax_t x, char *result) { +#if defined(_WIN32) + /* Windows treats any invalid format specifiers passsed to the CRT as fatal assertion failures. + Disable this behaviour temporarily, so the rest of the test cases can complete. */ + _invalid_parameter_handler saved_handler = + _set_invalid_parameter_handler(noop_invalid_parameter_handler); + + // Disable assertion pop-up window in Debug builds + int saved_report_mode = _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_REPORT_MODE); + _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_DEBUG); +#endif + const char *format = (char *) ((uintptr_t) smuggle_format_expr); char *output = NULL; const size_t n = strlen(result); @@ -87,6 +120,13 @@ void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework exit: mbedtls_free(output); output = NULL; + +#if defined(_WIN32) + // Restore default Windows behaviour + _set_invalid_parameter_handler(saved_handler); + _CrtSetReportMode(_CRT_ASSERT, saved_report_mode); + (void) saved_report_mode; +#endif } /* END_CASE */ From becb21e66858acd4f0814d2e32cce63a460e79e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 22:39:09 +0100 Subject: [PATCH 0150/1080] Fix MSVC version guard for C99 format size specifiers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it on 2015 and above (_MSC_VER >= 1900). %ldd works on Visual Studio 2013, but this patch keeps the two macro definitions together, for simplicity's sake. Signed-off-by: Bence Szépkúti --- ChangeLog.d/fix-msvc-version-guard-format-zu.txt | 5 +++++ include/mbedtls/debug.h | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt new file mode 100644 index 0000000000..637388ecaa --- /dev/null +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013. + Fixes #10017. diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 424ed4b3fd..a940ef7821 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,16 +108,16 @@ * * This module provides debugging functions. */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) +#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" #else \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" #endif \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #if !defined(MBEDTLS_PRINTF_MS_TIME) #include From ebe1f811c88856d3c6c1a17eedcec4c4b4875569 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 1 Mar 2025 23:53:47 +0100 Subject: [PATCH 0151/1080] Remove Everest VS2010 compatibility headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These headers were necessary for compatibility with Visual Studio 2010, and interfere with the system headers on Visual Studio 2013+, eg. when building Mbed TLS using the .sln file shipped with the project. Move the still-required definition of "inline" to callconv.h, where the definition for GCC also lives. Signed-off-by: Bence Szépkúti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 7d941e84a5..399c5f9e1d 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 7d941e84a5b5c77f642186075ef45b3cc3214d57 +Subproject commit 399c5f9e1d71cb177eb0c16cb934755b409abe23 From cd1ece7846fa9f32f7e8c2af99c2d263031145f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 7 Mar 2025 17:22:40 +0100 Subject: [PATCH 0152/1080] Never use %zu on MinGW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- include/mbedtls/debug.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index a940ef7821..8e1bd83a1a 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,7 +108,7 @@ * * This module provides debugging functions. */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" From a4c9233292caad5612c135ddbf1c005c9cd04fb3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Mar 2025 15:25:17 +0000 Subject: [PATCH 0153/1080] Updated framework pointer. Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 8d85112a44..cab0c5fe19 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 8d85112a44d052a5d89cb0a135e162384da42584 +Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd From 9ea950417640b0a4a505c31bd7fbdb4c25d71a38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 8 Mar 2025 00:40:47 +0100 Subject: [PATCH 0154/1080] Update changelog to call out MinGW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- ChangeLog.d/fix-msvc-version-guard-format-zu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt index 637388ecaa..eefda618ca 100644 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -1,5 +1,5 @@ Bugfix * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013. + with Visual Studio 2013 or MinGW. Fixes #10017. From 011b6cb1c5395b4ffe9c3ac5d42098db6137da3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 8 Mar 2025 01:02:37 +0100 Subject: [PATCH 0155/1080] Fix comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- include/mbedtls/debug.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 8e1bd83a1a..e6f5dadb14 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -113,11 +113,11 @@ #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" #else \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ + /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" #endif \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ + /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #if !defined(MBEDTLS_PRINTF_MS_TIME) #include From 46e0b1cac9098cdaf30f8adc5bfa1f93f2627701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 Mar 2025 16:43:38 +0100 Subject: [PATCH 0156/1080] Use dummy typedef instead of macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use a dummy definition of mbedtls_ms_time_t in builds without MBEDTLS_HAVE_TIME. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 2 +- tests/suites/test_suite_debug.function | 10 +++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index e7bdf69a8f..af26dfd72d 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -6,7 +6,7 @@ printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" printf "%" MBEDTLS_PRINTF_MS_TIME, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:MBEDTLS_MS_TIME_SIZE:0:"0" +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 36ab9bde23..dc3d2888df 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -9,13 +9,9 @@ # include #endif -// Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store -// doesn't exclude entries based on depends_on headers, which would cause failures -// in builds without MBEDTLS_HAVE_TIME -#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) -# define MBEDTLS_MS_TIME_SIZE sizeof(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) -#else -# define MBEDTLS_MS_TIME_SIZE sizeof(int64_t) +// Dummy type for builds without MBEDTLS_HAVE_TIME +#if !defined(MBEDTLS_HAVE_TIME) +typedef int64_t mbedtls_ms_time_t; #endif struct buffer_data { From 24f11a366da5823d57bc6e34d272752acab96d88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 Mar 2025 17:08:46 +0100 Subject: [PATCH 0157/1080] Use an array of strings instead of pointer smuggling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 7 +++---- tests/suites/test_suite_debug.function | 17 ++++++++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index af26dfd72d..0989e61089 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,12 +1,11 @@ -# printf_int_expr expects a smuggled string expression as its first parameter printf "%" MBEDTLS_PRINTF_SIZET, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" printf "%" MBEDTLS_PRINTF_LONGLONG, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" printf "%" MBEDTLS_PRINTF_MS_TIME, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index dc3d2888df..f3c8ff6196 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -14,6 +14,18 @@ typedef int64_t mbedtls_ms_time_t; #endif +typedef enum { + PRINTF_SIZET, + PRINTF_LONGLONG, + PRINTF_MS_TIME, +} printf_format_indicator_t; + +const char *const printf_formats[] = { + [PRINTF_SIZET] = "%" MBEDTLS_PRINTF_SIZET, + [PRINTF_LONGLONG] = "%" MBEDTLS_PRINTF_LONGLONG, + [PRINTF_MS_TIME] = "%" MBEDTLS_PRINTF_MS_TIME, +}; + struct buffer_data { char buf[2000]; char *ptr; @@ -81,8 +93,7 @@ static void noop_invalid_parameter_handler( */ /* BEGIN_CASE */ -void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ - intmax_t sizeof_x, intmax_t x, char *result) +void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char *result) { #if defined(_WIN32) /* Windows treats any invalid format specifiers passsed to the CRT as fatal assertion failures. @@ -95,7 +106,7 @@ void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_DEBUG); #endif - const char *format = (char *) ((uintptr_t) smuggle_format_expr); + const char *format = printf_formats[format_indicator]; char *output = NULL; const size_t n = strlen(result); From daa14a4212bdb88fd8e62e22944c899ac3830331 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Feb 2025 16:20:01 +0000 Subject: [PATCH 0158/1080] ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0736d0e3d0..d260cb7498 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13711,7 +13711,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -13719,6 +13719,24 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ -s "bad client hello message" \ -s "SSL - A message could not be parsed due to a syntactic error" +# Test Server Buffer resizing with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +requires_max_content_len 1025 +run_test "Handshake defragmentation on server with buffer resizing: len=256, MFL=1024" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -maxfraglen 1024 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "Reallocating in_buf" \ + -s "Reallocating out_buf" \ + -s "reassembled record" \ + -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 5aaa6e048bb0e46d9b014d7df7b44f792603f6b2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Feb 2025 18:23:09 +0000 Subject: [PATCH 0159/1080] ssl-opt: Added fragmented HS tests for client-initiated renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d260cb7498..d2ebaaee51 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -103,12 +103,14 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" + O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client" else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false O_NEXT_SRV_EARLY_DATA=false O_NEXT_CLI_NO_CERT=false O_NEXT_CLI=false + O_NEXT_CLI_RENEGOTIATE=false fi if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then @@ -13737,6 +13739,43 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" +# Test Client initiated renegotiation with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 529188f30bbd304bb84acace66cdc6d7135cf84b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 6 Mar 2025 15:09:39 +0000 Subject: [PATCH 0160/1080] ssl-opt: Added fragmented HS tests for server-initiated renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d2ebaaee51..3d9ddd9eb4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13776,6 +13776,37 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ +# Test Server initiated renegotiation with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with server-initiated renegotiation: len=300" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 300 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 300, 0..300 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 300/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 300/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 05009c736c146a94ad2d4090cb0e8f2e684bc2e8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 6 Mar 2025 15:19:53 +0000 Subject: [PATCH 0161/1080] Added Mock Renegotiation negative test for testing. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3d9ddd9eb4..2ec090609f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13807,6 +13807,22 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= -c "found renegotiation extension" \ -c "=> renegotiate" +# Mock negative test to demonstrate the failure with n-bit sized fragments, where ClientHello < n. +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation mock with server-initiated renegotation: len=256 renego_delay=default(16)" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 1 \ + -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "renegotiation requested, but not honored by server" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 7134e52decd3866e393d1ebdc925c5ffd530ca0d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 6 Mar 2025 18:51:09 +0000 Subject: [PATCH 0162/1080] programs -> ssl_client2.c: Added option renego_delay to set record buffer depth. Signed-off-by: Minos Galanakis --- programs/ssl/ssl_client2.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6742925f2a..d5c2a63ff7 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -75,6 +75,7 @@ int main(void) #define DFL_RECO_SERVER_NAME NULL #define DFL_RECO_DELAY 0 #define DFL_RECO_MODE 1 +#define DFL_RENEGO_DELAY -2 #define DFL_CID_ENABLED 0 #define DFL_CID_VALUE "" #define DFL_CID_ENABLED_RENEGO -1 @@ -298,7 +299,8 @@ int main(void) #if defined(MBEDTLS_SSL_RENEGOTIATION) #define USAGE_RENEGO \ " renegotiation=%%d default: 0 (disabled)\n" \ - " renegotiate=%%d default: 0 (disabled)\n" + " renegotiate=%%d default: 0 (disabled)\n" \ + " renego_delay=%%d default: -2 (library default)\n" #else #define USAGE_RENEGO "" #endif @@ -938,6 +940,7 @@ int main(int argc, char *argv[]) opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; opt.renegotiate = DFL_RENEGOTIATE; + opt.renego_delay = DFL_RENEGO_DELAY; opt.exchanges = DFL_EXCHANGES; opt.min_version = DFL_MIN_VERSION; opt.max_version = DFL_MAX_VERSION; @@ -1172,6 +1175,8 @@ int main(int argc, char *argv[]) break; default: goto usage; } + } else if (strcmp(p, "renego_delay") == 0) { + opt.renego_delay = (atoi(q)); } else if (strcmp(p, "renegotiate") == 0) { opt.renegotiate = atoi(q); if (opt.renegotiate < 0 || opt.renegotiate > 1) { @@ -1923,6 +1928,9 @@ int main(int argc, char *argv[]) } #if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation); + if (opt.renego_delay != DFL_RENEGO_DELAY) { + mbedtls_ssl_conf_renegotiation_enforced(&conf, opt.renego_delay); + } #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -2467,6 +2475,8 @@ int main(int argc, char *argv[]) } mbedtls_printf(" ok\n"); } + + #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) From 87be69a3fc99efa2504114267ee309978fe11879 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Mar 2025 09:58:10 +0000 Subject: [PATCH 0163/1080] sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ec090609f..7ea00d2bbc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13823,6 +13823,22 @@ run_test "Handshake defragmentation mock with server-initiated renegotation: -c "found renegotiation extension" \ -c "renegotiation requested, but not honored by server" +# Fixing the above mock negative using the new renego_delay parameter +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation mock with server-initiated renegotiation: len=256 renego_delay=32" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 allow_legacy=1 renegotiation=1 renego_delay=32 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 200, 0..200 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 200/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 200/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 135ebd3241b3f817d03fe7f609036bb6613fe1bd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:03:38 +0000 Subject: [PATCH 0164/1080] ssl-opt: Removed mock-tests from HS renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 44 ++++++-------------------------------------- 1 file changed, 6 insertions(+), 38 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7ea00d2bbc..19e4b95610 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13781,13 +13781,13 @@ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=300" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 300 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ +run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ - -c "initial handshake fragment: 300, 0..300 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 300/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 300/[0-9]\\+" \ + -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" @@ -13807,38 +13807,6 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= -c "found renegotiation extension" \ -c "=> renegotiate" -# Mock negative test to demonstrate the failure with n-bit sized fragments, where ClientHello < n. -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation mock with server-initiated renegotation: len=256 renego_delay=default(16)" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ - 1 \ - -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "renegotiation requested, but not honored by server" - -# Fixing the above mock negative using the new renego_delay parameter -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation mock with server-initiated renegotiation: len=256 renego_delay=32" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 allow_legacy=1 renegotiation=1 renego_delay=32 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 200, 0..200 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 200/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 200/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 990a10909df5c6069df924d5b2d1a6f1c3ffd4f8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:06:38 +0000 Subject: [PATCH 0165/1080] ssl-opt: Fragmented HS renegotiation, updated documentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 19e4b95610..b680c11eb5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13721,7 +13721,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u -s "bad client hello message" \ -s "SSL - A message could not be parsed due to a syntactic error" -# Test Server Buffer resizing with fragmented handshake on TLS1.2 +# Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -13739,7 +13739,7 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" -# Test Client initiated renegotiation with fragmented handshake on TLS1.2 +# Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -13776,7 +13776,13 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ -# Test Server initiated renegotiation with fragmented handshake on TLS1.2 +# Test server-initiated renegotiation with fragmented handshake on TLS1.2 +# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server +# to initiate a handshake renegotiation. +# Note: Adjusting the renegotiation delay beyond the library's default value +# of 16 is necessary, as it sets the maximum record depth to match it. +# Splitting messages during the renegotiation process requires a deeper +# stack to accommodate the increased processing complexity. requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication From a7b19aa8572e93da788d74fa9b222e0f2549fb7e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:17:25 +0000 Subject: [PATCH 0166/1080] ssl-opt: Refactored fragmented HS renegotiation tests. - Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency. - Re-ordered tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 59 ++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b680c11eb5..2aa124874c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13723,7 +13723,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u # Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH @@ -13741,12 +13741,12 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ +run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13754,17 +13754,17 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ +run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13772,11 +13772,27 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + + # Note: The /reneg endpoint serves as a directive for OpenSSL's s_server # to initiate a handshake renegotiation. # Note: Adjusting the renegotiation delay beyond the library's default value @@ -13784,7 +13800,7 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= # Splitting messages during the renegotiation process requires a deeper # stack to accommodate the increased processing complexity. requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \ @@ -13798,21 +13814,6 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= -c "found renegotiation extension" \ -c "=> renegotiate" -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From ae54c749fca3f4c8c74bebcaeefd8c740243bfdf Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:19:48 +0000 Subject: [PATCH 0167/1080] ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2aa124874c..9e5930a269 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13776,6 +13776,43 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=128" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 128, 0..128 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 128/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 128/[0-9]\\+" \ + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=4" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 4, 0..4 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 4/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 4/[0-9]\\+" \ + # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 70be67b97e1fe1119be949d89e062549c1057e4b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:00:45 +0000 Subject: [PATCH 0168/1080] ssl-opt: Fragmented HS renegotiation, updated matching regex Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9e5930a269..17dc43a42c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13735,9 +13735,9 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, -s "Reallocating in_buf" \ -s "Reallocating out_buf" \ -s "reassembled record" \ - -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" + -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/" \ + -s "Consume: waiting for more handshake fragments 256/" # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x @@ -13754,9 +13754,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 512/" \ + -s "Consume: waiting for more handshake fragments 512/" \ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -13772,9 +13772,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/" \ + -s "Consume: waiting for more handshake fragments 256/" \ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -13791,9 +13791,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 128, 0..128 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 128/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 128/[0-9]\\+" \ + -s "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 128/" \ + -s "Consume: waiting for more handshake fragments 128/" \ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -13809,9 +13809,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 4, 0..4 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 4/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 4/[0-9]\\+" \ + -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 4/" \ + -s "Consume: waiting for more handshake fragments 4/" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x @@ -13822,9 +13822,9 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ - -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 512/" \ + -c "Consume: waiting for more handshake fragments 512/" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" @@ -13844,9 +13844,9 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ - -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 256/" \ + -c "Consume: waiting for more handshake fragments 256/" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" From af0e60b38f534029f361efcc03c6a33676ec611d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:08:01 +0000 Subject: [PATCH 0169/1080] ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 17dc43a42c..07323858e4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13728,7 +13728,7 @@ requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH requires_max_content_len 1025 -run_test "Handshake defragmentation on server with buffer resizing: len=256, MFL=1024" \ +run_test "Handshake defragmentation on server: len=256, buffer resizing with MFL=1024" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -maxfraglen 1024 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -13744,7 +13744,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ +run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13762,7 +13762,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ +run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13781,7 +13781,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=128" \ +run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13799,7 +13799,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=4" \ +run_test "Handshake defragmentation on server: len=4, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13818,7 +13818,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ +run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ @@ -13840,7 +13840,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \ +run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ From 9b2e4b80e706762efd2dd50127872b937307e8e3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:10:12 +0000 Subject: [PATCH 0170/1080] ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 07323858e4..447a30de68 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13722,7 +13722,6 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u -s "SSL - A message could not be parsed due to a syntactic error" # Test server-side buffer resizing with fragmented handshake on TLS1.2 -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -13740,7 +13739,6 @@ run_test "Handshake defragmentation on server: len=256, buffer resizing with -s "Consume: waiting for more handshake fragments 256/" # Test client-initiated renegotiation with fragmented handshake on TLS1.2 -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13758,7 +13756,6 @@ run_test "Handshake defragmentation on server: len=512, client-initiated rene -s "Prepare: waiting for more handshake fragments 512/" \ -s "Consume: waiting for more handshake fragments 512/" \ -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13776,7 +13773,6 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene -s "Prepare: waiting for more handshake fragments 256/" \ -s "Consume: waiting for more handshake fragments 256/" \ -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -13795,7 +13791,6 @@ run_test "Handshake defragmentation on server: len=128, client-initiated rene -s "Prepare: waiting for more handshake fragments 128/" \ -s "Consume: waiting for more handshake fragments 128/" \ -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13814,7 +13809,6 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego -s "Consume: waiting for more handshake fragments 4/" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13836,7 +13830,6 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # of 16 is necessary, as it sets the maximum record depth to match it. # Splitting messages during the renegotiation process requires a deeper # stack to accommodate the increased processing complexity. -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION From 0b830f145f0898695924d1fbe8178b9b74c3abad Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:11:09 +0000 Subject: [PATCH 0171/1080] ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 447a30de68..98dc61e60b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13723,7 +13723,6 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u # Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH requires_max_content_len 1025 @@ -13740,7 +13739,6 @@ run_test "Handshake defragmentation on server: len=256, buffer resizing with # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13757,7 +13755,6 @@ run_test "Handshake defragmentation on server: len=512, client-initiated rene -s "Consume: waiting for more handshake fragments 512/" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13775,7 +13772,6 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13810,7 +13806,6 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13831,7 +13826,6 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # Splitting messages during the renegotiation process requires a deeper # stack to accommodate the increased processing complexity. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From df4ddfdf0ce3f668c6646b6859ef397cbff4352a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:24:04 +0000 Subject: [PATCH 0172/1080] ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 98dc61e60b..0b3442dd3b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13808,7 +13808,7 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ -c "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ @@ -13828,7 +13828,7 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ From a8f14384f8ca36246a067d236f61186375295c1b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:29:33 +0000 Subject: [PATCH 0173/1080] ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b3442dd3b..7ee8e33565 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -103,7 +103,7 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" - O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client" + O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false @@ -13742,7 +13742,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13758,7 +13758,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13775,7 +13775,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13792,7 +13792,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=4, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ From 1d78c7d58d9f30ca5de5ba93908550627be5bac6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Mar 2025 01:07:58 +0000 Subject: [PATCH 0174/1080] ssl-opt: Added client-initiated server-rejected renegotation test. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7ee8e33565..ff8f4d5e65 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13804,6 +13804,20 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego -s "Prepare: waiting for more handshake fragments 4/" \ -s "Consume: waiting for more handshake fragments 4/" \ +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotation" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ + 1 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "refusing renegotiation, sending alert" \ + -s "server hello, secure renegotiation extension" \ + -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 4/" \ + -s "Consume: waiting for more handshake fragments 4/" \ + # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION From 641e08e2aa3a1c703943f4149ceda240528b3886 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 13 Mar 2025 11:42:05 +0000 Subject: [PATCH 0175/1080] ssl-opt: Updated documentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ff8f4d5e65..e4756c0ad5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13835,10 +13835,11 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # Note: The /reneg endpoint serves as a directive for OpenSSL's s_server # to initiate a handshake renegotiation. -# Note: Adjusting the renegotiation delay beyond the library's default value -# of 16 is necessary, as it sets the maximum record depth to match it. -# Splitting messages during the renegotiation process requires a deeper -# stack to accommodate the increased processing complexity. +# Note: Adjusting the renegotiation delay beyond the library's default +# value of 16 is necessary. This parameter defines the maximum +# number of records received before renegotiation is completed. +# By fragmenting records and thereby increasing their quantity, +# the default threshold can be reached more quickly. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ From edebcc04f8e7d5d3a084b6ee1bcd5cdbc4a8fd91 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 13 Mar 2025 15:52:00 +0000 Subject: [PATCH 0176/1080] Fix typos in the 3.0 migration guide Signed-off-by: David Horstmann --- docs/3.0-migration-guide.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 42af9dbaf2..a1747bcb4c 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -349,7 +349,7 @@ original names of those functions. The renamed functions are: | `mbedtls_sha512_finish_ret` | `mbedtls_sha512_finish` | | `mbedtls_sha512_ret` | `mbedtls_sha512` | -To migrate to the this change the user can keep the `*_ret` names in their code +To migrate to this change the user can keep the `*_ret` names in their code and include the `compat_2.x.h` header file which holds macros with proper renaming or to rename those functions in their code according to the list from mentioned header file. @@ -409,7 +409,7 @@ using the multi-part API. Previously, the documentation didn't state explicitly if it was OK to call `mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after the last call to `mbedtls_cipher_update()` — that is, without calling -`mbedtls_cipher_finish()` in-between. If you code was missing that call, +`mbedtls_cipher_finish()` in-between. If your code was missing that call, please add it and be prepared to get as much as 15 bytes of output. Currently the output is always 0 bytes, but it may be more when alternative @@ -422,7 +422,7 @@ This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms. They are already niche or obsolete and most of them are weak or broken. For those reasons possible users should consider switching to modern and safe -alternatives to be found in literature. +alternatives to be found in the literature. ### Deprecated functions were removed from cipher @@ -806,11 +806,11 @@ multiple times on the same SSL configuration. In Mbed TLS 2.x, users would observe later calls overwriting the effect of earlier calls, with the prevailing PSK being the one that has been configured last. In Mbed TLS 3.0, -calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times +calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times will return an error, leaving the first PSK intact. To achieve equivalent functionality when migrating to Mbed TLS 3.0, -users calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times should +users calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times should remove all but the last call, so that only one call to _either_ `mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()` remains. From 079d7909a1704b1a0a160dffcc4497deb648aea9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 13 Mar 2025 16:49:08 +0000 Subject: [PATCH 0177/1080] Add note about MBEDTLS_PRIVATE() in 3.6 Note that in the Mbed TLS 3.6 LTS, users can generally rely on being able to access struct members through the MBEDTLS_PRIVATE() macro, since we try to maintain ABI stability within an LTS version. Signed-off-by: David Horstmann --- docs/3.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index a1747bcb4c..02f5b49124 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -71,7 +71,7 @@ If you were accessing structure fields directly, and these fields are not docume If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.). -As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. +As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. However, in the Mbed TLS 3.6 LTS this is generally a safe way to access struct members because LTS versions try to maintain ABI stability. ### Move part of timing module out of the library From e35672940c4815fb8f011c7e4a7e40774a130f21 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 13 Mar 2025 16:53:27 +0000 Subject: [PATCH 0178/1080] Update broken link to PSA driver dev examples This link is broken in development as the document has been moved to the TF-PSA-Crypto repository. Signed-off-by: David Horstmann --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b00d21ae50..448f37294f 100644 --- a/README.md +++ b/README.md @@ -299,7 +299,7 @@ However, it does not aim to implement the whole specification; in particular it Mbed TLS supports drivers for cryptographic accelerators, secure elements and random generators. This is work in progress. Please note that the driver interfaces are not fully stable yet and may change without notice. We intend to preserve backward compatibility for application code (using the PSA Crypto API), but the code of the drivers may have to change in future minor releases of Mbed TLS. -Please see the [PSA driver example and guide](docs/psa-driver-example-and-guide.md) for information on writing a driver. +Please see the [PSA driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md) for information on writing a driver. License ------- From f475a15d5da6fbfbdd3aedcfce3e5d9761b596aa Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 13 Mar 2025 11:43:53 +0000 Subject: [PATCH 0179/1080] ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e4756c0ad5..1e71bef7f7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13840,11 +13840,12 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # number of records received before renegotiation is completed. # By fragmenting records and thereby increasing their quantity, # the default threshold can be reached more quickly. +# Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ 0 \ -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ -c "Prepare: waiting for more handshake fragments 256/" \ From 6637ef798f756fa82269fe1750831e47b8b8f451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Feb 2025 13:19:45 +0100 Subject: [PATCH 0180/1080] New test function inject_client_content_on_the_wire() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Not used for real stuff so far, just getting the tooling in place. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_server.c | 3 ++ tests/src/test_helpers/ssl_helpers.c | 13 +++++ tests/suites/test_suite_ssl.data | 29 +++++++++++ tests/suites/test_suite_ssl.function | 72 ++++++++++++++++++++++++++++ 4 files changed, 117 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7273eb9392..acb65e38d2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1365,6 +1365,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("no supported_versions extension")); return SSL_CLIENT_HELLO_TLS1_2; } @@ -1386,6 +1387,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * the TLS version to negotiate. */ if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) { + MBEDTLS_SSL_DEBUG_MSG(2, ("supported_versions without 1.3")); return SSL_CLIENT_HELLO_TLS1_2; } } @@ -1964,6 +1966,7 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) } ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + MBEDTLS_SSL_DEBUG_MSG(1, ("non-1.3 ClientHello left for later processing")); return 0; } diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 44e07efb63..3c3bb6a54a 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -28,9 +28,22 @@ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, { mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; +/* Change 0 to 1 for debugging of test cases that use this function. */ +#if 0 + const char *q, *basename; + /* Extract basename from file */ + for (q = basename = file; *q != '\0'; q++) { + if (*q == '/' || *q == '\\') { + basename = q + 1; + } + } + printf("%s:%04d: |%d| %s", + basename, line, level, str); +#else (void) level; (void) line; (void) file; +#endif if (NULL != p && NULL != p->pattern && diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 565588bea6..18c5a410cc 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3329,3 +3329,32 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 + +# 1.2 minimal ClientHello breakdown: +# 160303rlrl - record header, 2-byte record contents len +# 01hlhlhl - handshake header, 3-byte handshake message len +# 0303 - protocol version: 1.2 +# 0123456789abcdef (repeated, 4 times total) - 32-byte "random" +# 00 - session ID (empty) +# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) +# 0100 - compression methods: 1-byte len then "null" (only legal value now) +# [then end, or extensions] +# elel - 2-byte extensions length +# ... +# +# Note: currently our TLS "1.3 or 1.2" code requires extension length to be +# present even it it's 0. This is not strictly compliant but doesn't matter +# much in practice as these days everyone wants to use signature_algorithms +# (for hashes better than SHA-1), secure_renego (even if you have renego +# disabled), and most people want either ECC or PSK related extensions. +# +# Note: cccc is currently not assigned, so can be used get a consistent +# "no matching ciphersuite" behaviour regardless of the configuration. +# 002f is MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MTI in 1.2, but removed in 4.0. +Inject ClientHello - TLS 1.2 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_HAVE_CBC +inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002002f01000000":"<= parse client hello":0 + +Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e9584dcc1f..9bdb02344c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5013,3 +5013,75 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE */ +void inject_client_content_on_the_wire(int state, data_t *hello, char *log_pattern, + int expected_ret) +{ + /* This function allows us to inject content at a specific state + * in the handshake, or when it's completed. The content is injected + * on the mock TCP socket, as if we were an active network attacker. + * + * This function is suitable to inject: + * - crafted records, at any point; + * - valid records that contain crafted handshake messages, but only + * when the traffic is still unprotected (for TLS 1.2 that's most of the + * handshake, for TLS 1.3 that's only the Hello messages); + * - handshake messages that are fragmented in a specific way, + * under the same conditions as above. + */ + enum { BUFFSIZE = 16384 }; + mbedtls_test_ssl_endpoint server, client; + mbedtls_platform_zeroize(&server, sizeof(server)); + mbedtls_platform_zeroize(&client, sizeof(client)); + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + mbedtls_test_ssl_log_pattern srv_pattern; + memset(&srv_pattern, 0, sizeof(srv_pattern)); + int ret = -1; + + PSA_INIT(); + + srv_pattern.pattern = log_pattern; + options.srv_log_obj = &srv_pattern; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + mbedtls_debug_set_threshold(3); + + ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, + BUFFSIZE); + TEST_EQUAL(ret, 0); + + /* Make the server move to the required state */ + ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, state); + TEST_EQUAL(ret, 0); + + /* Send the crafted message */ + ret = mbedtls_test_mock_tcp_send_b(&client.socket, hello->x, hello->len); + TEST_ASSERT(ret >= 0 && (size_t) ret == hello->len); + + /* Have the server process it. + * Need the loop because a server that support 1.3 and 1.2 + * will process a 1.2 ClientHello in two steps. + */ + do { + ret = mbedtls_ssl_handshake_step(&server.ssl); + } while (ret == 0 && server.ssl.state == state); + TEST_EQUAL(ret, expected_ret); + TEST_EQUAL(srv_pattern.counter, 1); + +exit: + mbedtls_test_free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_debug_set_threshold(0); + PSA_DONE(); +} +/* END_CASE */ From e9166523907803ff2dd5655bf5578d972f8440f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Feb 2025 12:36:28 +0100 Subject: [PATCH 0181/1080] Add supported_curves/groups extension MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows us to use a ciphersuite that will still be supported in 4.0. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 28 +++++++++++++++++++++------- tests/suites/test_suite_ssl.function | 13 ++++++++----- 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 18c5a410cc..57e99ec851 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3330,7 +3330,7 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 -# 1.2 minimal ClientHello breakdown: +# (Minimal) ClientHello breakdown: # 160303rlrl - record header, 2-byte record contents len # 01hlhlhl - handshake header, 3-byte handshake message len # 0303 - protocol version: 1.2 @@ -3338,23 +3338,37 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # 00 - session ID (empty) # 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) # 0100 - compression methods: 1-byte len then "null" (only legal value now) -# [then end, or extensions] +# [then end, or extensions, see notes below] # elel - 2-byte extensions length # ... +# 000a - elliptic_curves aka supported_groups +# 0004 - extension length +# 0002 - length of named_curve_list / named_group_list +# 0017 - secp256r1 aka NIST P-256 +# ... # # Note: currently our TLS "1.3 or 1.2" code requires extension length to be # present even it it's 0. This is not strictly compliant but doesn't matter # much in practice as these days everyone wants to use signature_algorithms # (for hashes better than SHA-1), secure_renego (even if you have renego # disabled), and most people want either ECC or PSK related extensions. +# See https://github.com/Mbed-TLS/mbedtls/issues/9963 +# +# Also, currently we won't negotiate ECC ciphersuites unless at least the +# supported_groups extension is present, see +# https://github.com/Mbed-TLS/mbedtls/issues/7458 # # Note: cccc is currently not assigned, so can be used get a consistent # "no matching ciphersuite" behaviour regardless of the configuration. -# 002f is MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MTI in 1.2, but removed in 4.0. +# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) + +# See "ClientHello breakdown" above +# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_HAVE_CBC -inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002002f01000000":"<= parse client hello":0 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 +# See "ClientHello breakdown" above Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C +inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9bdb02344c..1116e67dce 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5015,8 +5015,9 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void inject_client_content_on_the_wire(int state, data_t *hello, char *log_pattern, - int expected_ret) +void inject_client_content_on_the_wire(int pk_alg, + int state, data_t *data, + char *log_pattern, int expected_ret) { /* This function allows us to inject content at a specific state * in the handshake, or when it's completed. The content is injected @@ -5045,7 +5046,9 @@ void inject_client_content_on_the_wire(int state, data_t *hello, char *log_patte srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(3); + mbedtls_debug_set_threshold(5); + + options.pk_alg = pk_alg; ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); @@ -5064,8 +5067,8 @@ void inject_client_content_on_the_wire(int state, data_t *hello, char *log_patte TEST_EQUAL(ret, 0); /* Send the crafted message */ - ret = mbedtls_test_mock_tcp_send_b(&client.socket, hello->x, hello->len); - TEST_ASSERT(ret >= 0 && (size_t) ret == hello->len); + ret = mbedtls_test_mock_tcp_send_b(&client.socket, data->x, data->len); + TEST_ASSERT(ret >= 0 && (size_t) ret == data->len); /* Have the server process it. * Need the loop because a server that support 1.3 and 1.2 From 4afdf340dd7069076e059897245aa04bc3fb7ca2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Feb 2025 13:00:37 +0100 Subject: [PATCH 0182/1080] Add reference tests with 1.3 ClientHello MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 57e99ec851..1381112221 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3346,6 +3346,19 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # 0002 - length of named_curve_list / named_group_list # 0017 - secp256r1 aka NIST P-256 # ... +# 002b - supported version (for TLS 1.3) +# 0003 - extension length +# 02 - length of versions +# 0304 - TLS 1.3 ("SSL 3.4") +# ... +# 000d - signature algorithms +# 0004 - extension length +# 0002 - SignatureSchemeList length +# 0403 - ecdsa_secp256r1_sha256 +# ... +# 0033 - key share +# 0002 - extension length +# 0000 - length of client_shares (empty is valid) # # Note: currently our TLS "1.3 or 1.2" code requires extension length to be # present even it it's 0. This is not strictly compliant but doesn't matter @@ -3358,9 +3371,17 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # supported_groups extension is present, see # https://github.com/Mbed-TLS/mbedtls/issues/7458 # +# For TLS 1.3 with ephemeral key exchange, mandatory extensions are: +# - supported versions (as for all of TLS 1.3) +# - supported groups +# - key share +# - signature algorithms +# (see ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()). +# # Note: cccc is currently not assigned, so can be used get a consistent # "no matching ciphersuite" behaviour regardless of the configuration. # c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) +# 1301 is MBEDTLS_TLS1_3_AES_128_GCM_SHA256 (1.3) # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 @@ -3369,6 +3390,19 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBE inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above +# Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 + +# See "ClientHello breakdown" above +# Same as the above test with s/1301/cccc/ as the ciphersuite +Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE From de7aac782efc82f54320aaf8089bdb2bc59e5726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Feb 2025 10:08:50 +0100 Subject: [PATCH 0183/1080] Add test to TLS 1.3 ClientHello fragmentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 54 ++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1381112221..81100ff5d9 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3406,3 +3406,57 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 From 5d0a921e7aeea12ae2add90a723b87cf33a20abd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Feb 2025 11:22:29 +0100 Subject: [PATCH 0184/1080] Add test with non-HS record in-between HS fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two of these tests reveal bugs in the code, so they're commented out for now. For the other tests, the high-level behaviour is OK (break the handshake) but the details of why are IMO not good: they should be rejected because interleaving non-HS record between HS fragments is not valid according to the spec. To be fixed in future commits. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 81100ff5d9..9eba64adda 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3460,3 +3460,33 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD From 73247c6e19a7bf83e89f540ffb3640eb1749693f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 24 Feb 2025 09:53:26 +0100 Subject: [PATCH 0185/1080] Fix dependency issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 32 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9eba64adda..f2fe1f5e8c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3398,95 +3398,95 @@ inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"16030 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1116e67dce..bb51e64b7d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5014,7 +5014,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_DEBUG_C */ void inject_client_content_on_the_wire(int pk_alg, int state, data_t *data, char *log_pattern, int expected_ret) From ae567ad011abffdcad54c9ac64cf735004b7570e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Feb 2025 10:32:20 +0100 Subject: [PATCH 0186/1080] Add missing dependency declaration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This guards the definition of mbedtls_test_ssl_endpoint which we rely on, so the function won't compile without it. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index bb51e64b7d..9630fe091d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5014,7 +5014,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_DEBUG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ void inject_client_content_on_the_wire(int pk_alg, int state, data_t *data, char *log_pattern, int expected_ret) From e760d7be41b4d0d52037b1032b3e96f737d1d809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Feb 2025 10:50:29 +0100 Subject: [PATCH 0187/1080] Fix curve dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In addition to secp256r1 for the handshake, we need secp384r1 as it's used by the CA certificate. Caught by depends.py curves Also, for the "unknown ciphersuite" 1.2 test, use the same key type and all the same dependencies as of the "good" test above, to avoid having to determine a second set of correct dependencies just for this one. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 38 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index f2fe1f5e8c..d4cdf97afc 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3386,107 +3386,107 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C -inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD From 6e79ff5bb529b36c39e3e11e72d81061dd38e2b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Feb 2025 10:56:10 +0100 Subject: [PATCH 0188/1080] Fix hash dependencies for TLS 1.2 tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We're not sending a signature_algorithm extension, which means SHA-1. Caught by depends.py hashes Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index d4cdf97afc..7c2f03ec28 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3386,13 +3386,13 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above From 1bed827d22dbe97a3030e7c7765b592d9549d957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Feb 2025 13:01:10 +0100 Subject: [PATCH 0189/1080] New test function for large ClientHello MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 21 +++++ tests/suites/test_suite_ssl.function | 112 +++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7c2f03ec28..2c9d197930 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3490,3 +3490,24 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD + +Send large fragmented ClientHello: 4 bytes too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: 1 byte too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #1 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #2 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #3 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #4 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #5 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9630fe091d..c4d57f79e2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5088,3 +5088,115 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, + char *log_pattern, int expected_ret) +{ + /* This function sends a long message (claiming to be a ClientHello) + * fragmented in 1-byte fragments (except the initial fragment). + * The purpose is to test how the stack reacts when receiving: + * - a message larger than our buffer; + * - a message smaller than our buffer, but where the intermediate size of + * holding all the fragments (including overhead) is larger than our + * buffer. + */ + enum { BUFFSIZE = 16384 }; + mbedtls_test_ssl_endpoint server, client; + mbedtls_platform_zeroize(&server, sizeof(server)); + mbedtls_platform_zeroize(&client, sizeof(client)); + + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + + mbedtls_test_ssl_log_pattern srv_pattern; + memset(&srv_pattern, 0, sizeof(srv_pattern)); + + unsigned char *first_frag = NULL; + int ret = -1; + + size_t hs_len = (size_t) hs_len_int; + size_t first_frag_content_len = (size_t) first_frag_content_len_int; + + PSA_INIT(); + + srv_pattern.pattern = log_pattern; + options.srv_log_obj = &srv_pattern; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + mbedtls_debug_set_threshold(5); + + ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, + BUFFSIZE); + TEST_EQUAL(ret, 0); + + /* Make the server move past the initial dummy state */ + ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, + MBEDTLS_SSL_CLIENT_HELLO); + TEST_EQUAL(ret, 0); + + /* Prepare initial fragment */ + const size_t first_len = 5 // record header, see below + + 4 // handshake header, see balow + + first_frag_content_len; + TEST_CALLOC(first_frag, first_len); + unsigned char *p = first_frag; + // record header + // record type: handshake + *p++ = 0x16, + // record version (actually common to TLS 1.2 and TLS 1.3) + *p++ = 0x03, + *p++ = 0x03, + // record length: two bytes + *p++ = (unsigned char) (((4 + first_frag_content_len) >> 8) & 0xff); + *p++ = (unsigned char) (((4 + first_frag_content_len) >> 0) & 0xff); + // handshake header + // handshake type: ClientHello + *p++ = 0x01, + // handshake length: three bytes + *p++ = (unsigned char) ((hs_len >> 16) & 0xff); + *p++ = (unsigned char) ((hs_len >> 8) & 0xff); + *p++ = (unsigned char) ((hs_len >> 0) & 0xff); + // handshake content: dummy value + memset(p, 0x2a, first_frag_content_len); + + /* Send initial fragment and have the server process it. */ + ret = mbedtls_test_mock_tcp_send_b(&client.socket, first_frag, first_len); + TEST_ASSERT(ret >= 0 && (size_t) ret == first_len); + + ret = mbedtls_ssl_handshake_step(&server.ssl); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + + /* Dummy 1-byte fragment to repeatedly send next */ + const unsigned char next[] = { + 0x16, 0x03, 0x03, 0x00, 0x01, // record header (see above) + 0x2a, // Dummy handshake message content + }; + for (size_t left = hs_len - first_frag_content_len; left != 0; left--) { + ret = mbedtls_test_mock_tcp_send_b(&client.socket, next, sizeof(next)); + TEST_ASSERT(ret >= 0 && (size_t) ret == sizeof(next)); + + ret = mbedtls_ssl_handshake_step(&server.ssl); + if (ret != MBEDTLS_ERR_SSL_WANT_READ) { + break; + } + } + TEST_EQUAL(ret, expected_ret); + TEST_EQUAL(srv_pattern.counter, 1); + +exit: + mbedtls_test_free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_debug_set_threshold(0); + mbedtls_free(first_frag); + PSA_DONE(); +} +/* END_CASE */ From 299f94a5d2f95e25b84c462ba61ca1500ead10a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Mar 2025 10:12:25 +0100 Subject: [PATCH 0190/1080] Fix dependency issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Declare the same dependencies as for the previous TLS 1.3 tests, except for part that varies with the cipher suite (ie AES-GCM). Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c4d57f79e2..993ae55b41 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5089,7 +5089,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY */ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, char *log_pattern, int expected_ret) { @@ -5125,6 +5125,9 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, options.srv_log_fun = mbedtls_test_ssl_log_analyzer; mbedtls_debug_set_threshold(5); + // Does't really matter but we want to know to declare dependencies. + options.pk_alg = MBEDTLS_PK_ECDSA; + ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); From 55d9124bb0b422413bbd4ed1facc15d528e26877 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Mar 2025 10:18:30 +0100 Subject: [PATCH 0191/1080] Move new tests to their own data file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 182 -------------------- tests/suites/test_suite_ssl.tls-defrag.data | 181 +++++++++++++++++++ 2 files changed, 181 insertions(+), 182 deletions(-) create mode 100644 tests/suites/test_suite_ssl.tls-defrag.data diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 2c9d197930..565588bea6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3329,185 +3329,3 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 - -# (Minimal) ClientHello breakdown: -# 160303rlrl - record header, 2-byte record contents len -# 01hlhlhl - handshake header, 3-byte handshake message len -# 0303 - protocol version: 1.2 -# 0123456789abcdef (repeated, 4 times total) - 32-byte "random" -# 00 - session ID (empty) -# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) -# 0100 - compression methods: 1-byte len then "null" (only legal value now) -# [then end, or extensions, see notes below] -# elel - 2-byte extensions length -# ... -# 000a - elliptic_curves aka supported_groups -# 0004 - extension length -# 0002 - length of named_curve_list / named_group_list -# 0017 - secp256r1 aka NIST P-256 -# ... -# 002b - supported version (for TLS 1.3) -# 0003 - extension length -# 02 - length of versions -# 0304 - TLS 1.3 ("SSL 3.4") -# ... -# 000d - signature algorithms -# 0004 - extension length -# 0002 - SignatureSchemeList length -# 0403 - ecdsa_secp256r1_sha256 -# ... -# 0033 - key share -# 0002 - extension length -# 0000 - length of client_shares (empty is valid) -# -# Note: currently our TLS "1.3 or 1.2" code requires extension length to be -# present even it it's 0. This is not strictly compliant but doesn't matter -# much in practice as these days everyone wants to use signature_algorithms -# (for hashes better than SHA-1), secure_renego (even if you have renego -# disabled), and most people want either ECC or PSK related extensions. -# See https://github.com/Mbed-TLS/mbedtls/issues/9963 -# -# Also, currently we won't negotiate ECC ciphersuites unless at least the -# supported_groups extension is present, see -# https://github.com/Mbed-TLS/mbedtls/issues/7458 -# -# For TLS 1.3 with ephemeral key exchange, mandatory extensions are: -# - supported versions (as for all of TLS 1.3) -# - supported groups -# - key share -# - signature algorithms -# (see ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()). -# -# Note: cccc is currently not assigned, so can be used get a consistent -# "no matching ciphersuite" behaviour regardless of the configuration. -# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) -# 1301 is MBEDTLS_TLS1_3_AES_128_GCM_SHA256 (1.3) - -# See "ClientHello breakdown" above -# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 -Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 - -# See "ClientHello breakdown" above -# Same as the above test with s/c02b/cccc/ as the ciphersuite -Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# Same as the above test with s/1301/cccc/ as the ciphersuite -Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD - -Send large fragmented ClientHello: 4 bytes too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: 1 byte too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #1 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #2 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #3 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #4 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #5 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data new file mode 100644 index 0000000000..e1c469cde0 --- /dev/null +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -0,0 +1,181 @@ +# (Minimal) ClientHello breakdown: +# 160303rlrl - record header, 2-byte record contents len +# 01hlhlhl - handshake header, 3-byte handshake message len +# 0303 - protocol version: 1.2 +# 0123456789abcdef (repeated, 4 times total) - 32-byte "random" +# 00 - session ID (empty) +# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) +# 0100 - compression methods: 1-byte len then "null" (only legal value now) +# [then end, or extensions, see notes below] +# elel - 2-byte extensions length +# ... +# 000a - elliptic_curves aka supported_groups +# 0004 - extension length +# 0002 - length of named_curve_list / named_group_list +# 0017 - secp256r1 aka NIST P-256 +# ... +# 002b - supported version (for TLS 1.3) +# 0003 - extension length +# 02 - length of versions +# 0304 - TLS 1.3 ("SSL 3.4") +# ... +# 000d - signature algorithms +# 0004 - extension length +# 0002 - SignatureSchemeList length +# 0403 - ecdsa_secp256r1_sha256 +# ... +# 0033 - key share +# 0002 - extension length +# 0000 - length of client_shares (empty is valid) +# +# Note: currently our TLS "1.3 or 1.2" code requires extension length to be +# present even it it's 0. This is not strictly compliant but doesn't matter +# much in practice as these days everyone wants to use signature_algorithms +# (for hashes better than SHA-1), secure_renego (even if you have renego +# disabled), and most people want either ECC or PSK related extensions. +# See https://github.com/Mbed-TLS/mbedtls/issues/9963 +# +# Also, currently we won't negotiate ECC ciphersuites unless at least the +# supported_groups extension is present, see +# https://github.com/Mbed-TLS/mbedtls/issues/7458 +# +# For TLS 1.3 with ephemeral key exchange, mandatory extensions are: +# - supported versions (as for all of TLS 1.3) +# - supported groups +# - key share +# - signature algorithms +# (see ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()). +# +# Note: cccc is currently not assigned, so can be used get a consistent +# "no matching ciphersuite" behaviour regardless of the configuration. +# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) +# 1301 is MBEDTLS_TLS1_3_AES_128_GCM_SHA256 (1.3) + +# See "ClientHello breakdown" above +# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 +Inject ClientHello - TLS 1.2 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 + +# See "ClientHello breakdown" above +# Same as the above test with s/c02b/cccc/ as the ciphersuite +Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 + +# See "ClientHello breakdown" above +# Same as the above test with s/1301/cccc/ as the ciphersuite +Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD + +Send large fragmented ClientHello: 4 bytes too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: 1 byte too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #1 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #2 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #3 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #4 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #5 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA From 1038b22d74a27d9111d12fc8d737c413f2e39ee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Mar 2025 11:53:09 +0100 Subject: [PATCH 0192/1080] Reduce the level of logging used in tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This should avoid running into a bug with printf format specifiers one windows. It's also a logical move for actual tests: I used the highest debug level for discovery, but we don't need that all the time. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_server.c | 2 +- tests/suites/test_suite_ssl.function | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index acb65e38d2..1dde4ab3c9 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -91,7 +91,7 @@ static void ssl_tls13_select_ciphersuite( return; } - MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx", + MBEDTLS_SSL_DEBUG_MSG(1, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx", (unsigned) psk_ciphersuite_id, (unsigned long) psk_hash_alg)); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 993ae55b41..c365fd674f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5046,7 +5046,7 @@ void inject_client_content_on_the_wire(int pk_alg, srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(5); + mbedtls_debug_set_threshold(1); options.pk_alg = pk_alg; @@ -5078,7 +5078,11 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); TEST_EQUAL(ret, expected_ret); - TEST_EQUAL(srv_pattern.counter, 1); + /* If we're expected to suceeed and we do, that's enough. + * If we're expected to fail, also check it was in the expected way. */ + if (expected_ret != 0) { + TEST_EQUAL(srv_pattern.counter, 1); + } exit: mbedtls_test_free_handshake_options(&options); @@ -5123,7 +5127,7 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(5); + mbedtls_debug_set_threshold(1); // Does't really matter but we want to know to declare dependencies. options.pk_alg = MBEDTLS_PK_ECDSA; From 757040c47f1ea5473ee18f331ddb5c3aad01f8bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Mar 2025 12:52:18 +0100 Subject: [PATCH 0193/1080] Cleanly reject non-HS in-between HS fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index e1c469cde0..eb4e58deeb 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -133,25 +133,25 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE +Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE +Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 From 4f1b38a65e70067a004a29d7b69352ded6fe9b79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Mar 2025 12:36:08 +0100 Subject: [PATCH 0194/1080] Adapt "large ClientHello" tests to incremental MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 51 +++++++++++++-------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index eb4e58deeb..76797a08e8 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -159,23 +159,34 @@ Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD -Send large fragmented ClientHello: 4 bytes too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: 1 byte too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #1 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #2 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #3 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #4 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #5 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA +# The buffer is actually larger than IN_CONTENT_LEN as we leave room for +# record protection overhead (IV, MAC/tag, padding (up to 256 bytes)), CID... +# The maximum size for an unencrypted (and without CID with is DTLS only) +# handshake message we can hold in the buffer is +# MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4 +# (the 4 is for the handshake header). +# However, due to overhead, fragmented messages need to be 5 bytes shorter in +# order to actually fit (leave room for an extra record header). +Send large fragmented ClientHello: reassembled 1 byte larger than the buffer +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would just fit except for overhead +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (1) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 5:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (2) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 6:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (3) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 7:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (4) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 8:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +# Since we're sending dummy contents (all 0x2a) for the ClientHello, +# the first thing that's going to fail is the version check. The fact that we +# got around to checking it confirms reassembly completed sucessfully. +Send large fragmented ClientHello: just fits +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 9:0:"Unsupported version of TLS":MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION From 2285d6122d01694c9530fe091cad823e64d365c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Mar 2025 12:53:43 +0100 Subject: [PATCH 0195/1080] Add test for length larger than 2^16 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index 76797a08e8..b062ee2421 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -190,3 +190,10 @@ send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - # got around to checking it confirms reassembly completed sucessfully. Send large fragmented ClientHello: just fits send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 9:0:"Unsupported version of TLS":MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION + +# We're generating a virtual record header for the reassembled HS message, +# which requires that the length fits in two bytes. Of course we won't get +# there because if the length doesn't fit in two bytes then the message won't +# fit in the buffer, but still add a test just in case. +Send large fragmented ClientHello: length doesn't fit in two bytes +send_large_fragmented_hello:0x10000:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA From ed873f9e59f9642e8886cdb47946bccf3ec91d49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:12:30 +0100 Subject: [PATCH 0196/1080] Adjust logic around log pattern MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is more flexible: the test data gets to decide whether we want to assert the presence of a pattern or not. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 4 +--- tests/suites/test_suite_ssl.tls-defrag.data | 14 +++++++------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c365fd674f..e48cae74b1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5078,9 +5078,7 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); TEST_EQUAL(ret, expected_ret); - /* If we're expected to suceeed and we do, that's enough. - * If we're expected to fail, also check it was in the expected way. */ - if (expected_ret != 0) { + if (strlen(log_pattern) != 0) { TEST_EQUAL(srv_pattern.counter, 1); } diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index b062ee2421..a99632cc7f 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -55,7 +55,7 @@ # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite @@ -67,7 +67,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite @@ -79,7 +79,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 @@ -109,25 +109,25 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 From e5ddf36a660c6e3eb8a263f79fcaa908624f0e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:17:51 +0100 Subject: [PATCH 0197/1080] Add test cases for EOF in the middle of fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index a99632cc7f..531d463d6d 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -75,6 +75,22 @@ Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +# The purpose of this test case is to ensure nothing bad happens when the +# connection is closed while we're waiting for more fragments. +Inject ClientHello - TLS 1.3 4 + 71 then EOF (missing 1 byte) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"":MBEDTLS_ERR_SSL_WANT_READ + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +# The purpose of this test case is to ensure nothing bad happens when the +# connection is closed while we're waiting for more fragments. +Inject ClientHello - TLS 1.3 4 then EOF (missing 72 bytes) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"":MBEDTLS_ERR_SSL_WANT_READ + # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK From f4a67cf892b99a5d20a1098546847cb167d92234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:26:36 +0100 Subject: [PATCH 0198/1080] Fix a typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index 531d463d6d..b3822b002e 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -177,7 +177,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # The buffer is actually larger than IN_CONTENT_LEN as we leave room for # record protection overhead (IV, MAC/tag, padding (up to 256 bytes)), CID... -# The maximum size for an unencrypted (and without CID with is DTLS only) +# The maximum size for an unencrypted (and without CID which is DTLS only) # handshake message we can hold in the buffer is # MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4 # (the 4 is for the handshake header). From 47d0b796af42d2c2ed95f500a118f41052108016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:27:49 +0100 Subject: [PATCH 0199/1080] Improve a test assertion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That way if it ever fails it will print the values. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e48cae74b1..23b8031389 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5068,7 +5068,7 @@ void inject_client_content_on_the_wire(int pk_alg, /* Send the crafted message */ ret = mbedtls_test_mock_tcp_send_b(&client.socket, data->x, data->len); - TEST_ASSERT(ret >= 0 && (size_t) ret == data->len); + TEST_EQUAL(ret, (int) data->len); /* Have the server process it. * Need the loop because a server that support 1.3 and 1.2 From af4606d7433b78348621a0ff7349f9a8d5125706 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 12:12:51 +0100 Subject: [PATCH 0200/1080] Re-introduce log asserts on positive cases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 6 ++---- tests/suites/test_suite_ssl.tls-defrag.data | 18 +++++++++--------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 23b8031389..ac7bfad2ee 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5046,7 +5046,7 @@ void inject_client_content_on_the_wire(int pk_alg, srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(1); + mbedtls_debug_set_threshold(3); options.pk_alg = pk_alg; @@ -5078,9 +5078,7 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); TEST_EQUAL(ret, expected_ret); - if (strlen(log_pattern) != 0) { - TEST_EQUAL(srv_pattern.counter, 1); - } + TEST_ASSERT(srv_pattern.counter >= 1); exit: mbedtls_test_free_handshake_options(&options); diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index b3822b002e..8fca923e06 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -55,7 +55,7 @@ # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite @@ -67,7 +67,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite @@ -81,7 +81,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 + 71 then EOF (missing 1 byte) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"":MBEDTLS_ERR_SSL_WANT_READ +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 @@ -89,13 +89,13 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 then EOF (missing 72 bytes) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"":MBEDTLS_ERR_SSL_WANT_READ +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 @@ -125,25 +125,25 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 From 6dcfdf1f48a1b146520aa4162b69bcd571b5cc6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Mar 2025 09:35:51 +0100 Subject: [PATCH 0201/1080] Adapt dependencies to the new world MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- tests/suites/test_suite_ssl.tls-defrag.data | 40 ++++++++++----------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ac7bfad2ee..6b491d4ceb 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5089,7 +5089,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, char *log_pattern, int expected_ret) { diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index 8fca923e06..7817c4f501 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -54,25 +54,25 @@ # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above @@ -80,7 +80,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # The purpose of this test case is to ensure nothing bad happens when the # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 + 71 then EOF (missing 1 byte) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above @@ -88,91 +88,91 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # The purpose of this test case is to ensure nothing bad happens when the # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 then EOF (missing 72 bytes) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD # The buffer is actually larger than IN_CONTENT_LEN as we leave room for From 1d181102fe88ba846ad22721c3f46c416c850489 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 14 Mar 2025 10:50:20 +0000 Subject: [PATCH 0202/1080] Reword slightly to be more tentative We don't guarantee ABI stability, but we do try to maintain it where we can. Signed-off-by: David Horstmann --- docs/3.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 02f5b49124..e927667b7e 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -71,7 +71,7 @@ If you were accessing structure fields directly, and these fields are not docume If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.). -As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. However, in the Mbed TLS 3.6 LTS this is generally a safe way to access struct members because LTS versions try to maintain ABI stability. +As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. In the Mbed TLS 3.6 LTS this will tend to be safer than in a normal minor release because LTS versions try to maintain ABI stability. ### Move part of timing module out of the library From dfc082e16cb7d469d0955214e2682c012f93720f Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Mar 2025 10:25:24 +0000 Subject: [PATCH 0203/1080] ssl-opt: Fixed a minor typo. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1e71bef7f7..7707d97d13 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13740,7 +13740,7 @@ run_test "Handshake defragmentation on server: len=256, buffer resizing with # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=512, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13756,7 +13756,7 @@ run_test "Handshake defragmentation on server: len=512, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=256, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13773,7 +13773,7 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=128, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13790,7 +13790,7 @@ run_test "Handshake defragmentation on server: len=128, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=4, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=4, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13807,7 +13807,7 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotation" \ +run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ 1 \ @@ -13821,7 +13821,7 @@ run_test "Handshake defragmentation on server: len=4, client-initiated server # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ +run_test "Handshake defragmentation on client: len=512, server-initiated renegotiation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ @@ -13843,7 +13843,7 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ +run_test "Handshake defragmentation on client: len=256, server-initiated renegotiation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ 0 \ From 625c8fd2d9d39f7618cf4de081857483471dae1d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Mar 2025 10:31:37 +0000 Subject: [PATCH 0204/1080] ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7707d97d13..6a5e7603c8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13819,6 +13819,15 @@ run_test "Handshake defragmentation on server: len=4, client-initiated server -s "Consume: waiting for more handshake fragments 4/" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 + +# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server +# to initiate a handshake renegotiation. +# Note: Adjusting the renegotiation delay beyond the library's default +# value of 16 is necessary. This parameter defines the maximum +# number of records received before renegotiation is completed. +# By fragmenting records and thereby increasing their quantity, +# the default threshold can be reached more quickly. +# Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=512, server-initiated renegotiation" \ @@ -13832,15 +13841,6 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene -c "found renegotiation extension" \ -c "=> renegotiate" - -# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server -# to initiate a handshake renegotiation. -# Note: Adjusting the renegotiation delay beyond the library's default -# value of 16 is necessary. This parameter defines the maximum -# number of records received before renegotiation is completed. -# By fragmenting records and thereby increasing their quantity, -# the default threshold can be reached more quickly. -# Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotiation" \ @@ -13854,6 +13854,32 @@ run_test "Handshake defragmentation on client: len=256, server-initiated rene -c "found renegotiation extension" \ -c "=> renegotiate" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation on client: len=128, server-initiated renegotiation" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 128/" \ + -c "Consume: waiting for more handshake fragments 128/" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation on client: len=4, server-initiated renegotiation" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 4/" \ + -c "Consume: waiting for more handshake fragments 4/" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From e1e27300a2c9fe452207bbab2a11a102cec76f25 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 18:06:05 +0100 Subject: [PATCH 0205/1080] Remove `MBEDTLS_KEY_EXCHANGE_RSA_ENABLED` config option Signed-off-by: Gabor Mezei --- docs/architecture/tls13-support.md | 1 - docs/proposed/config-split.md | 1 - include/mbedtls/check_config.h | 9 +- include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 25 --- include/mbedtls/ssl.h | 3 - include/mbedtls/ssl_ciphersuites.h | 6 +- library/ssl_ciphersuites.c | 168 -------------- library/ssl_tls12_client.c | 98 +-------- library/ssl_tls12_server.c | 206 ------------------ tests/include/test/ssl_helpers.h | 3 +- .../components-configuration-crypto.sh | 2 - tests/scripts/depends.py | 1 - tests/ssl-opt.sh | 8 +- 14 files changed, 8 insertions(+), 524 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index aa09e302d2..f49e9194ba 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -116,7 +116,6 @@ Support description | | | | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) | | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..6f3b5bd246 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -396,7 +396,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES #define MBEDTLS_SSL_ALPN //#define MBEDTLS_SSL_ASYNC_PRIVATE diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c2b5200bc3..4328f7198c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -87,12 +87,6 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ ( !defined(PSA_WANT_ALG_JPAKE) || \ !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ @@ -155,8 +149,7 @@ #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 7070283fd7..2221e5b2e7 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -61,7 +61,6 @@ #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET #undef MBEDTLS_SSL_RENEGOTIATION -#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index dd9ccacdee..2dc475b9f7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -360,31 +360,6 @@ */ #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 681584b3d7..2ea09bbfa3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -650,9 +650,6 @@ /* Dummy type used only for its size */ union mbedtls_ssl_premaster_secret { unsigned char dummy; /* Make the union non-empty even with SSL disabled */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5d5b4b94b8..7db620ec4b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -201,8 +201,7 @@ typedef enum { } mbedtls_key_exchange_type_t; /* Key exchanges using a certificate */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) @@ -260,8 +259,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index e4cc226327..6e4370b795 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -490,116 +490,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_SHA_1) @@ -947,29 +837,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_ALG_MD5) - { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", @@ -1019,41 +886,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(PSA_WANT_KEY_TYPE_ARIA) -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 36f79cb202..c06844db76 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1732,83 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -/* - * Generate a pre-master secret and encrypt it with the server's RSA key - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, - size_t offset, size_t *olen, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len_bytes = 2; - unsigned char *p = ssl->handshake->premaster + pms_offset; - mbedtls_pk_context *peer_pk; - - if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Generate (part of) the pre-master as - * struct { - * ProtocolVersion client_version; - * opaque random[46]; - * } PreMasterSecret; - */ - mbedtls_ssl_write_version(p, ssl->conf->transport, - MBEDTLS_SSL_VERSION_TLS1_2); - - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); - return ret; - } - - ssl->handshake->pmslen = 48; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * Now write it out, encrypted - */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - if ((ret = mbedtls_pk_encrypt(peer_pk, - p, ssl->handshake->pmslen, - ssl->out_msg + offset + len_bytes, olen, - MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret); - return ret; - } - - if (len_bytes == 2) { - MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset); - *olen += 2; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -1902,16 +1825,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; - return 0; - } - ((void) p); - ((void) end); -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || @@ -2742,15 +2655,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - header_len = 4; - if ((ret = ssl_write_encrypted_pms(ssl, header_len, - &content_len, 0)) != 0) { - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { header_len = 4; @@ -2768,7 +2672,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ { ((void) ciphersuite_info); MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a302af48ed..5a143fc3ba 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3181,194 +3181,6 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = ssl->conf->f_async_resume(ssl, - peer_pms, peer_pmslen, peer_pmssize); - if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data(ssl, NULL); - } - MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret); - return ret; -} -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl); - if (own_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate")); - return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - mbedtls_pk_context *public_key = &own_cert->pk; - mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); - size_t len = mbedtls_pk_get_len(public_key); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /* If we have already started decoding the message and there is an ongoing - * decryption operation, resume signing. */ - if (ssl->handshake->async_in_progress != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation")); - return ssl_resume_decrypt_pms(ssl, - peer_pms, peer_pmslen, peer_pmssize); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - /* - * Prepare to decrypt the premaster using own private RSA key - */ - if (p + 2 > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - if (*p++ != MBEDTLS_BYTE_1(len) || - *p++ != MBEDTLS_BYTE_0(len)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (p + len != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Decrypt the premaster secret - */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_decrypt_start != NULL) { - ret = ssl->conf->f_async_decrypt_start(ssl, - mbedtls_ssl_own_cert(ssl), - p, len); - switch (ret) { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_decrypt_start was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return ssl_resume_decrypt_pms(ssl, - peer_pms, - peer_pmslen, - peer_pmssize); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - default: - MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - ret = mbedtls_pk_decrypt(private_key, p, len, - peer_pms, peer_pmslen, peer_pmssize, - ssl->conf->f_rng, ssl->conf->p_rng); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *pms = ssl->handshake->premaster + pms_offset; - unsigned char ver[2]; - unsigned char fake_pms[48], peer_pms[48]; - size_t peer_pmslen; - mbedtls_ct_condition_t diff; - - /* In case of a failure in decryption, the decryption may write less than - * 2 bytes of output, but we always read the first two bytes. It doesn't - * matter in the end because diff will be nonzero in that case due to - * ret being nonzero, and we only care whether diff is 0. - * But do initialize peer_pms and peer_pmslen for robustness anyway. This - * also makes memory analyzers happy (don't access uninitialized memory, - * even if it's an unsigned char). */ - peer_pms[0] = peer_pms[1] = ~0; - peer_pmslen = 0; - - ret = ssl_decrypt_encrypted_pms(ssl, p, end, - peer_pms, - &peer_pmslen, - sizeof(peer_pms)); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - return ret; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - mbedtls_ssl_write_version(ver, ssl->conf->transport, - ssl->session_negotiate->tls_version); - - /* Avoid data-dependent branches while checking for invalid - * padding, to protect against timing-based Bleichenbacher-type - * attacks. */ - diff = mbedtls_ct_bool(ret); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48)); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0])); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1])); - - /* - * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding - * must not cause the connection to end immediately; instead, send a - * bad_record_mac later in the handshake. - * To protect against timing-based variants of the attack, we must - * not have any branch that depends on whether the decryption was - * successful. In particular, always generate the fake premaster secret, - * regardless of whether it will ultimately influence the output or not. - */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms)); - if (ret != 0) { - /* It's ok to abort on an RNG failure, since this does not reveal - * anything about the RSA decryption. */ - return ret; - } - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (diff != MBEDTLS_CT_FALSE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - } -#endif - - if (sizeof(ssl->handshake->premaster) < pms_offset || - sizeof(ssl->handshake->premaster) - pms_offset < 48) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - ssl->handshake->pmslen = 48; - - /* Set pms to either the true or the fake PMS, without - * data-dependent branches. */ - mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen); - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, @@ -3435,16 +3247,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA && - (ssl->handshake->async_in_progress != 0)) { - /* We've already read a record and there is an asynchronous - * operation in progress to decrypt it. So skip reading the - * record. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record")); - } else -#endif if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); return ret; @@ -3635,14 +3437,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret); - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { if ((ret = mbedtls_psa_ecjpake_read_round( diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ef4927f72e..3ba314f832 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -66,8 +66,7 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8ba4161870..3d58895550 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1165,7 +1165,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -1525,7 +1524,6 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index a08ede54a5..816d2debae 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -315,7 +315,6 @@ def test(self, options): 'PSA_WANT_ALG_RSA_OAEP', 'PSA_WANT_ALG_RSA_PSS'], 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], 'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6a5e7603c8..7692017784 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -311,8 +311,7 @@ requires_any_configs_disabled() { SKIP_NEXT="YES" } -TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ +TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" @@ -320,9 +319,8 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" +TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" requires_certificate_authentication () { if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From 5814e3e5660a0b9115afef81f65de50894b88420 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 18:12:50 +0100 Subject: [PATCH 0206/1080] Remove `MBEDTLS_KEY_EXCHANGE_RSA` key exchange type Signed-off-by: Gabor Mezei --- include/mbedtls/ssl_ciphersuites.h | 1 - library/ssl_ciphersuites.c | 5 ----- library/ssl_ciphersuites_internal.h | 3 --- library/ssl_tls.c | 4 ---- 4 files changed, 13 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 7db620ec4b..31610b0a9a 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -190,7 +190,6 @@ extern "C" { */ typedef enum { MBEDTLS_KEY_EXCHANGE_NONE = 0, - MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 6e4370b795..958668ebf7 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1220,7 +1220,6 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return MBEDTLS_PK_RSA; @@ -1239,8 +1238,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_ALG_RSA_PKCS1V15_CRYPT; case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); @@ -1260,8 +1257,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_KEY_USAGE_DECRYPT; case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_KEY_USAGE_SIGN_HASH; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index b60acdc5f8..a7981dbdf6 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -44,7 +44,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_PSK: return 1; @@ -71,7 +70,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: @@ -86,7 +84,6 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3572f3f631..5cfb83968a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8708,10 +8708,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { /* TLS 1.2 server part of the key exchange */ switch (ciphersuite->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - break; - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; From 3c7db0e5a8eef21f20bb3a3b20aa7875f3d7b9d2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 12:44:24 +0100 Subject: [PATCH 0207/1080] Remove `MBEDTLS_TLS_RSA_*` ciphersuite macros Signed-off-by: Gabor Mezei --- include/mbedtls/ssl_ciphersuites.h | 31 ------------------------------ library/ssl_ciphersuites.c | 23 ---------------------- 2 files changed, 54 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 31610b0a9a..b03123107c 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -24,28 +24,11 @@ extern "C" { /* * Supported ciphersuites (Official IANA names) */ -#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ - #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F - -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 - -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D -#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ - #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ @@ -54,10 +37,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ - #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 @@ -100,8 +79,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ @@ -110,8 +87,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ @@ -136,8 +111,6 @@ extern "C" { #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ @@ -155,10 +128,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 958668ebf7..b979cad94f 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -110,22 +110,14 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, /* All AES-256 suites */ - MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, /* All CAMELLIA-256 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, @@ -134,28 +126,18 @@ static const int ciphersuite_preference[] = /* All ARIA-256 suites */ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, /* All AES-128 suites */ - MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, /* All CAMELLIA-128 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, @@ -164,10 +146,8 @@ static const int ciphersuite_preference[] = /* All ARIA-128 suites */ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, @@ -198,9 +178,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_WITH_NULL_SHA256, - MBEDTLS_TLS_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_WITH_NULL_MD5, MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, MBEDTLS_TLS_PSK_WITH_NULL_SHA384, From 3ee9a8cf49537d3dcb857c3361fd635868d7579e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 12:53:40 +0100 Subject: [PATCH 0208/1080] Remove `TLS-RSA` related test cases Signed-off-by: Gabor Mezei --- tests/compat.sh | 23 ----------------------- tests/context-info.sh | 10 ---------- 2 files changed, 33 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index de8c1bb18a..975d8dc3d9 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -327,17 +327,6 @@ add_common_ciphersuites() TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_RSA_WITH_AES_256_CBC_SHA \ - TLS_RSA_WITH_AES_256_CBC_SHA256 \ - TLS_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \ - TLS_RSA_WITH_NULL_MD5 \ - TLS_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_NULL_SHA256 \ " ;; @@ -388,8 +377,6 @@ add_openssl_ciphersuites() TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_RSA_WITH_ARIA_256_GCM_SHA384 \ " ;; @@ -437,14 +424,6 @@ add_gnutls_ciphersuites() TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_RSA_WITH_AES_128_CCM \ - TLS_RSA_WITH_AES_128_CCM_8 \ - TLS_RSA_WITH_AES_256_CCM \ - TLS_RSA_WITH_AES_256_CCM_8 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ " ;; @@ -506,8 +485,6 @@ add_mbedtls_ciphersuites() M_CIPHERS="$M_CIPHERS \ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_RSA_WITH_ARIA_256_CBC_SHA384 \ " ;; diff --git a/tests/context-info.sh b/tests/context-info.sh index 6c08b865ba..066bd3d589 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -241,16 +241,6 @@ run_test "Default configuration, client" \ -u "basic constraints.* CA=false$" \ -n "bytes left to analyze from context" -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ - "srv_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ - "cli_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - run_test "No packing, server" \ "srv_no_packing.txt" \ -n "ERROR" \ From e99e591179bb585fb2ad6861e26c7e0e0fe37aca Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 13:41:24 +0100 Subject: [PATCH 0209/1080] Remove key exchange based on encryption/decryption Signed-off-by: Gabor Mezei --- include/mbedtls/ssl.h | 79 +------------------------------------ library/ssl_misc.h | 1 - library/ssl_tls.c | 2 - library/ssl_tls12_server.c | 1 - programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_server2.c | 27 ++----------- programs/ssl/ssl_test_lib.c | 5 --- programs/ssl/ssl_test_lib.h | 1 - 8 files changed, 7 insertions(+), 113 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2ea09bbfa3..6c37fc3703 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -999,71 +999,6 @@ typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len); - -/** - * \brief Callback type: start external decryption operation. - * - * This callback is called during an SSL handshake to start - * an RSA decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p input if the value - * is needed for later processing, because the \p input buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \warning RSA decryption as used in TLS is subject to a potential - * timing side channel attack first discovered by Bleichenbacher - * in 1998. This attack can be remotely exploitable - * in practice. To avoid this attack, you must ensure that - * if the callback performs an RSA decryption, the time it - * takes to execute and return the result does not depend - * on whether the RSA decryption succeeded or reported - * invalid padding. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param input Buffer containing the input ciphertext. This buffer - * is no longer valid when the function returns. - * \param input_len Size of the \p input buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1071,8 +1006,7 @@ typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, * * This callback is called during an SSL handshake to resume * an external operation started by the - * ::mbedtls_ssl_async_sign_t or - * ::mbedtls_ssl_async_decrypt_t callback. + * ::mbedtls_ssl_async_sign_t callback. * * This function typically checks the status of a pending * request or causes the request queue to make progress, and @@ -1538,7 +1472,6 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ - mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ @@ -2854,17 +2787,10 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( * external processor does not support any signature * operation; in this case the private key object * associated with the certificate will be used. - * \param f_async_decrypt Callback to start a decryption operation. See - * the description of ::mbedtls_ssl_async_decrypt_t - * for more information. This may be \c NULL if the - * external processor does not support any decryption - * operation; in this case the private key object - * associated with the certificate will be used. * \param f_async_resume Callback to resume an asynchronous operation. See * the description of ::mbedtls_ssl_async_resume_t * for more information. This may not be \c NULL unless - * \p f_async_sign and \p f_async_decrypt are both - * \c NULL. + * \p f_async_sign is \c NULL. * \param f_async_cancel Callback to cancel an asynchronous operation. See * the description of ::mbedtls_ssl_async_cancel_t * for more information. This may be \c NULL if @@ -2876,7 +2802,6 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( */ void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *config_data); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 164a23037a..d12cee3ceb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -985,7 +985,6 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /** Asynchronous operation context. This field is meant for use by the * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, - * mbedtls_ssl_config::f_async_decrypt_start, * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). * The library does not use it internally. */ void *user_async_ctx; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5cfb83968a..46fb92464d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2737,13 +2737,11 @@ void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *async_config_data) { conf->f_async_sign_start = f_async_sign; - conf->f_async_decrypt_start = f_async_decrypt; conf->f_async_resume = f_async_resume; conf->f_async_cancel = f_async_cancel; conf->p_async_config_data = async_config_data; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5a143fc3ba..542d1f0957 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -693,7 +693,6 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, int key_type_matches = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - ssl->conf->f_async_decrypt_start != NULL || mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); #else diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5c2a63ff7..6ed073eef5 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -348,10 +348,10 @@ int main(void) #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ #define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ + " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a81cc88c0c..8a0e18aefd 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -210,7 +210,7 @@ int main(void) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #define USAGE_SSL_ASYNC \ - " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \ + " async_operations=%%c... s=sign (default: -=off)\n" \ " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \ " default: -1 (not asynchronous)\n" \ @@ -478,13 +478,13 @@ int main(void) " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1227,16 +1227,6 @@ static int ssl_async_sign(mbedtls_ssl_context *ssl, hash, hash_len); } -static int ssl_async_decrypt(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len) -{ - return ssl_async_start(ssl, cert, - ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE, - input, input_len); -} - static int ssl_async_resume(mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, @@ -1257,12 +1247,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { - case ASYNC_OP_DECRYPT: - ret = mbedtls_pk_decrypt(key_slot->pk, - ctx->input, ctx->input_len, - output, output_len, output_size, - config_data->f_rng, config_data->p_rng); - break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, @@ -3118,13 +3102,9 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (opt.async_operations[0] != '-') { mbedtls_ssl_async_sign_t *sign = NULL; - mbedtls_ssl_async_decrypt_t *decrypt = NULL; const char *r; for (r = opt.async_operations; *r; r++) { switch (*r) { - case 'd': - decrypt = ssl_async_decrypt; - break; case 's': sign = ssl_async_sign; break; @@ -3137,7 +3117,6 @@ int main(int argc, char *argv[]) ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb(&conf, sign, - decrypt, ssl_async_resume, ssl_async_cancel, &ssl_async_keys); diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 2c68489ba6..acc01a2182 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -197,7 +197,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg1, "rsa-decrypt") != 0 && strcmp(*alg1, "ecdsa-sign") != 0 && strcmp(*alg1, "ecdh") != 0) { return 1; @@ -208,7 +207,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg2, "rsa-decrypt") != 0 && strcmp(*alg2, "ecdsa-sign") != 0 && strcmp(*alg2, "ecdh") != 0 && strcmp(*alg2, "none") != 0) { @@ -245,9 +243,6 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) { *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-decrypt") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; - *usage |= PSA_KEY_USAGE_DECRYPT; } else if (strcmp(algs[i], "ecdsa-sign") == 0) { *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); *usage |= PSA_KEY_USAGE_SIGN_HASH; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index bc5cce51a0..c001a2afa1 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -202,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len); * Coma-separated pair of values among the following: * - "rsa-sign-pkcs1" * - "rsa-sign-pss" - * - "rsa-decrypt" * - "ecdsa-sign" * - "ecdh" * - "none" (only acceptable for the second value). From 3ead04a12dd70107c2e3e57e238c648045f52934 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 14:30:35 +0100 Subject: [PATCH 0210/1080] Remove/migrate tests for key exchange based on decryption Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 57 ++++++++---------------------------------------- 1 file changed, 9 insertions(+), 48 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7692017784..222895f22b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2305,20 +2305,6 @@ run_test "Opaque key for server authentication: ECDH-" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C @@ -2335,20 +2321,6 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke -c "error" \ -c "Public key type mismatch" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE @@ -2437,8 +2409,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: no suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 1 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -2450,8 +2422,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -2477,8 +2449,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=rsa-sign-pkcs1,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -7723,12 +7695,12 @@ run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \ 0 \ -c "Ciphersuite is TLS-ECDHE-RSA-WITH-" -run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \ +run_test "keyUsage srv 1.2: RSA, keyEncipherment -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-RSA-WITH-" + 1 \ + -C "Ciphersuite is " run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ @@ -8860,17 +8832,6 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Test for ClientHello without extensions -# Without extensions, ECC is impossible (no curve negotiation). -requires_config_enabled MBEDTLS_RSA_C -requires_gnutls -run_test "ClientHello without extensions: RSA" \ - "$P_SRV force_version=tls12 debug_level=3" \ - "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 0 \ - -s "Ciphersuite is .*-RSA-WITH-.*" \ - -S "Ciphersuite is .*-EC.*" \ - -s "dumping 'client hello extensions' (0 bytes)" - requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED requires_gnutls run_test "ClientHello without extensions: PSK" \ From 58535da8d09ea178d44f6992a8b0771c076784a4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 3 Mar 2025 15:43:50 +0100 Subject: [PATCH 0211/1080] Only check for certificates if it is supported Signed-off-by: Gabor Mezei --- library/ssl_tls12_server.c | 6 +++++- programs/ssl/ssl_test_common_source.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 542d1f0957..fb88cf2956 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -654,6 +654,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, * Try picking a certificate for this ciphersuite, * return 0 on success and -1 on failure. */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_pick_cert(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info) @@ -744,6 +745,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, return -1; } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* @@ -806,6 +809,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + #if defined(MBEDTLS_X509_CRT_PARSE_C) /* * Final check: if ciphersuite requires us to have a @@ -821,7 +826,6 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, } #endif -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 6c7eed5e58..354e97ef90 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -315,6 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_X509_CRT_PARSE_C) /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function * for more info. @@ -352,7 +353,6 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static void mbedtls_print_supported_sig_algs(void) { mbedtls_printf("supported signature algorithms:\n"); From 47c6277480739494f6edb0d6f5f3b9eee7c11ff8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 7 Mar 2025 13:42:04 +0100 Subject: [PATCH 0212/1080] Update dependencies Let the TLS context serialiazation tests to run with other than RSA ciphersuites. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b491d4ceb..00283082f5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { /* Choose an AEAD ciphersuite */ From aeea5e65af31b09f5e8df0262cff970eab9fb461 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 13:05:28 +0100 Subject: [PATCH 0213/1080] Add changelog entry Signed-off-by: Gabor Mezei --- ChangeLog.d/remove_RSA_key_exchange.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt new file mode 100644 index 0000000000..a0513a104c --- /dev/null +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA key exchange in TLS 1.2. \ No newline at end of file From 817a1553b9d0e07a8e9fef37a582a8b1471b8fb6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 16:58:17 +0100 Subject: [PATCH 0214/1080] Add missing newline Signed-off-by: Gabor Mezei --- ChangeLog.d/remove_RSA_key_exchange.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt index a0513a104c..f9baaf1701 100644 --- a/ChangeLog.d/remove_RSA_key_exchange.txt +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -1,2 +1,2 @@ Removals - * Remove support for the RSA key exchange in TLS 1.2. \ No newline at end of file + * Remove support for the RSA key exchange in TLS 1.2. From 9ee58e43e151814cf024910fef2eb7033d5d374e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 22:31:35 +0100 Subject: [PATCH 0215/1080] Update test dependencies Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 00283082f5..7f4c65cfbe 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2825,7 +2825,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { /* Choose an AEAD ciphersuite */ @@ -2890,7 +2890,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { From 10018fc82e6955ab53310e85dbe8177f2c4e722e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 12 Mar 2025 12:05:35 +0100 Subject: [PATCH 0216/1080] Do not remeove macro from design doc Signed-off-by: Gabor Mezei --- docs/proposed/config-split.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 6f3b5bd246..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -396,6 +396,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES #define MBEDTLS_SSL_ALPN //#define MBEDTLS_SSL_ASYNC_PRIVATE From 1ac784c5a5a633a43a13fd7a15e098127bf0defa Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 09:15:47 +0100 Subject: [PATCH 0217/1080] Fix test case migration Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 222895f22b..0634c26a67 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2449,7 +2449,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=rsa-sign-pkcs1,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ From 5ba9b57cbd699b0e2e9fd7875635b949e6a5900f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 09:17:05 +0100 Subject: [PATCH 0218/1080] Convert test function to a static function The `resize_buffers` function is no more used as a test function to convert it to a static function. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 78 +++++++++++++++------------- 1 file changed, 42 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7f4c65cfbe..3f84458797 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -63,6 +63,45 @@ exit: } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(PSA_WANT_ECC_SECP_R1_384) && \ + defined(PSA_WANT_ALG_SHA_256) +/* + * Test function to perform a handshake using the mfl extension and with + * setting the resize buffer option. + */ +static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, + int serialize, int dtls, char *cipher) +{ + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + + options.mfl = mfl; + options.cipher = cipher; + options.renegotiate = renegotiation; + options.legacy_renegotiation = legacy_renegotiation; + options.serialize = serialize; + options.dtls = dtls; + if (dtls) { + options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; + } + options.resize_buffers = 1; + + const mbedtls_ssl_ciphersuite_t *ciphersuite = + mbedtls_ssl_ciphersuite_from_string(cipher); + if (ciphersuite != NULL) { + options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); + } + + mbedtls_test_ssl_perform_handshake(&options); + + mbedtls_test_free_handshake_options(&options); +} + +#endif + #if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305) #define TEST_GCM_OR_CHACHAPOLY_ENABLED #endif @@ -2825,39 +2864,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, - int serialize, int dtls, char *cipher) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.mfl = mfl; - options.cipher = cipher; - options.renegotiate = renegotiation; - options.legacy_renegotiation = legacy_renegotiation; - options.serialize = serialize; - options.dtls = dtls; - if (dtls) { - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - options.resize_buffers = 1; - - const mbedtls_ssl_ciphersuite_t *ciphersuite = - mbedtls_ssl_ciphersuite_from_string(cipher); - if (ciphersuite != NULL) { - options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); - } - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { @@ -2885,8 +2891,8 @@ void resize_buffers_serialize_mfl(int mfl) TEST_ASSERT(ciphersuite != NULL); - test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, - (char *) ciphersuite->name); + resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, + (char *) ciphersuite->name); } /* END_CASE */ @@ -2894,7 +2900,7 @@ void resize_buffers_serialize_mfl(int mfl) void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { - test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); + resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } From 2c7f38823deefd51981dbe17faed98c86714f7f7 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 17:56:11 +0100 Subject: [PATCH 0219/1080] Update framework Signed-off-by: Gabor Mezei --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index cab0c5fe19..72b5acd590 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd +Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d From 998760ae5db2330a6d2f09c4464cc47d2fe9b061 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 24 Mar 2025 11:37:33 +0000 Subject: [PATCH 0220/1080] Define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS in every sample program Add #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS to every sample program before the first include so that mbedtls doesn't break with future privatization work. Signed-off-by: Felix Conway --- programs/aes/crypt_and_hash.c | 1 + programs/cipher/cipher_aead_demo.c | 2 ++ programs/fuzz/fuzz_client.c | 2 ++ programs/fuzz/fuzz_dtlsclient.c | 2 ++ programs/fuzz/fuzz_dtlsserver.c | 2 ++ programs/fuzz/fuzz_pkcs7.c | 2 ++ programs/fuzz/fuzz_privkey.c | 2 ++ programs/fuzz/fuzz_pubkey.c | 2 ++ programs/fuzz/fuzz_server.c | 2 ++ programs/fuzz/fuzz_x509crl.c | 2 ++ programs/fuzz/fuzz_x509crt.c | 2 ++ programs/fuzz/fuzz_x509csr.c | 2 ++ programs/fuzz/onefile.c | 2 ++ programs/hash/generic_sum.c | 2 ++ programs/hash/hello.c | 2 ++ programs/hash/md_hmac_demo.c | 2 ++ programs/pkey/dh_genprime.c | 2 ++ programs/pkey/ecdh_curve25519.c | 2 ++ programs/pkey/ecdsa.c | 2 ++ programs/pkey/gen_key.c | 2 ++ programs/pkey/key_app.c | 2 ++ programs/pkey/key_app_writer.c | 2 ++ programs/pkey/mpi_demo.c | 2 ++ programs/pkey/pk_decrypt.c | 2 ++ programs/pkey/pk_encrypt.c | 2 ++ programs/pkey/pk_sign.c | 2 ++ programs/pkey/pk_verify.c | 2 ++ programs/pkey/rsa_decrypt.c | 2 ++ programs/pkey/rsa_encrypt.c | 2 ++ programs/pkey/rsa_genkey.c | 2 ++ programs/pkey/rsa_sign.c | 2 ++ programs/pkey/rsa_sign_pss.c | 2 ++ programs/pkey/rsa_verify.c | 2 ++ programs/pkey/rsa_verify_pss.c | 2 ++ programs/random/gen_entropy.c | 2 ++ programs/random/gen_random_ctr_drbg.c | 2 ++ programs/ssl/dtls_client.c | 2 ++ programs/ssl/dtls_server.c | 2 ++ programs/ssl/mini_client.c | 2 ++ programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 2 ++ programs/ssl/ssl_pthread_server.c | 2 ++ programs/ssl/ssl_server.c | 2 ++ programs/test/cmake_package/cmake_package.c | 2 ++ programs/test/cmake_package_install/cmake_package_install.c | 2 ++ programs/test/cmake_subproject/cmake_subproject.c | 2 ++ programs/test/dlopen.c | 2 ++ programs/test/selftest.c | 2 ++ programs/test/udp_proxy.c | 2 ++ programs/util/pem2der.c | 2 ++ programs/util/strerror.c | 2 ++ programs/wince_main.c | 2 ++ programs/x509/cert_app.c | 2 ++ programs/x509/cert_req.c | 2 ++ programs/x509/cert_write.c | 2 ++ programs/x509/crl_app.c | 2 ++ programs/x509/load_roots.c | 2 ++ programs/x509/req_app.c | 2 ++ 60 files changed, 119 insertions(+) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index b2cd704710..e3bfb3c615 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -10,6 +10,7 @@ * set before mbedtls_config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index 83fcce5878..533af34fc5 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -31,6 +31,8 @@ /* First include Mbed TLS headers to get the Mbed TLS configuration and * platform definitions that we'll use in this program. Also include * standard C headers for functions we'll use here. */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/cipher.h" diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 07ca96efa8..209422399f 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 6581dcb1e6..e667d8b3d0 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index d215f7ac7f..404c4ad304 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 38b4dc1399..9ec9351794 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/pkcs7.h" #include "common.h" diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 753096406d..1a5fbba9ae 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index b2500e57c2..69e85e0380 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include "mbedtls/pk.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 09436542e6..64fe32d268 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index e8dacd90b6..2840fbbb0c 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/x509_crl.h" #include "common.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 74d3b077c6..29331b94d4 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/x509_crt.h" #include "common.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4c123f8e0d..e0aaabc019 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/x509_csr.h" #include "common.h" diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index 2d4330abc3..6c02a641da 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 3fd2b00891..ac776deb87 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 8caae88518..19408f37fe 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index 494e9efaa4..0fe0700ce4 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -26,6 +26,8 @@ /* First include Mbed TLS headers to get the Mbed TLS configuration and * platform definitions that we'll use in this program. Also include * standard C headers for functions we'll use here. */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/md.h" diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 6872e61e33..ebaf9265f3 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index fedfcc9fe8..952d487c9e 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 5664b8c4e5..a4988b0b48 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 99999c7a5b..f1ed511241 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index d01aa88525..b064078016 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index d34cbe1fb0..b9b477b839 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index e83aa3259c..a9c3190bf3 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 3dbfde02bc..a7b9001fc9 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index a3a7c1b4db..28a849b38f 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index c1640d66a3..af52583201 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 7b88cabf89..8ae612bdf6 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index a84af50d78..c2c313ac1a 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 6538f8a999..e1ed252bb2 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index dc58215f79..3dfa8529eb 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 0e32e13d96..e88e4e33b6 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 430536a554..e4f27f337a 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index e3f32bb4d2..af6156cdba 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 4b5336d706..2bb140fe4e 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 887b2c9883..eb85b62690 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 0eecf0ad49..793c8ac88c 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index f7f417f741..3277e525f8 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index e881c91aee..d1c2a8c1c6 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index cac630e29e..39d07ab378 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index a6ab8587b4..bd2572bc21 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index cbe9c6dccc..63391cd01e 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 1bd18c1f19..b9598585bf 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index bdeef9b655..d3354caf73 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -11,6 +11,8 @@ #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index d8213cb14e..a1c583aabc 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 9a90d1d440..4b101d39ad 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index 729800ad88..f7d5230f46 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index 44a2adadf5..fb68883fee 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index 8b4f18e288..efab789553 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 3a0f37d4ba..ec4ee7ea77 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 41252b6e4c..546716f12d 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/entropy.h" diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 43d2e8cf73..6e9ebf9a28 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -12,6 +12,8 @@ */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #if defined(MBEDTLS_PLATFORM_C) diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 177365b87c..9515ed43d2 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index 316f28614b..e20bed6e8f 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/wince_main.c b/programs/wince_main.c index e817b9f5f5..de11162291 100644 --- a/programs/wince_main.c +++ b/programs/wince_main.c @@ -7,6 +7,8 @@ #if defined(_WIN32_WCE) +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include extern int main(int, const char **); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index cb1e5bc4e7..1de439ce8b 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 0dc4c971c7..1be335c0ad 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index b15e2818c5..5993f24657 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 5e3fd5a941..fee8b693ce 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index d14537fd47..2ae7c9b017 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index fff0983f0e..2929d687d4 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" From a7e14dc9eb764f529aa915b0f69e4005c5c54b4f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Sep 2024 13:10:11 +0200 Subject: [PATCH 0221/1080] Don't expect added error codes Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 2 +- library/ssl_tls13_generic.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 46fb92464d..7eb181e373 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7004,7 +7004,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ switch (ret) { case 0: /*ok*/ - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 6a7d502723..1076dea393 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -518,7 +518,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, switch (ret) { case 0: /*ok*/ break; - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; From c8c1a393e0eb338c600645ce389f46e4a48435fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 Jan 2025 15:42:17 +0100 Subject: [PATCH 0222/1080] Changelog entry for error code space unification Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/error-unification.txt diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt new file mode 100644 index 0000000000..e1790d29d2 --- /dev/null +++ b/ChangeLog.d/error-unification.txt @@ -0,0 +1,7 @@ +API changes + * The PSA and Mbed TLS error space are now unified. This means that + mbedtls_xxx() functions can return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes.. + This will not affect most applications since in both cases, the + error values are between -32767 and -1 as before. From 275951292c138072366a34a6408bd1d152045929 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 Jan 2025 14:53:49 +0100 Subject: [PATCH 0223/1080] Update crypto submodule Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 399c5f9e1d..332798582b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 399c5f9e1d71cb177eb0c16cb934755b409abe23 +Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652 From 1ffdb18cdbc05dcc3d110540513c9bd2e570a647 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 Jan 2025 15:46:11 +0100 Subject: [PATCH 0224/1080] Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr() Just removed from the API. We can greatly simplify error.c but that will be for later. Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 4 ++++ include/mbedtls/error.h | 30 ------------------------------ scripts/data_files/error.fmt | 4 ++-- 3 files changed, 6 insertions(+), 32 deletions(-) diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index e1790d29d2..a19e60c008 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -5,3 +5,7 @@ API changes Mbed TLS error codes.. This will not affect most applications since in both cases, the error values are between -32767 and -1 as before. + +Removals + * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8b7c19aa5f..7abb00fd03 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -30,36 +30,6 @@ extern "C" { */ void mbedtls_strerror(int errnum, char *buffer, size_t buflen); -/** - * \brief Translate the high-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_high_level_strerr(int error_code); - -/** - * \brief Translate the low-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_low_level_strerr(int error_code); - #ifdef __cplusplus } #endif diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index b75a9ab4ec..14522ecd20 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -20,7 +20,7 @@ HEADER_INCLUDED -const char *mbedtls_high_level_strerr(int error_code) +static const char *mbedtls_high_level_strerr(int error_code) { int high_level_error_code; @@ -43,7 +43,7 @@ const char *mbedtls_high_level_strerr(int error_code) return NULL; } -const char *mbedtls_low_level_strerr(int error_code) +static const char *mbedtls_low_level_strerr(int error_code) { int low_level_error_code; From 61621cbb5d43da24320322995a6cdc64a47fdba7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jan 2025 12:13:36 +0100 Subject: [PATCH 0225/1080] Don't allow psa_xxx() to return MBEDTLS_ERR_XXX Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index a19e60c008..bcf5ba1f3d 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -1,10 +1,10 @@ API changes - * The PSA and Mbed TLS error space are now unified. This means that - mbedtls_xxx() functions can return PSA_ERROR_xxx values. + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes.. - This will not affect most applications since in both cases, the - error values are between -32767 and -1 as before. + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. Removals * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), From 858b829436771176027012b46f4dd2ac5b903d5b Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 25 Mar 2025 10:06:53 +0000 Subject: [PATCH 0226/1080] Add define to fuzz/common.c and ssl/ssl_test_lib.c Signed-off-by: Felix Conway --- programs/fuzz/common.c | 2 ++ programs/ssl/ssl_test_lib.c | 1 + 2 files changed, 3 insertions(+) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c index 98aa4037b3..41fa858a41 100644 --- a/programs/fuzz/common.c +++ b/programs/fuzz/common.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "common.h" #include #include diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index acc01a2182..6aa60fbfb6 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -8,6 +8,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "ssl_test_lib.h" From bc7cd93b5f5f685d8b313b7e7f177a32b05bcdcc Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 25 Mar 2025 14:10:10 +0000 Subject: [PATCH 0227/1080] Add missing credit for set_hostname issue Correctly credit Daniel Stenberg as the reporter of the mbedtls_ssl_set_hostname() issue. This was previously missed. Signed-off-by: David Horstmann --- ChangeLog.d/mbedtls_ssl_set_hostname.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt index f5f0fa7e05..250a5baafa 100644 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -13,3 +13,4 @@ Security The library will now prevent the handshake and return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. From 440cb2aac296d07afc9ec111977bf24d54dc4061 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 5 Mar 2025 09:40:08 +0000 Subject: [PATCH 0228/1080] Remove RNG from x509 and PK remove the f_rng and p_rng parameter from x509 and PK. Signed-off-by: Ben Taylor --- include/mbedtls/x509_crt.h | 15 +------- include/mbedtls/x509_csr.h | 14 +------ library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 4 +- library/ssl_tls13_generic.c | 3 +- library/x509write_crt.c | 14 ++----- library/x509write_csr.c | 21 +++-------- programs/fuzz/fuzz_dtlsserver.c | 3 +- programs/fuzz/fuzz_privkey.c | 3 +- programs/fuzz/fuzz_server.c | 3 +- programs/pkey/key_app.c | 3 +- programs/pkey/key_app_writer.c | 3 +- programs/pkey/pk_decrypt.c | 6 +-- programs/pkey/pk_encrypt.c | 3 +- programs/pkey/pk_sign.c | 6 +-- programs/pkey/rsa_sign_pss.c | 6 +-- programs/ssl/dtls_server.c | 4 +- programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_fork_server.c | 3 +- programs/ssl/ssl_mail_client.c | 7 +--- programs/ssl/ssl_pthread_server.c | 3 +- programs/ssl/ssl_server.c | 3 +- programs/ssl/ssl_server2.c | 23 +++++------ programs/x509/cert_req.c | 12 ++---- programs/x509/cert_write.c | 20 ++++------ tests/src/test_helpers/ssl_helpers.c | 12 ++---- tests/suites/test_suite_x509write.function | 44 ++++++++++------------ 27 files changed, 83 insertions(+), 161 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 5943cfcfa5..9817d35a7d 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -1140,17 +1140,11 @@ void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code - * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -1159,16 +1153,11 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, s * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 08e585f3f3..f9eb04d333 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -337,17 +337,12 @@ void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -357,16 +352,11 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CSR_WRITE_C */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index c06844db76..e0743e1a6a 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2827,7 +2827,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) ssl->out_msg + 6 + offset, out_buf_len - 6 - offset, &n, - ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { + rs_ctx)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index fb88cf2956..84d5994ca0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3035,9 +3035,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, md_alg, hash, hashlen, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, - signature_len, - ssl->conf->f_rng, - ssl->conf->p_rng)) != 0) { + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1076dea393..deba2ae1e0 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -978,8 +978,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, md_alg, verify_hash, verify_hash_len, - p + 4, (size_t) (end - (p + 4)), &signature_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", mbedtls_ssl_sig_alg_to_str(*sig_alg))); MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8a476978a1..7d207481c2 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -379,9 +379,7 @@ static int x509_write_time(unsigned char **p, unsigned char *start, } int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -571,8 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, - f_rng, p_rng)) != 0) { + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } @@ -614,15 +611,12 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, #if defined(MBEDTLS_PEM_WRITE_C) int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - if ((ret = mbedtls_x509write_crt_der(crt, buf, size, - f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index dd75d8f898..e65ddb07f4 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -131,9 +131,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - unsigned char *sig, size_t sig_size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *sig, size_t sig_size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -218,8 +216,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, - f_rng, p_rng)) != 0) { + sig, sig_size, &sig_len)) != 0) { return ret; } @@ -274,9 +271,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, } int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + size_t size) { int ret; unsigned char *sig; @@ -286,8 +281,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, } ret = x509write_csr_der_internal(ctx, buf, size, - sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE, - f_rng, p_rng); + sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE); mbedtls_free(sig); @@ -298,15 +292,12 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen = 0; - if ((ret = mbedtls_x509write_csr_der(ctx, buf, size, - f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) { return ret; } diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 404c4ad304..740dea5aaf 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -82,8 +82,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) return 1; } if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { + mbedtls_test_srv_key_len, NULL, 0) != 0) { return 1; } #endif diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 1a5fbba9ae..8055603c64 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -44,8 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0, - dummy_random, &ctr_drbg); + ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); if (ret == 0) { #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 64fe32d268..857b1b64f9 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) return 1; } if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { + mbedtls_test_srv_key_len, NULL, 0) != 0) { return 1; } #endif diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index b064078016..2be584266a 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -248,8 +248,7 @@ int main(int argc, char *argv[]) goto cleanup; } - ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index b9b477b839..e36130bcd1 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -363,8 +363,7 @@ int main(int argc, char *argv[]) goto exit; } - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index a7b9001fc9..d2bfde50f0 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -89,8 +89,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret); goto exit; @@ -119,8 +118,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Decrypting the encrypted data"); fflush(stdout); - if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", (unsigned int) -ret); goto exit; diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 28a849b38f..1ab2a3d60e 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -105,8 +105,7 @@ int main(int argc, char *argv[]) fflush(stdout); if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]), - buf, &olen, sizeof(buf), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, &olen, sizeof(buf))) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", (unsigned int) -ret); goto exit; diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index af52583201..92d96608e3 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -85,8 +85,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]); goto exit; } @@ -106,8 +105,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, sizeof(buf), &olen)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret); goto exit; } diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index e4f27f337a..a5e06fb197 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -86,8 +86,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); goto exit; @@ -120,8 +119,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, sizeof(buf), &olen)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret); goto exit; } diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index d1c2a8c1c6..a10a6e6bb2 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -165,9 +165,7 @@ int main(void) (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); + 0); if (ret != 0) { printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6ed073eef5..e4efadc0d1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1736,12 +1736,12 @@ int main(int argc, char *argv[]) } else #if defined(MBEDTLS_FS_IO) if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng); + ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd); } else #endif { ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); } + mbedtls_test_cli_key_len, NULL, 0); } if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index b9598585bf..f1eb21f3d9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -138,8 +138,7 @@ int main(void) } ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index d3354caf73..69aefef7db 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -514,8 +514,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_FS_IO) if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "", - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, ""); } else #endif #if defined(MBEDTLS_PEM_PARSE_C) @@ -524,9 +523,7 @@ int main(int argc, char *argv[]) (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); + 0); } #else { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index a1c583aabc..1214eb83fa 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -379,8 +379,7 @@ int main(void) mbedtls_pk_init(&pkey); ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 4b101d39ad..0f27b8227d 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -144,8 +144,7 @@ int main(void) } ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8a0e18aefd..556e906498 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -824,7 +824,7 @@ static sni_entry *sni_parse(char *sni_string) mbedtls_pk_init(new->key); if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 || - mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) { + mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) { goto error; } @@ -1175,8 +1175,7 @@ static int ssl_async_start(mbedtls_ssl_context *ssl, * public key. */ for (slot = 0; slot < config_data->slots_used; slot++) { if (mbedtls_pk_check_pair(&cert->pk, - config_data->slots[slot].pk, - rng_get, &rng) == 0) { + config_data->slots[slot].pk) == 0) { break; } } @@ -1247,12 +1246,16 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { + case ASYNC_OP_DECRYPT: + ret = mbedtls_pk_decrypt(key_slot->pk, + ctx->input, ctx->input_len, + output, output_len, output_size); + break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, ctx->input, ctx->input_len, - output, output_size, output_len, - config_data->f_rng, config_data->p_rng); + output, output_size, output_len); break; default: mbedtls_printf( @@ -2637,7 +2640,7 @@ int main(int argc, char *argv[]) if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) { key_cert_init++; if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, - opt.key_pwd, rng_get, &rng)) != 0) { + opt.key_pwd)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2659,7 +2662,7 @@ int main(int argc, char *argv[]) if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) { key_cert_init2++; if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2, - opt.key_pwd2, rng_get, &rng)) != 0) { + opt.key_pwd2)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2686,8 +2689,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key_rsa, - mbedtls_test_srv_key_rsa_len, NULL, 0, - rng_get, &rng)) != 0) { + mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2704,8 +2706,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_parse_key(&pkey2, (const unsigned char *) mbedtls_test_srv_key_ec, - mbedtls_test_srv_key_ec_len, NULL, 0, - rng_get, &rng)) != 0) { + mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) { mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n", (unsigned int) -ret); goto exit; diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 1be335c0ad..f09e93863a 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -109,9 +109,7 @@ struct options { mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ } opt; -static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file) { int ret; FILE *f; @@ -119,7 +117,7 @@ static int write_certificate_request(mbedtls_x509write_csr *req, const char *out size_t len = 0; memset(output_buf, 0, 4096); - if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) { return ret; } @@ -454,8 +452,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Loading the private key ..."); fflush(stdout); - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret); @@ -472,8 +469,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Writing the certificate request ..."); fflush(stdout); - if ((ret = write_certificate_request(&req, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = write_certificate_request(&req, opt.output_file)) != 0) { mbedtls_printf(" failed\n ! write_certificate_request %d", ret); goto exit; } diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 5993f24657..9776dc1c37 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -206,9 +206,7 @@ struct options { int format; /* format */ } opt; -static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file) { int ret; FILE *f; @@ -218,8 +216,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil memset(output_buf, 0, 4096); if (opt.format == FORMAT_DER) { - ret = mbedtls_x509write_crt_der(crt, output_buf, 4096, - f_rng, p_rng); + ret = mbedtls_x509write_crt_der(crt, output_buf, 4096); if (ret < 0) { return ret; } @@ -227,8 +224,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil len = ret; output_start = output_buf + 4096 - len; } else { - ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096, - f_rng, p_rng); + ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096); if (ret < 0) { return ret; } @@ -780,7 +776,7 @@ int main(int argc, char *argv[]) fflush(stdout); ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key, - opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); + opt.subject_pwd); if (ret != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " @@ -795,7 +791,7 @@ int main(int argc, char *argv[]) fflush(stdout); ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key, - opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); + opt.issuer_pwd); if (ret != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " @@ -806,8 +802,7 @@ int main(int argc, char *argv[]) // Check if key and issuer certificate match // if (strlen(opt.issuer_crt)) { - if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key, - mbedtls_ctr_drbg_random, &ctr_drbg) != 0) { + if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) { mbedtls_printf(" failed\n ! issuer_key does not match " "issuer certificate\n\n"); goto exit; @@ -984,8 +979,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Writing the certificate..."); fflush(stdout); - if ((ret = write_certificate(&crt, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = write_certificate(&crt, opt.output_file)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n", (unsigned int) -ret, buf); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3c3bb6a54a..1ebd5a6fa7 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -652,8 +652,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_srv_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { ret = mbedtls_x509_crt_parse( @@ -665,8 +664,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_srv_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } else { @@ -680,8 +678,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_cli_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { ret = mbedtls_x509_crt_parse( @@ -693,8 +690,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_cli_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index d1df9e3912..376cd12337 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -23,13 +23,18 @@ static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, olen, input, output, output_max_len); } + static int mbedtls_rsa_sign_func(void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) { - return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, - md_alg, hashlen, hash, sig); + return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + md_alg, + hashlen, + hash, + sig); } static size_t mbedtls_rsa_key_len_func(void *ctx) { @@ -210,8 +215,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_pk_init(&key); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); mbedtls_x509write_csr_set_md_alg(&req, md_type); mbedtls_x509write_csr_set_key(&req, &key); @@ -229,8 +233,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0); } - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf)); TEST_ASSERT(ret == 0); pem_len = strlen((char *) buf); @@ -254,9 +257,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); + der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); if (der_len == 0) { @@ -271,8 +272,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, #else der_len -= 1; #endif - ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: @@ -306,8 +306,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); /* Turn the PK context into an opaque one. */ TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); @@ -326,8 +325,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0); } - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1, - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1); TEST_ASSERT(ret == 0); @@ -431,10 +429,10 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, MD_OR_USE_PSA_INIT(); TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file, - subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); + subject_pwd) == 0); TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file, - issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); + issuer_pwd) == 0); issuer_key_type = mbedtls_pk_get_type(&issuer_key); @@ -522,8 +520,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (set_subjectAltNames) { TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0); } - ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf)); TEST_ASSERT(ret == 0); pem_len = strlen((char *) buf); @@ -565,9 +562,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); } - der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); + der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); if (der_len == 0) { @@ -625,8 +620,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, #endif der_len -= 1; - ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: From 3b11f4113fa344d9f914e84aea924c44a2640cc5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 10 Mar 2025 11:23:02 +0000 Subject: [PATCH 0229/1080] Update tf-psa-crypto to include dependencies. Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 332798582b..f5b4a9ce21 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652 +Subproject commit f5b4a9ce21ea86c00163e175540c2f7d26c65a36 From a465aa489918743388f899f0fbc47b5e2e8e08d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Mar 2025 10:08:50 +0100 Subject: [PATCH 0230/1080] The LTS branch 2.28 is now EOL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .github/pull_request_template.md | 1 - BRANCHES.md | 4 ---- 2 files changed, 5 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a637fe4c20..e48e44beda 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -14,7 +14,6 @@ If the provided content is part of the present PR remove the # symbol. - [ ] **TF-PSA-Crypto PR** provided # | not required because: - [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required - [ ] **3.6 PR** provided # | not required because: -- [ ] **2.28 PR** provided # | not required because: - **tests** provided | not required because: diff --git a/BRANCHES.md b/BRANCHES.md index bcceda883a..49f7e289bb 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -11,7 +11,6 @@ At any point in time, we have a number of maintained branches, currently consist as well as all the new features and bug fixes and security fixes. - One or more long-time support (LTS) branches: these only get bug fixes and security fixes. Currently, the supported LTS branches are: -- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28). - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6). We retain a number of historical branches, whose names are prefixed by `archive/`, @@ -108,8 +107,5 @@ The following branches are currently maintained: - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) maintained until March 2027, see . -- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) - maintained until the end of 2024, see - . Users are urged to always use the latest version of a maintained branch. From ae5f6c4de1bbecaafa1eb100a7032c98b812fe28 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Mar 2025 07:02:23 +0100 Subject: [PATCH 0231/1080] scripts: config.py: remove references to MBEDTLS_PSA_CRYPTO_SE_C Signed-off-by: Valerio Setti --- scripts/config.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 3508ce4797..417f6e25a2 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -162,7 +162,6 @@ def full_adapter(name, value, active): 'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h 'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME - 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem 'MBEDTLS_THREADING_C', # requires a threading interface @@ -238,7 +237,6 @@ def continuation(name, value, active): return continuation DEPRECATED = frozenset([ - 'MBEDTLS_PSA_CRYPTO_SE_C', *PSA_DEPRECATED_FEATURE ]) def no_deprecated_adapter(adapter): From 9f2939c56d7407f53e2024146554bf90314c88a0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Mar 2025 07:03:08 +0100 Subject: [PATCH 0232/1080] test: components: remove references to MBEDTLS_PSA_CRYPTO_SE_C Signed-off-by: Valerio Setti --- tests/scripts/components-configuration.sh | 1 - tests/scripts/components-sanitizers.sh | 4 ---- 2 files changed, 5 deletions(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index cee4d632f3..2dfa6d2114 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -277,7 +277,6 @@ component_test_no_platform () { scripts/config.py unset MBEDTLS_PLATFORM_C scripts/config.py unset MBEDTLS_NET_C scripts/config.py unset MBEDTLS_FS_IO - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 454d1407f6..45d0960a1d 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -114,9 +114,6 @@ component_test_tsan () { # Interruptible ECC tests are not thread safe scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . make @@ -189,4 +186,3 @@ component_release_test_valgrind_psa () { msg "test: main suites, Valgrind (full config)" make memcheck } - From ba66794fb4048b8d65587f901ad98c386a86da3f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Mar 2025 12:24:32 +0100 Subject: [PATCH 0233/1080] library: remove psa_crypto_se.c from Makefile Following the removal of MBEDTLS_PSA_CRYPTO_SE_C the file was removed from tf-psa-crypto. Signed-off-by: Valerio Setti --- library/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index 61b2623e2a..1c0e4d942a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -113,7 +113,6 @@ OBJS_CRYPTO= \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \ From b33e06c56fe9c3e2e39bdb8f41eb4c0c3875d466 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 21 Mar 2025 15:32:09 +0100 Subject: [PATCH 0234/1080] tests: psasim: remove references to mbedtls_psa_register_se_key() Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 5490337cf8..5770deaa80 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -29,7 +29,6 @@ 'mbedtls_psa_get_stats', # uses unsupported type 'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway 'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type - 'mbedtls_psa_register_se_key', # not in the default config, generally not for client use anyway 'psa_get_key_slot_number', # not in the default config, uses unsupported type 'psa_key_derivation_verify_bytes', # not implemented yet 'psa_key_derivation_verify_key', # not implemented yet From f0ca71cb3cd180574def971d470df80e9c4e2d11 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Mar 2025 14:19:03 +0100 Subject: [PATCH 0235/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 72b5acd590..2b03d62924 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d +Subproject commit 2b03d629240c0c23a0bfa5444f005b8d9b6f8ba8 From a881db924fc40e81bf3e9409981d5761956765c0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Mar 2025 14:19:17 +0100 Subject: [PATCH 0236/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f5b4a9ce21..5048bced5e 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f5b4a9ce21ea86c00163e175540c2f7d26c65a36 +Subproject commit 5048bced5e1c000c0e3888be8126eb63a2b91937 From fc66d5876d973cc93864b8db9dbf29ff30bda755 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 20 Feb 2025 14:49:52 +0000 Subject: [PATCH 0237/1080] Delete some sample programs Signed-off-by: Ben Taylor --- ChangeLog.d/9964.txt | 25 ++ programs/.gitignore | 22 - programs/CMakeLists.txt | 4 - programs/Makefile | 100 ----- programs/README.md | 45 -- programs/aes/CMakeLists.txt | 15 - programs/aes/crypt_and_hash.c | 578 -------------------------- programs/cipher/CMakeLists.txt | 15 - programs/cipher/cipher_aead_demo.c | 261 ------------ programs/hash/CMakeLists.txt | 17 - programs/hash/generic_sum.c | 211 ---------- programs/hash/hello.c | 47 --- programs/hash/md_hmac_demo.c | 138 ------ programs/pkey/CMakeLists.txt | 13 - programs/pkey/dh_genprime.c | 163 -------- programs/pkey/ecdh_curve25519.c | 191 --------- programs/pkey/ecdsa.c | 222 ---------- programs/pkey/key_app.c | 369 ---------------- programs/pkey/key_app_writer.c | 495 ---------------------- programs/pkey/mpi_demo.c | 86 ---- programs/pkey/pk_decrypt.c | 153 ------- programs/pkey/pk_encrypt.c | 155 ------- programs/pkey/rsa_decrypt.c | 174 -------- programs/pkey/rsa_encrypt.c | 151 ------- programs/pkey/rsa_genkey.c | 143 ------- programs/pkey/rsa_sign.c | 157 ------- programs/pkey/rsa_verify.c | 136 ------ programs/random/CMakeLists.txt | 16 - programs/random/gen_entropy.c | 77 ---- programs/random/gen_random_ctr_drbg.c | 109 ----- programs/wince_main.c | 33 -- 31 files changed, 25 insertions(+), 4296 deletions(-) create mode 100644 ChangeLog.d/9964.txt delete mode 100644 programs/aes/CMakeLists.txt delete mode 100644 programs/aes/crypt_and_hash.c delete mode 100644 programs/cipher/CMakeLists.txt delete mode 100644 programs/cipher/cipher_aead_demo.c delete mode 100644 programs/hash/CMakeLists.txt delete mode 100644 programs/hash/generic_sum.c delete mode 100644 programs/hash/hello.c delete mode 100644 programs/hash/md_hmac_demo.c delete mode 100644 programs/pkey/dh_genprime.c delete mode 100644 programs/pkey/ecdh_curve25519.c delete mode 100644 programs/pkey/ecdsa.c delete mode 100644 programs/pkey/key_app.c delete mode 100644 programs/pkey/key_app_writer.c delete mode 100644 programs/pkey/mpi_demo.c delete mode 100644 programs/pkey/pk_decrypt.c delete mode 100644 programs/pkey/pk_encrypt.c delete mode 100644 programs/pkey/rsa_decrypt.c delete mode 100644 programs/pkey/rsa_encrypt.c delete mode 100644 programs/pkey/rsa_genkey.c delete mode 100644 programs/pkey/rsa_sign.c delete mode 100644 programs/pkey/rsa_verify.c delete mode 100644 programs/random/CMakeLists.txt delete mode 100644 programs/random/gen_entropy.c delete mode 100644 programs/random/gen_random_ctr_drbg.c delete mode 100644 programs/wince_main.c diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt new file mode 100644 index 0000000000..ca0cc4b48d --- /dev/null +++ b/ChangeLog.d/9964.txt @@ -0,0 +1,25 @@ +Removals + * Removal of the following sample programs: + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c diff --git a/programs/.gitignore b/programs/.gitignore index 939e405952..7eaf38d85b 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -5,36 +5,14 @@ *.sln *.vcxproj -aes/crypt_and_hash -cipher/cipher_aead_demo -hash/generic_sum -hash/hello -hash/md_hmac_demo hash/md5sum hash/sha1sum hash/sha2sum -pkey/dh_client -pkey/dh_genprime -pkey/dh_server -pkey/ecdh_curve25519 -pkey/ecdsa pkey/gen_key -pkey/key_app -pkey/key_app_writer -pkey/mpi_demo -pkey/pk_decrypt -pkey/pk_encrypt pkey/pk_sign pkey/pk_verify -pkey/rsa_decrypt -pkey/rsa_encrypt -pkey/rsa_genkey -pkey/rsa_sign pkey/rsa_sign_pss -pkey/rsa_verify pkey/rsa_verify_pss -random/gen_entropy -random/gen_random_ctr_drbg ssl/dtls_client ssl/dtls_server ssl/mini_client diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 2c23c48c66..1e5b2a4b67 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -1,14 +1,10 @@ set(programs_target "${MBEDTLS_TARGET_PREFIX}programs") add_custom_target(${programs_target}) -add_subdirectory(aes) -add_subdirectory(cipher) if (NOT WIN32) add_subdirectory(fuzz) endif() -add_subdirectory(hash) add_subdirectory(pkey) -add_subdirectory(random) add_subdirectory(ssl) add_subdirectory(test) add_subdirectory(util) diff --git a/programs/Makefile b/programs/Makefile index 9a4237c3a1..b26429061e 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -36,28 +36,10 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - aes/crypt_and_hash \ - cipher/cipher_aead_demo \ - hash/generic_sum \ - hash/hello \ - hash/md_hmac_demo \ - pkey/dh_genprime \ - pkey/ecdh_curve25519 \ - pkey/ecdsa \ pkey/gen_key \ - pkey/key_app \ - pkey/key_app_writer \ - pkey/mpi_demo \ - pkey/pk_decrypt \ - pkey/pk_encrypt \ pkey/pk_sign \ pkey/pk_verify \ - pkey/rsa_decrypt \ - pkey/rsa_encrypt \ - pkey/rsa_genkey \ - pkey/rsa_sign \ pkey/rsa_sign_pss \ - pkey/rsa_verify \ pkey/rsa_verify_pss \ ../tf-psa-crypto/programs/psa/aead_demo \ ../tf-psa-crypto/programs/psa/crypto_examples \ @@ -65,8 +47,6 @@ APPS = \ ../tf-psa-crypto/programs/psa/key_ladder_demo \ ../tf-psa-crypto/programs/psa/psa_constant_names \ ../tf-psa-crypto/programs/psa/psa_hash \ - random/gen_entropy \ - random/gen_random_ctr_drbg \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -155,62 +135,10 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP) - echo " CC aes/crypt_and_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP) - echo " CC cipher/cipher_aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP) - echo " CC hash/generic_sum.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/hello$(EXEXT): hash/hello.c $(DEP) - echo " CC hash/hello.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP) - echo " CC hash/md_hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP) - echo " CC pkey/dh_genprime.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP) - echo " CC pkey/ecdh_curve25519.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP) - echo " CC pkey/ecdsa.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) echo " CC pkey/gen_key.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/key_app$(EXEXT): pkey/key_app.c $(DEP) - echo " CC pkey/key_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP) - echo " CC pkey/key_app_writer.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP) - echo " CC pkey/mpi_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP) - echo " CC pkey/pk_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP) - echo " CC pkey/pk_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) echo " CC pkey/pk_sign.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -219,18 +147,6 @@ pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP) echo " CC pkey/pk_verify.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP) - echo " CC pkey/rsa_genkey.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP) - echo " CC pkey/rsa_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP) - echo " CC pkey/rsa_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) echo " CC pkey/rsa_sign_pss.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -239,14 +155,6 @@ pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) echo " CC pkey/rsa_verify_pss.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP) - echo " CC pkey/rsa_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) - echo " CC pkey/rsa_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) echo " CC psa/aead_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -271,14 +179,6 @@ pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) echo " CC psa/psa_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP) - echo " CC random/gen_entropy.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP) - echo " CC random/gen_random_ctr_drbg.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/README.md b/programs/README.md index 2d9c187efa..9239e8a603 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,61 +3,16 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -## Symmetric cryptography (AES) examples - -* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. - -## Hash (digest) examples - -* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface. - -* [`hash/hello.c`](hash/hello.c): hello-world program for MD5. - -## Public-key cryptography examples - ### Generic public-key cryptography (`pk`) examples * [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. -* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content. - -* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file. - -* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface. - * [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. ### ECDSA and RSA signature examples -* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature. - -* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface. - -* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs. - -* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. - * [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. -### Diffie-Hellman key exchange examples - -* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. - -### Bignum (`mpi`) usage examples - -* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters. - -* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers. - -## Random number generator (RNG) examples - -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. - Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. - -* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. - -## SSL/TLS examples - ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt deleted file mode 100644 index c5128b1b4d..0000000000 --- a/programs/aes/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - crypt_and_hash -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c deleted file mode 100644 index e3bfb3c615..0000000000 --- a/programs/aes/crypt_and_hash.c +++ /dev/null @@ -1,578 +0,0 @@ -/* - * \brief Generic file encryption program using generic wrappers for configured - * security. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of fileno() even when compiling with -std=c99. Must be - * set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 200112L -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/cipher.h" -#include "mbedtls/md.h" -#include "mbedtls/platform_util.h" - -#include -#include -#include -#endif - -#if defined(_WIN32) -#include -#if !defined(_WIN32_WCE) -#include -#endif -#else -#include -#include -#endif - -#define MODE_ENCRYPT 0 -#define MODE_DECRYPT 1 - -#define USAGE \ - "\n crypt_and_hash \n" \ - "\n : 0 = encrypt, 1 = decrypt\n" \ - "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \ - "\n" - -#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - unsigned n; - int exit_code = MBEDTLS_EXIT_FAILURE; - int mode; - size_t keylen, ilen, olen; - FILE *fkey, *fin = NULL, *fout = NULL; - - char *p; - unsigned char IV[16]; - unsigned char key[512]; - unsigned char digest[MBEDTLS_MD_MAX_SIZE]; - unsigned char buffer[1024]; - unsigned char output[1024]; - unsigned char diff; - - const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; - mbedtls_cipher_context_t cipher_ctx; - mbedtls_md_context_t md_ctx; - mbedtls_cipher_mode_t cipher_mode; - unsigned int cipher_block_size; - unsigned char md_size; -#if defined(_WIN32_WCE) - long filesize, offset; -#elif defined(_WIN32) - LARGE_INTEGER li_size; - __int64 filesize, offset; -#else - off_t filesize, offset; -#endif - - mbedtls_cipher_init(&cipher_ctx); - mbedtls_md_init(&md_ctx); - - /* - * Parse the command-line arguments. - */ - if (argc != 7) { - const int *list; - - mbedtls_printf(USAGE); - - mbedtls_printf("Available ciphers:\n"); - list = mbedtls_cipher_list(); - while (*list) { - cipher_info = mbedtls_cipher_info_from_type(*list); - const char *name = mbedtls_cipher_info_get_name(cipher_info); - - if (name) { - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } - list++; - } - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - goto exit; - } - - mode = atoi(argv[1]); - - if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) { - mbedtls_fprintf(stderr, "invalid operation mode\n"); - goto exit; - } - - if (strcmp(argv[2], argv[3]) == 0) { - mbedtls_fprintf(stderr, "input and output filenames must differ\n"); - goto exit; - } - - if ((fin = fopen(argv[2], "rb")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]); - goto exit; - } - - if ((fout = fopen(argv[3], "wb+")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]); - goto exit; - } - - /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ - mbedtls_setbuf(fin, NULL); - mbedtls_setbuf(fout, NULL); - - /* - * Read the Cipher and MD from the command line - */ - cipher_info = mbedtls_cipher_info_from_string(argv[4]); - if (cipher_info == NULL) { - mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]); - goto exit; - } - if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n"); - goto exit; - } - - md_info = mbedtls_md_info_from_string(argv[5]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]); - goto exit; - } - - if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n"); - goto exit; - } - - /* - * Read the secret key from file or command line - */ - if ((fkey = fopen(argv[6], "rb")) != NULL) { - keylen = fread(key, 1, sizeof(key), fkey); - fclose(fkey); - } else { - if (memcmp(argv[6], "hex:", 4) == 0) { - p = &argv[6][4]; - keylen = 0; - - while (sscanf(p, "%02X", (unsigned int *) &n) > 0 && - keylen < (int) sizeof(key)) { - key[keylen++] = (unsigned char) n; - p += 2; - } - } else { - keylen = strlen(argv[6]); - - if (keylen > (int) sizeof(key)) { - keylen = (int) sizeof(key); - } - - memcpy(key, argv[6], keylen); - } - } - -#if defined(_WIN32_WCE) - filesize = fseek(fin, 0L, SEEK_END); -#else -#if defined(_WIN32) - /* - * Support large files (> 2Gb) on Win32 - */ - li_size.QuadPart = 0; - li_size.LowPart = - SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)), - li_size.LowPart, &li_size.HighPart, FILE_END); - - if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) { - mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n"); - goto exit; - } - - filesize = li_size.QuadPart; -#else - if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) { - perror("lseek"); - goto exit; - } -#endif -#endif - - if (fseek(fin, 0, SEEK_SET) < 0) { - mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n"); - goto exit; - } - - md_size = mbedtls_md_get_size(md_info); - cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx); - - if (mode == MODE_ENCRYPT) { - /* - * Generate the initialization vector as: - * IV = MD( filesize || filename )[0..15] - */ - for (i = 0; i < 8; i++) { - buffer[i] = (unsigned char) (filesize >> (i << 3)); - } - - p = argv[2]; - - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p)) - != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - - memcpy(IV, digest, 16); - - /* - * Append the IV at the beginning of the output. - */ - if (fwrite(IV, 1, 16, fout) != 16) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16); - goto exit; - } - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_finish() returned error\n"); - goto exit; - } - - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Encrypt and write the ciphertext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen); - goto exit; - } - - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - - /* - * Finally write the HMAC. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fwrite(digest, 1, md_size, fout) != md_size) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size); - goto exit; - } - } - - if (mode == MODE_DECRYPT) { - /* - * The encrypted file must be structured as follows: - * - * 00 .. 15 Initialization Vector - * 16 .. 31 Encrypted Block #1 - * .. - * N*16 .. (N+1)*16 - 1 Encrypted Block #N - * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext) - */ - if (filesize < 16 + md_size) { - mbedtls_fprintf(stderr, "File too short to be encrypted.\n"); - goto exit; - } - - if (cipher_block_size == 0) { - mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n"); - goto exit; - } - - /* - * Check the file size. - */ - cipher_mode = mbedtls_cipher_info_get_mode(cipher_info); - if (cipher_mode != MBEDTLS_MODE_GCM && - cipher_mode != MBEDTLS_MODE_CTR && - cipher_mode != MBEDTLS_MODE_CFB && - cipher_mode != MBEDTLS_MODE_OFB && - ((filesize - md_size) % cipher_block_size) != 0) { - mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n", - cipher_block_size); - goto exit; - } - - /* - * Subtract the IV + HMAC length. - */ - filesize -= (16 + md_size); - - /* - * Read the IV and original filesize modulo 16. - */ - if (fread(buffer, 1, 16, fin) != 16) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16); - goto exit; - } - - memcpy(IV, buffer, 16); - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Decrypt and write the plaintext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%u bytes) failed\n", - cipher_block_size); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, - &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - /* - * Verify the message authentication code. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fread(buffer, 1, md_size, fin) != md_size) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size); - goto exit; - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < md_size; i++) { - diff |= digest[i] ^ buffer[i]; - } - - if (diff != 0) { - mbedtls_fprintf(stderr, "HMAC check failed: wrong key, " - "or file corrupted.\n"); - goto exit; - } - - /* - * Write the final block of data - */ - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - if (fin) { - fclose(fin); - } - if (fout) { - fclose(fout); - } - - /* Zeroize all command line arguments to also cover - the case when the user has missed or reordered some, - in which case the key might not be in argv[6]. */ - for (i = 0; i < argc; i++) { - mbedtls_platform_zeroize(argv[i], strlen(argv[i])); - } - - mbedtls_platform_zeroize(IV, sizeof(IV)); - mbedtls_platform_zeroize(key, sizeof(key)); - mbedtls_platform_zeroize(buffer, sizeof(buffer)); - mbedtls_platform_zeroize(output, sizeof(output)); - mbedtls_platform_zeroize(digest, sizeof(digest)); - - mbedtls_cipher_free(&cipher_ctx); - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt deleted file mode 100644 index d6483011a0..0000000000 --- a/programs/cipher/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - cipher_aead_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c deleted file mode 100644 index 533af34fc5..0000000000 --- a/programs/cipher/cipher_aead_demo.c +++ /dev/null @@ -1,261 +0,0 @@ -/** - * Cipher API multi-part AEAD demonstration. - * - * This program AEAD-encrypts a message, using the algorithm and key size - * specified on the command line, using the multi-part API. - * - * It comes with a companion program psa/aead_demo.c, which does the same - * operations with the PSA Crypto API. The goal is that comparing the two - * programs will help people migrating to the PSA Crypto API. - * - * When used with multi-part AEAD operations, the `mbedtls_cipher_context` - * serves a triple purpose (1) hold the key, (2) store the algorithm when no - * operation is active, and (3) save progress information for the current - * operation. With PSA those roles are held by disinct objects: (1) a - * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the - * algorithm, and (3) a psa_operation_t for multi-part progress. - * - * On the other hand, with PSA, the algorithms encodes the desired tag length; - * with Cipher the desired tag length needs to be tracked separately. - * - * This program and its companion psa/aead_demo.c illustrate this by doing the - * same sequence of multi-part AEAD computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#include -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_CIPHER_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ - !defined(MBEDTLS_CHACHAPOLY_C) -int main(void) -{ - printf("MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or " - "MBEDTLS_CHACHAPOLY_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -const char usage[] = - "Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; - -/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ -const unsigned char iv1[12] = { 0x00 }; -const unsigned char add_data1[] = { 0x01, 0x02 }; -const unsigned char msg1_part1[] = { 0x03, 0x04 }; -const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; - -/* Dummy data (2nd message) */ -const unsigned char iv2[12] = { 0x10 }; -const unsigned char add_data2[] = { 0x11, 0x12 }; -const unsigned char msg2_part1[] = { 0x13, 0x14 }; -const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; - -/* Maximum total size of the messages */ -#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) -#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) -#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) - -/* Dummy key material - never do this in production! - * 32-byte is enough to all the key size supported by this program. */ -const unsigned char key_bytes[32] = { 0x2a }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * Prepare encryption material: - * - interpret command-line argument - * - set up key - * - outputs: context and tag length, which together hold all the information - */ -static int aead_prepare(const char *info, - mbedtls_cipher_context_t *ctx, - size_t *tag_len) -{ - int ret; - - /* Convert arg to type + tag_len */ - mbedtls_cipher_type_t type; - if (strcmp(info, "aes128-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes256-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_256_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes128-gcm_8") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 8; - } else if (strcmp(info, "chachapoly") == 0) { - type = MBEDTLS_CIPHER_CHACHA20_POLY1305; - *tag_len = 16; - } else { - puts(usage); - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; - } - - /* Prepare context for the given type */ - CHK(mbedtls_cipher_setup(ctx, - mbedtls_cipher_info_from_type(type))); - - /* Import key */ - int key_len = mbedtls_cipher_get_key_bitlen(ctx); - CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT)); - -exit: - return ret; -} - -/* - * Print out some information. - * - * All of this information was present in the command line argument, but his - * function demonstrates how each piece can be recovered from (ctx, tag_len). - */ -static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len) -{ - mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx); - const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type); - const char *ciph = mbedtls_cipher_info_get_name(info); - int key_bits = mbedtls_cipher_get_key_bitlen(ctx); - mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx); - - const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM" - : mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly" - : "???"; - - printf("%s, %d, %s, %u\n", - ciph, key_bits, mode_str, (unsigned) tag_len); -} - -/* - * Encrypt a 2-part message. - */ -static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *part1, size_t part1_len, - const unsigned char *part2, size_t part2_len) -{ - int ret; - size_t olen; -#define MAX_TAG_LENGTH 16 - unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH]; - unsigned char *p = out; - - CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len)); - CHK(mbedtls_cipher_reset(ctx)); - CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len)); - CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_finish(ctx, p, &olen)); - p += olen; - CHK(mbedtls_cipher_write_tag(ctx, p, tag_len)); - p += tag_len; - - olen = p - out; - print_buf("out", out, olen); - -exit: - return ret; -} - -/* - * AEAD demo: set up key/alg, print out info, encrypt messages. - */ -static int aead_demo(const char *info) -{ - int ret = 0; - - mbedtls_cipher_context_t ctx; - size_t tag_len; - - mbedtls_cipher_init(&ctx); - - CHK(aead_prepare(info, &ctx, &tag_len)); - - aead_info(&ctx, tag_len); - - CHK(aead_encrypt(&ctx, tag_len, - iv1, sizeof(iv1), add_data1, sizeof(add_data1), - msg1_part1, sizeof(msg1_part1), - msg1_part2, sizeof(msg1_part2))); - CHK(aead_encrypt(&ctx, tag_len, - iv2, sizeof(iv2), add_data2, sizeof(add_data2), - msg2_part1, sizeof(msg2_part1), - msg2_part2, sizeof(msg2_part2))); - -exit: - mbedtls_cipher_free(&ctx); - - return ret; -} - - -/* - * Main function - */ -int main(int argc, char **argv) -{ - /* Check usage */ - if (argc != 2) { - puts(usage); - return 1; - } - - int ret; - - /* Run the demo */ - CHK(aead_demo(argv[1])); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt deleted file mode 100644 index d23db0443e..0000000000 --- a/programs/hash/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ -set(executables - generic_sum - hello - md_hmac_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c deleted file mode 100644 index ac776deb87..0000000000 --- a/programs/hash/generic_sum.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * generic message digest layer demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/md.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum) -{ - int ret = mbedtls_md_file(md_info, filename, sum); - - if (ret == 1) { - mbedtls_fprintf(stderr, "failed to open: %s\n", filename); - } - - if (ret == 2) { - mbedtls_fprintf(stderr, "failed to read: %s\n", filename); - } - - return ret; -} - -static int generic_print(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - - if (generic_wrapper(md_info, filename, sum) != 0) { - return 1; - } - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - mbedtls_printf("%02x", sum[i]); - } - - mbedtls_printf(" %s\n", filename); - return 0; -} - -static int generic_check(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - size_t n; - FILE *f; - int nb_err1, nb_err2; - int nb_tot1, nb_tot2; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char line[1024]; - char diff; -#if defined(__clang_analyzer__) - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; -#else - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; -#endif - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("failed to open: %s\n", filename); - return 1; - } - - nb_err1 = nb_err2 = 0; - nb_tot1 = nb_tot2 = 0; - - memset(line, 0, sizeof(line)); - - n = sizeof(line); - - while (fgets(line, (int) n - 1, f) != NULL) { - n = strlen(line); - - if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[2 * mbedtls_md_get_size(md_info)] != ' ' || - line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[n - 1] == '\n') { - n--; line[n] = '\0'; - } - if (line[n - 1] == '\r') { - n--; line[n] = '\0'; - } - - nb_tot1++; - - if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) { - nb_err1++; - continue; - } - - nb_tot2++; - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - sprintf(buf + i * 2, "%02x", sum[i]); - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) { - diff |= line[i] ^ buf[i]; - } - - if (diff != 0) { - nb_err2++; - mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66); - } - - n = sizeof(line); - } - - if (nb_err1 != 0) { - mbedtls_printf("WARNING: %d (out of %d) input files could " - "not be read\n", nb_err1, nb_tot1); - } - - if (nb_err2 != 0) { - mbedtls_printf("WARNING: %d (out of %d) computed checksums did " - "not match\n", nb_err2, nb_tot2); - } - - fclose(f); - - return nb_err1 != 0 || nb_err2 != 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - int exit_code = MBEDTLS_EXIT_FAILURE; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; - - mbedtls_md_init(&md_ctx); - - if (argc < 2) { - const int *list; - - mbedtls_printf("print mode: generic_sum ...\n"); - mbedtls_printf("check mode: generic_sum -c \n"); - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - mbedtls_exit(exit_code); - } - - /* - * Read the MD from the command line - */ - md_info = mbedtls_md_info_from_string(argv[1]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]); - mbedtls_exit(exit_code); - } - if (mbedtls_md_setup(&md_ctx, md_info, 0)) { - mbedtls_fprintf(stderr, "Failed to initialize context.\n"); - mbedtls_exit(exit_code); - } - - ret = 0; - if (argc == 4 && strcmp("-c", argv[2]) == 0) { - ret |= generic_check(md_info, argv[3]); - goto exit; - } - - for (i = 2; i < argc; i++) { - ret |= generic_print(md_info, argv[i]); - } - - if (ret == 0) { - exit_code = MBEDTLS_EXIT_SUCCESS; - } - -exit: - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/hello.c b/programs/hash/hello.c deleted file mode 100644 index 19408f37fe..0000000000 --- a/programs/hash/hello.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Classic "Hello, world" demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD5_C) -#include "mbedtls/md5.h" -#endif - -#if !defined(MBEDTLS_MD5_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD5_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int i, ret; - unsigned char digest[16]; - char str[] = "Hello, world!"; - - mbedtls_printf("\n MD5('%s') = ", str); - - if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) { - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - for (i = 0; i < 16; i++) { - mbedtls_printf("%02x", digest[i]); - } - - mbedtls_printf("\n\n"); - - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); -} -#endif /* MBEDTLS_MD5_C */ diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c deleted file mode 100644 index 0fe0700ce4..0000000000 --- a/programs/hash/md_hmac_demo.c +++ /dev/null @@ -1,138 +0,0 @@ -/** - * MD API multi-part HMAC demonstration. - * - * This programs computes the HMAC of two messages using the multi-part API. - * - * This is a companion to psa/hmac_demo.c, doing the same operations with the - * legacy MD API. The goal is that comparing the two programs will help people - * migrating to the PSA Crypto API. - * - * When it comes to multi-part HMAC operations, the `mbedtls_md_context` - * serves a dual purpose (1) hold the key, and (2) save progress information - * for the current operation. With PSA those roles are held by two disinct - * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for - * multi-part progress. - * - * This program and its companion psa/hmac_demo.c illustrate this by doing the - * same sequence of multi-part HMAC computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" - -#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize - -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_MD_C) -int main(void) -{ - printf("MBEDTLS_MD_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -/* Dummy inputs for HMAC */ -const unsigned char msg1_part1[] = { 0x01, 0x02 }; -const unsigned char msg1_part2[] = { 0x03, 0x04 }; -const unsigned char msg2_part1[] = { 0x05, 0x05 }; -const unsigned char msg2_part2[] = { 0x06, 0x06 }; - -/* Dummy key material - never do this in production! - * This example program uses SHA-256, so a 32-byte key makes sense. */ -const unsigned char key_bytes[32] = { 0 }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * This function demonstrates computation of the HMAC of two messages using - * the multipart API. - */ -static int hmac_demo(void) -{ - int ret; - const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256; - unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal - - mbedtls_md_context_t ctx; - - mbedtls_md_init(&ctx); - - /* prepare context and load key */ - // the last argument to setup is 1 to enable HMAC (not just hashing) - const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg); - CHK(mbedtls_md_setup(&ctx, info, 1)); - CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes))); - - /* compute HMAC(key, msg1_part1 | msg1_part2) */ - CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg1", out, mbedtls_md_get_size(info)); - - /* compute HMAC(key, msg2_part1 | msg2_part2) */ - CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation - CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg2", out, mbedtls_md_get_size(info)); - -exit: - mbedtls_md_free(&ctx); - mbedtls_platform_zeroize(out, sizeof(out)); - - return ret; -} - -int main(void) -{ - int ret; - - CHK(hmac_demo()); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index df63ffc89c..a2b1836d58 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,21 +1,8 @@ set(executables_mbedcrypto - dh_genprime - ecdh_curve25519 - ecdsa gen_key - key_app - key_app_writer - mpi_demo - pk_encrypt - pk_decrypt pk_sign pk_verify - rsa_decrypt - rsa_encrypt - rsa_genkey - rsa_sign rsa_sign_pss - rsa_verify rsa_verify_pss ) add_dependencies(${programs_target} ${executables_mbedcrypto}) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c deleted file mode 100644 index ebaf9265f3..0000000000 --- a/programs/pkey/dh_genprime.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (prime generation) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_GENPRIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_GENPRIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/bignum.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#define USAGE \ - "\n usage: dh_genprime param=<>...\n" \ - "\n acceptable parameters:\n" \ - " bits=%%d default: 2048\n" - -#define DFL_BITS 2048 - -/* - * Note: G = 4 is always a quadratic residue mod P, - * so it is a generator of order Q (with P = 2*Q+1). - */ -#define GENERATOR "4" - - -int main(int argc, char **argv) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi G, P, Q; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "dh_genprime"; - FILE *fout; - int nbits = DFL_BITS; - int i; - char *p, *q; - - mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "bits") == 0) { - nbits = atoi(q); - if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } else { - goto usage; - } - } - - if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ! Generating large primes may take minutes!\n"); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the modulus, please wait..."); - fflush(stdout); - - /* - * This can take a long time... - */ - if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime..."); - fflush(stdout); - - if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt..."); - fflush(stdout); - - if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n"); - goto exit; - } - - if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) || - ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - fclose(fout); - goto exit; - } - - mbedtls_printf(" ok\n\n"); - fclose(fout); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */ diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c deleted file mode 100644 index 952d487c9e..0000000000 --- a/programs/pkey/ecdh_curve25519.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Example ECDHE with Curve25519 program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ECDH_C) || \ - !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDH_C and/or " - "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " - "not defined\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdh.h" - -#include - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdh_context ctx_cli, ctx_srv; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char cli_to_srv[36], srv_to_cli[33]; - const char pers[] = "ecdh"; - - size_t srv_olen; - size_t cli_olen; - unsigned char secret_cli[32] = { 0 }; - unsigned char secret_srv[32] = { 0 }; - const unsigned char *p_cli_to_srv = cli_to_srv; - - ((void) argc); - ((void) argv); - - mbedtls_ecdh_init(&ctx_cli); - mbedtls_ecdh_init(&ctx_srv); - mbedtls_ctr_drbg_init(&ctr_drbg); - - /* - * Initialize random number generation - */ - mbedtls_printf(" . Seed the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, - (const unsigned char *) pers, - sizeof(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: initialize context and generate keypair - */ - mbedtls_printf(" . Set up client context, generate EC key pair..."); - fflush(stdout); - - ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret); - goto exit; - } - - ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv, - sizeof(cli_to_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Server: initialize context and generate keypair - */ - mbedtls_printf(" . Server: read params, generate public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv, - p_cli_to_srv + sizeof(cli_to_srv)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli, - sizeof(srv_to_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: read public key - */ - mbedtls_printf(" . Client: read public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli, - sizeof(srv_to_cli)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Calculate secrets - */ - mbedtls_printf(" . Calculate secrets..."); - fflush(stdout); - - ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli, - sizeof(secret_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv, - sizeof(secret_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Verification: are the computed secrets equal? - */ - mbedtls_printf(" . Check if both calculated secrets are equal..."); - fflush(stdout); - - ret = memcmp(secret_srv, secret_cli, srv_olen); - if (ret != 0 || (cli_olen != srv_olen)) { - mbedtls_printf(" failed\n ! Shared secrets not equal.\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdh_free(&ctx_srv); - mbedtls_ecdh_free(&ctx_cli); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c deleted file mode 100644 index a4988b0b48..0000000000 --- a/programs/pkey/ecdsa.c +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Example ECDSA program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ECDSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/sha256.h" - -#include -#endif - -/* - * Uncomment to show key and signature details - */ -#define VERBOSE - -/* - * Uncomment to force use of a specific curve - */ -#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 - -#if !defined(ECPARAMS) -#define ECPARAMS mbedtls_ecp_curve_list()->grp_id -#endif - -#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n"); - mbedtls_exit(0); -} -#else -#if defined(VERBOSE) -static void dump_buf(const char *title, unsigned char *buf, size_t len) -{ - size_t i; - - mbedtls_printf("%s", title); - for (i = 0; i < len; i++) { - mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16], - "0123456789ABCDEF" [buf[i] % 16]); - } - mbedtls_printf("\n"); -} - -static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key) -{ - unsigned char buf[300]; - size_t len; - - if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof(buf)) != 0) { - mbedtls_printf("internal error\n"); - return; - } - - dump_buf(title, buf, len); -} -#else -#define dump_buf(a, b, c) -#define dump_pubkey(a, b) -#endif - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdsa_context ctx_sign, ctx_verify; - mbedtls_ecp_point Q; - mbedtls_ecp_point_init(&Q); - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char message[100]; - unsigned char hash[32]; - unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - size_t sig_len; - const char *pers = "ecdsa"; - ((void) argv); - - mbedtls_ecdsa_init(&ctx_sign); - mbedtls_ecdsa_init(&ctx_verify); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(sig, 0, sizeof(sig)); - memset(message, 0x25, sizeof(message)); - - if (argc != 1) { - mbedtls_printf("usage: ecdsa\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - /* - * Generate a key pair for signing - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating key pair..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret); - goto exit; - } - - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size); - - dump_pubkey(" + Public key: ", &ctx_sign); - - /* - * Compute message hash - */ - mbedtls_printf(" . Computing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - dump_buf(" + Hash: ", hash, sizeof(hash)); - - /* - * Sign message hash - */ - mbedtls_printf(" . Signing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256, - hash, sizeof(hash), - sig, sizeof(sig), &sig_len, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len); - - dump_buf(" + Signature: ", sig, sig_len); - - /* - * Transfer public information to verifying context - * - * We could use the same context for verification and signatures, but we - * chose to use a new one in order to make it clear that the verifying - * context only needs the public key (Q), and not the private key (d). - */ - mbedtls_printf(" . Preparing verification context..."); - fflush(stdout); - - if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret); - goto exit; - } - - if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret); - goto exit; - } - - /* - * Verify signature - */ - mbedtls_printf(" ok\n . Verifying signature..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify, - hash, sizeof(hash), - sig, sig_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdsa_free(&ctx_verify); - mbedtls_ecdsa_free(&ctx_sign); - mbedtls_ecp_point_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - ECPARAMS */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c deleted file mode 100644 index 2be584266a..0000000000 --- a/programs/pkey/key_app.c +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Key reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && \ - defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_PASSWORD "" -#define DFL_PASSWORD_FILE "" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: key_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " password=%%s default: \"\"\n" \ - " password_file=%%s default: \"\"\n" \ - "\n" - -#if !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - const char *password; /* password for the private key */ - const char *password_file; /* password_file for the private key */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - char buf[1024]; - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context pk; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&pk); - memset(buf, 0, sizeof(buf)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto cleanup; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.password = DFL_PASSWORD; - opt.password_file = DFL_PASSWORD_FILE; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "password") == 0) { - opt.password = q; - } else if (strcmp(p, "password_file") == 0) { - opt.password_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_PRIVATE) { - if (strlen(opt.password) && strlen(opt.password_file)) { - mbedtls_printf("Error: cannot have both password and password_file\n"); - goto usage; - } - - if (strlen(opt.password_file)) { - FILE *f; - - mbedtls_printf("\n . Loading the password file ..."); - if ((f = fopen(opt.password_file, "rb")) == NULL) { - mbedtls_printf(" failed\n ! fopen returned NULL\n"); - goto cleanup; - } - if (fgets(buf, sizeof(buf), f) == NULL) { - fclose(f); - mbedtls_printf("Error: fgets() failed to retrieve password\n"); - goto cleanup; - } - fclose(f); - - i = (int) strlen(buf); - if (buf[i - 1] == '\n') { - buf[i - 1] = '\0'; - } - if (buf[i - 2] == '\r') { - buf[i - 2] = '\0'; - } - opt.password = buf; - } - - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else { - goto usage; - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c deleted file mode 100644 index e36130bcd1..0000000000 --- a/programs/pkey/key_app_writer.c +++ /dev/null @@ -1,495 +0,0 @@ -/* - * Key writing application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#define USAGE_OUT \ - " output_file=%%s default: keyfile.pem\n" \ - " output_format=pem|der default: pem\n" -#else -#define USAGE_OUT \ - " output_file=%%s default: keyfile.der\n" \ - " output_format=der default: der\n" -#endif - -#if defined(MBEDTLS_PEM_WRITE_C) -#define DFL_OUTPUT_FILENAME "keyfile.pem" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM -#else -#define DFL_OUTPUT_FILENAME "keyfile.der" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER -#endif - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_DEBUG_LEVEL 0 -#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define OUTPUT_MODE_NONE 0 -#define OUTPUT_MODE_PRIVATE 1 -#define OUTPUT_MODE_PUBLIC 2 - -#define OUTPUT_FORMAT_PEM 0 -#define OUTPUT_FORMAT_DER 1 - -#define USAGE \ - "\n usage: key_app_writer param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " output_mode=private|public default: none\n" \ - USAGE_OUT \ - "\n" - - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - int output_mode; /* the output mode to use */ - const char *output_file; /* where to store the constructed key file */ - int output_format; /* the output format to use */ -} opt; - -static int write_public_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; -#if defined(MBEDTLS_ERROR_C) - char buf[200]; -#endif - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context key; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&key); -#if defined(MBEDTLS_ERROR_C) - memset(buf, 0, sizeof(buf)); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.output_mode = DFL_OUTPUT_MODE; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.output_format = DFL_OUTPUT_FORMAT; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.output_mode = OUTPUT_MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.output_mode = OUTPUT_MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_format") == 0) { -#if defined(MBEDTLS_PEM_WRITE_C) - if (strcmp(q, "pem") == 0) { - opt.output_format = OUTPUT_FORMAT_PEM; - } else -#endif - if (strcmp(q, "der") == 0) { - opt.output_format = OUTPUT_FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) { - mbedtls_printf("\nCannot output a key without reading one.\n"); - goto exit; - } - - if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) { - mbedtls_printf("\nCannot output a private key from a public key.\n"); - goto exit; - } - - if (opt.mode == MODE_PRIVATE) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - } else { - goto usage; - } - - if (opt.output_mode == OUTPUT_MODE_PUBLIC) { - write_public_key(&key, opt.output_file); - } - if (opt.output_mode == OUTPUT_MODE_PRIVATE) { - write_private_key(&key, opt.output_file); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c deleted file mode 100644 index a9c3190bf3..0000000000 --- a/programs/pkey/mpi_demo.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Simple MPI demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/bignum.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi E, P, Q, N, H, D, X, Y, Z; - - mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N); - mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - mbedtls_mpi_init(&Z); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257")); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q)); - - mbedtls_printf("\n Public key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL)); - - mbedtls_printf("\n Private key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL)); - -#if defined(MBEDTLS_GENPRIME) - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q)); - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H)); - - mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ", - &D, 10, NULL); -#else - mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n"); -#endif - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555")); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL)); - - mbedtls_printf("\n RSA operation:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL)); - mbedtls_printf("\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N); - mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - mbedtls_mpi_free(&Z); - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("\nAn error occurred.\n"); - } - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c deleted file mode 100644 index d2bfde50f0..0000000000 --- a/programs/pkey/pk_decrypt.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Public key-based simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_decrypt"; - ((void) argv); - - mbedtls_pk_init(&pk); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(result, 0, sizeof(result)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 2) { - mbedtls_printf("usage: mbedtls_pk_decrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - ret = 1; - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c deleted file mode 100644 index 1ab2a3d60e..0000000000 --- a/programs/pkey/pk_encrypt.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_encrypt"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - if (strlen(argv[2]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[2], strlen(argv[2])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the encrypted value"); - fflush(stdout); - - if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]), - buf, &olen, sizeof(buf))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", - "result-enc.txt"); - ret = 1; - goto exit; - } - - for (i = 0; i < olen; i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c deleted file mode 100644 index c2c313ac1a..0000000000 --- a/programs/pkey/rsa_decrypt.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * RSA simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include - -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned c; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "rsa_decrypt"; - ((void) argv); - - memset(result, 0, sizeof(result)); - - if (argc != 1) { - mbedtls_printf("usage: rsa_decrypt\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - goto exit; - } - - i = 0; - - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, &i, - buf, result, 1024); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c deleted file mode 100644 index e1ed252bb2..0000000000 --- a/programs/pkey/rsa_encrypt.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "rsa_encrypt"; - mbedtls_mpi N, E; - - if (argc != 2) { - mbedtls_printf("usage: rsa_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if (strlen(argv[1]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[1], strlen(argv[1])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the RSA encrypted value"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, strlen(argv[1]), input, buf); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", - ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt"); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c deleted file mode 100644 index 3dfa8529eb..0000000000 --- a/programs/pkey/rsa_genkey.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Example RSA key generation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" - -#include -#include -#endif - -#define KEY_SIZE 2048 -#define EXPONENT 65537 - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - FILE *fpub = NULL; - FILE *fpriv = NULL; - const char *pers = "rsa_genkey"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE); - fflush(stdout); - - if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, - EXPONENT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt...."); - fflush(stdout); - - if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt..."); - fflush(stdout); - - if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - mbedtls_printf(" ok\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (fpub != NULL) { - fclose(fpub); - } - - if (fpriv != NULL) { - fclose(fpriv); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - mbedtls_rsa_free(&rsa); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c deleted file mode 100644 index e88e4e33b6..0000000000 --- a/programs/pkey/rsa_sign.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * RSA/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - mbedtls_rsa_init(&rsa); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc != 2) { - mbedtls_printf("usage: rsa_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Checking the private key"); - fflush(stdout); - if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c deleted file mode 100644 index af6156cdba..0000000000 --- a/programs/pkey/rsa_verify.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * RSA/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, E; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&E); - - if (argc != 2) { - mbedtls_printf("usage: rsa_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - /* - * Extract the RSA signature from the text file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&E); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt deleted file mode 100644 index 76cb8407af..0000000000 --- a/programs/random/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -set(executables - gen_entropy - gen_random_ctr_drbg -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c deleted file mode 100644 index eb85b62690..0000000000 --- a/programs/random/gen_entropy.c +++ /dev/null @@ -1,77 +0,0 @@ -/** - * \brief Use and generate multiple entropies calls into a file - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" - -#include -#endif - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_entropy_context entropy; - unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n", - (unsigned int) ret); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c deleted file mode 100644 index 793c8ac88c..0000000000 --- a/programs/random/gen_random_ctr_drbg.c +++ /dev/null @@ -1,109 +0,0 @@ -/** - * \brief Use and generate random data into a file via the CTR_DBRG based on AES - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - unsigned char buf[1024]; - - mbedtls_ctr_drbg_init(&ctr_drbg); - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, - mbedtls_entropy_func, - &entropy, - (const unsigned char *) "RANDOM_GEN", - 10); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret); - goto cleanup; - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF); - -#if defined(MBEDTLS_FS_IO) - ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile"); - - if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) { - mbedtls_printf("Failed to open seedfile. Generating one.\n"); - ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile"); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret); - goto cleanup; - } - } else if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret); - goto cleanup; - } -#endif - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf("failed!\n"); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */ diff --git a/programs/wince_main.c b/programs/wince_main.c deleted file mode 100644 index de11162291..0000000000 --- a/programs/wince_main.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Windows CE console application entry point - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(_WIN32_WCE) - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include - -extern int main(int, const char **); - -int _tmain(int argc, _TCHAR *targv[]) -{ - char **argv; - int i; - - argv = (char **) calloc(argc, sizeof(char *)); - - for (i = 0; i < argc; i++) { - size_t len; - len = _tcslen(targv[i]) + 1; - argv[i] = (char *) calloc(len, sizeof(char)); - wcstombs(argv[i], targv[i], len); - } - - return main(argc, argv); -} - -#endif /* defined(_WIN32_WCE) */ From 47111a1cb1efe636d22bcdb6c3105a2a8e1a5d21 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 6 Mar 2025 11:35:00 +0000 Subject: [PATCH 0238/1080] initial remove of mbedtls_ssl_conf_rng Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 11 ----------- library/ssl_tls.c | 8 -------- programs/fuzz/fuzz_client.c | 1 - programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_dtlsserver.c | 1 - programs/fuzz/fuzz_server.c | 1 - programs/ssl/dtls_client.c | 1 - programs/ssl/dtls_server.c | 1 - programs/ssl/mini_client.c | 2 -- programs/ssl/ssl_client1.c | 1 - programs/ssl/ssl_client2.c | 1 - programs/ssl/ssl_fork_server.c | 1 - programs/ssl/ssl_mail_client.c | 1 - programs/ssl/ssl_pthread_server.c | 1 - programs/ssl/ssl_server.c | 1 - programs/ssl/ssl_server2.c | 1 - programs/x509/cert_app.c | 1 - tests/src/test_helpers/ssl_helpers.c | 1 - tests/suites/test_suite_debug.function | 5 ----- tests/suites/test_suite_ssl.function | 6 ------ 20 files changed, 47 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6c37fc3703..fa382253ca 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2060,17 +2060,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, void *p_vrfy); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -/** - * \brief Set the random number generator callback - * - * \param conf SSL configuration - * \param f_rng RNG function (mandatory) - * \param p_rng RNG parameter - */ -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - /** * \brief Set the debug callback * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7eb181e373..8f90fa1b98 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1526,14 +1526,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - conf->f_rng = f_rng; - conf->p_rng = p_rng; -} - void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 209422399f..03a6337d48 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -142,7 +142,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index e667d8b3d0..31c6c9bdd6 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -85,7 +85,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); #endif mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 740dea5aaf..2228d070aa 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -100,7 +100,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 857b1b64f9..a1e03d4502 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -113,7 +113,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 3277e525f8..26eb20d49f 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -169,7 +169,6 @@ int main(int argc, char *argv[]) * Production code should set a proper ca chain and use REQUIRED. */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index a10a6e6bb2..0e155fd0d2 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -200,7 +200,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 39d07ab378..e3adb3cf8a 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -187,8 +187,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), (const unsigned char *) psk_id, sizeof(psk_id) - 1); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index bd2572bc21..dba8aab658 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -150,7 +150,6 @@ int main(void) * but makes interop easier in this simplified example */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e4efadc0d1..6a5fca57de 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1906,7 +1906,6 @@ int main(int argc, char *argv[]) #endif #endif /* MBEDTLS_HAVE_TIME */ } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index f1eb21f3d9..f8752bb604 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -160,7 +160,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 69aefef7db..521bc5418a 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -571,7 +571,6 @@ int main(int argc, char *argv[]) * but makes interop easier in this simplified example */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 1214eb83fa..5701a7b838 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -401,7 +401,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout); /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 0f27b8227d..2f26ca4801 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -179,7 +179,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 556e906498..633822297e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2925,7 +2925,6 @@ int main(int argc, char *argv[]) #endif #endif /* MBEDTLS_HAVE_TIME */ } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 1de439ce8b..d9d5bb60ac 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -383,7 +383,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1ebd5a6fa7..bffb35372b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -767,7 +767,6 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index f3c8ff6196..57b8f4e175 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -156,7 +156,6 @@ void debug_print_msg_threshold(int threshold, int level, char *file, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -194,7 +193,6 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -229,7 +227,6 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -267,7 +264,6 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -306,7 +302,6 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3f84458797..25aa44fc09 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1219,7 +1219,6 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3033,7 +3032,6 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_transport(&conf, transport); mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( @@ -3058,7 +3056,6 @@ void conf_group() mbedtls_ssl_config conf; mbedtls_ssl_config_init(&conf); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); @@ -3168,7 +3165,6 @@ void cookie_parsing(data_t *cookie, int exp_ret) MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, @@ -3223,7 +3219,6 @@ void cid_sanity() MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3482,7 +3477,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); From 602b2968caa8c38277eeaf86b55ab22510a28c43 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 7 Mar 2025 15:52:50 +0000 Subject: [PATCH 0239/1080] pre-test version of the mbedtls_ssl_conf_rng removal Signed-off-by: Ben Taylor --- library/ssl_client.c | 7 +++---- library/ssl_misc.h | 4 +--- library/ssl_msg.c | 13 +++---------- library/ssl_tls.c | 10 +++++----- library/ssl_tls12_server.c | 9 +++++---- library/ssl_tls13_server.c | 7 +++---- tests/suites/test_suite_ssl.function | 9 +++------ 7 files changed, 23 insertions(+), 36 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index be4d621d6c..f8abfde377 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -725,8 +725,7 @@ static int ssl_generate_random(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_HAVE_TIME */ } - ret = ssl->conf->f_rng(ssl->conf->p_rng, - randbytes + gmt_unix_time_len, + ret = psa_generate_random(randbytes + gmt_unix_time_len, MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); return ret; } @@ -867,8 +866,8 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) if (session_id_len != session_negotiate->id_len) { session_negotiate->id_len = session_id_len; if (session_id_len > 0) { - ret = ssl->conf->f_rng(ssl->conf->p_rng, - session_negotiate->id, + + ret = psa_generate_random(session_negotiate->id, session_id_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d12cee3ceb..e51a3df5ed 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1721,9 +1721,7 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); + mbedtls_record *rec); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, mbedtls_ssl_transform *transform, diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f5ea8dd277..96c1a7c96e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -801,9 +801,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv, int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + mbedtls_record *rec) { mbedtls_ssl_mode_t ssl_mode; int auth_done = 0; @@ -1140,10 +1138,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, * Prepend per-record IV for block cipher in TLS v1.2 as per * Method 1 (6.2.3.2. in RFC4346 and RFC5246) */ - if (f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } if (rec->data_offset < transform->ivlen) { MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); @@ -1153,7 +1147,7 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, /* * Generate IV */ - ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); + ret = psa_generate_random(transform->iv_enc, transform->ivlen); if (ret != 0) { return ret; } @@ -2725,8 +2719,7 @@ int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush) rec.cid_len = 0; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8f90fa1b98..20a2538290 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1223,11 +1223,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) return ret; } - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - /* Space for further checks */ return 0; @@ -1249,6 +1244,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, if ((ret = ssl_conf_check(ssl)) != 0) { return ret; } + ssl->tls_version = ssl->conf->max_tls_version; /* @@ -1289,6 +1285,10 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } + if((ret = psa_crypto_init()) != 0) { + goto error; + } + return 0; error: diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 84d5994ca0..d3c422369a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2133,14 +2133,14 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t)); #else - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { + if ((ret = psa_generate_random(ssl->conf->p_rng, p, 4)) != 0) { return ret; } p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) { + if ((ret = psa_generate_random(p, 20)) != 0) { return ret; } p += 20; @@ -2166,7 +2166,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } else #endif { - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) { + + if ((ret = psa_generate_random(p, 8)) != 0) { return ret; } } @@ -2197,7 +2198,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_SESSION_TICKETS */ { ssl->session_negotiate->id_len = n = 32; - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, + if ((ret = psa_generate_random(ssl->session_negotiate->id, n)) != 0) { return ret; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 1dde4ab3c9..4ef23f8fc2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1996,7 +1996,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) unsigned char *server_randbytes = ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, + if ((ret = psa_generate_random(server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); return ret; @@ -3172,8 +3172,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, #endif /* Generate ticket_age_add */ - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, - (unsigned char *) &session->ticket_age_add, + if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add, sizeof(session->ticket_age_add)) != 0)) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); return ret; @@ -3182,7 +3181,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, (unsigned int) session->ticket_age_add)); /* Generate ticket_nonce */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); + ret = psa_generate_random(ticket_nonce, ticket_nonce_size); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret); return ret; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 25aa44fc09..743b53c007 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1340,8 +1340,7 @@ void ssl_crypt_record(int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); if (ret != 0) { continue; @@ -1494,8 +1493,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { /* It's ok if the output buffer is too small. We do insist @@ -1948,8 +1946,7 @@ void ssl_tls13_record_protection(int ciphersuite, memset(&rec.ctr[0], 0, 8); rec.ctr[7] = ctr; - TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec, - NULL, NULL) == 0); + TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0); if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, From fd52984896a4cb6359987e227b914a42901e7384 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 10 Mar 2025 08:27:42 +0000 Subject: [PATCH 0240/1080] resolved ci failures Signed-off-by: Ben Taylor --- library/ssl_msg.c | 2 -- library/ssl_tls12_server.c | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 96c1a7c96e..847b1daf2a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -827,8 +827,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, * for CBC transformations in TLS 1.2. */ #if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2)) - ((void) f_rng); - ((void) p_rng); #endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d3c422369a..055e75ad8b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2133,7 +2133,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t)); #else - if ((ret = psa_generate_random(ssl->conf->p_rng, p, 4)) != 0) { + if ((ret = psa_generate_random(p, 4)) != 0) { return ret; } @@ -2166,7 +2166,6 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } else #endif { - if ((ret = psa_generate_random(p, 8)) != 0) { return ret; } From 6ff2da196a3d6ab2f93409ba7a915031d16d0e29 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 17 Mar 2025 09:26:20 +0000 Subject: [PATCH 0241/1080] added further debug Signed-off-by: Ben Taylor --- library/ssl_tls.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 20a2538290..1656f83336 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4467,10 +4467,13 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if (ssl->conf != NULL) { + if (ssl->conf->f_async_cancel != NULL) { + if(handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; - } + }}} + #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(PSA_WANT_ALG_SHA_256) From d5d707842ce6fba99af8e72947f464d7faf58de3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 09:16:14 +0000 Subject: [PATCH 0242/1080] removed NR psa-init Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1656f83336..3b62df4ca9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1285,10 +1285,6 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } - if((ret = psa_crypto_init()) != 0) { - goto error; - } - return 0; error: From 0deda0e34ca23ff36fa6904d4ba681931863e0c4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 11:27:37 +0000 Subject: [PATCH 0243/1080] Update debug Signed-off-by: Ben Taylor --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4ef23f8fc2..6fa90d444f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1998,7 +1998,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) if ((ret = psa_generate_random(server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); + MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret); return ret; } From 1cd1e01897a2c8b1a10654852bfcee51d19f7fc3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 11:50:39 +0000 Subject: [PATCH 0244/1080] Correct code style Signed-off-by: Ben Taylor --- library/ssl_client.c | 4 ++-- library/ssl_tls.c | 12 +++++++----- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_server.c | 4 ++-- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index f8abfde377..cb57a97669 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -726,7 +726,7 @@ static int ssl_generate_random(mbedtls_ssl_context *ssl) } ret = psa_generate_random(randbytes + gmt_unix_time_len, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); + MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); return ret; } @@ -868,7 +868,7 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) if (session_id_len > 0) { ret = psa_generate_random(session_negotiate->id, - session_id_len); + session_id_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); return ret; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3b62df4ca9..2a759832bf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4464,11 +4464,13 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL) { - if(handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - }}} + if (ssl->conf->f_async_cancel != NULL) { + if (handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; + } + } + } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 055e75ad8b..e1785504b6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2198,7 +2198,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) { ssl->session_negotiate->id_len = n = 32; if ((ret = psa_generate_random(ssl->session_negotiate->id, - n)) != 0) { + n)) != 0) { return ret; } } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6fa90d444f..dc50bee868 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1997,7 +1997,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; if ((ret = psa_generate_random(server_randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { + MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret); return ret; } @@ -3173,7 +3173,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, /* Generate ticket_age_add */ if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add, - sizeof(session->ticket_age_add)) != 0)) { + sizeof(session->ticket_age_add)) != 0)) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); return ret; } From 1f091466c153739923180dbbf6179674fa65d290 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 08:00:14 +0000 Subject: [PATCH 0245/1080] tidy up syntax Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a759832bf..f0da0ddce7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4464,11 +4464,9 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL) { - if (handshake->async_in_progress != 0) { + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; - } } } From 9774e9a176c26c15447f3032c7ea9a67a6429e4f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 11:45:38 +0000 Subject: [PATCH 0246/1080] corrected code style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0da0ddce7..776b8da337 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4465,8 +4465,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; } } From fb68b8cf57e865e7175af74ed069384bae093f35 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:35:56 +0000 Subject: [PATCH 0247/1080] Remove empty ifdef Signed-off-by: Ben Taylor --- library/ssl_msg.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 847b1daf2a..be0dc92720 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -823,12 +823,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, ((void) ssl); #endif - /* The PRNG is used for dynamic IV generation that's used - * for CBC transformations in TLS 1.2. */ -#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2)) -#endif - MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); if (transform == NULL) { From 03c05c336ef035251dd170120b8bad1ca8f882c3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:36:13 +0000 Subject: [PATCH 0248/1080] Remove additional line Signed-off-by: Ben Taylor --- library/ssl_tls.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 776b8da337..619e8db311 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1244,7 +1244,6 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, if ((ret = ssl_conf_check(ssl)) != 0) { return ret; } - ssl->tls_version = ssl->conf->max_tls_version; /* From b9f83b3d07f9bc397ec4e60c2410a05064823b31 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:51:42 +0000 Subject: [PATCH 0249/1080] Remove srand from fuzz Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 2 -- programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_dtlsserver.c | 3 --- programs/fuzz/fuzz_server.c | 2 -- 4 files changed, 8 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 03a6337d48..6d3b73fa93 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -141,8 +141,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) //There may be other options to add : // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes - srand(1); - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; } diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 31c6c9bdd6..efe1362275 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -68,7 +68,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - srand(1); if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 2228d070aa..31eb514275 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -98,9 +98,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - - srand(1); - #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index a1e03d4502..bb9dd0a58c 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -112,8 +112,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - srand(1); - #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { From c12152e53e430b9c76917144e258f4ac59761d62 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 11:03:04 +0000 Subject: [PATCH 0250/1080] corrected style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 619e8db311..7fbb0b5b50 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,11 +4462,9 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - } + if (ssl->conf != NULL && ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ From 8224e7126220b05291bfbec4a4986a812a7b7211 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 12:02:16 +0000 Subject: [PATCH 0251/1080] remove NULL guard Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7fbb0b5b50..4635a85913 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,7 +4462,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf != NULL && ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if(ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } From cd2660fb0efbdd3525141a0578ccd1d2de24d87d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 13:13:29 +0000 Subject: [PATCH 0252/1080] fixed code style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4635a85913..94de3430cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,7 +4462,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if(ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } From ddbf729ef7a222e5ffbf254c762db67a7135de31 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 7 Mar 2025 09:33:33 +0100 Subject: [PATCH 0253/1080] Add directory and list arguments to generate_visualc_files.pl Signed-off-by: Ronald Cron --- scripts/generate_visualc_files.pl | 32 +++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 053040a9c5..32935f26f2 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -11,9 +11,18 @@ use warnings; use strict; +use Getopt::Long; use Digest::MD5 'md5_hex'; +# Declare variables for options my $vsx_dir = "visualc/VS2017"; +my $list = 0; # Default off + +GetOptions( + "directory=s" => \$vsx_dir, # Target directory + "list" => \$list # Only list generated files +) or die "Invalid options\n"; + my $vsx_ext = "vcxproj"; my $vsx_app_tpl_file = "scripts/data_files/vs2017-app-template.$vsx_ext"; my $vsx_main_tpl_file = "scripts/data_files/vs2017-main-template.$vsx_ext"; @@ -280,7 +289,9 @@ sub main { # Remove old files to ensure that, for example, project files from deleted # apps are not kept - del_vsx_files(); + if (not $list) { + del_vsx_files(); + } my @app_list = get_app_list(); my @header_dirs = ( @@ -313,13 +324,22 @@ sub main { map { s!/!\\!g } @headers; map { s!/!\\!g } @sources; - gen_app_files( @app_list ); + if ($list) { + foreach my $app (@app_list) { + $app =~ s/.*\///; + print "$vsx_dir/$app.$vsx_ext\n"; + } + print "$vsx_main_file\n"; + print "$vsx_sln_file\n"; + } else { + gen_app_files( @app_list ); - gen_main_file( \@headers, \@sources, - $vsx_hdr_tpl, $vsx_src_tpl, - $vsx_main_tpl_file, $vsx_main_file ); + gen_main_file( \@headers, \@sources, + $vsx_hdr_tpl, $vsx_src_tpl, + $vsx_main_tpl_file, $vsx_main_file ); - gen_vsx_solution( @app_list ); + gen_vsx_solution( @app_list ); + } return 0; } From a1e1c2ce3c2ff2a1d2d033679a870f7f3ff5da29 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 14 Feb 2025 17:41:33 +0100 Subject: [PATCH 0254/1080] Update framework pointer Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2b03d62924..28dc4cae3f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2b03d629240c0c23a0bfa5444f005b8d9b6f8ba8 +Subproject commit 28dc4cae3f71f5425dd42953c6f2f38d49123bee From 81a674eee8096ce43253e3d29b0c2cc0d8836e10 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 11 Mar 2025 12:53:45 +0100 Subject: [PATCH 0255/1080] Adapt to generate_config_tests.py changes Adapt builds and check-generated-files.sh to the fact that generate_config_tests.py does not generate test_suite_config.psa_boolean.data in Mbed TLS 4.x context anymore. Signed-off-by: Ronald Cron --- scripts/make_generated_files.bat | 4 ++-- tests/CMakeLists.txt | 11 ++--------- tests/Makefile | 21 ++++++++++++++------- tests/scripts/check-generated-files.sh | 8 ++++---- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index bef198f361..f632d32e9f 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -21,12 +21,12 @@ perl scripts\generate_visualc_files.pl || exit /b 1 @rem @@@@ programs\** @@@@ cd tf-psa-crypto python scripts\generate_psa_constants.py || exit /b 1 +python framework\scripts\generate_config_tests.py || exit /b 1 cd .. @rem @@@@ tests\** @@@@ python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_config_tests.py tests\suites\test_suite_config.mbedtls_boolean.data || exit /b 1 -python framework\scripts\generate_config_tests.py --directory tf-psa-crypto\tests\suites tests\suites\test_suite_config.psa_boolean.data || exit /b 1 +python framework\scripts\generate_config_tests.py || exit /b 1 python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a56a707f41..ce63d23769 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -19,15 +19,9 @@ execute_process( WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/.. OUTPUT_VARIABLE - base_config_generated_data_files_raw) + base_config_generated_data_files) string(REGEX REPLACE "[^;]*/" "" - base_config_generated_data_files_raw "${base_config_generated_data_files_raw}") -# Can be replace by list(FILTER ...) when CI CMake version is >=3.6 -foreach(file ${base_config_generated_data_files_raw}) - if(${file} MATCHES "mbedtls") - list(APPEND base_config_generated_data_files ${file}) - endif() -endforeach() + base_config_generated_data_files "${base_config_generated_data_files}") # Derive generated file paths in the build directory. The generated data # files go into the suites/ subdirectory. @@ -50,7 +44,6 @@ if(GEN_FILES) ${MBEDTLS_PYTHON_EXECUTABLE} ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py --directory ${CMAKE_CURRENT_BINARY_DIR}/suites - ${config_generated_data_files} DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py # Do not declare the configuration files as dependencies: they diff --git a/tests/Makefile b/tests/Makefile index b6f2f8caff..c44369b47d 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -25,16 +25,23 @@ $(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) endif GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) -GENERATED_CONFIG_DATA_FILES_RAW := $(patsubst tests/%,%,$(shell \ +GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ echo FAILED \ )) -ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED) +ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) endif -GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring mbedtls,$(file)),$(file),)) -GENERATED_PSA_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring psa,$(file)),$(addprefix ../tf-psa-crypto/tests/,$(file)),)) -GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)$(GENERATED_PSA_CONFIG_DATA_FILES) + +GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED) +$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) +endif + +GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) @@ -112,8 +119,8 @@ generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_config_test_data: echo " Gen $(GENERATED_CONFIG_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_config_tests.py $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) - $(PYTHON) ../framework/scripts/generate_config_tests.py --directory ../tf-psa-crypto/tests/suites $(GENERATED_PSA_CONFIG_DATA_FILES) + $(PYTHON) ../framework/scripts/generate_config_tests.py + cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py .SECONDARY: generated_config_test_data $(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index ba10024ee8..2e104ee29a 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -141,10 +141,10 @@ check() if [ -d tf-psa-crypto ]; then cd tf-psa-crypto check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check ../framework/scripts/generate_bignum_tests.py $(../framework/scripts/generate_bignum_tests.py --list) - check ../framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data - check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list) - check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list) + check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) + check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list) + check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) + check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) cd .. # Generated files that are present in the repository even in the development # branch. (This is intended to be temporary, until the generator scripts are From 99226e9b9b04f62a3815724d11231a0c37e93766 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 14 Feb 2025 15:43:22 +0100 Subject: [PATCH 0256/1080] cmake: Generate test_keys.h and test_certs.h in the build tree Signed-off-by: Ronald Cron --- CMakeLists.txt | 16 ++++++++++------ scripts/generate_visualc_files.pl | 7 +++++++ scripts/make_generated_files.bat | 16 ++++++++-------- tests/.gitignore | 4 ++-- tests/CMakeLists.txt | 1 + tests/Makefile | 16 ++++++++-------- tests/scripts/check-generated-files.sh | 4 ++-- tests/src/certs.c | 2 +- 8 files changed, 39 insertions(+), 27 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9f23c3b2f7..a099356389 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -420,20 +420,22 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) if(GEN_FILES) add_custom_command( OUTPUT - ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h + ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h + COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py" "--output" - "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h" + "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h" DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py ) add_custom_target(mbedtls_test_keys_header - DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h) + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) add_dependencies(mbedtls_test mbedtls_test_keys_header) endif() target_include_directories(mbedtls_test + PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include PRIVATE tests/include PRIVATE include @@ -454,20 +456,22 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) if(GEN_FILES) add_custom_command( OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h + ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h + COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py" "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" + "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h" DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py ) add_custom_target(mbedtls_test_certs_header - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h) + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h) add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header) endif() target_include_directories(mbedtls_test_helpers + PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include PRIVATE tests/include PRIVATE include diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 32935f26f2..81521896b4 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -42,6 +42,8 @@ my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src'; my $tls_test_source_dir = 'tests/src'; my $tls_test_header_dir = 'tests/include/test'; +my $crypto_test_source_dir = 'tf-psa-crypto/tests/src'; +my $crypto_test_header_dir = 'tf-psa-crypto/tests/include/test'; my $test_source_dir = 'framework/tests/src'; my $test_header_dir = 'framework/tests/include/test'; my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; @@ -68,6 +70,7 @@ tf-psa-crypto/drivers/everest/include/everest/vs2013 tf-psa-crypto/drivers/everest/include/everest/kremlib tests/include + tf-psa-crypto/tests/include framework/tests/include framework/tests/programs ); @@ -131,9 +134,11 @@ sub check_dirs { && -d $crypto_source_dir && -d $test_source_dir && -d $tls_test_source_dir + && -d $crypto_test_source_dir && -d $test_drivers_source_dir && -d $test_header_dir && -d $tls_test_header_dir + && -d $crypto_test_header_dir && -d $test_drivers_header_dir && -d $mbedtls_programs_dir && -d $framework_programs_dir @@ -300,6 +305,7 @@ sub main { $psa_header_dir, $test_header_dir, $tls_test_header_dir, + $crypto_test_header_dir, $test_drivers_header_dir, $tls_source_dir, $crypto_core_source_dir, @@ -314,6 +320,7 @@ sub main { $crypto_source_dir, $test_source_dir, $tls_test_source_dir, + $crypto_test_source_dir, $test_drivers_source_dir, @thirdparty_source_dirs, ); diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index f632d32e9f..418b6681a3 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -7,17 +7,12 @@ @rem the "CC" environment variable must point to a C compiler. @rem @@@@ library\** @@@@ -@rem psa_crypto_driver_wrappers.h needs to be generated prior to -@rem generate_visualc_files.pl being invoked. python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1 perl scripts\generate_errors.pl || exit /b 1 perl scripts\generate_query_config.pl || exit /b 1 perl scripts\generate_features.pl || exit /b 1 python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1 -@rem @@@@ Build @@@@ -perl scripts\generate_visualc_files.pl || exit /b 1 - @rem @@@@ programs\** @@@@ cd tf-psa-crypto python scripts\generate_psa_constants.py || exit /b 1 @@ -29,8 +24,13 @@ python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\test python framework\scripts\generate_config_tests.py || exit /b 1 python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 -python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1 -python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 +python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1 +python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\tests\include\test\test_keys.h || exit /b 1 +python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1 python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 + +@rem @@@@ Build @@@@ +@rem Call generate_visualc_files.pl last to be sure everything else has been +@rem generated before. +perl scripts\generate_visualc_files.pl || exit /b 1 diff --git a/tests/.gitignore b/tests/.gitignore index a4a0309fa8..e58c8f0554 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -22,6 +22,6 @@ /opt-testcases/tls13-compat.sh /suites/*.generated.data /suites/test_suite_config.mbedtls_boolean.data -/src/test_keys.h -/src/test_certs.h +/include/test/test_keys.h +/include/test/test_certs.h ###END_GENERATED_FILES### diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index ce63d23769..d12133d300 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -176,6 +176,7 @@ function(add_test_suite suite_name) # files are automatically included because the library targets declare # them as PUBLIC. target_include_directories(test_suite_${data_name} + PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library diff --git a/tests/Makefile b/tests/Makefile index c44369b47d..87a6ca1777 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -64,9 +64,9 @@ endif GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES) GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES) -GENERATED_FILES += ../framework/tests/include/test/test_keys.h \ - ../tf-psa-crypto/framework/tests/include/test/test_keys.h \ - src/test_certs.h +GENERATED_FILES += include/test/test_keys.h \ + ../tf-psa-crypto/tests/include/test/test_keys.h \ + include/test/test_certs.h # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt @@ -184,16 +184,16 @@ all: $(BINARIES) $(CRYPTO_BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) -src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ +include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ -../framework/tests/include/test/test_keys.h: ../framework/scripts/generate_test_keys.py +include/test/test_keys.h: ../framework/scripts/generate_test_keys.py echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ -../tf-psa-crypto/framework/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py +../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py echo " Gen $@" $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ @@ -204,8 +204,8 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG # therefore the wildcard enumeration above doesn't include it. TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h endif -TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/include/test/test_keys.h \ - ../tf-psa-crypto/framework/tests/include/test/test_keys.h +TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h \ + ../tf-psa-crypto/tests/include/test/test_keys.h # Rule to compile common test C files in framework ../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 2e104ee29a..e3c8e08afe 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -171,7 +171,7 @@ else check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c fi -check framework/scripts/generate_test_keys.py framework/tests/include/test/test_keys.h +check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h # Additional checks for Mbed TLS only if in_mbedtls_repo; then @@ -181,7 +181,7 @@ if in_mbedtls_repo; then check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh - check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h + check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't # care about their content, but the files must exist. So it must run after # the step that creates or updates these files. diff --git a/tests/src/certs.c b/tests/src/certs.c index bacc846754..d1af5b2aa4 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -13,7 +13,7 @@ #include "mbedtls/pk.h" -#include "test_certs.h" +#include "test/test_certs.h" /* * From aa5c159e36b74b4e037a494f96ea9ebda2682bc2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 7 Mar 2025 09:34:41 +0100 Subject: [PATCH 0257/1080] all.sh: check generated files: Use make_generated_files.py Signed-off-by: Ronald Cron --- tests/scripts/components-basic-checks.sh | 44 +++++++++++++++++------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 3ee88a3c21..cd311ebd84 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -17,20 +17,38 @@ component_check_recursion () { } component_check_generated_files () { - msg "Check: check-generated-files, files generated with make" # 2s + msg "Check make_generated_files.py consistency" + make neat + $FRAMEWORK/scripts/make_generated_files.py + $FRAMEWORK/scripts/make_generated_files.py --check + make neat + + msg "Check files generated with make" + MBEDTLS_ROOT_DIR="$PWD" make generated_files - tests/scripts/check-generated-files.sh - - msg "Check: check-generated-files -u, files present" # 2s - tests/scripts/check-generated-files.sh -u - # Check that the generated files are considered up to date. - tests/scripts/check-generated-files.sh - - msg "Check: check-generated-files -u, files absent" # 2s - command make neat - tests/scripts/check-generated-files.sh -u - # Check that the generated files are considered up to date. - tests/scripts/check-generated-files.sh + $FRAMEWORK/scripts/make_generated_files.py --check + + cd tf-psa-crypto + ./framework/scripts/make_generated_files.py --check + + msg "Check files generated with cmake" + cd "$MBEDTLS_ROOT_DIR" + mkdir "$OUT_OF_SOURCE_DIR" + cd "$OUT_OF_SOURCE_DIR" + cmake -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR" + make + cd "$MBEDTLS_ROOT_DIR" + + # Files for MS Visual Studio are not generated with cmake thus copy the + # ones generated with make to pacify make_generated_files.py check. + # Files for MS Visual Studio are rather on their way out thus not adding + # support for them with cmake. + cp -Rf visualc "$OUT_OF_SOURCE_DIR" + + $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check + + cd tf-psa-crypto + ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! From 4cd8fbbb2d7cdcf73b7fd9c5b0c75fab29c7a771 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 17 Mar 2025 15:33:43 +0100 Subject: [PATCH 0258/1080] Use TF_PSA_CRYPTO_ROOT_DIR Signed-off-by: Ronald Cron --- tests/scripts/components-basic-checks.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index cd311ebd84..85731a1710 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -28,7 +28,7 @@ component_check_generated_files () { make generated_files $FRAMEWORK/scripts/make_generated_files.py --check - cd tf-psa-crypto + cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --check msg "Check files generated with cmake" @@ -47,7 +47,7 @@ component_check_generated_files () { $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check - cd tf-psa-crypto + cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check # This component ends with the generated files present in the source tree. From b9d7b5f1651766ecf82875252bfb89821679dca6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 14 Feb 2025 17:44:31 +0100 Subject: [PATCH 0259/1080] Update TF-PSA-Crypto pointer Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5048bced5e..43ea7fa25c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5048bced5e1c000c0e3888be8126eb63a2b91937 +Subproject commit 43ea7fa25cd8a288c5b75dbb0b4eb47df6ffca8b From 7a84f0f3a950bafbf35f0deba70d6a53eefd6286 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 27 Mar 2025 09:34:21 +0000 Subject: [PATCH 0260/1080] removed rng parameters from struct mbedtls_ssl_config Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa382253ca..9a02a6a8c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1405,10 +1405,6 @@ struct mbedtls_ssl_config { void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ - /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - /** Callback to retrieve a session from the cache */ mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); /** Callback to store a session into the cache */ From 05a978752b357f4c9890b3f9c27907a111a61fad Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 20 Mar 2025 13:22:59 +0000 Subject: [PATCH 0261/1080] Remove MBEDTLS_PK_RSA_ALT Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 44 ---------------------- 1 file changed, 44 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 376cd12337..107d9235a4 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -11,37 +11,6 @@ #include "mbedtls/pk.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_PEM_WRITE_C) && \ - defined(MBEDTLS_X509_CRT_WRITE_C) && \ - defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(PSA_WANT_ALG_SHA_1) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len) -{ - return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, - olen, input, output, output_max_len); -} - -static int mbedtls_rsa_sign_func(void *ctx, - mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig) -{ - return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - md_alg, - hashlen, - hash, - sig); -} -static size_t mbedtls_rsa_key_len_func(void *ctx) -{ - return ((const mbedtls_rsa_context *) ctx)->len; -} -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) @@ -436,19 +405,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, issuer_key_type = mbedtls_pk_get_type(&issuer_key); -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) - /* For RSA PK contexts, create a copy as an alternative RSA context. */ - if (pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA) { - TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt, - mbedtls_pk_rsa(issuer_key), - mbedtls_rsa_decrypt_func, - mbedtls_rsa_sign_func, - mbedtls_rsa_key_len_func) == 0); - - key = &issuer_key_alt; - } -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Turn the issuer PK context into an opaque one. */ if (pk_wrap == 2) { From d1c2d254ca780ec65f4769210f3d829e08541262 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:18:19 +0000 Subject: [PATCH 0262/1080] Add ChangeLog for rng removal Signed-off-by: Ben Taylor --- ChangeLog.d/removal-of-rng.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/removal-of-rng.txt diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt new file mode 100644 index 0000000000..414dde12dc --- /dev/null +++ b/ChangeLog.d/removal-of-rng.txt @@ -0,0 +1,5 @@ +API changes + * All API functions now use the PSA random generator psa_get_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + tf-psa-crypto/docs/4.0-migration-guide.md. From b430f8235cd71e48cd67998da615614dde7db47b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 20 Mar 2025 07:24:20 +0000 Subject: [PATCH 0263/1080] removed whitespace Signed-off-by: Ben Taylor --- ChangeLog.d/removal-of-rng.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt index 414dde12dc..a8a19f4ee3 100644 --- a/ChangeLog.d/removal-of-rng.txt +++ b/ChangeLog.d/removal-of-rng.txt @@ -1,5 +1,5 @@ API changes - * All API functions now use the PSA random generator psa_get_random() + * All API functions now use the PSA random generator psa_get_random() internally. As a consequence, functions no longer take RNG parameters. Please refer to the migration guide at : tf-psa-crypto/docs/4.0-migration-guide.md. From 92efce2b84cb6de71cbf284dbe302b9360a4da8f Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 19 Mar 2025 09:31:59 +0000 Subject: [PATCH 0264/1080] [development] Remove code relating to MBEDTLS_PSA_INJECT_ENTROPY Signed-off-by: Felix Conway --- .gitignore | 2 -- docs/proposed/config-split.md | 1 - scripts/config.py | 1 - tests/configs/user-config-for-test.h | 29 ------------------- .../psasim/src/psa_sim_generate.pl | 1 - .../components-configuration-crypto.sh | 15 ---------- tf-psa-crypto | 2 +- 7 files changed, 1 insertion(+), 50 deletions(-) delete mode 100644 tests/configs/user-config-for-test.h diff --git a/.gitignore b/.gitignore index 2917cfbef9..9226eecb4c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,5 @@ # Random seed file created by test scripts and sample programs seedfile -# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework -00000000ffffff52.psa_its # Log files created by all.sh to reduce the logs in case a component runs # successfully quiet-make.* diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..1ed3cc773f 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -247,7 +247,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER //#define MBEDTLS_PSA_CRYPTO_SPM #define MBEDTLS_PSA_CRYPTO_STORAGE_C -//#define MBEDTLS_PSA_INJECT_ENTROPY #define MBEDTLS_PSA_ITS_FILE_C #define MBEDTLS_PSA_KEY_STORE_DYNAMIC //#define MBEDTLS_PSA_STATIC_KEY_SLOTS diff --git a/scripts/config.py b/scripts/config.py index 417f6e25a2..3fc3614dc7 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -96,7 +96,6 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) - 'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h deleted file mode 100644 index f230fd3c5c..0000000000 --- a/tests/configs/user-config-for-test.h +++ /dev/null @@ -1,29 +0,0 @@ -/* TF_PSA_CRYPTO_USER_CONFIG_FILE for testing. - * Only used for a few test configurations. - * - * Typical usage (note multiple levels of quoting): - * make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform - * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO - * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions - * is to read and write from the entropy seed file, which is located - * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID. - * (These could have been provided as library functions, but for historical - * reasons, they weren't, and so each integrator has to provide a copy - * of these functions.) - * - * Provide implementations of these functions for testing. */ -#include -int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len); -int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); -#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read -#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 5770deaa80..3eec226e16 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -27,7 +27,6 @@ 'mbedtls_psa_crypto_free', # redefined rather than wrapped 'mbedtls_psa_external_get_random', # not in the default config, uses unsupported type 'mbedtls_psa_get_stats', # uses unsupported type - 'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway 'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type 'psa_get_key_slot_number', # not in the default config, uses unsupported type 'psa_key_derivation_verify_bytes', # not implemented yet diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 3d58895550..cb66e371cb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -261,21 +261,6 @@ component_test_psa_external_rng_use_psa_crypto () { tests/ssl-opt.sh -f 'Default\|opaque' } -component_test_psa_inject_entropy () { - msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY - scripts/config.py set MBEDTLS_ENTROPY_NV_SEED - scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ - scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" - make test -} - component_full_no_pkparse_pkwrite () { msg "build: full without pkparse and pkwrite" diff --git a/tf-psa-crypto b/tf-psa-crypto index 43ea7fa25c..893f536dae 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 43ea7fa25cd8a288c5b75dbb0b4eb47df6ffca8b +Subproject commit 893f536dae31f358516de6d9e851da7c18f5f53e From 133f7aab2c937e4bb8db266df00367b7745cd547 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 19 Mar 2025 14:38:47 +0000 Subject: [PATCH 0265/1080] Add MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES to ignore list for CI With the removal of the component_test_psa_inject_entropy test, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES is no longer set in any tests, and so the CI will complain unless it is added to the ignore list. Signed-off-by: Felix Conway --- tests/scripts/analyze_outcomes.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5f8f910a62..c7c9ed5810 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -118,10 +118,11 @@ def _has_word_re(words: typing.Iterable[str], # Untested platform-specific optimizations. # https://github.com/Mbed-TLS/mbedtls/issues/9588 'Config: MBEDTLS_HAVE_SSE2', - # Obsolete configuration option, to be replaced by + # Obsolete configuration options, to be replaced by # PSA entropy drivers. # https://github.com/Mbed-TLS/mbedtls/issues/8150 'Config: MBEDTLS_NO_PLATFORM_ENTROPY', + 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', From 48426b12ef36ef107d1d8cac4dbc43c6a30e91f8 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 26 Mar 2025 13:57:45 +0000 Subject: [PATCH 0266/1080] Add MBEDTLS_PSA_INJECT_ENTROPY back into config-split.md Signed-off-by: Felix Conway --- docs/proposed/config-split.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1ed3cc773f..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -247,6 +247,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`. //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER //#define MBEDTLS_PSA_CRYPTO_SPM #define MBEDTLS_PSA_CRYPTO_STORAGE_C +//#define MBEDTLS_PSA_INJECT_ENTROPY #define MBEDTLS_PSA_ITS_FILE_C #define MBEDTLS_PSA_KEY_STORE_DYNAMIC //#define MBEDTLS_PSA_STATIC_KEY_SLOTS From 1459e75d3d7d715867e0759c37c9a133a05ca4f4 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Fri, 28 Mar 2025 10:36:00 +0000 Subject: [PATCH 0267/1080] Update tf-psa-crypto pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 893f536dae..d66b78e4ad 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 893f536dae31f358516de6d9e851da7c18f5f53e +Subproject commit d66b78e4ad1f7a61502e3dcf62daed177facc03f From bd81c9d0f710e62a5a493d1c053a87c2db78f78a Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 22 Jul 2024 14:43:56 +0200 Subject: [PATCH 0268/1080] Implement TLS-Exporter feature The TLS-Exporter is a function to derive shared symmetric keys for the server and client from the secrets generated during the handshake. It is defined in RFC 8446, Section 7.5 for TLS 1.3 and in RFC 5705 for TLS 1.2. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 24 ++++++++++ library/ssl_tls.c | 95 ++++++++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.c | 34 ++++++++++++++ library/ssl_tls13_keys.h | 16 +++++++ 4 files changed, 169 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9a02a6a8c2..5bd0b04903 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5388,6 +5388,30 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); + /** + * \brief TLS-Exporter to derive shared symmetric keys between server and client. + * + * \param ctx SSL context from which to export keys. Must have finished the handshake. + * \param out Output buffer of length at least key_len bytes. + * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. + * \param label Label for which to generate the key of length label_len. + * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. + * \param context Context of the key. Can be NULL if context_len or use_context is 0. + * \param context_len Length of context. Must be < 2^16 in TLS1.2. + * \param use_context Indicates if a context should be used in deriving the key. + * + * \note TLS 1.2 makes a distinction between a 0-length context and no context. + * This is why the use_context argument exists. TLS 1.3 does not make + * this distinction. If use_context is 0 and TLS 1.3 is used, context and + * context_len are ignored and a 0-length context is used. + * + * \return 0 on success. An SSL specific error on failure. + */ + int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, + uint8_t *out, size_t key_len, + const char *label, size_t label_len, + const unsigned char *context, size_t context_len, + int use_context); #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 94de3430cc..4c7ce1ee96 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -18,6 +18,7 @@ #include "mbedtls/ssl.h" #include "ssl_client.h" #include "ssl_debug_helpers.h" +#include "ssl_tls13_keys.h" #include "debug_internal.h" #include "mbedtls/error.h" @@ -8929,4 +8930,98 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, + const mbedtls_md_type_t hash_alg, + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context) +{ + int ret = 0; + size_t prf_input_len = use_context ? 64 + 2 + context_len : 64; + unsigned char *prf_input = NULL; + char *label_str = NULL; + + if (use_context && context_len >= (1 << 16)) { + ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + goto exit; + } + + prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char)); + label_str = mbedtls_calloc(label_len + 1, sizeof(char)); + if (prf_input == NULL || label_str == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + + memcpy(label_str, label, label_len); + label_str[label_len] = '\0'; + + /* The input to the PRF is client_random, then server_random. + * If a context is provided, this is then followed by the context length + * as a 16-bit big-endian integer, and then the context itself. */ + memcpy(prf_input, ssl->transform->randbytes + 32, 32); + memcpy(prf_input + 32, ssl->transform->randbytes, 32); + if (use_context) { + prf_input[64] = (unsigned char)((context_len >> 8) & 0xff); + prf_input[65] = (unsigned char)(context_len & 0xff); + memcpy(prf_input + 66, context, context_len); + } + ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str, + prf_input, prf_input_len, + out, key_len); + +exit: + mbedtls_free(prf_input); + mbedtls_free(label_str); + return ret; +} + +static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, + const mbedtls_md_type_t hash_alg, + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len) +{ + const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); + const size_t hash_len = PSA_HASH_LENGTH(hash_alg); + const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; + + if (key_len > 0xff || label_len > 250) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + return mbedtls_ssl_tls13_exporter(psa_hash_alg, secret, hash_len, + (const unsigned char *)label, label_len, + context, context_len, out, key_len); +} + +int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context) +{ + if (!mbedtls_ssl_is_handshake_over(ssl)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + int ciphersuite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl); + const mbedtls_ssl_ciphersuite_t *ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); + const mbedtls_md_type_t hash_alg = ciphersuite->mac; + + switch (mbedtls_ssl_get_version_number(ssl)) { + case MBEDTLS_SSL_VERSION_TLS1_2: + return mbedtls_ssl_tls12_export_keying_material(ssl, hash_alg, out, key_len, + label, label_len, + context, context_len, use_context); + case MBEDTLS_SSL_VERSION_TLS1_3: + return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, out, key_len, label, label_len, + use_context ? context : NULL, + use_context ? context_len : 0); + default: + return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; + } +} + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a421a06de4..38b342ea8b 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1824,4 +1824,38 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, + const unsigned char *secret, const size_t secret_len, + const unsigned char *label, const size_t label_len, + const unsigned char *context_value, const size_t context_len, + unsigned char *out, const size_t out_len) +{ + size_t hash_len = PSA_HASH_LENGTH(hash_alg); + unsigned char hkdf_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + unsigned char hashed_context[PSA_HASH_MAX_SIZE]; + size_t hashed_context_len = 0; + int ret = 0; + psa_status_t status = 0; + + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); + if (ret != 0) { + goto exit; + } + + status = psa_hash_compute(hash_alg, context_value, context_len, hashed_context, hash_len, &hashed_context_len); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto exit; + } + ret = mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, hkdf_secret, hash_len, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), + hashed_context, hashed_context_len, + out, out_len); + +exit: + mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); + return ret; +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index d3a4c6c992..41604c7e29 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -646,6 +646,22 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, size_t *psk_len); #endif +/** + * \brief Calculate TLS-Exporter function as defined in RFC 8446, Section 7.5. + * + * \param[in] hash_alg The hash algorithm. + * \param[in] secret The secret to use. (Should be the exporter master secret.) + * \param[in] secret_len Length of secret. + * \param[in] label The label of the exported key. + * \param[in] label_len The length of label. + * \param[out] out The output buffer for the exported key. Must have room for at least out_len bytes. + * \param[in] out_len Length of the key to generate. +int mbedtls_ssl_tls13_exporter(psa_algorithm_t hash_alg, + const unsigned char *secret, size_t secret_len, + const unsigned char *label, size_t label_len, + const unsigned char *context_value, size_t context_len, + unsigned char *out, size_t out_len); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ From 32ba7f4a17e0e9b82dd9d99909c8f370ebca02f9 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 22 Jul 2024 14:44:09 +0200 Subject: [PATCH 0269/1080] Add TLS-Exporter options to ssl_server2 The program prints out the derived symmetric key for testing purposes. Signed-off-by: Max Fillinger --- programs/ssl/ssl_server2.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 633822297e..c179435332 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -70,6 +70,8 @@ int main(void) #define DFL_NBIO 0 #define DFL_EVENT 0 #define DFL_READ_TIMEOUT 0 +#define DFL_EXP_LABEL NULL +#define DFL_EXP_LEN 20 #define DFL_CA_FILE "" #define DFL_CA_PATH "" #define DFL_CRT_FILE "" @@ -517,6 +519,10 @@ int main(void) " event=%%d default: 0 (loop)\n" \ " options: 1 (level-triggered, implies nbio=1),\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_SRTP \ @@ -608,6 +614,8 @@ struct options { int nbio; /* should I/O be blocking? */ int event; /* loop or event-driven IO? level or edge triggered? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ + const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ + int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ int response_size; /* pad response with header to requested size */ uint16_t buffer_size; /* IO buffer size */ const char *ca_file; /* the file with the CA certificate(s) */ @@ -1704,6 +1712,8 @@ int main(int argc, char *argv[]) opt.cid_val = DFL_CID_VALUE; opt.cid_val_renego = DFL_CID_VALUE_RENEGO; opt.read_timeout = DFL_READ_TIMEOUT; + opt.exp_label = DFL_EXP_LABEL; + opt.exp_len = DFL_EXP_LEN; opt.ca_file = DFL_CA_FILE; opt.ca_path = DFL_CA_PATH; opt.crt_file = DFL_CRT_FILE; @@ -1883,6 +1893,10 @@ int main(int argc, char *argv[]) } } else if (strcmp(p, "read_timeout") == 0) { opt.read_timeout = atoi(q); + } else if (strcmp(p, "exp_label") == 0) { + opt.exp_label = q; + } else if (strcmp(p, "exp_len") == 0) { + opt.exp_len = atoi(q); } else if (strcmp(p, "buffer_size") == 0) { opt.buffer_size = atoi(q); if (opt.buffer_size < 1) { @@ -3605,6 +3619,27 @@ int main(int argc, char *argv[]) mbedtls_printf("\n"); } + if (opt.exp_label != NULL && opt.exp_len > 0) { + unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + if (exported_key == NULL) { + mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); + ret = 3; + goto exit; + } + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + opt.exp_label, strlen(opt.exp_label), + NULL, 0, 0); + if (ret != 0) { + goto exit; + } + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + for (i = 0; i < opt.exp_len; i++) { + mbedtls_printf("%02X", exported_key[i]); + } + mbedtls_printf("\n\n"); + fflush(stdout); + } + #if defined(MBEDTLS_SSL_DTLS_SRTP) else if (opt.use_srtp != 0) { size_t j = 0; From b2718e17e61151a6a6262aff5dae2c8c729a1f23 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 22 Jul 2024 15:09:24 +0200 Subject: [PATCH 0270/1080] Add TLS-Exporter options to ssl_client2 Prints out the exported key on the command line for testing purposes. Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6a5fca57de..5ad2327afc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -102,6 +102,8 @@ int main(void) #define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG_FILE NULL #define DFL_SKIP_CLOSE_NOTIFY 0 +#define DFL_EXP_LABEL NULL +#define DFL_EXP_LEN 20 #define DFL_QUERY_CONFIG_MODE 0 #define DFL_USE_SRTP 0 #define DFL_SRTP_FORCE_PROFILE 0 @@ -389,6 +391,10 @@ int main(void) " read_timeout=%%d default: 0 ms (no timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ " skip_close_notify=%%d default: 0 (send close_notify)\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_CID \ @@ -534,6 +540,8 @@ struct options { * after renegotiation */ int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ + const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ + int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data; /* early data enablement flag */ #endif @@ -1412,6 +1420,10 @@ int main(int argc, char *argv[]) if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) { goto usage; } + } else if (strcmp(p, "exp_label") == 0) { + opt.exp_label = q; + } else if (strcmp(p, "exp_len") == 0) { + opt.exp_len = atoi(q); } else if (strcmp(p, "use_srtp") == 0) { opt.use_srtp = atoi(q); } else if (strcmp(p, "srtp_force_profile") == 0) { @@ -2485,6 +2497,27 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + if (opt.exp_label != NULL && opt.exp_len > 0) { + unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + if (exported_key == NULL) { + mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); + ret = 3; + goto exit; + } + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + opt.exp_label, strlen(opt.exp_label), + NULL, 0, 0); + if (ret != 0) { + goto exit; + } + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + for (i = 0; i < opt.exp_len; i++) { + mbedtls_printf("%02X", exported_key[i]); + } + mbedtls_printf("\n\n"); + fflush(stdout); + } + /* * 6. Write the GET request */ From b84cb4b0492944d1e6577295d3964d705691eaaa Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 25 Jul 2024 16:16:02 +0200 Subject: [PATCH 0271/1080] Add changelog entry for TLS-Exporter feature Signed-off-by: Max Fillinger --- ChangeLog.d/add-tls-exporter.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/add-tls-exporter.txt diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt new file mode 100644 index 0000000000..c752a18e1d --- /dev/null +++ b/ChangeLog.d/add-tls-exporter.txt @@ -0,0 +1,4 @@ +Features: + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. From 136fe9e4be154d3dec46d65445cdb7d46d697df3 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 9 Aug 2024 18:54:36 +0200 Subject: [PATCH 0272/1080] Fix commented out function declaration Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.h | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 41604c7e29..07b970aaf6 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -656,6 +656,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, * \param[in] label_len The length of label. * \param[out] out The output buffer for the exported key. Must have room for at least out_len bytes. * \param[in] out_len Length of the key to generate. + */ int mbedtls_ssl_tls13_exporter(psa_algorithm_t hash_alg, const unsigned char *secret, size_t secret_len, const unsigned char *label, size_t label_len, From c7986427d4c343dc03961515246ded61c392f943 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 9 Aug 2024 19:46:15 +0200 Subject: [PATCH 0273/1080] Add test for TLS-Exporter in TLS 1.3 Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 5 +++++ tests/suites/test_suite_ssl.function | 31 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 565588bea6..25cb965e85 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2791,6 +2791,11 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" +SSL TLS 1.3 Exporter +# Based on the "exp master" key from RFC 8448, expected result calculated with a HMAC-SHA256 calculator. +depends_on:PSA_WANT_ALG_SHA_256 +ssl_tls13_exporter:PSA_ALG_SHA_256:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4":"test":"context value":32:"83d0fac39f87c1b4fbcd261369f31149c535391a9199bd4c5daf89fe259c2e94" + SSL TLS 1.3 Key schedule: Early secrets derivation helper # Vector from RFC 8448 depends_on:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 743b53c007..e5c770a8e9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1695,6 +1695,37 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ +void ssl_tls13_exporter(int hash_alg, + data_t *secret, + char *label, + char *context_value, + int desired_length, + data_t *expected) +{ + unsigned char dst[100]; + + /* Check sanity of test parameters. */ + TEST_ASSERT((size_t) desired_length <= sizeof(dst)); + TEST_ASSERT((size_t) desired_length == expected->len); + + PSA_INIT(); + + TEST_ASSERT(mbedtls_ssl_tls13_exporter( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + (unsigned char *)label, strlen(label), + (unsigned char *)context_value, strlen(context_value), + dst, desired_length) == 0); + + TEST_MEMORY_COMPARE(dst, desired_length, + expected->x, desired_length); + +exit: + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ void ssl_tls13_derive_early_secrets(int hash_alg, data_t *secret, From 334c367052d739e22b14fcbf41630c9461b8cb8d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 12 Aug 2024 11:20:39 +0200 Subject: [PATCH 0274/1080] Simplify mbedtls_ssl_tls13_exporter RFC 8446 made it look like we can't use Derive-Secret for the second step, but actually, Transcript-Hash and Hash are the same thing, so we can. Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 38b342ea8b..e2ddaa7086 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1832,26 +1832,17 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, { size_t hash_len = PSA_HASH_LENGTH(hash_alg); unsigned char hkdf_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char hashed_context[PSA_HASH_MAX_SIZE]; - size_t hashed_context_len = 0; int ret = 0; - psa_status_t status = 0; ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); if (ret != 0) { goto exit; } - - status = psa_hash_compute(hash_alg, context_value, context_len, hashed_context, hash_len, &hashed_context_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - ret = mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, hkdf_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), - hashed_context, hashed_context_len, - out, out_len); + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, hkdf_secret, hash_len, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), + context_value, context_len, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + out, out_len); exit: mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); From 81dfc8830bedf49de26a33ce3f4a74c0e3cc3149 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 12 Aug 2024 12:51:02 +0200 Subject: [PATCH 0275/1080] Actually set exporter defaults in ssl_client2 Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5ad2327afc..71592ef987 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -984,6 +984,8 @@ int main(int argc, char *argv[]) opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; + opt.exp_label = DFL_EXP_LABEL; + opt.exp_len = DFL_EXP_LEN; opt.query_config_mode = DFL_QUERY_CONFIG_MODE; opt.use_srtp = DFL_USE_SRTP; opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; From 91cff4406bf3f3aea5b56f65fba97443d3f0efce Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 12 Aug 2024 13:20:46 +0200 Subject: [PATCH 0276/1080] Fix key_len check in TLS-Exporter The length of the generated key must fit into a uint16_t, so it must not be larger than 0xffff. Signed-off-by: Max Fillinger --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4c7ce1ee96..5f5ea39318 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8987,7 +8987,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - if (key_len > 0xff || label_len > 250) { + if (key_len > 0xffff || label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } From 9c9989fc6d7044434596dadb4caedafb36786c3f Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 14 Aug 2024 16:44:50 +0200 Subject: [PATCH 0277/1080] Fix mismatches in function declarations Missed some const keywords in function declarations. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 8 ++++---- library/ssl_tls.c | 8 ++++---- library/ssl_tls13_keys.h | 10 +++++----- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5bd0b04903..5f2bdf3372 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5408,10 +5408,10 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \return 0 on success. An SSL specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, size_t key_len, - const char *label, size_t label_len, - const unsigned char *context, size_t context_len, - int use_context); + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context); #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f5ea39318..afbf76af71 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8997,10 +8997,10 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, } int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, - const int use_context) + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context) { if (!mbedtls_ssl_is_handshake_over(ssl)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 07b970aaf6..a4b012f36e 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -657,11 +657,11 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, * \param[out] out The output buffer for the exported key. Must have room for at least out_len bytes. * \param[in] out_len Length of the key to generate. */ -int mbedtls_ssl_tls13_exporter(psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *context_value, size_t context_len, - unsigned char *out, size_t out_len); +int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, + const unsigned char *secret, const size_t secret_len, + const unsigned char *label, const size_t label_len, + const unsigned char *context_value, const size_t context_len, + uint8_t *out, const size_t out_len); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ From 55619940206c9de34af5b92f946ba2df2d28cabf Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 20 Sep 2024 15:22:06 +0200 Subject: [PATCH 0278/1080] Fix typos in comment Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5f2bdf3372..dc13713d14 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5397,7 +5397,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \param label Label for which to generate the key of length label_len. * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. - * \param context_len Length of context. Must be < 2^16 in TLS1.2. + * \param context_len Length of context. Must be < 2^16 in TLS 1.2. * \param use_context Indicates if a context should be used in deriving the key. * * \note TLS 1.2 makes a distinction between a 0-length context and no context. From ae7d66a1d5c383f1d8f42e5851667a25fcf37cc0 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 20 Sep 2024 17:50:16 +0200 Subject: [PATCH 0279/1080] Fix doxygen comment parameter name Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index dc13713d14..fd7b0f6a61 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5391,7 +5391,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, /** * \brief TLS-Exporter to derive shared symmetric keys between server and client. * - * \param ctx SSL context from which to export keys. Must have finished the handshake. + * \param ssl SSL context from which to export keys. Must have finished the handshake. * \param out Output buffer of length at least key_len bytes. * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. * \param label Label for which to generate the key of length label_len. From 9073e041fce7536fc0b13a6e48478400b4365633 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 20 Sep 2024 17:57:52 +0200 Subject: [PATCH 0280/1080] Fix TLS exporter changelog entry Signed-off-by: Max Fillinger --- ChangeLog.d/add-tls-exporter.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt index c752a18e1d..2b06c5f294 100644 --- a/ChangeLog.d/add-tls-exporter.txt +++ b/ChangeLog.d/add-tls-exporter.txt @@ -1,4 +1,4 @@ -Features: +Features * Add the function mbedtls_ssl_export_keying_material() which allows the client and server to extract additional shared symmetric keys from an SSL session, according to the TLS-Exporter specification in RFC 8446 and 5705. From 7b72220d421bca2d64bcfa7ec16040d863273ea3 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sat, 21 Sep 2024 10:48:57 +0200 Subject: [PATCH 0281/1080] Fix coding style Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 40 ++++++++++++++-------------- library/ssl_tls.c | 31 ++++++++++++++------- library/ssl_tls13_keys.c | 14 +++++++--- programs/ssl/ssl_client2.c | 8 +++--- programs/ssl/ssl_server2.c | 8 +++--- tests/suites/test_suite_ssl.function | 4 +-- 6 files changed, 63 insertions(+), 42 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fd7b0f6a61..c011b9e4d9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5388,26 +5388,26 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); - /** - * \brief TLS-Exporter to derive shared symmetric keys between server and client. - * - * \param ssl SSL context from which to export keys. Must have finished the handshake. - * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. - * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. - * \param context Context of the key. Can be NULL if context_len or use_context is 0. - * \param context_len Length of context. Must be < 2^16 in TLS 1.2. - * \param use_context Indicates if a context should be used in deriving the key. - * - * \note TLS 1.2 makes a distinction between a 0-length context and no context. - * This is why the use_context argument exists. TLS 1.3 does not make - * this distinction. If use_context is 0 and TLS 1.3 is used, context and - * context_len are ignored and a 0-length context is used. - * - * \return 0 on success. An SSL specific error on failure. - */ - int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, +/** + * \brief TLS-Exporter to derive shared symmetric keys between server and client. + * + * \param ssl SSL context from which to export keys. Must have finished the handshake. + * \param out Output buffer of length at least key_len bytes. + * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. + * \param label Label for which to generate the key of length label_len. + * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. + * \param context Context of the key. Can be NULL if context_len or use_context is 0. + * \param context_len Length of context. Must be < 2^16 in TLS 1.2. + * \param use_context Indicates if a context should be used in deriving the key. + * + * \note TLS 1.2 makes a distinction between a 0-length context and no context. + * This is why the use_context argument exists. TLS 1.3 does not make + * this distinction. If use_context is 0 and TLS 1.3 is used, context and + * context_len are ignored and a 0-length context is used. + * + * \return 0 on success. An SSL specific error on failure. + */ +int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, const unsigned char *context, const size_t context_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index afbf76af71..661ae29cc8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8932,9 +8932,12 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, + uint8_t *out, + const size_t key_len, + const char *label, + const size_t label_len, + const unsigned char *context, + const size_t context_len, const int use_context) { int ret = 0; @@ -8963,8 +8966,8 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s memcpy(prf_input, ssl->transform->randbytes + 32, 32); memcpy(prf_input + 32, ssl->transform->randbytes, 32); if (use_context) { - prf_input[64] = (unsigned char)((context_len >> 8) & 0xff); - prf_input[65] = (unsigned char)(context_len & 0xff); + prf_input[64] = (unsigned char) ((context_len >> 8) & 0xff); + prf_input[65] = (unsigned char) (context_len & 0xff); memcpy(prf_input + 66, context, context_len); } ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str, @@ -8979,9 +8982,12 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len) + uint8_t *out, + const size_t key_len, + const char *label, + const size_t label_len, + const unsigned char *context, + const size_t context_len) { const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); const size_t hash_len = PSA_HASH_LENGTH(hash_alg); @@ -8992,7 +8998,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, } return mbedtls_ssl_tls13_exporter(psa_hash_alg, secret, hash_len, - (const unsigned char *)label, label_len, + (const unsigned char *) label, label_len, context, context_len, out, key_len); } @@ -9016,7 +9022,12 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, label, label_len, context, context_len, use_context); case MBEDTLS_SSL_VERSION_TLS1_3: - return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, out, key_len, label, label_len, + return mbedtls_ssl_tls13_export_keying_material(ssl, + hash_alg, + out, + key_len, + label, + label_len, use_context ? context : NULL, use_context ? context_len : 0); default: diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index e2ddaa7086..ef897e88be 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1835,14 +1835,20 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, int ret = 0; ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, + hash_len); if (ret != 0) { goto exit; } - ret = mbedtls_ssl_tls13_derive_secret(hash_alg, hkdf_secret, hash_len, + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, + hkdf_secret, + hash_len, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), - context_value, context_len, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - out, out_len); + context_value, + context_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + out, + out_len); exit: mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 71592ef987..e443635b00 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2500,19 +2500,21 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; goto exit; } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { goto exit; } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", + opt.exp_len, + opt.exp_label); for (i = 0; i < opt.exp_len; i++) { mbedtls_printf("%02X", exported_key[i]); } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c179435332..88d2e3deaf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3620,19 +3620,21 @@ int main(int argc, char *argv[]) } if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; goto exit; } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { goto exit; } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", + opt.exp_len, + opt.exp_label); for (i = 0; i < opt.exp_len; i++) { mbedtls_printf("%02X", exported_key[i]); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e5c770a8e9..ab61e03465 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1714,8 +1714,8 @@ void ssl_tls13_exporter(int hash_alg, TEST_ASSERT(mbedtls_ssl_tls13_exporter( (psa_algorithm_t) hash_alg, secret->x, secret->len, - (unsigned char *)label, strlen(label), - (unsigned char *)context_value, strlen(context_value), + (unsigned char *) label, strlen(label), + (unsigned char *) context_value, strlen(context_value), dst, desired_length) == 0); TEST_MEMORY_COMPARE(dst, desired_length, From 29beade80faabc9c4a2807323736d8517033e269 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sat, 21 Sep 2024 11:06:28 +0200 Subject: [PATCH 0282/1080] Fix build when one of TLS 1.2 or 1.3 is disabled Signed-off-by: Max Fillinger --- library/ssl_tls.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae29cc8..b6d7b4bafc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8930,6 +8930,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, uint8_t *out, @@ -8979,7 +8980,9 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s mbedtls_free(label_str); return ret; } +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, uint8_t *out, @@ -9001,6 +9004,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, (const unsigned char *) label, label_len, context, context_len, out, key_len); } +#endif int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, @@ -9017,10 +9021,13 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg = ciphersuite->mac; switch (mbedtls_ssl_get_version_number(ssl)) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: return mbedtls_ssl_tls12_export_keying_material(ssl, hash_alg, out, key_len, label, label_len, context, context_len, use_context); +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, @@ -9030,6 +9037,7 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, label_len, use_context ? context : NULL, use_context ? context_len : 0); +#endif default: return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } From e10c9849e23b8f5657764415d0d3baebb99f8992 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sun, 22 Sep 2024 01:28:12 +0200 Subject: [PATCH 0283/1080] Fix coding style Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c011b9e4d9..d88e67cec5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5408,10 +5408,10 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \return 0 on success. An SSL specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, - const int use_context); + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context); #ifdef __cplusplus } #endif From 48150f5dc3641204dc6c7d262a1281e9c55be087 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 18 Oct 2024 16:19:39 +0200 Subject: [PATCH 0284/1080] Store randbytes for TLS 1.2 TLS-Exporter Previously, if MBEDTLS_SSL_CONTEXT_SERIALIZATION is not defined, randbytes are not stored after the handshake is done, but they are needed for TLS-Exporter in TLS 1.2. This commit also saves randbytes if MBEDTLS_SSL_PROTO_TLS1_2 is defined. Signed-off-by: Max Fillinger --- library/ssl_misc.h | 6 +++--- library/ssl_tls.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e51a3df5ed..0f74cd5303 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1118,10 +1118,10 @@ struct mbedtls_ssl_transform { unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, - * see ssl_tls12_populate_transform() */ + * Master Secret and other session info, see ssl_tls12_populate_transform(). + * They are also needed for the TLS 1.2 TLS-Exporter. */ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b6d7b4bafc..38b69809fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7746,7 +7746,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->tls_version = tls_version; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif From f2dda15ce8260fbb2a458694d37dc35afec2f956 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 15:47:23 +0200 Subject: [PATCH 0285/1080] Add label length argument to tls_prf_generic() This way, it's not required that the label is null-terminated. This allows us to avoid an allocation in mbedtls_ssl_tls12_export_keying_material(). Signed-off-by: Max Fillinger --- library/ssl_tls.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38b69809fc..a62d4e1962 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6192,7 +6192,7 @@ static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *der MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_generic(mbedtls_md_type_t md_type, const unsigned char *secret, size_t slen, - const char *label, + const char *label, size_t label_len, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen) { @@ -6232,7 +6232,7 @@ static int tls_prf_generic(mbedtls_md_type_t md_type, NULL, 0, random, rlen, (unsigned char const *) label, - (size_t) strlen(label), + label_len, NULL, 0, dlen); if (status != PSA_SUCCESS) { @@ -6273,7 +6273,7 @@ static int tls_prf_sha256(const unsigned char *secret, size_t slen, unsigned char *dstbuf, size_t dlen) { return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen, - label, random, rlen, dstbuf, dlen); + label, strlen(label), random, rlen, dstbuf, dlen); } #endif /* PSA_WANT_ALG_SHA_256*/ @@ -6285,7 +6285,7 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen, unsigned char *dstbuf, size_t dlen) { return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen, - label, random, rlen, dstbuf, dlen); + label, strlen(label), random, rlen, dstbuf, dlen); } #endif /* PSA_WANT_ALG_SHA_384*/ @@ -8944,7 +8944,6 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s int ret = 0; size_t prf_input_len = use_context ? 64 + 2 + context_len : 64; unsigned char *prf_input = NULL; - char *label_str = NULL; if (use_context && context_len >= (1 << 16)) { ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -8952,15 +8951,11 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s } prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char)); - label_str = mbedtls_calloc(label_len + 1, sizeof(char)); - if (prf_input == NULL || label_str == NULL) { + if (prf_input == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - memcpy(label_str, label, label_len); - label_str[label_len] = '\0'; - /* The input to the PRF is client_random, then server_random. * If a context is provided, this is then followed by the context length * as a 16-bit big-endian integer, and then the context itself. */ @@ -8971,13 +8966,13 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s prf_input[65] = (unsigned char) (context_len & 0xff); memcpy(prf_input + 66, context, context_len); } - ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str, + ret = tls_prf_generic(hash_alg, ssl->session->master, 48, + label, label_len, prf_input, prf_input_len, out, key_len); exit: mbedtls_free(prf_input); - mbedtls_free(label_str); return ret; } #endif From 155cea090025bc9846a66c0889c66b62330c38ce Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 16:32:54 +0200 Subject: [PATCH 0286/1080] Use fewer magic numbers in TLS-Exporter functions Signed-off-by: Max Fillinger --- library/ssl_tls.c | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a62d4e1962..d8fbd77b91 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8942,36 +8942,43 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s const int use_context) { int ret = 0; - size_t prf_input_len = use_context ? 64 + 2 + context_len : 64; unsigned char *prf_input = NULL; - if (use_context && context_len >= (1 << 16)) { - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - goto exit; + /* The input to the PRF is client_random, then server_random. + * If a context is provided, this is then followed by the context length + * as a 16-bit big-endian integer, and then the context itself. */ + const size_t randbytes_len = MBEDTLS_CLIENT_HELLO_RANDOM_LEN + MBEDTLS_SERVER_HELLO_RANDOM_LEN; + size_t prf_input_len = randbytes_len; + if (use_context) { + if (context_len > UINT16_MAX) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + /* This does not overflow a 32-bit size_t because the current value of + * prf_input_len is 64 (length of client_random + server_random) and + * context_len fits into two bytes (checked above). */ + prf_input_len += sizeof(uint16_t) + context_len; } prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char)); if (prf_input == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - /* The input to the PRF is client_random, then server_random. - * If a context is provided, this is then followed by the context length - * as a 16-bit big-endian integer, and then the context itself. */ - memcpy(prf_input, ssl->transform->randbytes + 32, 32); - memcpy(prf_input + 32, ssl->transform->randbytes, 32); + memcpy(prf_input, + ssl->transform->randbytes + MBEDTLS_SERVER_HELLO_RANDOM_LEN, + MBEDTLS_CLIENT_HELLO_RANDOM_LEN); + memcpy(prf_input + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, + ssl->transform->randbytes, + MBEDTLS_SERVER_HELLO_RANDOM_LEN); if (use_context) { - prf_input[64] = (unsigned char) ((context_len >> 8) & 0xff); - prf_input[65] = (unsigned char) (context_len & 0xff); - memcpy(prf_input + 66, context, context_len); + MBEDTLS_PUT_UINT16_BE(context_len, prf_input, randbytes_len); + memcpy(prf_input + randbytes_len + sizeof(uint16_t), context, context_len); } - ret = tls_prf_generic(hash_alg, ssl->session->master, 48, + ret = tls_prf_generic(hash_alg, ssl->session->master, sizeof(ssl->session->master), label, label_len, prf_input, prf_input_len, out, key_len); - -exit: mbedtls_free(prf_input); return ret; } @@ -8991,7 +8998,11 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - if (key_len > 0xffff || label_len > 250) { + /* Check that the label and key_len fit into the HkdfLabel struct as defined + * in RFC 8446, Section 7.1. key_len must fit into an uint16 and the label + * must be at most 250 bytes long. (The struct allows up to 256 bytes for + * the label, but it is prefixed with "tls13 ".) */ + if (key_len > UINT16_MAX || label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } From dbe864569e247fd481678bf4d08d8c2a06906829 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 17:21:40 +0200 Subject: [PATCH 0287/1080] Fix typos in comments Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e443635b00..ffb2afaac6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -541,7 +541,7 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ - int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ + int exp_len; /* Length of key to export using mbedtls_ssl_export_keying_material() */ #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data; /* early data enablement flag */ #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 88d2e3deaf..881c9fa77e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -615,7 +615,7 @@ struct options { int event; /* loop or event-driven IO? level or edge triggered? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ - int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ + int exp_len; /* Length of key to export using mbedtls_ssl_export_keying_material() */ int response_size; /* pad response with header to requested size */ uint16_t buffer_size; /* IO buffer size */ const char *ca_file; /* the file with the CA certificate(s) */ From c9f2c9adbac2cf5d88ef35861163690d204ae79d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 17:24:03 +0200 Subject: [PATCH 0288/1080] Revert "Store randbytes for TLS 1.2 TLS-Exporter" This reverts commit cb01dd1333f8083af469e9a0c59f316f1eb0cfe3. Signed-off-by: Max Fillinger --- library/ssl_misc.h | 6 +++--- library/ssl_tls.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0f74cd5303..e51a3df5ed 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1118,10 +1118,10 @@ struct mbedtls_ssl_transform { unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, see ssl_tls12_populate_transform(). - * They are also needed for the TLS 1.2 TLS-Exporter. */ + * Master Secret and other session info, + * see ssl_tls12_populate_transform() */ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d8fbd77b91..f1b7994440 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7746,7 +7746,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->tls_version = tls_version; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif From 281fb791166465ad50db97e4b0e47f51e9b2d867 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 18:35:09 +0200 Subject: [PATCH 0289/1080] Remove TLS 1.2 Exporter if we don't have randbytes The TLS-Exporter in TLS 1.2 requires client_random and server_random. Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored after the handshake is completed. Therefore, mbedtls_ssl_export_keying_material() exists only if either MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2 is *not* defined. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 ++ library/ssl_tls.c | 9 +++++++-- programs/ssl/ssl_client2.c | 12 +++++++----- programs/ssl/ssl_server2.c | 12 +++++++----- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d88e67cec5..9ded4e6d22 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5407,11 +5407,13 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \return 0 on success. An SSL specific error on failure. */ + #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, const unsigned char *context, const size_t context_len, const int use_context); +#endif #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f1b7994440..e4450b681d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8930,6 +8930,9 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, @@ -8982,7 +8985,7 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s mbedtls_free(prf_input); return ret; } -#endif +#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, @@ -9010,7 +9013,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, (const unsigned char *) label, label_len, context, context_len, out, key_len); } -#endif +#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, @@ -9049,4 +9052,6 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, } } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ffb2afaac6..9e38f690af 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -336,7 +336,11 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " option: a file path\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" #else #define USAGE_SERIALIZATION "" #endif @@ -391,10 +395,6 @@ int main(void) " read_timeout=%%d default: 0 ms (no timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ " skip_close_notify=%%d default: 0 (send close_notify)\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_CID \ @@ -2499,6 +2499,7 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -2521,6 +2522,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) */ /* * 6. Write the GET request diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 881c9fa77e..9eab6cddb1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -471,7 +471,11 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " option: a file path\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" #else #define USAGE_SERIALIZATION "" #endif @@ -519,10 +523,6 @@ int main(void) " event=%%d default: 0 (loop)\n" \ " options: 1 (level-triggered, implies nbio=1),\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_SRTP \ @@ -3619,6 +3619,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n"); } +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -3641,6 +3642,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALZIATION) */ #if defined(MBEDTLS_SSL_DTLS_SRTP) else if (opt.use_srtp != 0) { From 2fe35f61bf90ea0d589ce2485482356a1263c017 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 25 Oct 2024 00:52:24 +0200 Subject: [PATCH 0290/1080] Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h to control if the function mbedtls_ssl_export_keying_material() should be available. By default, the option is disabled. This is because the exporter for TLS 1.2 requires client_random and server_random need to be stored after the handshake is complete. Signed-off-by: Max Fillinger --- include/mbedtls/mbedtls_config.h | 14 ++++++++++++++ include/mbedtls/ssl.h | 10 +++++++++- library/ssl_misc.h | 7 ++++--- library/ssl_tls.c | 7 +++---- programs/ssl/ssl_client2.c | 21 ++++++++++++++------- programs/ssl/ssl_server2.c | 15 +++++++++++---- 6 files changed, 55 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2dc475b9f7..ca1486dbdf 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -737,6 +737,20 @@ */ //#define MBEDTLS_SSL_RECORD_SIZE_LIMIT +/* + * \def MBEDTLS_SSL_KEYING_MATERIAL_EXPORT + * + * When this option is enabled, the client and server can extract additional + * shared symmetric keys after an SSL handshake using the function + * mbedtls_ssl_export_keying_material(). + * + * The process for deriving the keys is specified in RFC 5705 for TLS 1.2 and + * in RFC 8446, Section 7.5, for TLS 1.3. + * + * Uncomment this macro to enable mbedtls_ssl_export_keying_material(). + */ +//#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT + /** * \def MBEDTLS_SSL_RENEGOTIATION * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9ded4e6d22..8383ead054 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -676,6 +676,14 @@ union mbedtls_ssl_premaster_secret { /* Length in number of bytes of the TLS sequence number */ #define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 +/* Helper to state that client_random and server_random need to be stored + * after the handshake is complete. This is required for context serialization + * and for the keying material exporter in TLS 1.2. */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || \ + (defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) && defined(MBEDTLS_SSL_PROTO_TLS1_2)) +#define MBEDTLS_SSL_KEEP_RANDBYTES +#endif + #ifdef __cplusplus extern "C" { #endif @@ -5407,7 +5415,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \return 0 on success. An SSL specific error on failure. */ - #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e51a3df5ed..596e7bc833 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1118,10 +1118,11 @@ struct mbedtls_ssl_transform { unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEEP_RANDBYTES) /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, - * see ssl_tls12_populate_transform() */ + * Master Secret and other session info and for the keying material + * exporter in TLS 1.2. + * See ssl_tls12_populate_transform() */ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e4450b681d..c20a68d2e0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7746,7 +7746,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->tls_version = tls_version; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEEP_RANDBYTES) memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif @@ -8930,8 +8930,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, @@ -9052,6 +9051,6 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, } } -#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) */ +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9e38f690af..061096bdf0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -336,11 +336,7 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" + " option: a file path\n" #else #define USAGE_SERIALIZATION "" #endif @@ -370,6 +366,16 @@ int main(void) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +#define USAGE_EXPORT \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" +#else +#define USAGE_EXPORT "" +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ + /* USAGE is arbitrarily split to stay under the portable string literal * length limit: 4095 bytes in C99. */ #define USAGE1 \ @@ -456,6 +462,7 @@ int main(void) " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ USAGE_SERIALIZATION \ + USAGE_EXPORT \ "\n" /* @@ -2499,7 +2506,7 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -2522,7 +2529,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } -#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) */ +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ /* * 6. Write the GET request diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 9eab6cddb1..5186006886 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -471,13 +471,19 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" \ + " option: a file path\n" +#else +#define USAGE_SERIALIZATION "" +#endif + +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +#define USAGE_EXPORT \ " exp_label=%%s Label to input into TLS-Exporter\n" \ " default: None (don't try to export a key)\n" \ " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ " default: 20\n" #else -#define USAGE_SERIALIZATION "" +#define USAGE_EXPORT "" #endif #define USAGE_KEY_OPAQUE_ALGS \ @@ -587,6 +593,7 @@ int main(void) " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ USAGE_SERIALIZATION \ + USAGE_EXPORT \ "\n" #define PUT_UINT64_BE(out_be, in_le, i) \ @@ -3619,7 +3626,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n"); } -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -3642,7 +3649,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } -#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALZIATION) */ +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ #if defined(MBEDTLS_SSL_DTLS_SRTP) else if (opt.use_srtp != 0) { From 51bec543bb90092c81548bc6297f21d6ff67bac2 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 28 Oct 2024 13:14:39 +0100 Subject: [PATCH 0291/1080] Enable MBEDTLS_SSL_KEYING_MATERIAL_EXPORT by default Signed-off-by: Max Fillinger --- include/mbedtls/mbedtls_config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ca1486dbdf..40e16e108a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -747,9 +747,9 @@ * The process for deriving the keys is specified in RFC 5705 for TLS 1.2 and * in RFC 8446, Section 7.5, for TLS 1.3. * - * Uncomment this macro to enable mbedtls_ssl_export_keying_material(). + * Comment this macro to disable mbedtls_ssl_export_keying_material(). */ -//#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT /** * \def MBEDTLS_SSL_RENEGOTIATION From 07473882541ee08aa886b0152f75ce23be45dbe5 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 28 Oct 2024 14:44:25 +0100 Subject: [PATCH 0292/1080] Fix #endif comment Signed-off-by: Max Fillinger --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 596e7bc833..9a2485db9d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1126,7 +1126,7 @@ struct mbedtls_ssl_transform { unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ +#endif /* defined(MBEDTLS_SSL_KEEP_RANDBYTES) */ }; /* From a5b63c5e40c438a2aedc434890acb4b9459b17c4 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 28 Oct 2024 14:46:46 +0100 Subject: [PATCH 0293/1080] Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log Signed-off-by: Max Fillinger --- ChangeLog.d/add-tls-exporter.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt index 2b06c5f294..1aea653e09 100644 --- a/ChangeLog.d/add-tls-exporter.txt +++ b/ChangeLog.d/add-tls-exporter.txt @@ -2,3 +2,5 @@ Features * Add the function mbedtls_ssl_export_keying_material() which allows the client and server to extract additional shared symmetric keys from an SSL session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. From cf007ca8bba163c73f947eafaa527e2b94073f75 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 29 Oct 2024 16:57:09 +0100 Subject: [PATCH 0294/1080] Add more tests for keying material export Signed-off-by: Max Fillinger --- tests/include/test/ssl_helpers.h | 7 + tests/src/test_helpers/ssl_helpers.c | 49 ++++++ tests/suites/test_suite_ssl.data | 64 ++++++++ tests/suites/test_suite_ssl.function | 231 ++++++++++++++++++++++++++- 4 files changed, 350 insertions(+), 1 deletion(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 3ba314f832..772278135a 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -589,6 +589,13 @@ int mbedtls_test_ssl_exchange_data( mbedtls_ssl_context *ssl_2, int msg_len_2, const int expected_fragments_2); +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_ssl_do_handshake_with_endpoints( + mbedtls_test_ssl_endpoint *server_ep, + mbedtls_test_ssl_endpoint *client_ep, + mbedtls_ssl_protocol_version proto); +#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index bffb35372b..65ad10c6f4 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2028,6 +2028,55 @@ static int check_ssl_version( } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_ssl_do_handshake_with_endpoints( + mbedtls_test_ssl_endpoint *server_ep, + mbedtls_test_ssl_endpoint *client_ep, + mbedtls_ssl_protocol_version proto) +{ + enum { BUFFSIZE = 1024 }; + + int ret = -1; + mbedtls_test_handshake_test_options options; + + mbedtls_test_init_handshake_options(&options); + options.server_min_version = proto; + options.client_min_version = proto; + options.server_max_version = proto; + options.client_max_version = proto; + + ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, &options, + NULL, NULL, NULL); + if (ret != 0) { + return ret; + } + ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, &options, + NULL, NULL, NULL); + if (ret != 0) { + return ret; + } + + ret = mbedtls_test_mock_socket_connect(&client_ep->socket, &server_ep->socket, BUFFSIZE); + if (ret != 0) { + return ret; + } + + ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, &client_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, &server_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { + return -1; + } + + return 0; +} +#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 25cb965e85..ad0d2851f3 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3334,3 +3334,67 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 + +TLS 1.2 Keying Material Exporter: Consistent results, no context +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:0 + +TLS 1.2 Keying Material Exporter: Consistent results, with context +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 + +TLS 1.2 Keying Material Exporter: Consistent results, large keys +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:UINT16_MAX:0 + +TLS 1.2 Keying Material Exporter: Uses label +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_2 + +TLS 1.2 Keying Material Exporter: Uses context +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_2 + +TLS 1.2 Keying Material Exporter: Context too long +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_2:24:251:UINT16_MAX + 1 + +TLS 1.2 Keying Material Exporter: Handshake not done +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_2:1:MBEDTLS_SSL_SERVER_CERTIFICATE + +TLS 1.3 Keying Material Exporter: Consistent results, no context +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:0 + +TLS 1.3 Keying Material Exporter: Consistent results, with context +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 + +TLS 1.3 Keying Material Exporter: Consistent results, large keys +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX:0 + +TLS 1.3 Keying Material Exporter: Uses label +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3 Keying Material Exporter: Uses context +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3 Keying Material Exporter: Uses length +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls13_exporter_uses_length + +TLS 1.3 Keying Material Exporter: Exported key too long +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX + 1:20:20 + +TLS 1.3 Keying Material Exporter: Label too long +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:251:10 + +TLS 1.3 Keying Material Exporter: Handshake not done +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ab61e03465..33012493e9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1695,7 +1695,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ void ssl_tls13_exporter(int hash_alg, data_t *secret, char *label, @@ -5229,5 +5229,234 @@ exit: mbedtls_debug_set_threshold(0); mbedtls_free(first_frag); PSA_DONE(); +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int use_context) +{ + /* Test that the client and server generate the same key. */ + + int ret = -1; + uint8_t *key_buffer_server = NULL; + uint8_t *key_buffer_client = NULL; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + TEST_ASSERT(exported_key_length > 0); + TEST_CALLOC(key_buffer_server, exported_key_length); + TEST_CALLOC(key_buffer_client, exported_key_length); + + char label[] = "test-label"; + unsigned char context[128] = { 0 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, (size_t)exported_key_length, + label, sizeof(label), + context, sizeof(context), use_context); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, (size_t)exported_key_length, + label, sizeof(label), + context, sizeof(context), use_context); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t)exported_key_length) == 0); + +exit: + MD_OR_USE_PSA_DONE(); + mbedtls_free(key_buffer_server); + mbedtls_free(key_buffer_client); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_uses_label(int proto) +{ + /* Test that the client and server export different keys when using different labels. */ + + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + char label_server[] = "test-label-server"; + char label_client[] = "test-label-client"; + uint8_t key_buffer_server[24] = { 0 }; + uint8_t key_buffer_client[24] = { 0 }; + unsigned char context[128] = { 0 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, sizeof(key_buffer_server), + label_server, sizeof(label_server), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, sizeof(key_buffer_client), + label_client, sizeof(label_client), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); + +exit: + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_uses_context(int proto) +{ + /* Test that the client and server export different keys when using different contexts. */ + + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + char label[] = "test-label"; + uint8_t key_buffer_server[24] = { 0 }; + uint8_t key_buffer_client[24] = { 0 }; + unsigned char context_server[128] = { 0 }; + unsigned char context_client[128] = { 23 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, sizeof(key_buffer_server), + label, sizeof(label), + context_server, sizeof(context_server), 1); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, sizeof(key_buffer_client), + label, sizeof(label), + context_client, sizeof(context_client), 1); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); + +exit: + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls13_exporter_uses_length(void) +{ + /* In TLS 1.3, when two keys are exported with the same parameters except one is shorter, + * the shorter key should NOT be a prefix of the longer one. */ + + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, MBEDTLS_SSL_VERSION_TLS1_3); + TEST_ASSERT(ret == 0); + + char label[] = "test-label"; + uint8_t key_buffer_server[16] = { 0 }; + uint8_t key_buffer_client[24] = { 0 }; + unsigned char context[128] = { 0 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, sizeof(key_buffer_server), + label, sizeof(label), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, sizeof(key_buffer_client), + label, sizeof(label), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); + +exit: + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_rejects_bad_parameters( + int proto, int exported_key_length, int label_length, int context_length) +{ + MD_OR_USE_PSA_INIT(); + + int ret = -1; + uint8_t *key_buffer = NULL; + char *label = NULL; + uint8_t *context = NULL; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + TEST_ASSERT(exported_key_length > 0); + TEST_ASSERT(label_length > 0); + TEST_ASSERT(context_length > 0); + TEST_CALLOC(key_buffer, exported_key_length); + TEST_CALLOC(label, label_length); + TEST_CALLOC(context, context_length); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer, exported_key_length, + label, label_length, + context, context_length, 1); + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + +exit: + MD_OR_USE_PSA_DONE(); + mbedtls_free(key_buffer); + mbedtls_free(label); + mbedtls_free(context); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_too_early(int proto, int check_server, int state) +{ + enum { BUFFSIZE = 1024 }; + + int ret = -1; + mbedtls_test_ssl_endpoint server_ep, client_ep; + + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + options.server_min_version = proto; + options.client_min_version = proto; + options.server_max_version = proto; + options.client_max_version = proto; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options, + NULL, NULL, NULL); + TEST_ASSERT(ret == 0); + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options, + NULL, NULL, NULL); + TEST_ASSERT(ret == 0); + + ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE); + TEST_ASSERT(ret == 0); + + if (check_server) { + ret = mbedtls_test_move_handshake_to_state(&server_ep.ssl, &client_ep.ssl, state); + } else { + ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state); + } + TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE); + + char label[] = "test-label"; + uint8_t key_buffer[24] = { 0 }; + ret = mbedtls_ssl_export_keying_material(check_server ? &server_ep.ssl : &client_ep.ssl, + key_buffer, sizeof(key_buffer), + label, sizeof(label), + NULL, 0, 0); + + /* FIXME: A more appropriate error code should be created for this case. */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + +exit: + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From 28916ac8feb83852de9f94f7d2dcb6857d17991d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 29 Oct 2024 18:49:30 +0100 Subject: [PATCH 0295/1080] Increase allowed output size of HKDF-Expand-Label Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 12 +++++------- library/ssl_tls13_keys.h | 12 +++++------- tests/suites/test_suite_ssl.data | 2 +- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ef897e88be..895176d0c6 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -107,15 +107,13 @@ static void ssl_tls13_hkdf_encode_label( unsigned char *p = dst; - /* Add the size of the expanded key material. - * We're hardcoding the high byte to 0 here assuming that we never use - * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ -#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 -#error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \ - value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" + /* Add the size of the expanded key material. */ +#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > UINT16_MAX +#error "The desired key length must fit into an uint16 but \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN is greater than UINT16_MAX" #endif - *p++ = 0; + *p++ = MBEDTLS_BYTE_1(desired_length); *p++ = MBEDTLS_BYTE_0(desired_length); /* Add label incl. prefix */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index a4b012f36e..31ffe4481e 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -70,13 +70,11 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; PSA_HASH_MAX_SIZE /* Maximum desired length for expanded key material generated - * by HKDF-Expand-Label. - * - * Warning: If this ever needs to be increased, the implementation - * ssl_tls13_hkdf_encode_label() in ssl_tls13_keys.c needs to be - * adjusted since it currently assumes that HKDF key expansion - * is never used with more than 255 Bytes of output. */ -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255 + * by HKDF-Expand-Label. This algorithm can output up to 255 * hash_size + * bytes of key material where hash_size is the output size of the + * underlying hash function. */ +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN \ + (255 * MBEDTLS_TLS1_3_MD_MAX_SIZE) /** * \brief The \c HKDF-Expand-Label function from diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ad0d2851f3..2f3b1ebee6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:1024:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3 From 3e1291866d50de06be5201163b876b0ed21da39f Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 29 Oct 2024 19:18:54 +0100 Subject: [PATCH 0296/1080] Fix output size check for key material exporter HKDF-Expand can produce at most 255 * hash_size bytes of key material, so this limit applies to the TLS 1.3 key material exporter. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 3 ++- library/ssl_tls.c | 15 ++++++++++----- tests/suites/test_suite_ssl.data | 4 ++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8383ead054..e3772891b0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5401,7 +5401,8 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \param ssl SSL context from which to export keys. Must have finished the handshake. * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. + * \param key_len Length of the key to generate in bytes. In TLS 1.3, this can be at most + * 8160 if SHA256 is used as hash function or 12240 if SHA384 is used. * \param label Label for which to generate the key of length label_len. * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c20a68d2e0..79bd623ebd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9000,11 +9000,16 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - /* Check that the label and key_len fit into the HkdfLabel struct as defined - * in RFC 8446, Section 7.1. key_len must fit into an uint16 and the label - * must be at most 250 bytes long. (The struct allows up to 256 bytes for - * the label, but it is prefixed with "tls13 ".) */ - if (key_len > UINT16_MAX || label_len > 250) { + /* Validate the length of the label and the desired key length. The key + * length can be at most 255 * hash_len by definition of HKDF-Expand in + * RFC 5869. + * + * The length of the label must be at most 250 bytes long to fit into the + * HkdfLabel struct as defined in RFC 8446, Section 7.1. This struct also + * requires that key_len fits into a uint16, but until we have to deal with + * a hash function with more than 2048 bits of output, the 255 * hash_len + * limit will guarantee that. */ + if (key_len > 255 * hash_len || label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 2f3b1ebee6..692cb9ba74 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:1024:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3 @@ -3389,7 +3389,7 @@ ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX + 1:20:20 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 48 + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 From 8f12e312234466e7a8633a1d14860e932dbfb0e7 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 00:29:37 +0100 Subject: [PATCH 0297/1080] Exportert tests: Free endpoints and options Signed-off-by: Max Fillinger --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 16 +++++++------- tests/suites/test_suite_ssl.function | 33 +++++++++++++++++++++++----- 3 files changed, 37 insertions(+), 13 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 772278135a..769749da4f 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -593,6 +593,7 @@ int mbedtls_test_ssl_exchange_data( int mbedtls_test_ssl_do_handshake_with_endpoints( mbedtls_test_ssl_endpoint *server_ep, mbedtls_test_ssl_endpoint *client_ep, + mbedtls_test_handshake_test_options *options, mbedtls_ssl_protocol_version proto); #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 65ad10c6f4..354ca13bfc 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2032,25 +2032,25 @@ static int check_ssl_version( int mbedtls_test_ssl_do_handshake_with_endpoints( mbedtls_test_ssl_endpoint *server_ep, mbedtls_test_ssl_endpoint *client_ep, + mbedtls_test_handshake_test_options *options, mbedtls_ssl_protocol_version proto) { enum { BUFFSIZE = 1024 }; int ret = -1; - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - options.server_min_version = proto; - options.client_min_version = proto; - options.server_max_version = proto; - options.client_max_version = proto; + mbedtls_test_init_handshake_options(options); + options->server_min_version = proto; + options->client_min_version = proto; + options->server_max_version = proto; + options->client_max_version = proto; - ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, &options, + ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options, NULL, NULL, NULL); if (ret != 0) { return ret; } - ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, &options, + ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options, NULL, NULL, NULL); if (ret != 0) { return ret; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 33012493e9..099e0e10b0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5240,10 +5240,11 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int uint8_t *key_buffer_server = NULL; uint8_t *key_buffer_client = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); TEST_ASSERT(exported_key_length > 0); @@ -5266,6 +5267,9 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int exit: MD_OR_USE_PSA_DONE(); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer_server); mbedtls_free(key_buffer_client); } @@ -5278,10 +5282,11 @@ void ssl_tls_exporter_uses_label(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); char label_server[] = "test-label-server"; @@ -5302,6 +5307,9 @@ void ssl_tls_exporter_uses_label(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5313,10 +5321,11 @@ void ssl_tls_exporter_uses_context(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); char label[] = "test-label"; @@ -5337,6 +5346,9 @@ void ssl_tls_exporter_uses_context(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5349,10 +5361,11 @@ void ssl_tls13_exporter_uses_length(void) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, MBEDTLS_SSL_VERSION_TLS1_3); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, MBEDTLS_SSL_VERSION_TLS1_3); TEST_ASSERT(ret == 0); char label[] = "test-label"; @@ -5372,6 +5385,9 @@ void ssl_tls13_exporter_uses_length(void) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5387,6 +5403,7 @@ void ssl_tls_exporter_rejects_bad_parameters( char *label = NULL; uint8_t *context = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; TEST_ASSERT(exported_key_length > 0); TEST_ASSERT(label_length > 0); @@ -5395,7 +5412,7 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_CALLOC(label, label_length); TEST_CALLOC(context, context_length); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, @@ -5406,6 +5423,9 @@ void ssl_tls_exporter_rejects_bad_parameters( exit: MD_OR_USE_PSA_DONE(); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer); mbedtls_free(label); mbedtls_free(context); @@ -5458,5 +5478,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) exit: MD_OR_USE_PSA_DONE(); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ From 8a2d2adf8cce4522629bf6b9805412ad7d90cc6d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 00:39:54 +0100 Subject: [PATCH 0298/1080] Exporter tests: Initialize allocated memory Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 099e0e10b0..b759d94690 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5251,6 +5251,9 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int TEST_CALLOC(key_buffer_server, exported_key_length); TEST_CALLOC(key_buffer_client, exported_key_length); + memset(key_buffer_server, 0, exported_key_length); + memset(key_buffer_client, 0, exported_key_length); + char label[] = "test-label"; unsigned char context[128] = { 0 }; ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, @@ -5412,6 +5415,10 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_CALLOC(label, label_length); TEST_CALLOC(context, context_length); + memset(key_buffer, 0, exported_key_length); + memset(label, 0, label_length); + memset(context, 0, context_length); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); From ea1e777c0189e7302f24fb547c53e16fb168e2f5 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 00:49:10 +0100 Subject: [PATCH 0299/1080] Coding style cleanup Signed-off-by: Max Fillinger --- tests/src/test_helpers/ssl_helpers.c | 11 ++++++++--- tests/suites/test_suite_ssl.function | 11 +++++++---- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 354ca13bfc..672e94c2cb 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2061,15 +2061,20 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( return ret; } - ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, &client_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, + &client_ep->ssl, + MBEDTLS_SSL_HANDSHAKE_OVER); if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { return ret; } - ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, &server_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, + &server_ep->ssl, + MBEDTLS_SSL_HANDSHAKE_OVER); if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { return ret; } - if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { + if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || + !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { return -1; } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b759d94690..1961e2e7e0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5257,16 +5257,16 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int char label[] = "test-label"; unsigned char context[128] = { 0 }; ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, - key_buffer_server, (size_t)exported_key_length, + key_buffer_server, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); TEST_ASSERT(ret == 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, - key_buffer_client, (size_t)exported_key_length, + key_buffer_client, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); TEST_ASSERT(ret == 0); - TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t)exported_key_length) == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0); exit: MD_OR_USE_PSA_DONE(); @@ -5368,7 +5368,10 @@ void ssl_tls13_exporter_uses_length(void) MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, MBEDTLS_SSL_VERSION_TLS1_3); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, + &client_ep, + &options, + MBEDTLS_SSL_VERSION_TLS1_3); TEST_ASSERT(ret == 0); char label[] = "test-label"; From 364afea9d3f1c29633019d23c941c89ac985f6d6 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 18:58:50 +0100 Subject: [PATCH 0300/1080] Exporter tests: Fix possible uninitialized variable use Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1961e2e7e0..aaf6eb0c5d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5402,8 +5402,6 @@ exit: void ssl_tls_exporter_rejects_bad_parameters( int proto, int exported_key_length, int label_length, int context_length) { - MD_OR_USE_PSA_INIT(); - int ret = -1; uint8_t *key_buffer = NULL; char *label = NULL; @@ -5418,9 +5416,7 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_CALLOC(label, label_length); TEST_CALLOC(context, context_length); - memset(key_buffer, 0, exported_key_length); - memset(label, 0, label_length); - memset(context, 0, context_length); + MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); From 9dc7b19a6a1e750dccc1ae16f13cb616868d3d56 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 31 Oct 2024 12:43:19 +0100 Subject: [PATCH 0301/1080] Exporter tests: Free endpoints before PSA_DONE() Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index aaf6eb0c5d..84286eb7ce 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5269,12 +5269,12 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0); exit: - MD_OR_USE_PSA_DONE(); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer_server); mbedtls_free(key_buffer_client); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5428,13 +5428,13 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - MD_OR_USE_PSA_DONE(); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer); mbedtls_free(label); mbedtls_free(context); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5483,9 +5483,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - MD_OR_USE_PSA_DONE(); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_free_handshake_options(&options); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From a9a9e99a6b3ddfdce2e1084a103230f7768ca8b6 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 31 Oct 2024 15:31:55 +0100 Subject: [PATCH 0302/1080] Exporter tests: Reduce key size in long key tests Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 692cb9ba74..017ab8529a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3345,7 +3345,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:UINT16_MAX:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:255 * 32:0 TLS 1.2 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_2 From c6fd1a24d27055c250dff9258ac9f595dfc5969b Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 1 Nov 2024 16:05:34 +0100 Subject: [PATCH 0303/1080] Use one maximum key_len for all exported keys Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 14 ++++++++++---- library/ssl_tls.c | 19 ++++++++++--------- tests/suites/test_suite_ssl.data | 6 +++--- 3 files changed, 23 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e3772891b0..7304a3bfc0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5396,15 +5396,22 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +/* Maximum value for key_len in mbedtls_ssl_export_keying material. Depending on the TLS + * version and the negotiated ciphersuite, larger keys could in principle be exported, + * but for simplicity, we define one limit that works in all cases. TLS 1.3 with SHA256 + * has the strictest limit: 255 blocks of SHA256 output, or 8160 bytes. */ +#define MBEDTLS_SSL_EXPORT_MAX_KEY_LEN 8160 + /** * \brief TLS-Exporter to derive shared symmetric keys between server and client. * * \param ssl SSL context from which to export keys. Must have finished the handshake. * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes. In TLS 1.3, this can be at most - * 8160 if SHA256 is used as hash function or 12240 if SHA384 is used. + * \param key_len Length of the key to generate in bytes, must be at most + * MBEDTLS_SSL_EXPORT_MAX_KEY_LEN (8160). * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. + * \param label_len Length of label in bytes. Must be at most 250 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. * \param context_len Length of context. Must be < 2^16 in TLS 1.2. * \param use_context Indicates if a context should be used in deriving the key. @@ -5416,7 +5423,6 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \return 0 on success. An SSL specific error on failure. */ -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 79bd623ebd..46197c95ca 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9000,16 +9000,13 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - /* Validate the length of the label and the desired key length. The key - * length can be at most 255 * hash_len by definition of HKDF-Expand in - * RFC 5869. + /* The length of the label must be at most 250 bytes to fit into the HkdfLabel + * struct as defined in RFC 8446, Section 7.1. * - * The length of the label must be at most 250 bytes long to fit into the - * HkdfLabel struct as defined in RFC 8446, Section 7.1. This struct also - * requires that key_len fits into a uint16, but until we have to deal with - * a hash function with more than 2048 bits of output, the 255 * hash_len - * limit will guarantee that. */ - if (key_len > 255 * hash_len || label_len > 250) { + * The length of the context is unlimited even though the context field in the + * struct can only hold up to 256 bytes. This is because we place a *hash* of + * the context in the field. */ + if (label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -9029,6 +9026,10 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } + if (key_len > MBEDTLS_SSL_EXPORT_MAX_KEY_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + int ciphersuite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl); const mbedtls_ssl_ciphersuite_t *ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); const mbedtls_md_type_t hash_alg = ciphersuite->mac; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 017ab8529a..6d6812c4e6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3345,7 +3345,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:255 * 32:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.2 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_2 @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3 @@ -3389,7 +3389,7 @@ ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 48 + 1:20:20 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 From 8e0b8c9d9f851053697e53eeff35fdf37efc7b0a Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 1 Nov 2024 14:14:19 +0100 Subject: [PATCH 0304/1080] Exporter tests: Add missing depends-ons Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 32 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 12 +++++------ 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6d6812c4e6..50ad780e2b 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3336,65 +3336,65 @@ TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 TLS 1.2 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:0 TLS 1.2 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.2 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.2 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.2 Keying Material Exporter: Context too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_2:24:251:UINT16_MAX + 1 TLS 1.2 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_2:1:MBEDTLS_SSL_SERVER_CERTIFICATE TLS 1.3 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:0 TLS 1.3 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.3 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses length -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:251:10 TLS 1.3 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 84286eb7ce..74d824ac82 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5231,7 +5231,7 @@ exit: PSA_DONE(); /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int use_context) { /* Test that the client and server generate the same key. */ @@ -5278,7 +5278,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_uses_label(int proto) { /* Test that the client and server export different keys when using different labels. */ @@ -5317,7 +5317,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_uses_context(int proto) { /* Test that the client and server export different keys when using different contexts. */ @@ -5356,7 +5356,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls13_exporter_uses_length(void) { /* In TLS 1.3, when two keys are exported with the same parameters except one is shorter, @@ -5398,7 +5398,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_rejects_bad_parameters( int proto, int exported_key_length, int label_length, int context_length) { @@ -5438,7 +5438,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_too_early(int proto, int check_server, int state) { enum { BUFFSIZE = 1024 }; From d6e0095478a14b3978ea033ce5670e72154e678a Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 5 Nov 2024 19:45:41 +0100 Subject: [PATCH 0305/1080] Exporter tests: Don't use unavailbable constant Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 50ad780e2b..0a1d0e0ca5 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3345,7 +3345,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:255 * 32:0 TLS 1.2 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 @@ -3389,7 +3389,7 @@ ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN + 1:20:20 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 From ee467aae6957d4b89f04f6bd26392c339dd755a8 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 8 Nov 2024 22:17:33 +0100 Subject: [PATCH 0306/1080] mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints Signed-off-by: Max Fillinger --- tests/src/test_helpers/ssl_helpers.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 672e94c2cb..020631ad5a 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2039,6 +2039,9 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( int ret = -1; + mbedtls_platform_zeroize(server_ep, sizeof(mbedtls_test_ssl_endpoint)); + mbedtls_platform_zeroize(client_ep, sizeof(mbedtls_test_ssl_endpoint)); + mbedtls_test_init_handshake_options(options); options->server_min_version = proto; options->client_min_version = proto; From 92b7a7e233e686ad3371651a9f6153514f5f6545 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 11 Nov 2024 17:50:34 +0100 Subject: [PATCH 0307/1080] ssl-opt.sh: Add tests for keying material export Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0634c26a67..ad4d8c3e40 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1191,6 +1191,26 @@ check_server_hello_time() { fi } +# Extract the exported key from the output. +get_exported_key() { + OUTPUT="$1" + EXPORTED_KEY1=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT) +} + +# Check that the exported key from the output matches the one obtained in get_exported_key(). +check_exported_key() { + OUTPUT="$1" + EXPORTED_KEY2=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT) + test "$EXPORTED_KEY1" = "$EXPORTED_KEY2" +} + +# Check that the exported key from the output matches the one obtained in get_exported_key(). +check_exported_key_openssl() { + OUTPUT="$1" + EXPORTED_KEY2=0x$(sed -n '/Keying material: /s/.*: //p' $OUTPUT) + test "$EXPORTED_KEY1" = "$EXPORTED_KEY2" +} + # Get handshake memory usage from server or client output and put it into the variable specified by the first argument handshake_memory_get() { OUTPUT_VARIABLE="$1" @@ -1933,6 +1953,34 @@ run_tests_memory_after_handshake() run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K" } +run_test_export_keying_material() { + unset EXPORTED_KEY1 + unset EXPORTED_KEY2 + TLS_VERSION="$1" + run_test "TLS $TLS_VERSION: Export keying material" \ + "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ + "$P_CLI debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ + 0 \ + -s "Exporting key of length 20 with label \".*\": 0x" \ + -c "Exporting key of length 20 with label \".*\": 0x" \ + -f get_exported_key \ + -F check_exported_key +} + +run_test_export_keying_material_openssl_compat() { + unset EXPORTED_KEY1 + unset EXPORTED_KEY2 + TLS_VERSION="$1" + run_test "TLS $TLS_VERSION: Export keying material (OpenSSL compatibility)" \ + "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ + "$O_CLI -keymatexport=test-label" \ + 0 \ + -s "Exporting key of length 20 with label \".*\": 0x" \ + -c "Keying material exporter:" \ + -F get_exported_key \ + -f check_exported_key_openssl +} + cleanup() { rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION rm -f context_srv.txt @@ -2954,6 +3002,23 @@ run_test "Saving the serialized context to a file" \ 0 \ -s "Save serialized context to a file... ok" \ -c "Save serialized context to a file... ok" + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls12 +run_test_export_keying_material tls12 + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls12 +run_test_export_keying_material_openssl_compat tls12 + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls13 +run_test_export_keying_material tls13 + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls13 +run_test_export_keying_material_openssl_compat tls13 + rm -f context_srv.txt rm -f context_cli.txt From 144cccecb7abe37d2c96af77ad8e543ec0b8befc Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 13 Nov 2024 15:19:03 +0100 Subject: [PATCH 0308/1080] Fix memory leak in example programs Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 ++ programs/ssl/ssl_server2.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 061096bdf0..9b69b170bc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2518,6 +2518,7 @@ int main(int argc, char *argv[]) opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { + mbedtls_free(exported_key); goto exit; } mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", @@ -2528,6 +2529,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("\n\n"); fflush(stdout); + mbedtls_free(exported_key); } #endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5186006886..a0a3a68009 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3638,6 +3638,7 @@ int main(int argc, char *argv[]) opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { + mbedtls_free(exported_key); goto exit; } mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", @@ -3648,6 +3649,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("\n\n"); fflush(stdout); + mbedtls_free(exported_key); } #endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ From f8059db4ee5b99dec2d4c93961d9e1d7163e4bca Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 13 Nov 2024 15:27:23 +0100 Subject: [PATCH 0309/1080] Print names of new tests properly Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ad4d8c3e40..698c53a5b2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1957,7 +1957,13 @@ run_test_export_keying_material() { unset EXPORTED_KEY1 unset EXPORTED_KEY2 TLS_VERSION="$1" - run_test "TLS $TLS_VERSION: Export keying material" \ + + case $TLS_VERSION in + tls12) TLS_VERSION_PRINT="TLS 1.2";; + tls13) TLS_VERSION_PRINT="TLS 1.3";; + esac + + run_test "$TLS_VERSION_PRINT: Export keying material" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ "$P_CLI debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ 0 \ @@ -1971,7 +1977,13 @@ run_test_export_keying_material_openssl_compat() { unset EXPORTED_KEY1 unset EXPORTED_KEY2 TLS_VERSION="$1" - run_test "TLS $TLS_VERSION: Export keying material (OpenSSL compatibility)" \ + + case TLS_VERSION in + tls12) TLS_VERSION_PRINT="TLS 1.2";; + tls13) TLS_VERSION_PRINT="TLS 1.3";; + esac + + run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ "$O_CLI -keymatexport=test-label" \ 0 \ From 6d53a3a647af3c6e6cba6c534c156d8d6d9da4be Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 15:28:05 +0100 Subject: [PATCH 0310/1080] Fix openssl s_client invocation Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 698c53a5b2..0d13964198 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1985,7 +1985,7 @@ run_test_export_keying_material_openssl_compat() { run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ - "$O_CLI -keymatexport=test-label" \ + "$O_CLI -keymatexport test-label" \ 0 \ -s "Exporting key of length 20 with label \".*\": 0x" \ -c "Keying material exporter:" \ From 7b97712164f810095b1b7f59ab8e94d753b0409e Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 15:32:01 +0100 Subject: [PATCH 0311/1080] Remove exporter compatibility test for TLS 1.3 The openssl version in the docker image doesn't support TLS 1.3, so we can't run the test. Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0d13964198..d7f795a7b6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3027,10 +3027,6 @@ requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT requires_protocol_version tls13 run_test_export_keying_material tls13 -requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_protocol_version tls13 -run_test_export_keying_material_openssl_compat tls13 - rm -f context_srv.txt rm -f context_cli.txt From 4e21703bcf35596305207b43996a762511691306 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 17:50:42 +0100 Subject: [PATCH 0312/1080] Add fixed compatibility test for TLS 1.3 Exporter When testing TLS 1.3, use O_NEXT_CLI. Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d7f795a7b6..85d2bb398b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1978,14 +1978,14 @@ run_test_export_keying_material_openssl_compat() { unset EXPORTED_KEY2 TLS_VERSION="$1" - case TLS_VERSION in - tls12) TLS_VERSION_PRINT="TLS 1.2";; - tls13) TLS_VERSION_PRINT="TLS 1.3";; + case $TLS_VERSION in + tls12) TLS_VERSION_PRINT="TLS 1.2"; OPENSSL_CLIENT="$O_CLI";; + tls13) TLS_VERSION_PRINT="TLS 1.3"; OPENSSL_CLIENT="$O_NEXT_CLI";; esac run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ - "$O_CLI -keymatexport test-label" \ + "$OPENSSL_CLIENT -keymatexport test-label" \ 0 \ -s "Exporting key of length 20 with label \".*\": 0x" \ -c "Keying material exporter:" \ @@ -3027,6 +3027,11 @@ requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT requires_protocol_version tls13 run_test_export_keying_material tls13 +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls13 +requires_openssl_next +run_test_export_keying_material_openssl_compat tls13 + rm -f context_srv.txt rm -f context_cli.txt From 22728dc5e335af5370594f11ecfdae438ca79827 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 20:41:03 +0100 Subject: [PATCH 0313/1080] Use mbedtls_calloc, not regular calloc Also fix the allocation size. Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9b69b170bc..8fea581b16 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2508,7 +2508,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = mbedtls_calloc((size_t) opt.exp_len, sizeof(unsigned char)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a0a3a68009..3c9fb7e2e0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3628,7 +3628,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = mbedtls_calloc((size_t) opt.exp_len, sizeof(unsigned char)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; From d23579c746b636160f2ca0cd251da4705b22236f Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 21:11:26 +0100 Subject: [PATCH 0314/1080] Fix requirements for TLS 1.3 Exporter compat test Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 85d2bb398b..90b31433d6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3028,8 +3028,8 @@ requires_protocol_version tls13 run_test_export_keying_material tls13 requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_protocol_version tls13 -requires_openssl_next +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_openssl_tls1_3_with_compatible_ephemeral run_test_export_keying_material_openssl_compat tls13 rm -f context_srv.txt From 53d91685024d0e999cac045cdf30c63a9431b0b7 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 18 Nov 2024 18:22:51 +0100 Subject: [PATCH 0315/1080] Document BAD_INPUT_DATA error in key material exporter Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 4 +++- library/ssl_tls.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7304a3bfc0..a0e6074713 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5421,7 +5421,9 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * this distinction. If use_context is 0 and TLS 1.3 is used, context and * context_len are ignored and a 0-length context is used. * - * \return 0 on success. An SSL specific error on failure. + * \return 0 on success. + * \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed. + * \return An SSL-specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 46197c95ca..7ea8e3217e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9023,6 +9023,7 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, const int use_context) { if (!mbedtls_ssl_is_handshake_over(ssl)) { + /* TODO: Change this to a more appropriate error code when one is available. */ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } From 9c5bae5026bd884ca4b5c794a443714d06927db1 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 21 Nov 2024 12:33:46 +0100 Subject: [PATCH 0316/1080] Fix max. label length in key material exporter Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 6 +++--- tests/suites/test_suite_ssl.data | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a0e6074713..88a31f2c36 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5411,7 +5411,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \param key_len Length of the key to generate in bytes, must be at most * MBEDTLS_SSL_EXPORT_MAX_KEY_LEN (8160). * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be at most 250 in TLS 1.3. + * \param label_len Length of label in bytes. Must be at most 249 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. * \param context_len Length of context. Must be < 2^16 in TLS 1.2. * \param use_context Indicates if a context should be used in deriving the key. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7ea8e3217e..9812a2a7fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9000,13 +9000,13 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - /* The length of the label must be at most 250 bytes to fit into the HkdfLabel + /* The length of the label must be at most 249 bytes to fit into the HkdfLabel * struct as defined in RFC 8446, Section 7.1. * * The length of the context is unlimited even though the context field in the - * struct can only hold up to 256 bytes. This is because we place a *hash* of + * struct can only hold up to 255 bytes. This is because we place a *hash* of * the context in the field. */ - if (label_len > 250) { + if (label_len > 249) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 0a1d0e0ca5..52b8db0988 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3393,7 +3393,7 @@ ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1: TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:251:10 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10 TLS 1.3 Keying Material Exporter: Handshake not done depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 From 9f843332e819e8e216b121b1926568abae063034 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 25 Nov 2024 20:21:29 +0100 Subject: [PATCH 0317/1080] Exporter: Add min. and max. label tests Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 52b8db0988..1931b00fca 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2796,6 +2796,16 @@ SSL TLS 1.3 Exporter depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_exporter:PSA_ALG_SHA_256:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4":"test":"context value":32:"83d0fac39f87c1b4fbcd261369f31149c535391a9199bd4c5daf89fe259c2e94" +SSL TLS 1.3 Exporter, 0-byte label and context +# Expected output taken from OpenSSL. +depends_on:PSA_WANT_ALG_SHA_384 +ssl_tls13_exporter:PSA_ALG_SHA_384:"9f355772f34017927ecc81d16e653c7408f945e7f62dc632d3f59e6310ef49401e62a2e3be886e3f930d4bf6300ce30a":"":"":20:"18268580D7C6769194794A84B7A3EE35317DB88A" + +SSL TLS 1.3 Exporter, 249-byte label and 0-byte context +# Expected output taken from OpenSSL. +depends_on:PSA_WANT_ALG_SHA_384 +ssl_tls13_exporter:PSA_ALG_SHA_384:"c453aeae318ebae00617c430a0066cf586593a4b0150219107420798933cf9e6e4434337cccc2cae5429dc4f77401e39":"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678":"":20:"259531766AAA10FBAB6BF2D11D23264B321743D9" + SSL TLS 1.3 Key schedule: Early secrets derivation helper # Vector from RFC 8448 depends_on:PSA_WANT_ALG_SHA_256 From 5826883ca5dd39aad5305be5926cbfd960585e58 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 25 Nov 2024 20:38:04 +0100 Subject: [PATCH 0318/1080] Allow maximum label length in Hkdf-Expand-Label Previously, the length of the label was limited to the maximal length that would be used in the TLS 1.3 key schedule. With the keying material exporter, labels of up to 249 bytes may be used. Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 6 +++--- library/ssl_tls13_keys.h | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 895176d0c6..ff4aa0e87a 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -64,7 +64,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * hardcoding the writing of the high bytes. * - (label, label_len): label + label length, without "tls13 " prefix * The label length MUST be less than or equal to - * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN + * MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN. * It is the caller's responsibility to ensure this. * All (label, label length) pairs used in TLS 1.3 * can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(). @@ -91,7 +91,7 @@ static const char tls13_label_prefix[6] = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ sizeof(tls13_label_prefix) + \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ + MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN, \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) static void ssl_tls13_hkdf_encode_label( @@ -147,7 +147,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label( psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - if (label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) { + if (label_len > MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN) { /* Should never happen since this is an internal * function, and we know statically which labels * are allowed. */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 31ffe4481e..14f6e4876c 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -60,8 +60,9 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; mbedtls_ssl_tls13_labels.LABEL, \ MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL) -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ - sizeof(union mbedtls_ssl_tls13_labels_union) +/* Maximum length of the label field in the HkdfLabel struct defined in + * RFC 8446, Section 7.1, excluding the "tls13 " prefix. */ +#define MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN 249 /* The maximum length of HKDF contexts used in the TLS 1.3 standard. * Since contexts are always hashes of message transcripts, this can From ee33b31f0bd5208b75cd3bc6551306c9a28c23fa Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 2 Dec 2024 19:26:13 +0100 Subject: [PATCH 0319/1080] Fix HkdfLabel comment Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ff4aa0e87a..00297af3b0 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -56,12 +56,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * }; * * Parameters: - * - desired_length: Length of expanded key material - * Even though the standard allows expansion to up to - * 2**16 Bytes, TLS 1.3 never uses expansion to more than - * 255 Bytes, so we require `desired_length` to be at most - * 255. This allows us to save a few Bytes of code by - * hardcoding the writing of the high bytes. + * - desired_length: Length of expanded key material. + * As the type implies, this must be less than 2**16 bytes. * - (label, label_len): label + label length, without "tls13 " prefix * The label length MUST be less than or equal to * MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN. From af2035fcad40ee1ff868679b9f90310b518bb3b0 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 2 Dec 2024 19:34:40 +0100 Subject: [PATCH 0320/1080] Fix mistake in previous comment change Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 00297af3b0..0d6c391394 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -57,7 +57,12 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * * Parameters: * - desired_length: Length of expanded key material. - * As the type implies, this must be less than 2**16 bytes. + * The length field can hold numbers up to 2**16, but HKDF + * can only generate outputs of up to 255 * HASH_LEN bytes. + * It is the caller's responsibility to ensure that this + * limit is not exceeded. In TLS 1.3, SHA256 is the hash + * function with the smallest block size, so a length + * <= 255 * 32 = 8160 is always safe. * - (label, label_len): label + label length, without "tls13 " prefix * The label length MUST be less than or equal to * MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN. From 7577c9e3737401d29e96c41af76f68f31bc1eab7 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 17 Jan 2025 14:10:08 +0100 Subject: [PATCH 0321/1080] Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT Error was introduced while resolving a merge conflict. Signed-off-by: Max Fillinger --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 40e16e108a..d5a488341d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -737,7 +737,7 @@ */ //#define MBEDTLS_SSL_RECORD_SIZE_LIMIT -/* +/** * \def MBEDTLS_SSL_KEYING_MATERIAL_EXPORT * * When this option is enabled, the client and server can extract additional From 29f8f9a49d5fcdefbde261f56614c57b30a2192d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 21 Jan 2025 21:40:04 +0100 Subject: [PATCH 0322/1080] Fix dependencies for TLS-Exporter tests Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1931b00fca..378c5339fe 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3374,37 +3374,37 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_2:1:MBEDTLS_SSL_SERVER_CERTIFICATE TLS 1.3 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:0 TLS 1.3 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 TLS 1.3 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses length -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10 TLS 1.3 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE From 1a1ec2fccee002bb886a960fc0909f29fca3a7dd Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 28 Mar 2025 17:54:08 +0100 Subject: [PATCH 0323/1080] Fix up merge conflict resolution Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 74d824ac82..8ec582ab9e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5229,6 +5229,7 @@ exit: mbedtls_debug_set_threshold(0); mbedtls_free(first_frag); PSA_DONE(); +} /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ From 8e2d40dbecd537305ff6de94fbdfe6ecbb392cc1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 29 Mar 2025 10:01:40 +0100 Subject: [PATCH 0324/1080] Remove all.sh wrapper Now that in TF-PSA-Crypto CI, the TF-PSA-Crypto all.sh components are run in pure TF-PSA-Crypto context, there is no need to run them as part of mbedtls CI anymore. The all.sh wrapper wrapping ./tests/scripts/mbedtls-all.sh and ./tf-psa-crypto/tests/scripts/all.sh can be removed. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 112 ------------------------------------------- 1 file changed, 112 deletions(-) delete mode 100755 tests/scripts/all.sh diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh deleted file mode 100755 index b1261bfc15..0000000000 --- a/tests/scripts/all.sh +++ /dev/null @@ -1,112 +0,0 @@ -#! /usr/bin/env bash - -# all.sh (transitional wrapper) -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This is a transitional wrapper that's only meant for the CI. -# Developers should directly invoke on or two of: -# - tests/scripts/mbedtls-all.sh ... -# - (cd tf-psa-crypto && tests/scripts/all.sh ...) -# -# During the transition, it's illegal for a tf-psa-crypto component to have -# the same name as an mbedtls components; since this wrapper handles both -# sides at once, component names need to be globally unique. Once the -# transition period is over, unicity on each side will be enough. -# -# For context, here are the steps of the transition: -# 1. We have an all.sh in tf-psa-crypto but for now we don't invoke it directly -# on the CI, only through this transitional wrapper in mbedtls. (tf-psa-crypto -# doesn't have its own CI initially and runs Mbed TLS's instead.) -# 2. We move all relevant components to tf-psa-crypto so that it gets the level of -# coverage we want. We need to make sure the new names are unique. -# 3. We change the CI job on tf-psa-crypto to stop checking out mbedtls and running -# its all.sh - instead we do the normal thing of checking out tf-psa-crypto and -# running its all.sh. (In two steps: (a) add the new job, (b) remove the old -# one.) -# 4. We remove the transitional wrapper in mbedtls and we're now free to rename -# tf-psa-crypto components as we want. If we followed a consistent naming -# pattern, this can be as simple as s/_tf_psa_crypto// in components-*.sh. - -# This script must be invoked from the project's root. - -# There are exactly 4 ways this is invoked in the CI: -# 1. tests/scripts/all.sh --help -# 2. tests/scripts/all.sh --list-all-components -# 3. tests/scripts/all.sh --list-components -# 4. tests/scripts/all.sh --seed 4 --keep-going single_component_name -# This wrapper does not support other invocations. - -set -eu - -# Cases 1-3 -if [ "$#" -eq 1 ]; then - if [ "$1" = '--help' ]; then - # It doesn't matter which one we use, they're the same - tests/scripts/mbedtls-all.sh "$1" - exit 0 - fi - if [ "$1" = '--list-all-components' -o "$1" = '--list-components' ]; then - # Invoke both - tests/scripts/mbedtls-all.sh "$1" - (cd tf-psa-crypto && tests/scripts/all.sh "$1") - exit 0 - fi -fi - -if [ "$#" -ne 4 -o "${1:-unset}" != '--seed' -o "${3:-unset}" != '--keep-going' ]; then - echo "This invocation is not supported by the transitional wrapper." >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi - -# Case 4: invoke the right all.sh for this component -comp_name=$4 - -# Get the list of components available on each side. -COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | tr '\n' ' ') -COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | tr '\n' ' ') - -# tell if $1 is in space-separated list $2 -is_in() { - needle=$1 - haystack=$2 - case " $haystack " in - *" $needle "*) echo 1;; - *) echo 0;; - esac -} - -is_crypto=$(is_in "$comp_name" "$COMP_CRYPTO") -is_mbedtls=$(is_in "$comp_name" "$COMP_MBEDTLS") - -# Component should be on exactly one side (see comment near the top). -if [ "$is_crypto" -eq 1 -a "$is_mbedtls" -eq 1 ]; then - echo "Component '$comp_name' is both in crypto and Mbed TLS". >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi -if [ "$is_crypto" -eq 0 -a "$is_mbedtls" -eq 0 ]; then - echo "Component '$comp_name' is neither in crypto nor in Mbed TLS". >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi - - -# Invoke the real thing -if [ "$is_crypto" -eq 1 ]; then - # Make sure the path to the outcomes file is absolute. This is done by - # pre_prepare_outcome_file() however by the time it runs we've already - # changed the working directory, so do it now. - if [ -n "${MBEDTLS_TEST_OUTCOME_FILE+set}" ]; then - case "$MBEDTLS_TEST_OUTCOME_FILE" in - [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; - esac - export MBEDTLS_TEST_OUTCOME_FILE - fi - cd tf-psa-crypto - exec tests/scripts/all.sh "$@" -else - exec tests/scripts/mbedtls-all.sh "$@" -fi From 5d9b9d244f0a4714b7c13070c4acb0af2585e253 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 29 Mar 2025 10:06:38 +0100 Subject: [PATCH 0325/1080] Rename mbedtls-all.sh to just all.sh Signed-off-by: Ronald Cron --- tests/scripts/{mbedtls-all.sh => all.sh} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/scripts/{mbedtls-all.sh => all.sh} (100%) diff --git a/tests/scripts/mbedtls-all.sh b/tests/scripts/all.sh similarity index 100% rename from tests/scripts/mbedtls-all.sh rename to tests/scripts/all.sh From 444db895f78af26475287bb4b742c6e6a6e352ed Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 27 Mar 2025 11:36:08 +0100 Subject: [PATCH 0326/1080] Remove check-generated-files.sh Signed-off-by: Ronald Cron --- README.md | 2 +- tests/scripts/check-generated-files.sh | 189 ------------------------- visualc/VS2017/.gitignore | 2 +- 3 files changed, 2 insertions(+), 191 deletions(-) delete mode 100755 tests/scripts/check-generated-files.sh diff --git a/README.md b/README.md index 448f37294f..fc1536e23c 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ Any of the following methods are available to generate the configuration-indepen * If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files. * On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically. * Run `make generated_files` to generate all the configuration-independent files. -* On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files. +* On Unix/POSIX systems, run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files. * On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files. ### Make diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh deleted file mode 100755 index e3c8e08afe..0000000000 --- a/tests/scripts/check-generated-files.sh +++ /dev/null @@ -1,189 +0,0 @@ -#! /usr/bin/env sh - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Check if generated files are up-to-date. - -set -eu - -if [ $# -ne 0 ] && [ "$1" = "--help" ]; then - cat <&2 - exit 1 -fi - -UPDATE= -LIST= -while getopts lu OPTLET; do - case $OPTLET in - l) LIST=1;; - u) UPDATE=1;; - esac -done - -# check SCRIPT FILENAME[...] -# check SCRIPT DIRECTORY -# Run SCRIPT and check that it does not modify any of the specified files. -# In the first form, there can be any number of FILENAMEs, which must be -# regular files. -# In the second form, there must be a single DIRECTORY, standing for the -# list of files in the directory. Running SCRIPT must not modify any file -# in the directory and must not add or remove files either. -# If $UPDATE is empty, abort with an error status if a file is modified. -check() -{ - SCRIPT=$1 - shift - - if [ -n "$LIST" ]; then - printf '%s\n' "$@" - return - fi - - directory= - if [ -d "$1" ]; then - directory="$1" - rm -f "$directory"/*.bak - set -- "$1"/* - fi - - for FILE in "$@"; do - if [ -e "$FILE" ]; then - cp -p "$FILE" "$FILE.bak" - else - rm -f "$FILE.bak" - fi - done - - # In the case of the config tests, generate only the files to be checked - # by the caller as they are divided into Mbed TLS and TF-PSA-Crypto - # specific ones. - if [ "${SCRIPT##*/}" = "generate_config_tests.py" ]; then - "$SCRIPT" "$@" - else - "$SCRIPT" - fi - - # Compare the script output to the old files and remove backups - for FILE in "$@"; do - if diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then - # Move the original file back so that $FILE's timestamp doesn't - # change (avoids spurious rebuilds with make). - mv "$FILE.bak" "$FILE" - else - echo "'$FILE' was either modified or deleted by '$SCRIPT'" - if [ -z "$UPDATE" ]; then - exit 1 - else - rm -f "$FILE.bak" - fi - fi - done - - if [ -n "$directory" ]; then - old_list="$*" - set -- "$directory"/* - new_list="$*" - # Check if there are any new files - if [ "$old_list" != "$new_list" ]; then - echo "Files were deleted or created by '$SCRIPT'" - echo "Before: $old_list" - echo "After: $new_list" - if [ -z "$UPDATE" ]; then - exit 1 - fi - fi - fi -} - -# Note: if the format of calls to the "check" function changes, update -# framework/scripts/code_style.py accordingly. For generated C source files (*.h or *.c), -# the format must be "check SCRIPT FILENAME...". For other source files, -# any shell syntax is permitted (including e.g. command substitution). - -# Note: Instructions to generate those files are replicated in: -# - **/Makefile (to (re)build them with make) -# - **/CMakeLists.txt (to (re)build them with cmake) -# - scripts/make_generated_files.bat (to generate them under Windows) - -# These checks are common to Mbed TLS and TF-PSA-Crypto - -# The first case is temporary for the hybrid situation with a tf-psa-crypto -# directory in Mbed TLS that is not just a TF-PSA-Crypto submodule. -if [ -d tf-psa-crypto ]; then - cd tf-psa-crypto - check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) - check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list) - check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) - check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) - cd .. - # Generated files that are present in the repository even in the development - # branch. (This is intended to be temporary, until the generator scripts are - # fully reviewed and the build scripts support a generated header file.) - check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c - check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \ - ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data -else - check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) - if in_tf_psa_crypto_repo; then - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data - else - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data - fi - check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) - check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) - check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \ - ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c - # Generated files that are present in the repository even in the development - # branch. (This is intended to be temporary, until the generator scripts are - # fully reviewed and the build scripts support a generated header file.) - check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c -fi - -check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h - -# Additional checks for Mbed TLS only -if in_mbedtls_repo; then - check scripts/generate_errors.pl library/error.c - check scripts/generate_query_config.pl programs/test/query_config.c - check scripts/generate_features.pl library/version_features.c - check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c - check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh - check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh - check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h - # generate_visualc_files enumerates source files (library/*.c). It doesn't - # care about their content, but the files must exist. So it must run after - # the step that creates or updates these files. - check scripts/generate_visualc_files.pl visualc/VS2017 -fi diff --git a/visualc/VS2017/.gitignore b/visualc/VS2017/.gitignore index a9ded4aab2..e45eaf68fb 100644 --- a/visualc/VS2017/.gitignore +++ b/visualc/VS2017/.gitignore @@ -1,4 +1,4 @@ -# Files that may be left over from check-generated-files.sh +# Files that may be left over from make_generated-files.py --check /*.bak # Visual Studio artifacts From 762c80199d62feebbac1e00400bbaab75de0bfff Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 27 Mar 2025 11:36:42 +0100 Subject: [PATCH 0327/1080] Use make_generated_files.py in make_generated_files.bat Signed-off-by: Ronald Cron --- scripts/make_generated_files.bat | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 418b6681a3..f10b23b705 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -6,31 +6,10 @@ @rem * Either a C compiler called "cc" must be on the PATH, or @rem the "CC" environment variable must point to a C compiler. -@rem @@@@ library\** @@@@ -python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1 -perl scripts\generate_errors.pl || exit /b 1 -perl scripts\generate_query_config.pl || exit /b 1 -perl scripts\generate_features.pl || exit /b 1 -python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1 - -@rem @@@@ programs\** @@@@ +@rem @@@@ tf-psa-crypto @@@@ cd tf-psa-crypto -python scripts\generate_psa_constants.py || exit /b 1 -python framework\scripts\generate_config_tests.py || exit /b 1 +python framework\scripts\make_generated_files.py || exit /b 1 cd .. -@rem @@@@ tests\** @@@@ -python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_config_tests.py || exit /b 1 -python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1 -python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\tests\include\test\test_keys.h || exit /b 1 -python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1 -python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 -python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 - -@rem @@@@ Build @@@@ -@rem Call generate_visualc_files.pl last to be sure everything else has been -@rem generated before. -perl scripts\generate_visualc_files.pl || exit /b 1 +@rem @@@@ mbedtls @@@@ +python framework\scripts\make_generated_files.py || exit /b 1 From 96121ed94f97493583e005eac96b092f4a0b74ac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 29 Mar 2025 09:49:00 +0100 Subject: [PATCH 0328/1080] Update framework pointer Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 28dc4cae3f..b5b3d94f4d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 28dc4cae3f71f5425dd42953c6f2f38d49123bee +Subproject commit b5b3d94f4d82047dc3430adabd6cc209cd206bcd From 33770e75c3cf5de5c497834011168cab0531f8d1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 31 Mar 2025 11:35:31 +0200 Subject: [PATCH 0329/1080] Update tf-psa-crypto pointer Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index d66b78e4ad..69190f0c6c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d66b78e4ad1f7a61502e3dcf62daed177facc03f +Subproject commit 69190f0c6ce18cbf73aada630323bffff758c82b From 09e35e7ac882496bb3a4fc0c4a5f9f70d297dd76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 4 Apr 2025 12:59:49 +0200 Subject: [PATCH 0330/1080] Update bug report template for security issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .github/ISSUE_TEMPLATE/bug_report.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index c2031125ce..4f135f0a74 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -7,6 +7,12 @@ assignees: '' --- +NOTE: if the bug you are reporting has or may have security implications, +we ask that you report it privately to + +so that we can prepare and release a fix before publishing the details. +See [SECURITY.md](https://github.com/Mbed-TLS/mbedtls/blob/development/SECURITY.md). + ### Summary @@ -25,6 +31,10 @@ Additional environment information: ### Actual behavior +NOTE: if the actual behaviour evokes memory corruption (like a crash or an error +from a memory checker), then the bug should be assumed to have security +implications (until proven otherwise), and we ask what you report it privately, +see the note at the some of this template. ### Steps to reproduce From 0690a63472f2b49256fccf044daccabec30407d9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 09:27:36 +0100 Subject: [PATCH 0331/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index b5b3d94f4d..a39ba59344 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit b5b3d94f4d82047dc3430adabd6cc209cd206bcd +Subproject commit a39ba59344fd4f1d0ee267ca414b9420d5dca9f5 From 48e5c958a76dd726722c0fb29a77232616c20efc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 09:27:49 +0100 Subject: [PATCH 0332/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 69190f0c6c..4a9f29b05c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 69190f0c6ce18cbf73aada630323bffff758c82b +Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0 From f02784bb2c00ec60917873a440e531217ea0ec49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Apr 2025 10:49:49 +0200 Subject: [PATCH 0333/1080] Tune wording MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add more emphasis - fix a typo Signed-off-by: Manuel Pégourié-Gonnard --- .github/ISSUE_TEMPLATE/bug_report.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 4f135f0a74..15f44aaa0b 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -7,7 +7,7 @@ assignees: '' --- -NOTE: if the bug you are reporting has or may have security implications, +**WARNING:** if the bug you are reporting has or may have security implications, we ask that you report it privately to so that we can prepare and release a fix before publishing the details. @@ -31,10 +31,10 @@ Additional environment information: ### Actual behavior -NOTE: if the actual behaviour evokes memory corruption (like a crash or an error +**WARNING:* if the actual behaviour suggests memory corruption (like a crash or an error from a memory checker), then the bug should be assumed to have security implications (until proven otherwise), and we ask what you report it privately, -see the note at the some of this template. +see the note at the top of this template. ### Steps to reproduce From 55b8bb43e7dddbfab42aed1f14328d3e3d55b716 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Apr 2025 09:44:34 +0200 Subject: [PATCH 0334/1080] Check the status of mbedtls_ssl_set_hostname() Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 91efd1c813..6c5d50c47d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -865,6 +865,7 @@ int mbedtls_test_ssl_endpoint_init( if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); + TEST_EQUAL(ret, 0); } #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) From 946bf1460870116651262c4a8e7c9fdc8922795d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Apr 2025 09:48:40 +0200 Subject: [PATCH 0335/1080] Fix some test helper functions returning 0 on some failures Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 6c5d50c47d..445f2eba9b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -611,6 +611,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, { int i = 0; int ret = -1; + int ok = 0; mbedtls_test_ssl_endpoint_certificate *cert = NULL; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; @@ -733,7 +734,13 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->pkey); TEST_ASSERT(ret == 0); + ok = 1; + exit: + if (ret == 0 && !ok) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } if (ret != 0) { test_ssl_endpoint_certificate_free(ep); } @@ -902,7 +909,13 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); mbedtls_ssl_set_user_data_p(&ep->ssl, ep); + return 0; + exit: + if (ret == 0) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } return ret; } @@ -2542,6 +2555,7 @@ int mbedtls_test_get_tls13_ticket( mbedtls_ssl_session *session) { int ret = -1; + int ok = 0; unsigned char buf[64]; mbedtls_test_ssl_endpoint client_ep, server_ep; @@ -2578,10 +2592,16 @@ int mbedtls_test_get_tls13_ticket( ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); TEST_EQUAL(ret, 0); + ok = 1; + exit: mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + if (ret == 0 && !ok) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } return ret; } #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && From e6605f9185c6c6d345123023a1f790161784f557 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 8 Apr 2025 14:26:29 +0100 Subject: [PATCH 0336/1080] Adjust build scripts to accommodate public header move Signed-off-by: Felix Conway --- programs/test/generate_cpp_dummy_build.sh | 4 +++ tests/Makefile | 31 ++++------------- tests/libtestdriver1_rewrite.pl | 41 +++++++++++++++++++++++ tf-psa-crypto | 2 +- 4 files changed, 52 insertions(+), 26 deletions(-) create mode 100644 tests/libtestdriver1_rewrite.pl diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index d27c7ae124..05bdd34c94 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -52,6 +52,10 @@ EOF esac done + for header in tf-psa-crypto/include/mbedtls/*.h; do + echo "#include \"${header#tf-psa-crypto/include/}\"" + done + for header in tf-psa-crypto/include/psa/*.h; do case ${header#tf-psa-crypto/include/} in psa/crypto_config.h) :;; # not meant for direct inclusion diff --git a/tests/Makefile b/tests/Makefile index 87a6ca1777..783f766438 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -324,25 +324,6 @@ test: check perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ # Generate test library - -# Perl code that is executed to transform each original line from a library -# source file into the corresponding line in the test driver copy of the -# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx -# symbols. -define libtestdriver1_rewrite := - s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; \ - s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \ - s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!$${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; \ - next if /^\s*#\s*include/; \ - s/\b(?=MBEDTLS_|PSA_|TF_PSA_CRYPTO_)/LIBTESTDRIVER1_/g; \ - s/\b(?=mbedtls_|psa_|tf_psa_crypto_)/libtestdriver1_/g; -endef - libtestdriver1.a: rm -Rf ./libtestdriver1 mkdir ./libtestdriver1 @@ -384,12 +365,12 @@ libtestdriver1.a: # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash # when this test driver library is linked with the Mbed TLS library. - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch] - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/core/*.[ch] - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/library/*.[ch] + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a diff --git a/tests/libtestdriver1_rewrite.pl b/tests/libtestdriver1_rewrite.pl new file mode 100644 index 0000000000..c9790bbaf9 --- /dev/null +++ b/tests/libtestdriver1_rewrite.pl @@ -0,0 +1,41 @@ +#!/usr/bin/perl + +# Perl code that is executed to transform each original line from a library +# source file into the corresponding line in the test driver copy of the +# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx +# symbols. + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +use warnings; +use File::Basename; + +my @public_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/*.h"); + +my $public_files_regex = join('|', map { quotemeta($_) } @public_files); + +while (<>) { + s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!${1}libtestdriver1/include/mbedtls/check_config.h!; + # Files in include/mbedtls and drivers/builtin/include/mbedtls are both + # included in files via #include mbedtls/.h, so when expanding to the + # full path make sure that files in include/mbedtls are not expanded + # to driver/builtin/include/mbedtls. + if ( $public_files_regex ) { + s!^(\s*#\s*include\s*[\"<])mbedtls/($public_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/${2}!; + } + s!^(\s*#\s*include\s*[\"<])mbedtls/!${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; + s!^(\s*#\s*include\s*[\"<])psa/!${1}libtestdriver1/tf-psa-crypto/include/psa/!; + s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; + if (/^\s*#\s*include/) { + print; + next; + } + s/\b(?=MBEDTLS_|PSA_|TF_PSA_CRYPTO_)/LIBTESTDRIVER1_/g; + s/\b(?=mbedtls_|psa_|tf_psa_crypto_)/libtestdriver1_/g; + print; +} diff --git a/tf-psa-crypto b/tf-psa-crypto index 4a9f29b05c..d653d1b02d 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0 +Subproject commit d653d1b02d71d1579bc6e6281a2f9ef814eea3e9 From 1ef121c9b9d61217e0f2b272559c63b700e1a9f9 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 09:51:13 +0100 Subject: [PATCH 0337/1080] Move script and update shebang to fix CI Signed-off-by: Felix Conway --- tests/Makefile | 12 ++++++------ tests/{ => scripts}/libtestdriver1_rewrite.pl | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) rename tests/{ => scripts}/libtestdriver1_rewrite.pl (99%) diff --git a/tests/Makefile b/tests/Makefile index 783f766438..45231cd9a5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -365,12 +365,12 @@ libtestdriver1.a: # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash # when this test driver library is linked with the Mbed TLS library. - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/library/*.[ch] - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/library/*.[ch] + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a diff --git a/tests/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl similarity index 99% rename from tests/libtestdriver1_rewrite.pl rename to tests/scripts/libtestdriver1_rewrite.pl index c9790bbaf9..202575d855 100644 --- a/tests/libtestdriver1_rewrite.pl +++ b/tests/scripts/libtestdriver1_rewrite.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Perl code that is executed to transform each original line from a library # source file into the corresponding line in the test driver copy of the From 52bed3fcef6a707db5a42f31d72014c80836c84c Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 11:35:29 +0100 Subject: [PATCH 0338/1080] Update tf-psa-crypto & framework pointers Signed-off-by: Felix Conway --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index a39ba59344..bf36088bd3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit a39ba59344fd4f1d0ee267ca414b9420d5dca9f5 +Subproject commit bf36088bd373fe5dbe56fb5d05d25af35a56a175 diff --git a/tf-psa-crypto b/tf-psa-crypto index d653d1b02d..ced1c6df90 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d653d1b02d71d1579bc6e6281a2f9ef814eea3e9 +Subproject commit ced1c6df90b49ef39849d9cb8a0c540fb672a478 From f670ba5e522f0ed116bf6951faebeb3a62493495 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 15:09:32 +0100 Subject: [PATCH 0339/1080] Always call mbedtls_ssl_handshake_set_state Call a single function for all handshake state changes, for easier tracing. Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 6 ++++++ library/ssl_msg.c | 4 ++-- library/ssl_tls.c | 34 +++++++++++++++++----------------- library/ssl_tls12_client.c | 36 ++++++++++++++++++------------------ library/ssl_tls12_server.c | 34 +++++++++++++++++----------------- 5 files changed, 60 insertions(+), 54 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index de8e0dae23..ce62c2c987 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1304,12 +1304,18 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); + static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { ssl->state = (int) state; } +static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) +{ + mbedtls_ssl_handshake_set_state(ssl, ssl->state + 1); +} + MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index be0dc92720..f1fe0ec8e5 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5044,7 +5044,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) ssl->out_msglen = 1; ssl->out_msg[0] = 1; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -5106,7 +5106,7 @@ int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_update_in_pointers(ssl); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5a668a4660..75dde2b8ee 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1409,7 +1409,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION; ssl->tls_version = ssl->conf->max_tls_version; @@ -4235,7 +4235,7 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); ret = 0; break; @@ -4386,7 +4386,7 @@ int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl) } #endif - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { @@ -5144,7 +5144,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, * Most of them already set to the correct value by mbedtls_ssl_init() and * mbedtls_ssl_reset(), so we only need to set the remaining ones. */ - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; /* Adjust pointers for header fields of outgoing records to @@ -6726,7 +6726,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -6743,7 +6743,7 @@ int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -6766,7 +6766,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -6774,7 +6774,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { if (ssl->handshake->client_auth == 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } } @@ -6828,7 +6828,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -7282,7 +7282,7 @@ int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) exit: if (ret == 0) { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -7460,7 +7460,7 @@ void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) #endif mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); } @@ -7504,16 +7504,16 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); } #endif #if defined(MBEDTLS_SSL_SRV_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); } #endif } else { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } /* @@ -7639,16 +7639,16 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); } #endif #if defined(MBEDTLS_SSL_SRV_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); } #endif } else { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index e0743e1a6a..df7dfbfa61 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1118,7 +1118,7 @@ static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) ssl->handshake->cookie_len = cookie_len; /* Start over at ClientHello */ - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); ret = mbedtls_ssl_reset_checksum(ssl); if (0 != ret) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret); @@ -1327,7 +1327,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->ciphersuite != i || ssl->session_negotiate->id_len != n || memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); ssl->handshake->resume = 0; #if defined(MBEDTLS_HAVE_TIME) ssl->session_negotiate->start = mbedtls_time(NULL); @@ -1336,7 +1336,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->id_len = n; memcpy(ssl->session_negotiate->id, buf + 35, n); } else { - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); } MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", @@ -1839,7 +1839,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } ((void) p); @@ -2147,7 +2147,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ exit: - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); @@ -2165,7 +2165,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2192,7 +2192,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2210,7 +2210,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); ssl->handshake->client_auth = (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); @@ -2381,7 +2381,7 @@ static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_DECODE_ERROR; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -2683,7 +2683,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -2712,7 +2712,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2754,14 +2754,14 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } if (ssl->handshake->client_auth == 0 || mbedtls_ssl_own_cert(ssl) == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2843,7 +2843,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -2917,7 +2917,7 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); /* * Zero-length ticket means the server changed his mind and doesn't want @@ -2978,13 +2978,13 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && ssl->handshake->new_session_ticket != 0) { - ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_NEW_SESSION_TICKET); } #endif switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; /* @@ -3069,7 +3069,7 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_FLUSH_BUFFERS: MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e1785504b6..2b2b49f2b0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1597,7 +1597,7 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->handshake->ciphersuite_info = ciphersuite_info; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -2015,7 +2015,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; - ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -2183,7 +2183,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) * New session, create a new session id, * unless we're about to issue a session ticket */ - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_HAVE_TIME) ssl->session_negotiate->start = mbedtls_time(NULL); @@ -2207,7 +2207,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) * Resuming a session */ n = ssl->session_negotiate->id_len; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); @@ -2333,7 +2333,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2356,7 +2356,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { @@ -3080,7 +3080,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ @@ -3134,7 +3134,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -3156,7 +3156,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -3461,7 +3461,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) return ret; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); @@ -3479,7 +3479,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -3505,20 +3505,20 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if (ssl->session_negotiate->peer_cert == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ if (ssl->session_negotiate->peer_cert_digest == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -3530,7 +3530,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) return ret; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); /* Process the message contents */ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || @@ -3714,7 +3714,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; /* @@ -3803,7 +3803,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_FLUSH_BUFFERS: MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: From c67befee6afb6e22f7f506ef6110041f62071319 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:45:29 +0100 Subject: [PATCH 0340/1080] Add a log message on every SSL state transition Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ce62c2c987..e82c6250e4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -16,6 +16,9 @@ #include "mbedtls/error.h" #include "mbedtls/ssl.h" +#include "mbedtls/debug.h" +#include "debug_internal.h" + #include "mbedtls/cipher.h" #include "psa/crypto.h" @@ -1305,9 +1308,21 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); +#if defined(MBEDTLS_DEBUG_C) +/* Declared in "ssl_debug_helpers.h". We can't include this file from + * "ssl_misc.h" because it includes "ssl_misc.h" because it needs some + * type definitions. TODO: split the type definitions and the helper + * functions into different headers. + */ +const char *mbedtls_ssl_states_str(mbedtls_ssl_states state); +#endif + static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { + MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", + ssl->state, mbedtls_ssl_states_str(ssl->state), + state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } From a4bf00227f5d534fc8dfaa85e3c4f447e138ff64 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:37:49 +0100 Subject: [PATCH 0341/1080] Document gotcha of move_handshake_to_state A single call to move_handshake_to_state() can't do a full handshake. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 3ba314f832..0ca02700a6 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -476,6 +476,18 @@ void mbedtls_test_ssl_endpoint_free( * /p second_ssl is used as second endpoint and their sockets have to be * connected before calling this function. * + * For example, to perform a full handshake: + * ``` + * mbedtls_test_move_handshake_to_state( + * &server.ssl, &client.ssl, + * MBEDTLS_SSL_HANDSHAKE_OVER); + * mbedtls_test_move_handshake_to_state( + * &client.ssl, &client.ssl, + * MBEDTLS_SSL_HANDSHAKE_OVER); + * ``` + * Note that you need both calls to reach the handshake-over state on + * both sides. + * * \retval 0 on success, otherwise error code. */ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, From 92122edf4b8d0b5dda73379fa895cdca51021910 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:40:50 +0100 Subject: [PATCH 0342/1080] Create handshake record coalescing tests Create tests that coalesce the handshake messages in the first flight from the server. This lets us test the behavior of the library when a handshake record contains multiple handshake messages. Only non-protected (non-encrypted, non-authenticated) handshake messages are supported. The test code works for all protocol versions, but it is only effective in TLS 1.2. In TLS 1.3, there is only a single non-encrypted handshake record, so we can't test records containing more than one handshake message without a lot more work. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 232 +++++++++++++++++++++++ tests/suites/test_suite_ssl.records.data | 26 +++ 2 files changed, 258 insertions(+) create mode 100644 tests/suites/test_suite_ssl.records.data diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 743b53c007..278656c194 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -106,6 +106,98 @@ static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, #define TEST_GCM_OR_CHACHAPOLY_ENABLED #endif +typedef enum { + RECOMBINE_NOMINAL, /* param: ignored */ + RECOMBINE_COALESCE, /* param: min number of records */ +} recombine_records_instruction_t; + +/* Coalesce TLS handshake records. + * DTLS is not supported. + * Encrypted or authenticated handshake records are not supported. + * Assume the buffer content is a valid sequence of records. + */ +static int recombine_coalesce_handshake_records(mbedtls_test_ssl_buffer *buf, + int max) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + if (buf->buffer[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { + return 0; + } + + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + TEST_LE_U(header_length + record_length, buf->content_length); + + int count; + for (count = 1; count < max; count++) { + size_t next_start = header_length + record_length; + if (next_start >= buf->content_length) { + /* We've already reached the last record. */ + break; + } + + TEST_LE_U(next_start + header_length, buf->content_length); + if (buf->buffer[next_start] != MBEDTLS_SSL_MSG_HANDSHAKE) { + /* There's another record, but it isn't a handshake record. */ + break; + } + size_t next_length = + MBEDTLS_GET_UINT16_BE(buf->buffer, next_start + header_length - 2); + TEST_LE_U(next_start + header_length + next_length, buf->content_length); + + /* Erase the next record header */ + memmove(buf->buffer + next_start, + buf->buffer + next_start + header_length, + buf->content_length - next_start); + buf->content_length -= header_length; + /* Update the first record length */ + record_length += next_length; + TEST_LE_U(record_length, 0xffff); + MBEDTLS_PUT_UINT16_BE(record_length, buf->buffer, header_length - 2); + } + + return count; + +exit: + return -1; +} + +static int recombine_records(mbedtls_test_ssl_endpoint *server, + recombine_records_instruction_t instruction, + int param) +{ + mbedtls_test_ssl_buffer *buf = server->socket.output; + int ret; + + /* buf is a circular buffer. For simplicity, this code assumes that + * the data is located at the beginning. This should be ok since + * this function is only meant to be used on the first flight + * emitted by a server. */ + TEST_EQUAL(buf->start, 0); + + switch (instruction) { + case RECOMBINE_NOMINAL: + break; + + case RECOMBINE_COALESCE: + ret = recombine_coalesce_handshake_records(buf, param); + if (param == INT_MAX) { + TEST_LE_S(1, ret); + } else { + TEST_EQUAL(ret, param); + } + break; + + default: + TEST_FAIL("Instructions not understood"); + } + + return 1; + +exit: + return 0; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -2840,6 +2932,146 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void recombine_server_first_flight(int version, + int instruction, int param, + char *client_log, char *server_log, + int goal_state, int expected_ret) +{ + enum { BUFFSIZE = 17000 }; + mbedtls_test_ssl_endpoint client = { 0 }; + mbedtls_test_ssl_endpoint server = { 0 }; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_handshake_test_options server_options; + mbedtls_test_init_handshake_options(&server_options); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_test_ssl_log_pattern cli_pattern = { .pattern = client_log }; + mbedtls_test_ssl_log_pattern srv_pattern = { .pattern = server_log }; +#endif + int ret = 0; + + MD_OR_USE_PSA_INIT(); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold(3); +#endif + + client_options.client_min_version = version; + client_options.client_max_version = version; +#if defined(MBEDTLS_DEBUG_C) + client_options.cli_log_obj = &cli_pattern; + client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer; +#else + (void) cli_pattern; +#endif + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, + NULL), 0); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_ssl_conf_dbg(&client.conf, client_options.cli_log_fun, + client_options.cli_log_obj); +#endif + + server_options.server_min_version = version; + server_options.server_max_version = version; +#if defined(MBEDTLS_DEBUG_C) + server_options.srv_log_obj = &srv_pattern; + server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; +#else + (void) srv_pattern; +#endif + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, + NULL), 0); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_ssl_conf_dbg(&server.conf, server_options.srv_log_fun, + server_options.srv_log_obj); +#endif + + TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket, + &server.socket, + BUFFSIZE), 0); + + /* Client: emit the first flight from the client */ + while (ret == 0) { + mbedtls_test_set_step(client.ssl.state); + ret = mbedtls_ssl_handshake_step(&client.ssl); + } + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + ret = 0; + TEST_EQUAL(client.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + + /* Server: parse the first flight from the client + * and emit the first flight from the server */ + while (ret == 0) { + mbedtls_test_set_step(1000 + server.ssl.state); + ret = mbedtls_ssl_handshake_step(&server.ssl); + } + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + ret = 0; + TEST_EQUAL(server.ssl.state, MBEDTLS_SSL_SERVER_HELLO_DONE + 1); + + /* Recombine the first flight from the server */ + TEST_ASSERT(recombine_records(&server, instruction, param)); + + /* Client: parse the first flight from the server + * and emit the second flight from the client */ + while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) { + mbedtls_test_set_step(client.ssl.state); + ret = mbedtls_ssl_handshake_step(&client.ssl); + if (client.ssl.state == goal_state && ret != 0) { + TEST_EQUAL(ret, expected_ret); + goto goal_reached; + } + } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if (version >= MBEDTLS_SSL_VERSION_TLS1_3 && + goal_state >= MBEDTLS_SSL_HANDSHAKE_OVER) { + TEST_EQUAL(ret, 0); + } else +#endif + { + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + } + ret = 0; + + /* Server: parse the first flight from the client + * and emit the second flight from the server */ + while (ret == 0 && !mbedtls_ssl_is_handshake_over(&server.ssl)) { + mbedtls_test_set_step(1000 + server.ssl.state); + ret = mbedtls_ssl_handshake_step(&server.ssl); + } + TEST_EQUAL(ret, 0); + + /* Client: parse the second flight from the server */ + while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) { + mbedtls_test_set_step(client.ssl.state); + ret = mbedtls_ssl_handshake_step(&client.ssl); + } + if (client.ssl.state == goal_state) { + TEST_EQUAL(ret, expected_ret); + } else { + TEST_EQUAL(ret, 0); + } + +goal_reached: +#if defined(MBEDTLS_DEBUG_C) + TEST_ASSERT(cli_pattern.counter >= 1); + TEST_ASSERT(srv_pattern.counter >= 1); +#endif + +exit: + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + MD_OR_USE_PSA_DONE(); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold(0); +#endif +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void renegotiation(int legacy_renegotiation) { diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data new file mode 100644 index 0000000000..e31fbbd23a --- /dev/null +++ b/tests/suites/test_suite_ssl.records.data @@ -0,0 +1,26 @@ +Recombine server flight 1: TLS 1.2, nominal +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.3, nominal +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +Recombine server flight 1: TLS 1.2, coalesce 2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:2:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.2, coalesce 3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:3:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.2, coalesce all +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +# TLS 1.3 has a single non-encrypted handshake record, so this doesn't +# actually perform any coalescing. Run the test case anyway, but this does +# very little beyond exercising the test code itself a little. +Recombine server flight 1: TLS 1.3, coalesce all +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 From 7c1dbeff4908b23dbced56694bc17263fd7e0eb7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:48:01 +0100 Subject: [PATCH 0343/1080] Test split, coalesced-split and empty handshake records Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 1 + tests/suites/test_suite_ssl.function | 122 +++++++++++++++++++++++ tests/suites/test_suite_ssl.records.data | 88 ++++++++++++++++ 3 files changed, 211 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f1fe0ec8e5..dba8d74ba1 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3699,6 +3699,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, rec->buf_len = rec->data_offset + rec->data_len; if (rec->data_len == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("rejecting empty record")); return MBEDTLS_ERR_SSL_INVALID_RECORD; } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 278656c194..577249c1d8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -108,9 +108,100 @@ static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, typedef enum { RECOMBINE_NOMINAL, /* param: ignored */ + RECOMBINE_SPLIT_FIRST, /* param: offset of split (<=0 means from end) */ + RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ RECOMBINE_COALESCE, /* param: min number of records */ + RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ + RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ } recombine_records_instruction_t; +/* Split the first record into two pieces of lengths offset and + * record_length-offset. If offset is zero or negative, count from the end of + * the record. */ +static int recombine_split_first_record(mbedtls_test_ssl_buffer *buf, + int offset) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + + if (offset > 0) { + TEST_LE_S(offset, record_length); + } else { + TEST_LE_S(-offset, record_length); + offset = record_length + offset; + } + + /* Check that we have room to insert a record header */ + TEST_LE_U(buf->content_length + header_length, buf->capacity); + + /* Make room for a record header */ + size_t new_record_start = header_length + offset; + size_t new_content_start = new_record_start + header_length; + memmove(buf->buffer + new_content_start, + buf->buffer + new_record_start, + buf->content_length - new_record_start); + buf->content_length += header_length; + + /* Construct a header for the new record based on the existing one */ + memcpy(buf->buffer + new_record_start, buf->buffer, header_length); + MBEDTLS_PUT_UINT16_BE(record_length - offset, + buf->buffer, new_content_start - 2); + + /* Adjust the length of the first record */ + MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); + + return 0; + +exit: + return -1; +} + +/* Insert an empty record at the given offset. If offset is negative, + * count from the end of the first record. */ +static int recombine_insert_empty_record(mbedtls_test_ssl_buffer *buf, + int offset) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + + if (offset >= 0) { + TEST_LE_S(offset, record_length); + } else { + TEST_LE_S(-offset, record_length); + offset = record_length + offset; + } + + /* Check that we have room to insert two record headers */ + TEST_LE_U(buf->content_length + 2 * header_length, buf->capacity); + + /* Make room for an empty record and a record header */ + size_t empty_record_start = header_length + offset; + size_t empty_content_start = empty_record_start + header_length; + size_t tail_record_start = empty_content_start; + size_t tail_content_start = tail_record_start + header_length; + memmove(buf->buffer + tail_content_start, + buf->buffer + tail_record_start, + buf->content_length - tail_record_start); + buf->content_length += 2 * header_length; + + /* Construct headers for the new records based on the existing one */ + memcpy(buf->buffer + empty_record_start, buf->buffer, header_length); + MBEDTLS_PUT_UINT16_BE(0, buf->buffer, empty_content_start - 2); + memcpy(buf->buffer + tail_record_start, buf->buffer, header_length); + MBEDTLS_PUT_UINT16_BE(record_length - offset, + buf->buffer, tail_content_start - 2); + + /* Adjust the length of the first record */ + MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); + + return 0; + +exit: + return -1; +} + /* Coalesce TLS handshake records. * DTLS is not supported. * Encrypted or authenticated handshake records are not supported. @@ -179,6 +270,16 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, case RECOMBINE_NOMINAL: break; + case RECOMBINE_SPLIT_FIRST: + ret = recombine_split_first_record(buf, param); + TEST_LE_S(0, ret); + break; + + case RECOMBINE_INSERT_EMPTY: + ret = recombine_insert_empty_record(buf, param); + TEST_LE_S(0, ret); + break; + case RECOMBINE_COALESCE: ret = recombine_coalesce_handshake_records(buf, param); if (param == INT_MAX) { @@ -188,6 +289,27 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, } break; + case RECOMBINE_COALESCE_SPLIT_ONCE: + ret = recombine_coalesce_handshake_records(buf, INT_MAX); + /* Require at least two coalesced records, otherwise this + * doesn't lead to a meaningful test (use + * RECOMBINE_SPLIT_FIRST instead). */ + TEST_LE_S(2, ret); + ret = recombine_split_first_record(buf, param); + TEST_LE_S(0, ret); + break; + + case RECOMBINE_COALESCE_SPLIT_ENDS: + ret = recombine_coalesce_handshake_records(buf, INT_MAX); + /* Accept a single record, which will be split at both ends */ + TEST_LE_S(1, ret); + TEST_LE_S(1, param); + ret = recombine_split_first_record(buf, -param); + TEST_LE_S(0, ret); + ret = recombine_split_first_record(buf, param); + TEST_LE_S(0, ret); + break; + default: TEST_FAIL("Instructions not understood"); } diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index e31fbbd23a..ca19393fd5 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -24,3 +24,91 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_ Recombine server flight 1: TLS 1.3, coalesce all depends_on:MBEDTLS_SSL_PROTO_TLS1_3 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +Recombine server flight 1: TLS 1.2, split first at 4 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.3, split first at 4 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +Recombine server flight 1: TLS 1.2, split first at end-1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.3, split first at end-1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +# The library doesn't support an initial handshake fragment that doesn't +# contain the full 4-byte handshake header. +Recombine server flight 1: TLS 1.2, split first at 3 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, split first at 3 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, split first at 2 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, split first at 2 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, split first at 1 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, split first at 1 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert empty record after first (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert empty record after first (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert empty record at start (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert empty record at start (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +# Since there is a single unencrypted handshake message in the first flight +# from the server, and the test code that recombines handshake records can only +# handle plaintext records, we can't have TLS 1.3 tests with coalesced +# handshake messages. Hence most coalesce-and-split test cases are 1.2-only. + +Recombine server flight 1: TLS 1.2, coalesce and split at 4 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +# The last message of the first flight from the server is ServerHelloDone, +# which is an empty handshake message, i.e. of length 4. The library doesn't +# support fragmentation of a handshake message, so the last place where we +# can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the +# previous handshake message and 4 bytes of ServerHelloDone including header. +Recombine server flight 1: TLS 1.2, coalesce and split at end-5 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:-5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.2, coalesce and split at both ends +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 From 7ab9fb6d147e5afab97882b8bd612c66f9094189 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 22:26:36 +0100 Subject: [PATCH 0344/1080] Pacify ancient clang -Wmissing-initializer Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 577249c1d8..91ffe35ee8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3061,8 +3061,10 @@ void recombine_server_first_flight(int version, int goal_state, int expected_ret) { enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client = { 0 }; - mbedtls_test_ssl_endpoint server = { 0 }; + mbedtls_test_ssl_endpoint client; + memset(&client, 0, sizeof(client)); + mbedtls_test_ssl_endpoint server; + memset(&server, 0, sizeof(server)); mbedtls_test_handshake_test_options client_options; mbedtls_test_init_handshake_options(&client_options); mbedtls_test_handshake_test_options server_options; From bc694b3cbdcafdc4c750906523bf802b273cb4c1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 22:28:23 +0100 Subject: [PATCH 0345/1080] Fix printf of enum The enum is promoted to `int`, so `%d` is a correct format, but `gcc -Wformat` complains. Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e82c6250e4..f52f784476 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1322,7 +1322,7 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", ssl->state, mbedtls_ssl_states_str(ssl->state), - state, mbedtls_ssl_states_str(state))); + (int) state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } From 074267282f266e6baf88a71bd836f1fb9434ac16 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 23:01:42 +0100 Subject: [PATCH 0346/1080] Fix the build in PSK-only configurations Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 91ffe35ee8..ca85578b5b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -115,6 +115,8 @@ typedef enum { RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ } recombine_records_instruction_t; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + /* Split the first record into two pieces of lengths offset and * record_length-offset. If offset is zero or negative, count from the end of * the record. */ @@ -320,6 +322,8 @@ exit: return 0; } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -3054,7 +3058,9 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* This test case doesn't actually depend on certificates, + * but our helper code for mbedtls_test_ssl_endpoint does. */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ void recombine_server_first_flight(int version, int instruction, int param, char *client_log, char *server_log, From c34ea472fb96531d7277823b620ec262472689e2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 23:04:23 +0100 Subject: [PATCH 0347/1080] Fix the build without MBEDTLS_DEBUG_C Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ca85578b5b..061adba762 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3078,6 +3078,9 @@ void recombine_server_first_flight(int version, #if defined(MBEDTLS_DEBUG_C) mbedtls_test_ssl_log_pattern cli_pattern = { .pattern = client_log }; mbedtls_test_ssl_log_pattern srv_pattern = { .pattern = server_log }; +#else + (void) client_log; + (void) server_log; #endif int ret = 0; @@ -3091,8 +3094,6 @@ void recombine_server_first_flight(int version, #if defined(MBEDTLS_DEBUG_C) client_options.cli_log_obj = &cli_pattern; client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer; -#else - (void) cli_pattern; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, @@ -3107,8 +3108,6 @@ void recombine_server_first_flight(int version, #if defined(MBEDTLS_DEBUG_C) server_options.srv_log_obj = &srv_pattern; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; -#else - (void) srv_pattern; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, From 5e3c0bd82bcb14742b168d0a3621935d5949a300 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:02:42 +0100 Subject: [PATCH 0348/1080] Also test inserting non-empty, non-handshake records Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 60 +++++++++++++++++++----- tests/suites/test_suite_ssl.records.data | 40 ++++++++++++++++ 2 files changed, 89 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 061adba762..52e887af6d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -110,6 +110,7 @@ typedef enum { RECOMBINE_NOMINAL, /* param: ignored */ RECOMBINE_SPLIT_FIRST, /* param: offset of split (<=0 means from end) */ RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ + RECOMBINE_INSERT_RECORD, /* param: record type */ RECOMBINE_COALESCE, /* param: min number of records */ RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ @@ -161,8 +162,9 @@ exit: /* Insert an empty record at the given offset. If offset is negative, * count from the end of the first record. */ -static int recombine_insert_empty_record(mbedtls_test_ssl_buffer *buf, - int offset) +static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, + int offset, + uint8_t inserted_record_type) { const size_t header_length = 5; TEST_LE_U(header_length, buf->content_length); @@ -175,22 +177,50 @@ static int recombine_insert_empty_record(mbedtls_test_ssl_buffer *buf, offset = record_length + offset; } - /* Check that we have room to insert two record headers */ - TEST_LE_U(buf->content_length + 2 * header_length, buf->capacity); + uint8_t inserted_content[42] = { 0 }; + size_t inserted_content_length = 0; + switch (inserted_record_type) { + case MBEDTLS_SSL_MSG_ALERT: + inserted_content[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; + inserted_content[1] = MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION; + inserted_content_length = 2; + break; + case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: + inserted_content[0] = 0x01; + inserted_content_length = 1; + break; + case MBEDTLS_SSL_MSG_APPLICATION_DATA: + inserted_content_length = sizeof(inserted_content); + break; + default: + /* Leave the content empty */ + break; + } + + /* Check that we have room to insert two record headers plus the new + * content. */ + TEST_LE_U(buf->content_length + 2 * header_length + inserted_content_length, + buf->capacity); /* Make room for an empty record and a record header */ - size_t empty_record_start = header_length + offset; - size_t empty_content_start = empty_record_start + header_length; - size_t tail_record_start = empty_content_start; + size_t inserted_record_start = header_length + offset; + size_t inserted_content_start = inserted_record_start + header_length; + size_t tail_record_start = inserted_content_start + inserted_content_length; size_t tail_content_start = tail_record_start + header_length; memmove(buf->buffer + tail_content_start, buf->buffer + tail_record_start, buf->content_length - tail_record_start); buf->content_length += 2 * header_length; - /* Construct headers for the new records based on the existing one */ - memcpy(buf->buffer + empty_record_start, buf->buffer, header_length); - MBEDTLS_PUT_UINT16_BE(0, buf->buffer, empty_content_start - 2); + /* Construct the inserted record based on the existing one */ + memcpy(buf->buffer + inserted_record_start, buf->buffer, header_length); + buf->buffer[inserted_record_start] = inserted_record_type; + MBEDTLS_PUT_UINT16_BE(inserted_content_length, + buf->buffer, inserted_content_start - 2); + memcpy(buf->buffer + inserted_content_start, + inserted_content, inserted_content_length); + + /* Construct header for the last fragment based on the existing one */ memcpy(buf->buffer + tail_record_start, buf->buffer, header_length); MBEDTLS_PUT_UINT16_BE(record_length - offset, buf->buffer, tail_content_start - 2); @@ -278,7 +308,15 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, break; case RECOMBINE_INSERT_EMPTY: - ret = recombine_insert_empty_record(buf, param); + /* Insert an empty handshake record. */ + ret = recombine_insert_record(buf, param, MBEDTLS_SSL_MSG_HANDSHAKE); + TEST_LE_S(0, ret); + break; + + case RECOMBINE_INSERT_RECORD: + /* Insert an extra record at a position where splitting + * would be ok. */ + ret = recombine_insert_record(buf, 5, param); TEST_LE_S(0, ret); break; diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index ca19393fd5..2acbbe9f4f 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -91,6 +91,46 @@ Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) depends_on:MBEDTLS_SSL_PROTO_TLS1_3 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD +Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.2, insert data record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.3, insert data record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + # Since there is a single unencrypted handshake message in the first flight # from the server, and the test code that recombines handshake records can only # handle plaintext records, we can't have TLS 1.3 tests with coalesced From 84ccbd800206db97f2334704b3d0e01be82c49fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:16:46 +0100 Subject: [PATCH 0349/1080] Simulate closing the connection mid-message Simulate the server closing the connection after a partial handshake message. These test cases don't send a close_notify alert. The test cases "insert alert record" exercise what happens if the server sends an alert. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 47 ++++++++++++++++++++++++ tests/suites/test_suite_ssl.records.data | 8 ++++ 2 files changed, 55 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 52e887af6d..3081257cb8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -109,6 +109,7 @@ static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, typedef enum { RECOMBINE_NOMINAL, /* param: ignored */ RECOMBINE_SPLIT_FIRST, /* param: offset of split (<=0 means from end) */ + RECOMBINE_TRUNCATE_FIRST, /* param: offset of truncation (<=0 means from end) */ RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ RECOMBINE_INSERT_RECORD, /* param: record type */ RECOMBINE_COALESCE, /* param: min number of records */ @@ -160,6 +161,39 @@ exit: return -1; } +/* Truncate the first record, keeping only the first offset bytes. + * If offset is zero or negative, count from the end of the record. + * Remove the subsequent records. + */ +static int recombine_truncate_first_record(mbedtls_test_ssl_buffer *buf, + int offset) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + + if (offset > 0) { + TEST_LE_S(offset, record_length); + } else { + TEST_LE_S(-offset, record_length); + offset = record_length + offset; + } + + /* Adjust the length of the first record */ + MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); + + /* Wipe the rest */ + size_t truncated_end = header_length + offset; + memset(buf->buffer + truncated_end, '!', + buf->content_length - truncated_end); + buf->content_length = truncated_end; + + return 0; + +exit: + return -1; +} + /* Insert an empty record at the given offset. If offset is negative, * count from the end of the first record. */ static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, @@ -307,6 +341,11 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, TEST_LE_S(0, ret); break; + case RECOMBINE_TRUNCATE_FIRST: + ret = recombine_truncate_first_record(buf, param); + TEST_LE_S(0, ret); + break; + case RECOMBINE_INSERT_EMPTY: /* Insert an empty handshake record. */ ret = recombine_insert_record(buf, param, MBEDTLS_SSL_MSG_HANDSHAKE); @@ -3204,6 +3243,14 @@ void recombine_server_first_flight(int version, /* Server: parse the first flight from the client * and emit the second flight from the server */ + if (instruction == RECOMBINE_TRUNCATE_FIRST) { + /* Close without a notification. The case of closing with a + * notification is tested via RECOMBINE_INSERT_RECORD to insert + * an alert record (which we reject, making the client SSL + * context become invalid). */ + mbedtls_test_mock_socket_close(&server.socket); + goto goal_reached; + } while (ret == 0 && !mbedtls_ssl_is_handshake_over(&server.ssl)) { mbedtls_test_set_step(1000 + server.ssl.state); ret = mbedtls_ssl_handshake_step(&server.ssl); diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index 2acbbe9f4f..e94f554c69 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -67,6 +67,14 @@ Recombine server flight 1: TLS 1.3, split first at 1 (bad) depends_on:MBEDTLS_SSL_PROTO_TLS1_3 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD +Recombine server flight 1: TLS 1.2, truncate at 4 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ + +Recombine server flight 1: TLS 1.3, truncate at 4 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ + Recombine server flight 1: TLS 1.2, insert empty record after first (bad) depends_on:MBEDTLS_SSL_PROTO_TLS1_2 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD From 161cadd1cc6097a7324bb65024e4bfc9f10236df Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:24:22 +0100 Subject: [PATCH 0350/1080] Fix copypasta Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 0ca02700a6..c0c110105d 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -482,7 +482,7 @@ void mbedtls_test_ssl_endpoint_free( * &server.ssl, &client.ssl, * MBEDTLS_SSL_HANDSHAKE_OVER); * mbedtls_test_move_handshake_to_state( - * &client.ssl, &client.ssl, + * &client.ssl, &server.ssl, * MBEDTLS_SSL_HANDSHAKE_OVER); * ``` * Note that you need both calls to reach the handshake-over state on From eb48890bd5bdecf988ef1726895a7f6d0e94ff75 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:29:59 +0100 Subject: [PATCH 0351/1080] Remove redundant setup mbedtls_test_ssl_endpoint_init() already takes care of setting up debugging. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3081257cb8..85c252492c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3175,10 +3175,6 @@ void recombine_server_first_flight(int version, TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL), 0); -#if defined(MBEDTLS_DEBUG_C) - mbedtls_ssl_conf_dbg(&client.conf, client_options.cli_log_fun, - client_options.cli_log_obj); -#endif server_options.server_min_version = version; server_options.server_max_version = version; @@ -3189,10 +3185,6 @@ void recombine_server_first_flight(int version, TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, NULL), 0); -#if defined(MBEDTLS_DEBUG_C) - mbedtls_ssl_conf_dbg(&server.conf, server_options.srv_log_fun, - server_options.srv_log_obj); -#endif TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket, &server.socket, From c0721e0e8ecfa49567c2ffd2df1019ea65a2e96a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:53:16 +0100 Subject: [PATCH 0352/1080] Improve documentation Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 19 ++++++++++++++++--- tests/suites/test_suite_ssl.records.data | 2 +- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 85c252492c..8a77df5edf 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -112,9 +112,9 @@ typedef enum { RECOMBINE_TRUNCATE_FIRST, /* param: offset of truncation (<=0 means from end) */ RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ RECOMBINE_INSERT_RECORD, /* param: record type */ - RECOMBINE_COALESCE, /* param: min number of records */ + RECOMBINE_COALESCE, /* param: number of records (INT_MAX=all) */ RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ - RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ + RECOMBINE_COALESCE_SPLIT_BOTH_ENDS, /* param: offset, must be >0 */ } recombine_records_instruction_t; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -272,6 +272,10 @@ exit: * DTLS is not supported. * Encrypted or authenticated handshake records are not supported. * Assume the buffer content is a valid sequence of records. + * + * Coalesce only the first max records, or all the records if there are + * fewer than max. + * Return the number of coalesced records, or -1 on error. */ static int recombine_coalesce_handshake_records(mbedtls_test_ssl_buffer *buf, int max) @@ -361,6 +365,9 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, case RECOMBINE_COALESCE: ret = recombine_coalesce_handshake_records(buf, param); + /* If param != INT_MAX, enforce that there were that many + * records to coalesce. In particular, 1 < param < INT_MAX + * ensures that library will see some coalesced records. */ if (param == INT_MAX) { TEST_LE_S(1, ret); } else { @@ -378,7 +385,7 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, TEST_LE_S(0, ret); break; - case RECOMBINE_COALESCE_SPLIT_ENDS: + case RECOMBINE_COALESCE_SPLIT_BOTH_ENDS: ret = recombine_coalesce_handshake_records(buf, INT_MAX); /* Accept a single record, which will be split at both ends */ TEST_LE_S(1, ret); @@ -3143,6 +3150,12 @@ void recombine_server_first_flight(int version, char *client_log, char *server_log, int goal_state, int expected_ret) { + /* Make sure we have a buffer that's large enough for the longest + * data that the library might ever send, plus a bit extra so that + * we can inject more content. The library won't ever send more than + * 2^14 bytes of handshake messages, so we round that up. In practice + * we could surely get away with a much smaller buffer. The main + * variable part is the server certificate. */ enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client; memset(&client, 0, sizeof(client)); diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index e94f554c69..edc2754356 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -159,4 +159,4 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLI Recombine server flight 1: TLS 1.2, coalesce and split at both ends depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 From 0a1996f8eea4907393ef73c27528e12033ad3ca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Mar 2025 12:41:19 +0100 Subject: [PATCH 0353/1080] Tighten dependency declarations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These are not optimal. For example, the tests should in principle be able to run in builds without ECDSA, by using RSA certs instead. Ideally PSK should work too. However, getting optimal dependencies would be a lot of work that's largely orthogonal to the purpose of this PR, so we'll settle for good enough. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8a77df5edf..78f48e5b57 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3144,7 +3144,7 @@ exit: /* This test case doesn't actually depend on certificates, * but our helper code for mbedtls_test_ssl_endpoint does. */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ void recombine_server_first_flight(int version, int instruction, int param, char *client_log, char *server_log, @@ -3179,6 +3179,10 @@ void recombine_server_first_flight(int version, mbedtls_debug_set_threshold(3); #endif + // Does't really matter but we want to know to declare dependencies. + client_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.client_min_version = version; client_options.client_max_version = version; #if defined(MBEDTLS_DEBUG_C) From 921a2acf8bf8366eb2f4b1fe80437289b42850cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2025 11:47:13 +0100 Subject: [PATCH 0354/1080] Improve dependency declarations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The function depends on MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED which is basically MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED || MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED The individual test cases depend on the specific TLS version. This is not precise enough. In a build with both TLS versions enabled, we could have cert-based key exchange in one version but not in the other. So, we need the 1.3 tests to depend on the 1.3 cert-based key exchange and similarly for 1.2. For 1.2, cert-based key exchange means ECDHE-{RSA,ECDSA} or ECDH-{RSA,ECDSA}. Since the test function sets an ECC cert for the server, we want one of the ECDSA ones. So, the minimal dependency would be ECDH_ECDSA || ECDHE_ECDSA. Since dependencies with || are inconvenient to express, and anyway ECDH_ECDSA (static ECDH) is something we'd like to remove in 4.0 if we can find the time, I chose to just depend on ECDHE_ECDSA. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.records.data | 74 ++++++++++++------------ 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index edc2754356..3ec79183ba 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -1,142 +1,142 @@ Recombine server flight 1: TLS 1.2, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, coalesce 2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:2:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce 3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:3:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 # TLS 1.3 has a single non-encrypted handshake record, so this doesn't # actually perform any coalescing. Run the test case anyway, but this does # very little beyond exercising the test code itself a little. Recombine server flight 1: TLS 1.3, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 # The library doesn't support an initial handshake fragment that doesn't # contain the full 4-byte handshake header. Recombine server flight 1: TLS 1.2, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.3, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.2, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD # Since there is a single unencrypted handshake message in the first flight @@ -145,7 +145,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD # handshake messages. Hence most coalesce-and-split test cases are 1.2-only. Recombine server flight 1: TLS 1.2, coalesce and split at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 # The last message of the first flight from the server is ServerHelloDone, @@ -154,9 +154,9 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLI # can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the # previous handshake message and 4 bytes of ServerHelloDone including header. Recombine server flight 1: TLS 1.2, coalesce and split at end-5 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:-5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce and split at both ends -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 From 1f471a1f38a4e4abcaf379ad7c9ca293693f2dd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2025 12:44:32 +0100 Subject: [PATCH 0355/1080] Tighten dependencies again MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This one is overly tight: TLS 1.3 actually only depends on ChachaPoly || (AES && (GCM || CCM)) Furthermore, this should really be reflected in check_config.h. Individual test cases should be able to just request PROTO_TLS1_3 and know that there is ciphersuite that works. However, resolving that seems out of scope for this PR. (It would also involve updating depends.py for example.) So, use a dependency that's stricted than necessary. IMO it's still good enough as most configs we test will have ChachaPoly. However it would be good to revisit this when a cleaner solution is implemented. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.records.data | 32 ++++++++++++------------ 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index 3ec79183ba..c54458cf4b 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, coalesce 2 @@ -22,7 +22,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_ # actually perform any coalescing. Run the test case anyway, but this does # very little beyond exercising the test code itself a little. Recombine server flight 1: TLS 1.3, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at 4 @@ -30,7 +30,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at end-1 @@ -38,7 +38,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 # The library doesn't support an initial handshake fragment that doesn't @@ -48,7 +48,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 2 (bad) @@ -56,7 +56,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 1 (bad) @@ -64,7 +64,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, truncate at 4 (bad) @@ -72,7 +72,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.3, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.2, insert empty record after first (bad) @@ -80,7 +80,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at start (bad) @@ -88,7 +88,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad) @@ -96,7 +96,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad) @@ -104,7 +104,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad) @@ -112,7 +112,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert data record at 5 (bad) @@ -120,7 +120,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad) @@ -128,7 +128,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad) @@ -136,7 +136,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD # Since there is a single unencrypted handshake message in the first flight From 132f5b99c83c1e16ad4289eb0393f2effeb97cdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 28 Mar 2025 09:33:38 +0100 Subject: [PATCH 0356/1080] Use same dependencies for helper functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 78f48e5b57..0aa9f39ec0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -117,7 +117,14 @@ typedef enum { RECOMBINE_COALESCE_SPLIT_BOTH_ENDS, /* param: offset, must be >0 */ } recombine_records_instruction_t; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +/* Keep this in sync with the recombine_server_first_flight() + * See comment there. */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + defined(PSA_WANT_ALG_SHA_256) && \ + defined(PSA_WANT_ECC_SECP_R1_256) && \ + defined(PSA_WANT_ECC_SECP_R1_384) && \ + defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \ + defined(PSA_WANT_ALG_ECDSA_ANY) /* Split the first record into two pieces of lengths offset and * record_length-offset. If offset is zero or negative, count from the end of @@ -406,7 +413,7 @@ exit: return 0; } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED etc */ /* END_HEADER */ @@ -3143,7 +3150,11 @@ exit: /* END_CASE */ /* This test case doesn't actually depend on certificates, - * but our helper code for mbedtls_test_ssl_endpoint does. */ + * but our helper code for mbedtls_test_ssl_endpoint does. + * Also, it needs specific hashes, algs and curves for the + * hardcoded test certificates. In principle both RSA and ECDSA + * can be used, but we hardcode ECDSA in order to avoid having + * to express dependencies like "RSA or ECDSA with those curves". */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ void recombine_server_first_flight(int version, int instruction, int param, From 6fedc4e18e9a8efb08654d3c6b98f6bf847d4d04 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 13:50:43 +0100 Subject: [PATCH 0357/1080] Add executable permissions to new perl file Signed-off-by: Felix Conway --- tests/scripts/libtestdriver1_rewrite.pl | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/scripts/libtestdriver1_rewrite.pl diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl old mode 100644 new mode 100755 From 8d73bdc679d54112513160c5757bb4042c29071d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 10 Apr 2025 09:38:53 +0200 Subject: [PATCH 0358/1080] Improve comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 4 +++- tests/suites/test_suite_ssl.records.data | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0aa9f39ec0..8964adc75b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -201,7 +201,7 @@ exit: return -1; } -/* Insert an empty record at the given offset. If offset is negative, +/* Insert a (dummy) record at the given offset. If offset is negative, * count from the end of the first record. */ static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, int offset, @@ -3251,6 +3251,8 @@ void recombine_server_first_flight(int version, } } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* A default TLS 1.3 handshake has only 1 flight from the server, + * while the default (non-resumption) 1.2 handshake has two. */ if (version >= MBEDTLS_SSL_VERSION_TLS1_3 && goal_state >= MBEDTLS_SSL_HANDSHAKE_OVER) { TEST_EQUAL(ret, 0); diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index c54458cf4b..a4bae89756 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -150,7 +150,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLI # The last message of the first flight from the server is ServerHelloDone, # which is an empty handshake message, i.e. of length 4. The library doesn't -# support fragmentation of a handshake message, so the last place where we +# support fragmentation of a handshake header, so the last place where we # can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the # previous handshake message and 4 bytes of ServerHelloDone including header. Recombine server flight 1: TLS 1.2, coalesce and split at end-5 From 7af97b60e54c3f35b8ff4b63fccb8d86bdd2285e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 10 Apr 2025 10:18:44 +0200 Subject: [PATCH 0359/1080] Use HANDSHAKE_OVER in nominal test cases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.records.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index a4bae89756..8220cb0b92 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -4,7 +4,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= Recombine server flight 1: TLS 1.3, nominal depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce 2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -23,7 +23,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_ # very little beyond exercising the test code itself a little. Recombine server flight 1: TLS 1.3, coalesce all depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, split first at 4 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -31,7 +31,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4 Recombine server flight 1: TLS 1.3, split first at 4 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, split first at end-1 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -39,7 +39,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:- Recombine server flight 1: TLS 1.3, split first at end-1 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 # The library doesn't support an initial handshake fragment that doesn't # contain the full 4-byte handshake header. From a5db6c14fd45fd91de495cac914e187ffbca99ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 10 Apr 2025 12:35:58 +0200 Subject: [PATCH 0360/1080] Fix record insertion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were not making enough room. We want to move everything from the place where we are going to insert the new record. This was not causing failures because the code does not look at the content after the inserted record, because it correctly returns an error when seeing the inserted record. But as a matter on principle, the test code should be doing what it says: just insert a new record but leave a valid fragment after it. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8964adc75b..11648a3341 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -243,14 +243,14 @@ static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, TEST_LE_U(buf->content_length + 2 * header_length + inserted_content_length, buf->capacity); - /* Make room for an empty record and a record header */ + /* Make room for the inserted record and a record header for the fragment */ size_t inserted_record_start = header_length + offset; size_t inserted_content_start = inserted_record_start + header_length; size_t tail_record_start = inserted_content_start + inserted_content_length; size_t tail_content_start = tail_record_start + header_length; memmove(buf->buffer + tail_content_start, - buf->buffer + tail_record_start, - buf->content_length - tail_record_start); + buf->buffer + inserted_record_start, + buf->content_length - inserted_record_start); buf->content_length += 2 * header_length; /* Construct the inserted record based on the existing one */ From dba07e152e60112570773921db89e6fcc6d549f1 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 16 Apr 2025 14:35:24 +0200 Subject: [PATCH 0361/1080] Add missing ifdef for mbedtls_ssl_tls13_exporter Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 0d6c391394..dbc703a6c1 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1823,6 +1823,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, const unsigned char *secret, const size_t secret_len, const unsigned char *label, const size_t label_len, @@ -1853,5 +1854,6 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); return ret; } +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ From 819bb4ae25b0dafc777ad3a8552f6fbd287482aa Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 16 Apr 2025 14:15:04 +0100 Subject: [PATCH 0362/1080] Reset crypto pointer to development Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index ced1c6df90..0ed1f9c13f 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ced1c6df90b49ef39849d9cb8a0c540fb672a478 +Subproject commit 0ed1f9c13f3febee248c2a587b2e9b3055c8b3eb From dc6f6ec354784985e7828cd1aa13e9f081d48268 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 16 Apr 2025 14:16:24 +0100 Subject: [PATCH 0363/1080] Update framework pointer to merge commit Signed-off-by: Felix Conway --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index bf36088bd3..9e612a462b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit bf36088bd373fe5dbe56fb5d05d25af35a56a175 +Subproject commit 9e612a462b77ddbc7c91e1331f4788cfc8863d69 From 61bd2729b2ef73b973dd8338822e6a3b01e4ba0a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 17 Apr 2025 10:24:20 +0100 Subject: [PATCH 0364/1080] Check include/mbedtls exists before including from it Signed-off-by: Felix Conway --- programs/test/generate_cpp_dummy_build.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 05bdd34c94..7b4f520aca 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -52,9 +52,11 @@ EOF esac done - for header in tf-psa-crypto/include/mbedtls/*.h; do - echo "#include \"${header#tf-psa-crypto/include/}\"" - done + if [ -d "tf-psa-crypto/include/mbedtls" ]; then + for header in tf-psa-crypto/include/mbedtls/*.h; do + echo "#include \"${header#tf-psa-crypto/include/}\"" + done + fi for header in tf-psa-crypto/include/psa/*.h; do case ${header#tf-psa-crypto/include/} in From 0d4fca245600657358b7620359f987091c96979c Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 22 Apr 2025 09:25:58 +0100 Subject: [PATCH 0365/1080] Update submodule pointers Signed-off-by: Felix Conway --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 9e612a462b..4a841219ff 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9e612a462b77ddbc7c91e1331f4788cfc8863d69 +Subproject commit 4a841219ff9440f6a723e9e9612a33c44ad1e2f9 diff --git a/tf-psa-crypto b/tf-psa-crypto index 0ed1f9c13f..f936d86b25 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 0ed1f9c13f3febee248c2a587b2e9b3055c8b3eb +Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6 From b12205ca7ad5731a5b3c06adac435ff53c9ecc44 Mon Sep 17 00:00:00 2001 From: diopoex Date: Tue, 22 Apr 2025 11:09:43 +0200 Subject: [PATCH 0366/1080] Removed use of mbedtls_cipher_info from ssl_context_info.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 63391cd01e..00238145d2 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -553,18 +553,7 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); - -#if defined(MBEDTLS_CIPHER_C) - const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(cipher)); - if (cipher_info == NULL) { - printf_err("Cannot find cipher info\n"); - } else { - printf("\tcipher : %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } -#else /* MBEDTLS_CIPHER_C */ printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); -#endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_MD_C) md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac)); From 5081d6544da76964a0811375384a2509e0a26a52 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 2 Apr 2025 14:29:59 +0100 Subject: [PATCH 0367/1080] Switch all.sh components from selftest to which_aes Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 41 +++++++++++----------------- 1 file changed, 16 insertions(+), 25 deletions(-) mode change 100644 => 100755 tests/scripts/components-platform.sh diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh old mode 100644 new mode 100755 index abae2830ad..824e5ff2e5 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -120,15 +120,17 @@ component_test_aesni () { # ~ 60s msg "AES tests, test intrinsics" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" + # check that the intrinsics implementation is in use - this should be used by default when + # supported by the compiler + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # test the asm implementation msg "AES tests, test assembly" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - # check that we built assembly - this should be built if the compiler does not support intrinsics - ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly" + # check that the assembly implementation is in use - this should be used if the compiler + # does not support intrinsics + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI ASSEMBLY" # test the plain C implementation scripts/config.py unset MBEDTLS_AESNI_C @@ -137,20 +139,17 @@ component_test_aesni () { # ~ 60s make clean make CC=gcc CFLAGS='-O2 -Werror' # check that there is no AESNI code present - ./programs/test/selftest aes | not grep -q "AESNI code" - not grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest + not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes + # check that the built-in software implementation is in use + ./tf-psa-crypto/programs/test/which_aes | grep -q "SOFTWARE" - # test the intrinsics implementation + # test the AESNI implementation scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } support_test_aesni_m32 () { @@ -172,21 +171,15 @@ component_test_aesni_m32 () { # ~ 60s make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest - not grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } support_test_aesni_m32_clang () { @@ -205,10 +198,8 @@ component_test_aesni_m32_clang () { make clean make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } support_build_aes_armce () { From 9949f0093020f1db77669f18847be26a1d427eed Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 3 Apr 2025 15:05:21 +0100 Subject: [PATCH 0368/1080] Add tf-psa-crypto/programs/test/which_aes to Makefile Signed-off-by: Felix Conway --- programs/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/programs/Makefile b/programs/Makefile index b26429061e..a043fe1912 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -47,6 +47,7 @@ APPS = \ ../tf-psa-crypto/programs/psa/key_ladder_demo \ ../tf-psa-crypto/programs/psa/psa_constant_names \ ../tf-psa-crypto/programs/psa/psa_hash \ + ../tf-psa-crypto/programs/test/which_aes \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -179,6 +180,10 @@ pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) echo " CC psa/psa_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) + echo " CC test/which_aes.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 8e13c8f018ecb78713e335b659605de1b1ed113d Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 3 Apr 2025 15:06:37 +0100 Subject: [PATCH 0369/1080] Add shebang to fix CI error Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 824e5ff2e5..9831b8f88e 100755 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -1,3 +1,5 @@ +#!/bin/bash + # components-platform.sh # # Copyright The Mbed TLS Contributors From ad7049407b79cdd5839e06d754c860fe3476dace Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 15:41:11 +0100 Subject: [PATCH 0370/1080] Remove executable permissions and shebang from component-platforms.sh Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 2 -- 1 file changed, 2 deletions(-) mode change 100755 => 100644 tests/scripts/components-platform.sh diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh old mode 100755 new mode 100644 index 9831b8f88e..824e5ff2e5 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -1,5 +1,3 @@ -#!/bin/bash - # components-platform.sh # # Copyright The Mbed TLS Contributors From 690858013199630d533dc0fe0225a20d4a788a47 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 17:05:00 +0100 Subject: [PATCH 0371/1080] Use aesni_crypt_ecb and internal_aes_encrypt to check conditional compilation Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 824e5ff2e5..25cfd4163d 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -138,8 +138,9 @@ component_test_aesni () { # ~ 60s msg "AES tests, plain C" make clean make CC=gcc CFLAGS='-O2 -Werror' - # check that there is no AESNI code present - not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes + # check that the plain C implementation is present and the AESNI one is not + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o + not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o # check that the built-in software implementation is in use ./tf-psa-crypto/programs/test/which_aes | grep -q "SOFTWARE" @@ -149,6 +150,9 @@ component_test_aesni () { # ~ 60s msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + # check that the AESNI implementation is present and the plain C one is not + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } @@ -172,6 +176,9 @@ component_test_aesni_m32 () { # ~ 60s make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + # check that both the AESNI and plain C implementations are present + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes scripts/config.py set MBEDTLS_AESNI_C @@ -180,6 +187,10 @@ component_test_aesni_m32 () { # ~ 60s make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" + # check that the AESNI implementation is present and the plain C one is not + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o + not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } support_test_aesni_m32_clang () { @@ -199,6 +210,9 @@ component_test_aesni_m32_clang () { make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + # check that both the AESNI and plain C implementations are present + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } From f065c311d4e8778e5dd4bae5d313dc750884bae6 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 22 Apr 2025 10:52:18 +0100 Subject: [PATCH 0372/1080] Update tf-psa-crypto pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 4a9f29b05c..f936d86b25 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0 +Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6 From 0f6dd1caf1f69612e395c715bc3719826ba01a00 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 24 Apr 2025 15:20:22 +0200 Subject: [PATCH 0373/1080] Prepare framework for pylint check-str-concat-over-line-jumps Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a841219ff..1e7b5d54d3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a841219ff9440f6a723e9e9612a33c44ad1e2f9 +Subproject commit 1e7b5d54d3823b65fd4755bcf60f9ca39cfcbca3 From 8893a8f33bcf95d945f72ce30a307d731e2572d3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 24 Apr 2025 13:59:06 +0200 Subject: [PATCH 0374/1080] Complain about a missing comma in multiline lists of strings Signed-off-by: Gilles Peskine --- .pylintrc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.pylintrc b/.pylintrc index f9c97d55ea..4a1b6e555f 100644 --- a/.pylintrc +++ b/.pylintrc @@ -70,6 +70,17 @@ disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-re # Don't diplay statistics. Just the facts. reports=no +[STRING] +# Complain about +# ``` +# list_of_strings = [ +# 'foo' # <-- missing comma +# 'bar', +# 'corge', +# ] +# ``` +check-str-concat-over-line-jumps=yes + [VARIABLES] # Allow unused variables if their name starts with an underscore. # [unused-argument] From 46952048726871bce3c9038bb6cbaa0b042fa850 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 13 Feb 2025 15:09:54 +0000 Subject: [PATCH 0375/1080] remove mbedtls_nist_kw_self_test from selftests Signed-off-by: Ben Taylor --- programs/test/selftest.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 546716f12d..4794cefd24 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -309,9 +309,6 @@ const selftest_t selftests[] = #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) { "ccm", mbedtls_ccm_self_test }, #endif -#if defined(MBEDTLS_NIST_KW_C) && defined(MBEDTLS_AES_C) - { "nist_kw", mbedtls_nist_kw_self_test }, -#endif #if defined(MBEDTLS_CMAC_C) { "cmac", mbedtls_cmac_self_test }, #endif From 1948c943857968f27128f97006a49e840eaae943 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Mar 2025 09:11:11 +0000 Subject: [PATCH 0376/1080] added dependencies to test scripts Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 3 +++ tests/scripts/depends.py | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cb66e371cb..bf537a9ccd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -382,6 +382,9 @@ component_test_full_no_ccm_star_no_tag () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + # NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will + # mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_NIST_KW_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 816d2debae..5e025ba79b 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -350,6 +350,7 @@ def test(self, options): 'PSA_WANT_ALG_SHA3_256', 'PSA_WANT_ALG_SHA3_384', 'PSA_WANT_ALG_SHA3_512'], + 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } # If an option is tested in an exclusive test, alter the following defines. From c568688456819a6b63ca8ef7750b85b8f47148c8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Mar 2025 15:55:27 +0100 Subject: [PATCH 0377/1080] config.py: do not enable MBEDTLS_PLATFORM_GET_ENTROPY_ALT in full config Signed-off-by: Valerio Setti --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index 3fc3614dc7..6b30c54c70 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -123,6 +123,7 @@ def is_seamless_alt(name): an implementation of the relevant functions and an xxx_alt.h header. """ if name in ( + 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT', 'MBEDTLS_PLATFORM_GMTIME_R_ALT', 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT', From 405d4adff2fa5277084bd0cfbf26d8b1046d803a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 8 Apr 2025 14:04:57 +0200 Subject: [PATCH 0378/1080] psasim: add timeout while waiting for psa_server to start Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/test/start_server.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh index ef11439777..1249930af1 100755 --- a/tests/psa-client-server/psasim/test/start_server.sh +++ b/tests/psa-client-server/psasim/test/start_server.sh @@ -8,7 +8,14 @@ set -e # The server creates some local files when it starts up so we can wait for this # event as signal that the server is ready so that we can start client(s). function wait_for_server_startup() { + SECONDS=0 + TIMEOUT=10 + while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do + if [ "$SECONDS" -ge "$TIMEOUT" ]; then + echo "Timeout: psa_server not started within $TIMEOUT seconds." + return 1 + fi sleep 0.1 done } From 73bd210a946e3325272494cf2b977d0acaa83c90 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Apr 2025 08:56:51 +0200 Subject: [PATCH 0379/1080] tests: remove usage of MBEDTLS_NO_PLATFORM_ENTROPY Use MBEDTLS_PLATFORM_GET_ENTROPY_ALT instead. Signed-off-by: Valerio Setti --- programs/test/selftest.c | 4 ++-- scripts/config.py | 3 +-- scripts/footprint.sh | 2 +- tests/scripts/analyze_outcomes.py | 1 - tests/scripts/components-configuration-platform.sh | 5 +---- 5 files changed, 5 insertions(+), 10 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 546716f12d..0941089779 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -211,7 +211,7 @@ static int run_test_snprintf(void) * back. */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) static void create_entropy_seed_file(void) { int result; @@ -244,7 +244,7 @@ static void create_entropy_seed_file(void) static int mbedtls_entropy_self_test_wrapper(int verbose) { -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) create_entropy_seed_file(); #endif return mbedtls_entropy_self_test(verbose); diff --git a/scripts/config.py b/scripts/config.py index 6b30c54c70..e5182a6a59 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -88,7 +88,6 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature - 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature @@ -182,7 +181,7 @@ def baremetal_adapter(name, value, active): """Config adapter for "baremetal".""" if not is_boolean_setting(name, value): return active - if name == 'MBEDTLS_NO_PLATFORM_ENTROPY': + if name == 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT': # No OS-provided entropy source return True return include_in_full(name) and keep_in_baremetal(name) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 614a493098..e45a9265ac 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -64,7 +64,7 @@ doit() scripts/config.py unset MBEDTLS_NET_C || true scripts/config.py unset MBEDTLS_TIMING_C || true scripts/config.py unset MBEDTLS_FS_IO || true - scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY || true + scripts/config.py --force set MBEDTLS_PLATFORM_GET_ENTROPY_ALT || true } >/dev/null 2>&1 make clean >/dev/null diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index c7c9ed5810..429a04f7f5 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -121,7 +121,6 @@ def _has_word_re(words: typing.Iterable[str], # Obsolete configuration options, to be replaced by # PSA entropy drivers. # https://github.com/Mbed-TLS/mbedtls/issues/8150 - 'Config: MBEDTLS_NO_PLATFORM_ENTROPY', 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index bebd860511..cadd14061c 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -26,7 +26,7 @@ component_build_no_sockets () { msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. - scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux + scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # prevent syscall() on GNU/Linux make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib } @@ -106,6 +106,3 @@ component_test_no_64bit_multiplication () { msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s make test } - - - From 3775c9b48f39e80cdd527245d54ec6a88d3f4fae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Apr 2025 12:49:17 +0200 Subject: [PATCH 0380/1080] programs: selftest: remove direct call to mbedtls_platform_entropy_poll() The function is now internal so it cannot be referenced from programs. A dummy alternative is used instead. Signed-off-by: Valerio Setti --- programs/test/selftest.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 0941089779..0a6faa778f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -212,10 +212,17 @@ static int run_test_snprintf(void) */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) #if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) +static void dummy_entropy(unsigned char *output, size_t output_size) +{ + srand(1); + for (size_t i = 0; i < output_size; i++) { + output[i] = rand(); + } +} + static void create_entropy_seed_file(void) { int result; - size_t output_len = 0; unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; /* Attempt to read the entropy seed file. If this fails - attempt to write @@ -226,18 +233,7 @@ static void create_entropy_seed_file(void) return; } - result = mbedtls_platform_entropy_poll(NULL, - seed_value, - MBEDTLS_ENTROPY_BLOCK_SIZE, - &output_len); - if (0 != result) { - return; - } - - if (MBEDTLS_ENTROPY_BLOCK_SIZE != output_len) { - return; - } - + dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); } #endif From 7ac11845d07552a00d0637bb027a99cab2c5f7f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Apr 2025 14:30:28 +0200 Subject: [PATCH 0381/1080] configs: add PLATFORM_C to configs using ENTROPY_C This is necessary to let entropy being able to gather entropy data from the native platform source. Signed-off-by: Valerio Setti --- configs/crypto-config-ccm-psk-tls1_2.h | 1 + configs/crypto-config-suite-b.h | 1 + configs/crypto-config-thread.h | 1 + tests/scripts/components-configuration-crypto.sh | 1 + 4 files changed, 4 insertions(+) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index e4de8b3fb6..7a33b0daa9 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -31,6 +31,7 @@ #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PLATFORM_C /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 3fec3d0f10..92549bade1 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -49,6 +49,7 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PLATFORM_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index f71b1f079a..d1c449ea98 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -56,6 +56,7 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PLATFORM_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cb66e371cb..f5b3436179 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2204,6 +2204,7 @@ END #define MBEDTLS_AES_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C + #define MBEDTLS_PLATFORM_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_SELF_TEST END From b13d29ebb2b35ca2478ec72d3fb89a4a4b397f83 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Apr 2025 18:11:17 +0200 Subject: [PATCH 0382/1080] tests: scripts: fix test_cmake_out_of_source By default C++ code would be compiled with GNU while C with Clang and this can create problems at link time. In order to prevent this we use Clang for both. Signed-off-by: Valerio Setti --- tests/scripts/components-build-system.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index 3108aa7b92..e533cdf0f9 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -65,7 +65,9 @@ component_test_cmake_out_of_source () { mkdir "$OUT_OF_SOURCE_DIR" cd "$OUT_OF_SOURCE_DIR" # Note: Explicitly generate files as these are turned off in releases - cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR" + # Note: Use Clang compiler also for C++ (C uses it by default) + CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON \ + -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR" make msg "test: cmake 'out-of-source' build" From 1971eab465606696991c62370141f0b862ecaa70 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Apr 2025 16:11:00 +0200 Subject: [PATCH 0383/1080] programs: test: add C++ specific commands to cpp_dummy_build Add C++ specific instructions to the generated *.cpp source file so that the build will fail in case a C compiler is used. Signed-off-by: Valerio Setti --- programs/test/generate_cpp_dummy_build.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 7b4f520aca..ecf0149a17 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -73,8 +73,12 @@ EOF cat <<'EOF' +#include + int main() { + std::cout << "CPP dummy build\n"; + mbedtls_platform_context *ctx = NULL; mbedtls_platform_setup(ctx); mbedtls_printf("CPP Build test passed\n"); From 7fb7fdabd730751c38e18fee816d028ec1befed2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Apr 2025 16:28:55 +0200 Subject: [PATCH 0384/1080] tests: scripts: fix component_test_no_platform() Use alternative implementation of mbedtls_platform_get_entropy() since the default one lives in "platform.c" and that one is excluded in this test component. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 2dfa6d2114..cc2cf0604f 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -280,6 +280,10 @@ component_test_no_platform () { scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + # Use the test alternative implementation of mbedtls_platform_get_entropy() + # which is provided in "framework/tests/src/fake_external_rng_for_test.c" + # since the default one is excluded in this scenario. + scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs From 0f0304d433cc18a0d9865f30056d84f20346fc57 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Apr 2025 17:36:17 +0200 Subject: [PATCH 0385/1080] scripts: tests: fix component_test_full_cmake_clang Use the proper Clang C++ compiler to build C++ code otherwise the C compiler will fail because std::cout() is unknown in "cpp_dummy_build.cpp". Signed-off-by: Valerio Setti --- tests/scripts/components-configuration.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index cc2cf0604f..5fd9ede124 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -132,7 +132,8 @@ component_test_full_cmake_gcc_asan_new_bignum () { component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s scripts/config.py full - CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 . + CC=clang CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Release \ + -D ENABLE_TESTING=On -D TEST_CPP=1 . make msg "test: main suites (full config, clang)" # ~ 5s From da9527473076a466fd950d50391caa645e0ab52e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Mon, 28 Apr 2025 19:40:52 +0200 Subject: [PATCH 0386/1080] ssl context fix for 4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 00238145d2..4e844d4c0d 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -547,21 +547,13 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, if (ciphersuite_info == NULL) { printf_err("Cannot find ciphersuite info\n"); } else { -#if defined(MBEDTLS_MD_C) - const mbedtls_md_info_t *md_info; -#endif printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); #if defined(MBEDTLS_MD_C) - md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac)); - if (md_info == NULL) { - printf_err("Cannot find Message-Digest info\n"); - } else { - printf("\tMessage-Digest : %s\n", mbedtls_md_get_name(md_info)); - } + printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); #endif /* MBEDTLS_MD_C */ } From 5a7a5305e8b16cbacf0036384c3fc49e68dedaa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Tue, 29 Apr 2025 16:34:14 +0200 Subject: [PATCH 0387/1080] removed trailing whitespace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 4e844d4c0d..11c358946d 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -553,7 +553,7 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); #if defined(MBEDTLS_MD_C) - printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); + printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); #endif /* MBEDTLS_MD_C */ } From e38041673f1e8267b8a674041af92ea085f9ec62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Tue, 29 Apr 2025 18:52:13 +0200 Subject: [PATCH 0388/1080] fixed the tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- tests/context-info.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/context-info.sh b/tests/context-info.sh index 066bd3d589..997d69bba7 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -205,7 +205,7 @@ run_test "Default configuration, server" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* SHA256$" \ + -u "Message-Digest.* [0-9]\+$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -n "Certificate" \ @@ -227,7 +227,7 @@ run_test "Default configuration, client" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* SHA256$" \ + -u "Message-Digest.* [0-9]\+$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -u "cert. version .* 3$" \ @@ -348,7 +348,7 @@ run_test "Older version (v2.19.1)" \ -u "minor.* 19$" \ -u "path.* 1$" \ -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ - -u "Message-Digest.* SHA256$" \ + -u "Message-Digest.* [0-9]\+$" \ -u "compression.* disabled$" \ -u "serial number.* 01:70:AF:40:B4:E6$" \ -u "issuer name.* CN=ca$" \ From 02c80e631f3ec44d1aa8a9cfc03cc1ddb9252a88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Tue, 29 Apr 2025 22:02:24 +0200 Subject: [PATCH 0389/1080] Fix test and formatting in ssl_context_info MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 4 ---- tests/context-info.sh | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 11c358946d..7bcd50fe65 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -547,14 +547,10 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, if (ciphersuite_info == NULL) { printf_err("Cannot find ciphersuite info\n"); } else { - printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); - -#if defined(MBEDTLS_MD_C) printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); -#endif /* MBEDTLS_MD_C */ } CHECK_SSL_END(1); diff --git a/tests/context-info.sh b/tests/context-info.sh index 997d69bba7..4ad5e0c4f7 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -205,7 +205,7 @@ run_test "Default configuration, server" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* [0-9]\+$" \ + -u "Message-Digest.* 9$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -n "Certificate" \ @@ -227,7 +227,7 @@ run_test "Default configuration, client" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* [0-9]\+$" \ + -u "Message-Digest.* 9$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -u "cert. version .* 3$" \ @@ -348,7 +348,7 @@ run_test "Older version (v2.19.1)" \ -u "minor.* 19$" \ -u "path.* 1$" \ -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ - -u "Message-Digest.* [0-9]\+$" \ + -u "Message-Digest.* 9$" \ -u "compression.* disabled$" \ -u "serial number.* 01:70:AF:40:B4:E6$" \ -u "issuer name.* CN=ca$" \ From 05027f23ce65ceae8526318a3edebf398170c1da Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 2 May 2025 11:41:19 +0100 Subject: [PATCH 0390/1080] Fix bug in bump_version.sh This had not been updated after test_suite_version was moved back to mbedtls from TF-PSA-Crypto. Signed-off-by: David Horstmann --- scripts/bump_version.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 415608acc8..86ed74eada 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -124,8 +124,8 @@ cat include/mbedtls/build_info.h | \ mv tmp include/mbedtls/build_info.h [ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data" -sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tf-psa-crypto/tests/suites/test_suite_version.data > tmp -mv tmp tf-psa-crypto/tests/suites/test_suite_version.data +sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp +mv tmp tests/suites/test_suite_version.data [ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h" for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h; From 1afedacfea918c47ff55f845a22e95d38d84f836 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 May 2025 06:27:02 +0200 Subject: [PATCH 0391/1080] tests: scripts: add new component to configuration-platform.sh Import component_test_platform_get_entropy_alt() from its counterpart in TF-PSA-Crypto repo. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-platform.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index cadd14061c..ade207a650 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -20,6 +20,20 @@ component_build_no_std_function () { make } +component_test_platform_get_entropy_alt() +{ + msg "build: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + # Use hardware polling as the only source for entropy + scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT + scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + + make + + # Run all the tests + msg "test: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + make test +} + component_build_no_sockets () { # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). From 55fa8755744814f43c9ed1f88dca5a7a6dae7833 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 29 Apr 2025 11:02:27 +0200 Subject: [PATCH 0392/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 1e7b5d54d3..1a83e0c84d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1e7b5d54d3823b65fd4755bcf60f9ca39cfcbca3 +Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 From 7f8b7b768bbea599f6a50b9fc638192127000f31 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 29 Apr 2025 11:02:37 +0200 Subject: [PATCH 0393/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f936d86b25..5ab6c9c8d6 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6 +Subproject commit 5ab6c9c8d6fae90fa46f51fbc7d5d1327a041388 From 68878ccdd0c24e9522652e334175a48f488fadfd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 10 Apr 2025 23:30:26 +0200 Subject: [PATCH 0394/1080] library: x509: simplify RSA-PSS management - Do not store RSA-PSS signature options in CRL/CRT/CSR structures; - During the parsing phase, just ensure that MGF1 hash alg is the same as the one used for the message. Signed-off-by: Valerio Setti --- include/mbedtls/x509_crl.h | 1 - include/mbedtls/x509_crt.h | 1 - include/mbedtls/x509_csr.h | 1 - library/x509.c | 26 +++++++++----------------- library/x509_crl.c | 7 +------ library/x509_crt.c | 7 +------ library/x509_csr.c | 7 +------ library/x509_internal.h | 3 +-- 8 files changed, 13 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index e08767e925..e59d16502d 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -83,7 +83,6 @@ typedef struct mbedtls_x509_crl { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ /** Next element in the linked list of CRL. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 9817d35a7d..8a220cd414 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -82,7 +82,6 @@ typedef struct mbedtls_x509_crt { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ /** Next certificate in the linked list that constitutes the CA chain. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index f9eb04d333..bed1c953e5 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -56,7 +56,6 @@ typedef struct mbedtls_x509_csr { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ } mbedtls_x509_csr; diff --git a/library/x509.c b/library/x509.c index 0571687daa..8ca7dde624 100644 --- a/library/x509.c +++ b/library/x509.c @@ -715,38 +715,30 @@ int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x5 * Get signature algorithm from alg OID and optional parameters */ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts) + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (*sig_opts != NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { - mbedtls_pk_rsassa_pss_options *pss_opts; - - pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); - if (pss_opts == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } + mbedtls_md_type_t mgf1_hash_id; + int expected_salt_len; ret = mbedtls_x509_get_rsassa_pss_params(sig_params, md_alg, - &pss_opts->mgf1_hash_id, - &pss_opts->expected_salt_len); + &mgf1_hash_id, + &expected_salt_len); if (ret != 0) { - mbedtls_free(pss_opts); return ret; } - - *sig_opts = (void *) pss_opts; + /* Ensure MGF1 hash alg is the same as the one used to hash the message. */ + if (mgf1_hash_id != *md_alg) { + return MBEDTLS_ERR_X509_INVALID_ALG; + } } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ { diff --git a/library/x509_crl.c b/library/x509_crl.c index bc4fdbb884..81af93b6a9 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -389,8 +389,7 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, crl->version++; if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1, - &crl->sig_md, &crl->sig_pk, - &crl->sig_opts)) != 0) { + &crl->sig_md, &crl->sig_pk)) != 0) { mbedtls_x509_crl_free(crl); return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; } @@ -676,10 +675,6 @@ void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) mbedtls_x509_crl_entry *entry_prv; while (crl_cur != NULL) { -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(crl_cur->sig_opts); -#endif - mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next); entry_cur = crl_cur->entry.next; diff --git a/library/x509_crt.c b/library/x509_crt.c index 5d26ebbbc1..47907f2f89 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1163,8 +1163,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, crt->version++; if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, - &crt->sig_md, &crt->sig_pk, - &crt->sig_opts)) != 0) { + &crt->sig_md, &crt->sig_pk)) != 0) { mbedtls_x509_crt_free(crt); return ret; } @@ -3203,10 +3202,6 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) while (cert_cur != NULL) { mbedtls_pk_free(&cert_cur->pk); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(cert_cur->sig_opts); -#endif - mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); diff --git a/library/x509_csr.c b/library/x509_csr.c index 8e5fdb6813..c4a12845dc 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -407,8 +407,7 @@ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, } if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params, - &csr->sig_md, &csr->sig_pk, - &csr->sig_opts)) != 0) { + &csr->sig_md, &csr->sig_pk)) != 0) { mbedtls_x509_csr_free(csr); return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; } @@ -621,10 +620,6 @@ void mbedtls_x509_csr_free(mbedtls_x509_csr *csr) mbedtls_pk_free(&csr->pk); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(csr->sig_opts); -#endif - mbedtls_asn1_free_named_data_list_shallow(csr->subject.next); mbedtls_asn1_sequence_free(csr->subject_alt_names.next); diff --git a/library/x509_internal.h b/library/x509_internal.h index 36cbc6518c..dc56bf6942 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -35,8 +35,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, #endif int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts); + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t); int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, From d24dfad7af48e167d1f202e7901db18429a71ca4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 23 Apr 2025 11:13:02 +0200 Subject: [PATCH 0395/1080] library: x509: remove sig_opts from mbedtls_x509_sig_alg_gets() Signed-off-by: Valerio Setti --- library/x509.c | 19 ++++++---------- library/x509_crl.c | 3 +-- library/x509_crt.c | 3 +-- library/x509_csr.c | 3 +-- library/x509_internal.h | 3 +-- tests/suites/test_suite_x509parse.data | 30 +++++++++++++------------- 6 files changed, 25 insertions(+), 36 deletions(-) diff --git a/library/x509.c b/library/x509.c index 8ca7dde624..9fc6389d27 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1037,8 +1037,7 @@ int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *ser * Helper for writing signature algorithms */ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts) + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; char *p = buf; @@ -1055,23 +1054,17 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - const mbedtls_pk_rsassa_pss_options *pss_opts; - - pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; - const char *name = md_type_to_string(md_alg); - const char *mgf_name = md_type_to_string(pss_opts->mgf1_hash_id); - - ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)", - name ? name : "???", - mgf_name ? mgf_name : "???", - (unsigned int) pss_opts->expected_salt_len); + if (name != NULL) { + ret = mbedtls_snprintf(p, n, " (%s)", name); + } else { + ret = mbedtls_snprintf(p, n, " (?)"); + } MBEDTLS_X509_SAFE_SNPRINTF; } #else ((void) pk_alg); ((void) md_alg); - ((void) sig_opts); #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ return (int) (size - n); diff --git a/library/x509_crl.c b/library/x509_crl.c index 81af93b6a9..0b98ba4664 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -645,8 +645,7 @@ int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, - crl->sig_opts); + ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md); MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf(p, n, "\n"); diff --git a/library/x509_crt.c b/library/x509_crt.c index 47907f2f89..b4c7d8adc4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1799,8 +1799,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, - crt->sig_md, crt->sig_opts); + ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, crt->sig_md); MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ diff --git a/library/x509_csr.c b/library/x509_csr.c index c4a12845dc..2e435645b1 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -546,8 +546,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, - csr->sig_opts); + ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md); MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, diff --git a/library/x509_internal.h b/library/x509_internal.h index dc56bf6942..9360471b96 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -44,8 +44,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag); #if !defined(MBEDTLS_X509_REMOVE_INFO) int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts); + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg); #endif int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d962f34b60..538368ac74 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -48,23 +48,23 @@ x509_cert_info:"../framework/data_files/parse_input/cert_sha512.crt":"cert. vers X509 CRT information RSA-PSS, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 @@ -268,23 +268,23 @@ mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha512.pem":"CRL X509 CRL information RSA-PSS, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1)\n" X509 CRL information RSA-PSS, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224)\n" X509 CRL information RSA-PSS, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256)\n" X509 CRL information RSA-PSS, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384)\n" X509 CRL information RSA-PSS, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512)\n" X509 CRL Information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA @@ -368,23 +368,23 @@ mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha512":" X509 CSR Information RSA-PSS with SHA1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA256 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA384 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA with SHA256 - Microsoft header depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO From 7f6f4e690727f6f9c69422ff26dc4f2d283165b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 23 Apr 2025 11:29:51 +0200 Subject: [PATCH 0396/1080] library: pass NULL options parameter to mbedtls_pk_verify_ext() Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 10 +--------- library/ssl_tls13_generic.c | 15 +-------------- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df7dfbfa61..114c32aea1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2100,15 +2100,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - mbedtls_pk_rsassa_pss_options rsassa_pss_options; - rsassa_pss_options.mgf1_hash_id = md_alg; - rsassa_pss_options.expected_salt_len = - mbedtls_md_get_size_from_type(md_alg); - if (rsassa_pss_options.expected_salt_len == 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_pk_verify_ext(pk_alg, &rsassa_pss_options, + ret = mbedtls_pk_verify_ext(pk_alg, NULL, peer_pk, md_alg, hash, hashlen, p, sig_len); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index deba2ae1e0..70175e0d60 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -227,11 +227,6 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, unsigned char verify_hash[PSA_HASH_MAX_SIZE]; size_t verify_hash_len; - void const *options = NULL; -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_pk_rsassa_pss_options rsassa_pss_options; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - /* * struct { * SignatureScheme algorithm; @@ -304,16 +299,8 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (sig_alg == MBEDTLS_PK_RSASSA_PSS) { - rsassa_pss_options.mgf1_hash_id = md_alg; - - rsassa_pss_options.expected_salt_len = PSA_HASH_LENGTH(hash_alg); - options = (const void *) &rsassa_pss_options; - } -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - if ((ret = mbedtls_pk_verify_ext(sig_alg, options, + if ((ret = mbedtls_pk_verify_ext(sig_alg, NULL, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index b4c7d8adc4..faea404dba 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2059,7 +2059,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, + if (mbedtls_pk_verify_ext(crl_list->sig_pk, NULL, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2133,7 +2133,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, + return mbedtls_pk_verify_ext(child->sig_pk, NULL, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 107d9235a4..f3a161ca52 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -37,7 +37,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, + if (mbedtls_pk_verify_ext(csr.sig_pk, NULL, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From b8d5649ab69d2f03e223a8277e0ceb28e56576f0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 28 Apr 2025 10:14:18 +0200 Subject: [PATCH 0397/1080] tests: test_suite_x509: adapt RSA-PSS tests Parsing of CRT files with message's hash alg different from the MGF1 was allowed in the past, but now it fails. So we need to move/adapt tests relying on this feature, from a "verify" scope to a "parse" one. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 538368ac74..bbdd9f90db 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -903,10 +903,6 @@ X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-bad-mgfhash.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - X509 CRT verification #70 (v1 trusted CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server1-v1.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" @@ -3151,6 +3147,10 @@ X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's paramet depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 x509parse_crt_file:"../framework/data_files/parse_input/server5.crt":0 +X509 File parse (RSASSA-PSS, MGF1 hash alg != message hash alg) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 +x509parse_crt_file:"../framework/data_files/server9-bad-mgfhash.crt":MBEDTLS_ERR_X509_INVALID_ALG + X509 File parse & read the ca_istrue field (Not Set) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_get_ca_istrue:"../framework/data_files/parse_input/server1.crt":0 From 47c8579ed0f4a5dc8532b47deb298aca9cfca826 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 14:35:04 +0200 Subject: [PATCH 0398/1080] Copy OID files that are getting moved to tf-psa-crypto The OID module is used by both crypto and X.509. It has moved to the `tf-psa-crypto` subdirectory, and the sibling commit 08d8cc57dbe7be54fe3f88ecbc2729300c48d450 removes this subdirectory from the `mbedtls` repository in order to make `tf-psa-crypto` a submodule. We want to access the relevant parts directly from X.509 rather than go through the crypto repository, because OID functions are only accessible as private interfaces, and crypto doesn't know when a particular OID function is needed in the build since it depends on X.509 configuration options. Make a copy of the OID module and its unit tests. In a follow-up, the X.509 module will switch to consuming this copy rather than the one that went into TF-PSA-Crypto. Rename the files from `*oid*` to `*x509_oid*` to follow the naming convention that submodules of X.509 are prefixed with `x509`. This also avoids file name clashes with TF-PSA-Crypto. Since OID is not a public interface of Mbed TLS 4.x, move the header file into `library`. This commit only makes the files available. Subsequent commits will take care of making these files used in the build. Signed-off-by: Gilles Peskine --- library/x509_oid.c | 921 ++++++++++++++++++++++ library/x509_oid.h | 695 ++++++++++++++++ tests/suites/test_suite_x509_oid.data | 146 ++++ tests/suites/test_suite_x509_oid.function | 120 +++ 4 files changed, 1882 insertions(+) create mode 100644 library/x509_oid.c create mode 100644 library/x509_oid.h create mode 100644 tests/suites/test_suite_x509_oid.data create mode 100644 tests/suites/test_suite_x509_oid.function diff --git a/library/x509_oid.c b/library/x509_oid.c new file mode 100644 index 0000000000..ad3d8e03bc --- /dev/null +++ b/library/x509_oid.c @@ -0,0 +1,921 @@ +/** + * \file oid.c + * + * \brief Object Identifier (OID) database + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "common.h" + +#if defined(MBEDTLS_OID_C) + +#include "mbedtls/oid.h" +#include "mbedtls/rsa.h" +#include "mbedtls/error_common.h" +#include "mbedtls/pk.h" + +#include +#include + +#include "mbedtls/platform.h" + +/* + * Macro to automatically add the size of #define'd OIDs + */ +#define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) + +/* + * Macro to generate mbedtls_oid_descriptor_t + */ +#if !defined(MBEDTLS_X509_REMOVE_INFO) +#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } +#define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } +#else +#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) } +#define NULL_OID_DESCRIPTOR { NULL, 0 } +#endif + +/* + * Macro to generate an internal function for oid_XXX_from_asn1() (used by + * the other functions) + */ +#define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ + static const TYPE_T *oid_ ## NAME ## _from_asn1( \ + const mbedtls_asn1_buf *oid) \ + { \ + const TYPE_T *p = (LIST); \ + const mbedtls_oid_descriptor_t *cur = \ + (const mbedtls_oid_descriptor_t *) p; \ + if (p == NULL || oid == NULL) return NULL; \ + while (cur->asn1 != NULL) { \ + if (cur->asn1_len == oid->len && \ + memcmp(cur->asn1, oid->p, oid->len) == 0) { \ + return p; \ + } \ + p++; \ + cur = (const mbedtls_oid_descriptor_t *) p; \ + } \ + return NULL; \ + } + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +/* + * Macro to generate a function for retrieving a single attribute from the + * descriptor of an mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *ATTR1 = data->descriptor.ATTR1; \ + return 0; \ + } +#endif /* MBEDTLS_X509_REMOVE_INFO */ + +/* + * Macro to generate a function for retrieving a single attribute from an + * mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *ATTR1 = data->ATTR1; \ + return 0; \ + } + +/* + * Macro to generate a function for retrieving two attributes from an + * mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ + ATTR2_TYPE, ATTR2) \ + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ + ATTR2_TYPE * ATTR2) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *(ATTR1) = data->ATTR1; \ + *(ATTR2) = data->ATTR2; \ + return 0; \ + } + +/* + * Macro to generate a function for retrieving the OID based on a single + * attribute from a mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ + int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ + { \ + const TYPE_T *cur = (LIST); \ + while (cur->descriptor.asn1 != NULL) { \ + if (cur->ATTR1 == (ATTR1)) { \ + *oid = cur->descriptor.asn1; \ + *olen = cur->descriptor.asn1_len; \ + return 0; \ + } \ + cur++; \ + } \ + return MBEDTLS_ERR_OID_NOT_FOUND; \ + } + +/* + * Macro to generate a function for retrieving the OID based on two + * attributes from a mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ + ATTR2_TYPE, ATTR2) \ + int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ + size_t *olen) \ + { \ + const TYPE_T *cur = (LIST); \ + while (cur->descriptor.asn1 != NULL) { \ + if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ + *oid = cur->descriptor.asn1; \ + *olen = cur->descriptor.asn1_len; \ + return 0; \ + } \ + cur++; \ + } \ + return MBEDTLS_ERR_OID_NOT_FOUND; \ + } + +/* + * For X520 attribute types + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + const char *short_name; +} oid_x520_attr_t; + +static const oid_x520_attr_t oid_x520_attr_type[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name"), + "CN", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country"), + "C", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality"), + "L", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE, "id-at-state", "State"), + "ST", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName", + "Organization"), + "O", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit"), + "OU", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL, + "emailAddress", + "E-mail address"), + "emailAddress", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER, + "id-at-serialNumber", + "Serial number"), + "serialNumber", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS, + "id-at-postalAddress", + "Postal address"), + "postalAddress", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code"), + "postalCode", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname"), + "SN", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name"), + "GN", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials"), + "initials", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER, + "id-at-generationQualifier", + "Generation qualifier"), + "generationQualifier", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE, "id-at-title", "Title"), + "title", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER, + "id-at-dnQualifier", + "Distinguished Name qualifier"), + "dnQualifier", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym"), + "pseudonym", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_UID, "id-uid", "User Id"), + "uid", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT, + "id-domainComponent", + "Domain component"), + "DC", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, + "id-at-uniqueIdentifier", + "Unique Identifier"), + "uniqueIdentifier", + }, + { + NULL_OID_DESCRIPTOR, + NULL, + } +}; + +FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) +FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, + oid_x520_attr_t, + x520_attr, + const char *, + short_name) + +/* + * For X509 extensions + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + int ext_type; +} oid_x509_ext_t; + +static const oid_x509_ext_t oid_x509_ext[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, + "id-ce-basicConstraints", + "Basic Constraints"), + MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), + MBEDTLS_OID_X509_EXT_KEY_USAGE, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, + "id-ce-extKeyUsage", + "Extended Key Usage"), + MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, + "id-ce-subjectAltName", + "Subject Alt Name"), + MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, + "id-netscape-certtype", + "Netscape Certificate Type"), + MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, + "id-ce-certificatePolicies", + "Certificate Policies"), + MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, + "id-ce-subjectKeyIdentifier", + "Subject Key Identifier"), + MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, + "id-ce-authorityKeyIdentifier", + "Authority Key Identifier"), + MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, + }, + { + NULL_OID_DESCRIPTOR, + 0, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) +FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = +{ + OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, + "id-kp-serverAuth", + "TLS Web Server Authentication"), + OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH, + "id-kp-clientAuth", + "TLS Web Client Authentication"), + OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing"), + OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"), + OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping"), + OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing"), + OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN, + "id-kp-wisun-fan-device", + "Wi-SUN Alliance Field Area Network (FAN)"), + NULL_OID_DESCRIPTOR, +}; + +FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) +FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, + mbedtls_oid_descriptor_t, + ext_key_usage, + const char *, + description) + +static const mbedtls_oid_descriptor_t oid_certificate_policies[] = +{ + OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), + NULL_OID_DESCRIPTOR, +}; + +FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) +FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, + mbedtls_oid_descriptor_t, + certificate_policies, + const char *, + description) +#endif /* MBEDTLS_X509_REMOVE_INFO */ + +/* + * For SignatureAlgorithmIdentifier + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_alg; + mbedtls_pk_type_t pk_alg; +} oid_sig_alg_t; + +static const oid_sig_alg_t oid_sig_alg[] = +{ +#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_ALG_MD5) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), + MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_MD5 */ +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), + MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", + "RSA with SHA-224"), + MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_224 */ +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", + "RSA with SHA-256"), + MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_256 */ +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", + "RSA with SHA-384"), + MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_384 */ +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", + "RSA with SHA-512"), + MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_512 */ +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), + MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#endif /* MBEDTLS_RSA_C */ +#if defined(PSA_HAVE_ALG_SOME_ECDSA) +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), + MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), + MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), + MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_256 */ +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), + MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_384 */ +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), + MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_512 */ +#endif /* PSA_HAVE_ALG_SOME_ECDSA */ +#if defined(MBEDTLS_RSA_C) + { + OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), + MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, + }, +#endif /* MBEDTLS_RSA_C */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, + oid_sig_alg_t, + sig_alg, + const char *, + description) +#endif + +FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, + oid_sig_alg_t, + sig_alg, + mbedtls_md_type_t, + md_alg, + mbedtls_pk_type_t, + pk_alg) +FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, + oid_sig_alg_t, + oid_sig_alg, + mbedtls_pk_type_t, + pk_alg, + mbedtls_md_type_t, + md_alg) + +/* + * For PublicKeyInfo (PKCS1, RFC 5480) + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_pk_type_t pk_alg; +} oid_pk_alg_t; + +static const oid_pk_alg_t oid_pk_alg[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"), + MBEDTLS_PK_RSA, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"), + MBEDTLS_PK_ECKEY, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"), + MBEDTLS_PK_ECKEY_DH, + }, + { + NULL_OID_DESCRIPTOR, + MBEDTLS_PK_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) +FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, + oid_pk_alg_t, + oid_pk_alg, + mbedtls_pk_type_t, + pk_alg) + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +/* + * For elliptic curves that use namedCurve inside ECParams (RFC 5480) + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_ecp_group_id grp_id; +} oid_ecp_grp_t; + +static const oid_ecp_grp_t oid_ecp_grp[] = +{ +#if defined(PSA_WANT_ECC_SECP_R1_192) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"), + MBEDTLS_ECP_DP_SECP192R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_192 */ +#if defined(PSA_WANT_ECC_SECP_R1_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"), + MBEDTLS_ECP_DP_SECP224R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_224 */ +#if defined(PSA_WANT_ECC_SECP_R1_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"), + MBEDTLS_ECP_DP_SECP256R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_256 */ +#if defined(PSA_WANT_ECC_SECP_R1_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), + MBEDTLS_ECP_DP_SECP384R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_384 */ +#if defined(PSA_WANT_ECC_SECP_R1_521) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), + MBEDTLS_ECP_DP_SECP521R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_521 */ +#if defined(PSA_WANT_ECC_SECP_K1_192) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), + MBEDTLS_ECP_DP_SECP192K1, + }, +#endif /* PSA_WANT_ECC_SECP_K1_192 */ +#if defined(PSA_WANT_ECC_SECP_K1_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), + MBEDTLS_ECP_DP_SECP224K1, + }, +#endif /* PSA_WANT_ECC_SECP_K1_224 */ +#if defined(PSA_WANT_ECC_SECP_K1_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), + MBEDTLS_ECP_DP_SECP256K1, + }, +#endif /* PSA_WANT_ECC_SECP_K1_256 */ +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"), + MBEDTLS_ECP_DP_BP256R1, + }, +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"), + MBEDTLS_ECP_DP_BP384R1, + }, +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"), + MBEDTLS_ECP_DP_BP512R1, + }, +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_ECP_DP_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) +FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, + oid_ecp_grp_t, + oid_ecp_grp, + mbedtls_ecp_group_id, + grp_id) + +/* + * For Elliptic Curve algorithms that are directly + * encoded in the AlgorithmIdentifier (RFC 8410) + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_ecp_group_id grp_id; +} oid_ecp_grp_algid_t; + +static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = +{ +#if defined(PSA_WANT_ECC_MONTGOMERY_255) + { + OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"), + MBEDTLS_ECP_DP_CURVE25519, + }, +#endif /* PSA_WANT_ECC_MONTGOMERY_255 */ +#if defined(PSA_WANT_ECC_MONTGOMERY_448) + { + OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"), + MBEDTLS_ECP_DP_CURVE448, + }, +#endif /* PSA_WANT_ECC_MONTGOMERY_448 */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_ECP_DP_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) +FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid, + oid_ecp_grp_algid_t, + grp_id_algid, + mbedtls_ecp_group_id, + grp_id) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, + oid_ecp_grp_algid_t, + oid_ecp_grp_algid, + mbedtls_ecp_group_id, + grp_id) +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +#if defined(MBEDTLS_CIPHER_C) +/* + * For PKCS#5 PBES2 encryption algorithm + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_cipher_type_t cipher_alg; +} oid_cipher_alg_t; + +static const oid_cipher_alg_t oid_cipher_alg[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"), + MBEDTLS_CIPHER_DES_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), + MBEDTLS_CIPHER_DES_EDE3_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), + MBEDTLS_CIPHER_AES_128_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), + MBEDTLS_CIPHER_AES_192_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), + MBEDTLS_CIPHER_AES_256_CBC, + }, + { + NULL_OID_DESCRIPTOR, + MBEDTLS_CIPHER_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) +FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, + oid_cipher_alg_t, + cipher_alg, + mbedtls_cipher_type_t, + cipher_alg) +#endif /* MBEDTLS_CIPHER_C */ + +/* + * For digestAlgorithm + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_alg; +} oid_md_alg_t; + +static const oid_md_alg_t oid_md_alg[] = +{ +#if defined(PSA_WANT_ALG_MD5) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5"), + MBEDTLS_MD_MD5, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1"), + MBEDTLS_MD_SHA1, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"), + MBEDTLS_MD_SHA224, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256"), + MBEDTLS_MD_SHA256, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"), + MBEDTLS_MD_SHA384, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512"), + MBEDTLS_MD_SHA512, + }, +#endif +#if defined(PSA_WANT_ALG_RIPEMD160) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), + MBEDTLS_MD_RIPEMD160, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"), + MBEDTLS_MD_SHA3_224, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"), + MBEDTLS_MD_SHA3_256, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"), + MBEDTLS_MD_SHA3_384, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"), + MBEDTLS_MD_SHA3_512, + }, +#endif + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) +FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, + oid_md_alg_t, + oid_md_alg, + mbedtls_md_type_t, + md_alg) + +/* + * For HMAC digestAlgorithm + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_hmac; +} oid_md_hmac_t; + +static const oid_md_hmac_t oid_md_hmac[] = +{ +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"), + MBEDTLS_MD_SHA1, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), + MBEDTLS_MD_SHA224, + }, +#endif /* PSA_WANT_ALG_SHA_224 */ +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), + MBEDTLS_MD_SHA256, + }, +#endif /* PSA_WANT_ALG_SHA_256 */ +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), + MBEDTLS_MD_SHA384, + }, +#endif /* PSA_WANT_ALG_SHA_384 */ +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), + MBEDTLS_MD_SHA512, + }, +#endif /* PSA_WANT_ALG_SHA_512 */ +#if defined(PSA_WANT_ALG_SHA3_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"), + MBEDTLS_MD_SHA3_224, + }, +#endif /* PSA_WANT_ALG_SHA3_224 */ +#if defined(PSA_WANT_ALG_SHA3_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"), + MBEDTLS_MD_SHA3_256, + }, +#endif /* PSA_WANT_ALG_SHA3_256 */ +#if defined(PSA_WANT_ALG_SHA3_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"), + MBEDTLS_MD_SHA3_384, + }, +#endif /* PSA_WANT_ALG_SHA3_384 */ +#if defined(PSA_WANT_ALG_SHA3_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), + MBEDTLS_MD_SHA3_512, + }, +#endif /* PSA_WANT_ALG_SHA3_512 */ +#if defined(PSA_WANT_ALG_RIPEMD160) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), + MBEDTLS_MD_RIPEMD160, + }, +#endif /* PSA_WANT_ALG_RIPEMD160 */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) +FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) + +#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) +/* + * For PKCS#12 PBEs + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_alg; + mbedtls_cipher_type_t cipher_alg; +} oid_pkcs12_pbe_alg_t; + +static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, + "pbeWithSHAAnd3-KeyTripleDES-CBC", + "PBE with SHA1 and 3-Key 3DES"), + MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, + "pbeWithSHAAnd2-KeyTripleDES-CBC", + "PBE with SHA1 and 2-Key 3DES"), + MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, + }, + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) +FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, + oid_pkcs12_pbe_alg_t, + pkcs12_pbe_alg, + mbedtls_md_type_t, + md_alg, + mbedtls_cipher_type_t, + cipher_alg) +#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */ + +#endif /* MBEDTLS_OID_C */ diff --git a/library/x509_oid.h b/library/x509_oid.h new file mode 100644 index 0000000000..d4bbd09ff3 --- /dev/null +++ b/library/x509_oid.h @@ -0,0 +1,695 @@ +/** + * \file oid.h + * + * \brief Object Identifier (OID) database + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_OID_H +#define MBEDTLS_OID_H +#include "mbedtls/private_access.h" + +#include "tf-psa-crypto/build_info.h" + +#include "mbedtls/asn1.h" +#include "mbedtls/pk.h" + +#include + +#if defined(MBEDTLS_CIPHER_C) +#include "mbedtls/cipher.h" +#endif + +#include "mbedtls/md.h" + +/** OID is not found. */ +#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E +/** output buffer is too small */ +#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B + +/* This is for the benefit of X.509, but defined here in order to avoid + * having a "backwards" include of x.509.h here */ +/* + * X.509 extension types (internal, arbitrary values for bitsets) + */ +#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) +#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) +#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) +#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3) +#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4) +#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5) +#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6) +#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) +#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8) +#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9) +#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10) +#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) +#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) +#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) +#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) +#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) + +/* + * Maximum number of OID components allowed + */ +#define MBEDTLS_OID_MAX_COMPONENTS 128 + +/* + * Top level OID tuples + */ +#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ +#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ +#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ +#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ + +/* + * ISO Member bodies OID parts + */ +#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ +#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ +#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ +#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ +#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_ANSI_X9_62 + +/* + * ISO Identified organization OID parts + */ +#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ +#define MBEDTLS_OID_ORG_OIW "\x0e" +#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" +#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" +#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" +#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */ +#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_THAWTE +#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ +#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_CERTICOM +#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ +#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_TELETRUST + +/* + * ISO ITU OID parts + */ +#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ +#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ + +#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ +#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ + +#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ +#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ + +/* ISO arc for standard certificate and CRL extensions */ +#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ + +#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ + +/** + * Private Internet Extensions + * { iso(1) identified-organization(3) dod(6) internet(1) + * security(5) mechanisms(5) pkix(7) } + */ +#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ + "\x01" +#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" + +/* + * Arc for standard naming attributes + */ +#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ +#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ +#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ +#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ +#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ +#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ +#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ +#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ +#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ +#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ +#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ +#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ +#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ +#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ +#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ +#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ +#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ +#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ + +#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ +#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ + +/* + * OIDs for standard certificate extensions + */ +#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ +#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ +#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ +#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ +#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ +#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ +#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ +#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ +#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ +#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ +#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ +#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ +#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ +#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ +#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ + +/* + * Certificate policies + */ +#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ + +/* + * Netscape certificate extensions + */ +#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" +#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" +#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" +#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" +#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" +#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" +#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" +#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" +#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" +#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" +#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" + +/* + * OIDs for CRL extensions + */ +#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" +#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ + +/* + * X.509 v3 Extended key usage OIDs + */ +#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ + +#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ +#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ +#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ +#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ +#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ +#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ +#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ + +/** + * Wi-SUN Alliance Field Area Network + * { iso(1) identified-organization(3) dod(6) internet(1) + * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } + */ +#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" + +#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ +#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ + +/* + * PKCS definition OIDs + */ + +#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ +#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ +#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ +#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ +#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ + +/* + * PKCS#1 OIDs + */ +#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */ +#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ +#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ +#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ +#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ +#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ +#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ + +#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" + +#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ + +/* RFC 4055 */ +#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ +#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ + +/* + * Digest algorithms + */ +#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ + +#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ + + +#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ + +#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ + +#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */ + +#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */ + +#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */ + +#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */ + +#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */ + +#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */ + +#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */ + +#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ + +/* + * Encryption algorithms, + * the following standardized object identifiers are specified at + * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C. + */ +#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ +#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ +#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ +#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */ +#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */ +#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */ + +/* + * Key Wrapping algorithms + */ +/* + * RFC 5649 + */ +#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */ +#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */ +#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */ +#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */ +#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */ +#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */ +/* + * PKCS#5 OIDs + */ +#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */ +#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */ +#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */ + +/* + * PKCS#5 PBES1 algorithms + */ +#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */ +#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */ +#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ +#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ + +/* + * PKCS#7 OIDs + */ +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ + +/* + * PKCS#8 OIDs + */ +#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ + +/* + * PKCS#12 PBE OIDs + */ +#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */ + +#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */ +#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */ +#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ +#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */ + +/* + * EC key algorithms from RFC 5480 + */ + +/* id-ecPublicKey OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */ +#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01" + +/* id-ecDH OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) + * schemes(1) ecdh(12) } */ +#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c" + +/* + * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2 + */ + +/* secp192r1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */ +#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01" + +/* secp224r1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */ +#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21" + +/* secp256r1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */ +#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07" + +/* secp384r1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */ +#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22" + +/* secp521r1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */ +#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23" + +/* secp192k1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */ +#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f" + +/* secp224k1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */ +#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20" + +/* secp256k1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */ +#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a" + +/* RFC 5639 4.1 + * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1) + * identified-organization(3) teletrust(36) algorithm(3) signature- + * algorithm(3) ecSign(2) 8} + * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1} + * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */ +#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01" + +/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */ +#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07" + +/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */ +#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B" + +/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */ +#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D" + +/* + * SEC1 C.1 + * + * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } + * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)} + */ +#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01" +#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01" + +/* + * ECDSA signature identifiers, from RFC 5480 + */ +#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ +#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ + +/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" + +/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" + +/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 2 } */ +#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" + +/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 3 } */ +#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" + +/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 4 } */ +#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" + +/* + * EC key algorithms from RFC 8410 + */ + +#define MBEDTLS_OID_X25519 MBEDTLS_OID_THAWTE "\x6e" /**< id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 } */ +#define MBEDTLS_OID_X448 MBEDTLS_OID_THAWTE "\x6f" /**< id-X448 OBJECT IDENTIFIER ::= { 1 3 101 111 } */ +#define MBEDTLS_OID_ED25519 MBEDTLS_OID_THAWTE "\x70" /**< id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } */ +#define MBEDTLS_OID_ED448 MBEDTLS_OID_THAWTE "\x71" /**< id-Ed448 OBJECT IDENTIFIER ::= { 1 3 101 113 } */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Base OID descriptor structure + */ +typedef struct mbedtls_oid_descriptor_t { + const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */ + size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */ +#if !defined(MBEDTLS_X509_REMOVE_INFO) + const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */ + const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */ +#endif +} mbedtls_oid_descriptor_t; + +/** + * \brief Translate an X.509 extension OID into local values + * + * \param oid OID to use + * \param ext_type place to store the extension type + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); + +/** + * \brief Translate an X.509 attribute type OID into the short name + * (e.g. the OID for an X520 Common Name into "CN") + * + * \param oid OID to use + * \param short_name place to store the string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); + +/** + * \brief Translate PublicKeyAlgorithm OID into pk_type + * + * \param oid OID to use + * \param pk_alg place to store public key algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); + +/** + * \brief Translate pk_type into PublicKeyAlgorithm OID + * + * \param pk_alg Public key type to look for + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, + const char **oid, size_t *olen); + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +/** + * \brief Translate NamedCurve OID into an EC group identifier + * + * \param oid OID to use + * \param grp_id place to store group id + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); + +/** + * \brief Translate EC group identifier into NamedCurve OID + * + * \param grp_id EC group identifier + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); + +/** + * \brief Translate AlgorithmIdentifier OID into an EC group identifier, + * for curves that are directly encoded at this level + * + * \param oid OID to use + * \param grp_id place to store group id + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); + +/** + * \brief Translate EC group identifier into AlgorithmIdentifier OID, + * for curves that are directly encoded at this level + * + * \param grp_id EC group identifier + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +/** + * \brief Translate SignatureAlgorithm OID into md_type and pk_type + * + * \param oid OID to use + * \param md_alg place to store message digest algorithm + * \param pk_alg place to store public key algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); + +/** + * \brief Translate SignatureAlgorithm OID into description + * + * \param oid OID to use + * \param desc place to store string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); + +/** + * \brief Translate md_type and pk_type into SignatureAlgorithm OID + * + * \param md_alg message digest algorithm + * \param pk_alg public key algorithm + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const char **oid, size_t *olen); + +/** + * \brief Translate hmac algorithm OID into md_type + * + * \param oid OID to use + * \param md_hmac place to store message hmac algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); + +/** + * \brief Translate hash algorithm OID into md_type + * + * \param oid OID to use + * \param md_alg place to store message digest algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +/** + * \brief Translate Extended Key Usage OID into description + * + * \param oid OID to use + * \param desc place to store string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); +#endif + +/** + * \brief Translate certificate policies OID into description + * + * \param oid OID to use + * \param desc place to store string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); + +/** + * \brief Translate md_type into hash algorithm OID + * + * \param md_alg message digest algorithm + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); + +#if defined(MBEDTLS_CIPHER_C) +/** + * \brief Translate encryption algorithm OID into cipher_type + * + * \param oid OID to use + * \param cipher_alg place to store cipher algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); + +#if defined(MBEDTLS_PKCS12_C) +/** + * \brief Translate PKCS#12 PBE algorithm OID into md_type and + * cipher_type + * + * \param oid OID to use + * \param md_alg place to store message digest algorithm + * \param cipher_alg place to store cipher algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, + mbedtls_cipher_type_t *cipher_alg); +#endif /* MBEDTLS_PKCS12_C */ +#endif /* MBEDTLS_CIPHER_C */ + +#ifdef __cplusplus +} +#endif + +#endif /* oid.h */ diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data new file mode 100644 index 0000000000..42b0505801 --- /dev/null +++ b/tests/suites/test_suite_x509_oid.data @@ -0,0 +1,146 @@ +OID get Any Policy certificate policy +oid_get_certificate_policies:"551D2000":"Any Policy" + +OID get certificate policy invalid oid +oid_get_certificate_policies:"5533445566":"" + +OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier +oid_get_certificate_policies:"551D23":"" + +OID get Ext Key Usage - id-kp-serverAuth +oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication" + +OID get Ext Key Usage - id-kp-clientAuth +oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication" + +OID get Ext Key Usage - id-kp-codeSigning +oid_get_extended_key_usage:"2B06010505070303":"Code Signing" + +OID get Ext Key Usage - id-kp-emailProtection +oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection" + +OID get Ext Key Usage - id-kp-timeStamping +oid_get_extended_key_usage:"2B06010505070308":"Time Stamping" + +OID get Ext Key Usage - id-kp-OCSPSigning +oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing" + +OID get Ext Key Usage - id-kp-wisun-fan-device +oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)" + +OID get Ext Key Usage invalid oid +oid_get_extended_key_usage:"5533445566":"" + +OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier +oid_get_extended_key_usage:"551D23":"" + +OID get x509 extension - id-ce-basicConstraints +oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS + +OID get x509 extension - id-ce-keyUsage +oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE + +OID get x509 extension - id-ce-extKeyUsage +oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE + +OID get x509 extension - id-ce-subjectAltName +oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME + +OID get x509 extension - id-netscape-certtype +oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE + +OID get x509 extension - id-ce-certificatePolicies +oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES + +OID get x509 extension - invalid oid +oid_get_x509_extension:"5533445566":0 + +OID get x509 extension - wrong oid - id-ce +oid_get_x509_extension:"551D":0 + +OID hash id - id-md5 +depends_on:PSA_WANT_ALG_MD5 +oid_get_md_alg_id:"2A864886f70d0205":MBEDTLS_MD_MD5 + +OID hash id - id-sha1 +depends_on:PSA_WANT_ALG_SHA_1 +oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1 + +OID hash id - id-sha224 +depends_on:PSA_WANT_ALG_SHA_224 +oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224 + +OID hash id - id-sha256 +depends_on:PSA_WANT_ALG_SHA_256 +oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256 + +OID hash id - id-sha384 +depends_on:PSA_WANT_ALG_SHA_384 +oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384 + +OID hash id - id-sha512 +depends_on:PSA_WANT_ALG_SHA_512 +oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512 + +OID hash id - id-sha3-224 +depends_on:PSA_WANT_ALG_SHA3_224 +oid_get_md_alg_id:"608648016503040207":MBEDTLS_MD_SHA3_224 + +OID hash id - id-sha3-256 +depends_on:PSA_WANT_ALG_SHA3_256 +oid_get_md_alg_id:"608648016503040208":MBEDTLS_MD_SHA3_256 + +OID hash id - id-sha3-384 +depends_on:PSA_WANT_ALG_SHA3_384 +oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384 + +OID hash id - id-sha3-512 +depends_on:PSA_WANT_ALG_SHA3_512 +oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512 + +OID hash id - id-ripemd160 +depends_on:PSA_WANT_ALG_RIPEMD160 +oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 + +OID hash id - invalid oid +oid_get_md_alg_id:"2B864886f70d0204":-1 + +mbedtls_oid_get_md_hmac - RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 +mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 + +mbedtls_oid_get_md_hmac - SHA1 +depends_on:PSA_WANT_ALG_SHA_1 +mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 + +mbedtls_oid_get_md_hmac - SHA224 +depends_on:PSA_WANT_ALG_SHA_224 +mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 + +mbedtls_oid_get_md_hmac - SHA256 +depends_on:PSA_WANT_ALG_SHA_256 +mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 + +mbedtls_oid_get_md_hmac - SHA384 +depends_on:PSA_WANT_ALG_SHA_384 +mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 + +mbedtls_oid_get_md_hmac - SHA512 +depends_on:PSA_WANT_ALG_SHA_512 +mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 + +mbedtls_oid_get_md_hmac - SHA3_224 +depends_on:PSA_WANT_ALG_SHA3_224 +mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 + +mbedtls_oid_get_md_hmac - SHA3_256 +depends_on:PSA_WANT_ALG_SHA3_256 +mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 + +mbedtls_oid_get_md_hmac - SHA3_384 +depends_on:PSA_WANT_ALG_SHA3_384 +mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 + +mbedtls_oid_get_md_hmac - SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 +mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function new file mode 100644 index 0000000000..e96425e1aa --- /dev/null +++ b/tests/suites/test_suite_x509_oid.function @@ -0,0 +1,120 @@ +/* BEGIN_HEADER */ +#include "mbedtls/oid.h" +#include "mbedtls/asn1.h" +#include "mbedtls/asn1write.h" +#include "string.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void oid_get_certificate_policies(data_t *oid, char *result_str) +{ + mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; + int ret; + const char *desc; + + asn1_buf.tag = MBEDTLS_ASN1_OID; + asn1_buf.p = oid->x; + asn1_buf.len = oid->len; + + ret = mbedtls_oid_get_certificate_policies(&asn1_buf, &desc); + if (strlen(result_str) == 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT(strcmp((char *) desc, result_str) == 0); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_extended_key_usage(data_t *oid, char *result_str) +{ + mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; + int ret; + const char *desc; + + asn1_buf.tag = MBEDTLS_ASN1_OID; + asn1_buf.p = oid->x; + asn1_buf.len = oid->len; + + ret = mbedtls_oid_get_extended_key_usage(&asn1_buf, &desc); + if (strlen(result_str) == 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT(strcmp((char *) desc, result_str) == 0); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_x509_extension(data_t *oid, int exp_type) +{ + mbedtls_asn1_buf ext_oid = { 0, 0, NULL }; + int ret; + int ext_type; + + ext_oid.tag = MBEDTLS_ASN1_OID; + ext_oid.p = oid->x; + ext_oid.len = oid->len; + + ret = mbedtls_oid_get_x509_ext_type(&ext_oid, &ext_type); + if (exp_type == 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT(ext_type == exp_type); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_md_alg_id(data_t *oid, int exp_md_id) +{ + mbedtls_asn1_buf md_oid = { 0, 0, NULL }; + int ret; + mbedtls_md_type_t md_id = 0; + + md_oid.tag = MBEDTLS_ASN1_OID; + md_oid.p = oid->x; + md_oid.len = oid->len; + + ret = mbedtls_oid_get_md_alg(&md_oid, &md_id); + + if (exp_md_id < 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(md_id == 0); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id) +{ + mbedtls_asn1_buf md_oid = { 0, 0, NULL }; + int ret; + mbedtls_md_type_t md_id = 0; + + md_oid.tag = MBEDTLS_ASN1_OID; + md_oid.p = oid->x; + md_oid.len = oid->len; + + ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id); + + if (exp_md_id < 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(md_id == 0); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); + } +} +/* END_CASE */ From 06af417cea6ee8bdc4f8758813b259638e52af36 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 8 Jan 2025 17:26:01 +0100 Subject: [PATCH 0399/1080] Disable warning from gcc -pedantic on dlsym/dlopen Signed-off-by: Gilles Peskine --- programs/test/dlopen.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index ec4ee7ea77..bb7fba88af 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -50,8 +50,15 @@ int main(void) #if defined(MBEDTLS_SSL_TLS_C) void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW); CHECK_DLERROR("dlopen", TLS_SO_FILENAME); +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*ssl_list_ciphersuites)(void) = dlsym(tls_so, "mbedtls_ssl_list_ciphersuites"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites"); const int *ciphersuites = ssl_list_ciphersuites(); for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */ @@ -85,9 +92,15 @@ int main(void) CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME); crypto_so_filename = TFPSACRYPTO_SO_FILENAME; } - +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*md_list)(void) = dlsym(crypto_so, "mbedtls_md_list"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_md_list"); const int *mds = md_list(); for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ From 579475d5d3bb80a1a69a9897c75408ca28e7ac12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 15:08:35 +0100 Subject: [PATCH 0400/1080] Test with GCC 15 Non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 74543b13e9..83fcf9b130 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -73,6 +73,23 @@ support_test_gcc_latest_opt () { type "$GCC_LATEST" >/dev/null 2>/dev/null } +# Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : +# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet +# at the time of writing). +# Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this +# separate component. +# For the time being, we don't make $GCC_LATEST be GCC 15 on the CI +# platform, because that would break branches where #9814 isn'f fixed yet. +support_test_gcc15_opt () { + test -x /usr/local/gcc-15/bin/gcc-15 +} +component_test_gcc15_opt () { + scripts/config.py full + # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, + # disable the new problematic optimization. + test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 +} + component_test_gcc_earliest_opt () { scripts/config.py full test_build_opt 'full config' "$GCC_EARLIEST" -O2 From 6e245040d45f563b11282095289929231394665a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 23:32:22 +0100 Subject: [PATCH 0401/1080] GCC 15: Silence -Wunterminated-string-initialization This is a new warning in GCC 15 that our code base triggers in many places. Silence it for the time being. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 83fcf9b130..5b78c83a85 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -87,7 +87,9 @@ component_test_gcc15_opt () { scripts/config.py full # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. - test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 + # Also disable a warning that we don't yet comply to. + make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + make test } component_test_gcc_earliest_opt () { From 27f0713988e62187202615cb315c4b0d30dcc812 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:01:52 +0100 Subject: [PATCH 0402/1080] Enable drivers when testing with GCC 15 The goal of testing with GCC 15 is to validate fixes for https://github.com/Mbed-TLS/mbedtls/issues/9814 . The bug is present in multiple places, and some of them affect third-party drivers but not our built-in implementation. (The bug is that driver contexts might not be zero-initialized, but some of our built-in implementations happen not to care about this.) Thus, enable the test drivers in the test component that uses GCC 15, to gain the extra checks performed in the driver wrappers. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 5b78c83a85..0110d704dd 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -80,15 +80,23 @@ support_test_gcc_latest_opt () { # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. -support_test_gcc15_opt () { +support_test_gcc15_drivers_opt () { test -x /usr/local/gcc-15/bin/gcc-15 } -component_test_gcc15_opt () { +component_test_gcc15_drivers_opt () { + msg "build: GCC 15: full + test drivers dispatching to builtins" scripts/config.py full + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" + loc_cflags="${loc_cflags} -I../framework/tests/include -O2" # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. + loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" # Also disable a warning that we don't yet comply to. - make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" + + make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + + msg "test: GCC 15: full + test drivers dispatching to builtins" make test } From d69bfb9044189c7fe3608dc80b293f68ba867a42 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:26:21 +0100 Subject: [PATCH 0403/1080] Allow gcc-15 to be in $PATH Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 0110d704dd..e0dfe49e0d 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -81,7 +81,13 @@ support_test_gcc_latest_opt () { # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. support_test_gcc15_drivers_opt () { - test -x /usr/local/gcc-15/bin/gcc-15 + if type gcc-15 >/dev/null 2>/dev/null; then + GCC_15=gcc-15 + elif [ -x /usr/local/gcc-15/bin/gcc-15 ]; then + GCC_15=/usr/local/gcc-15/bin/gcc-15 + else + return 1 + fi } component_test_gcc15_drivers_opt () { msg "build: GCC 15: full + test drivers dispatching to builtins" @@ -94,7 +100,7 @@ component_test_gcc15_drivers_opt () { # Also disable a warning that we don't yet comply to. loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" - make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: GCC 15: full + test drivers dispatching to builtins" make test From d0e799ad8bfd865f43c0d4178fd6b762c853594a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Apr 2025 16:57:07 +0200 Subject: [PATCH 0404/1080] Improve comments Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index e0dfe49e0d..52ba8bf732 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -74,12 +74,11 @@ support_test_gcc_latest_opt () { } # Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : -# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet -# at the time of writing). +# test with GCC 15. # Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI -# platform, because that would break branches where #9814 isn'f fixed yet. +# platform, because that would break branches where #9814 isn't fixed yet. support_test_gcc15_drivers_opt () { if type gcc-15 >/dev/null 2>/dev/null; then GCC_15=gcc-15 @@ -97,7 +96,8 @@ component_test_gcc15_drivers_opt () { # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" - # Also disable a warning that we don't yet comply to. + # Also allow a warning that we don't yet comply to. + # https://github.com/Mbed-TLS/mbedtls/issues/9944 loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From dcff079ea43dde755eff64e61168399b2c762fdc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 29 Apr 2025 22:17:26 +0200 Subject: [PATCH 0405/1080] Update submodules Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5ab6c9c8d6..dc6c60204b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5ab6c9c8d6fae90fa46f51fbc7d5d1327a041388 +Subproject commit dc6c60204bbf841f0b118840813e561a399e4d73 From 46771ff0d62a28c005ecd22cf926f18cc2e4d5ae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 19:17:35 +0200 Subject: [PATCH 0406/1080] Remove trace of secp224k1 The curve secp224k1 was supported in the legacy API in Mbed TLS <=3.6, but removed after 3.6, and was never implemented in PSA. Remove this old trace of it. This is a partial cherry-pick of 32c82f0c369117b22d8a40e51723c364156d1aff Signed-off-by: Gilles Peskine --- library/x509_oid.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index ad3d8e03bc..d05a36d5bc 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -578,12 +578,6 @@ static const oid_ecp_grp_t oid_ecp_grp[] = MBEDTLS_ECP_DP_SECP192K1, }, #endif /* PSA_WANT_ECC_SECP_K1_192 */ -#if defined(PSA_WANT_ECC_SECP_K1_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), - MBEDTLS_ECP_DP_SECP224K1, - }, -#endif /* PSA_WANT_ECC_SECP_K1_224 */ #if defined(PSA_WANT_ECC_SECP_K1_256) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), From e23afdd7659890fd21b3004b746b5ca08ee3fd63 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 13:15:55 +0100 Subject: [PATCH 0407/1080] remove compat-2.x.h Signed-off-by: Ben Taylor --- docs/psa-transition.md | 1 - include/mbedtls/compat-2.x.h | 46 ------------------------------------ 2 files changed, 47 deletions(-) delete mode 100644 include/mbedtls/compat-2.x.h diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 0758061f82..60878d94f6 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -115,7 +115,6 @@ Note that a key consumes a key store entry, which is distinct from heap memory, | `check_config.h` | N/A | No public APIs (internal support header) | | `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | | `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | -| `compat-2.x.h` | various | None (transitional APIs) | | `config_psa.h` | N/A | No public APIs (internal support header) | | `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | | `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h deleted file mode 100644 index 096341ba76..0000000000 --- a/include/mbedtls/compat-2.x.h +++ /dev/null @@ -1,46 +0,0 @@ -/** - * \file compat-2.x.h - * - * \brief Compatibility definitions - * - * \deprecated Use the new names directly instead - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Including compat-2.x.h is deprecated" -#endif - -#ifndef MBEDTLS_COMPAT2X_H -#define MBEDTLS_COMPAT2X_H - -/* - * Macros for renamed functions - */ -#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update -#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update -#define mbedtls_md5_starts_ret mbedtls_md5_starts -#define mbedtls_md5_update_ret mbedtls_md5_update -#define mbedtls_md5_finish_ret mbedtls_md5_finish -#define mbedtls_md5_ret mbedtls_md5 -#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts -#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update -#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish -#define mbedtls_ripemd160_ret mbedtls_ripemd160 -#define mbedtls_sha1_starts_ret mbedtls_sha1_starts -#define mbedtls_sha1_update_ret mbedtls_sha1_update -#define mbedtls_sha1_finish_ret mbedtls_sha1_finish -#define mbedtls_sha1_ret mbedtls_sha1 -#define mbedtls_sha256_starts_ret mbedtls_sha256_starts -#define mbedtls_sha256_update_ret mbedtls_sha256_update -#define mbedtls_sha256_finish_ret mbedtls_sha256_finish -#define mbedtls_sha256_ret mbedtls_sha256 -#define mbedtls_sha512_starts_ret mbedtls_sha512_starts -#define mbedtls_sha512_update_ret mbedtls_sha512_update -#define mbedtls_sha512_finish_ret mbedtls_sha512_finish -#define mbedtls_sha512_ret mbedtls_sha512 - -#endif /* MBEDTLS_COMPAT2X_H */ From 4c9ad3cfe6239ffafa4a6816f9984fd5f8008311 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Apr 2025 08:21:20 +0100 Subject: [PATCH 0408/1080] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-compat-2.x.h | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove-compat-2.x.h diff --git a/ChangeLog.d/remove-compat-2.x.h b/ChangeLog.d/remove-compat-2.x.h new file mode 100644 index 0000000000..37f012c217 --- /dev/null +++ b/ChangeLog.d/remove-compat-2.x.h @@ -0,0 +1,2 @@ +Removals + * Remove compat-2-x.h header from mbedtls. From d056136a4d40dda9c36f8abe0b12da4c016bbdfe Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Apr 2025 11:53:04 +0100 Subject: [PATCH 0409/1080] Correct ChangeLog file extension Signed-off-by: Ben Taylor --- ChangeLog.d/{remove-compat-2.x.h => remove-compat-2.x.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{remove-compat-2.x.h => remove-compat-2.x.txt} (100%) diff --git a/ChangeLog.d/remove-compat-2.x.h b/ChangeLog.d/remove-compat-2.x.txt similarity index 100% rename from ChangeLog.d/remove-compat-2.x.h rename to ChangeLog.d/remove-compat-2.x.txt From e718e835ee4a000f8cb8a0b374d51ce81b818cb4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 7 May 2025 13:04:38 +0100 Subject: [PATCH 0410/1080] reverted compat-2.x.h removal from psa-transition.md Signed-off-by: Ben Taylor --- docs/psa-transition.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 60878d94f6..0758061f82 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -115,6 +115,7 @@ Note that a key consumes a key store entry, which is distinct from heap memory, | `check_config.h` | N/A | No public APIs (internal support header) | | `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | | `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | +| `compat-2.x.h` | various | None (transitional APIs) | | `config_psa.h` | N/A | No public APIs (internal support header) | | `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | | `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | From f13fd1e2727f7861a7b637d52a6bcb950e9f603f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 25 Sep 2024 15:49:09 +0200 Subject: [PATCH 0411/1080] Use PSA macros for the `pkalgs` domain Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 99 ++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 49 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5e025ba79b..cfd9f406d4 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -281,50 +281,52 @@ def test(self, options): 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C', + 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], - 'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', - 'PSA_WANT_ALG_ECDSA', - 'PSA_WANT_ALG_DETERMINISTIC_ECDSA'], - 'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C', - 'MBEDTLS_ECDH_C', 'PSA_WANT_ALG_ECDH', - 'MBEDTLS_ECJPAKE_C', - 'MBEDTLS_ECP_RESTARTABLE', - 'MBEDTLS_PK_PARSE_EC_EXTENDED', - 'MBEDTLS_PK_PARSE_EC_COMPRESSED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', - 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE'], - 'MBEDTLS_ECJPAKE_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'PSA_WANT_ALG_JPAKE'], - 'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', - 'PSA_WANT_ALG_RSA_OAEP', - 'PSA_WANT_ALG_RSA_PSS'], - 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', - 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], - 'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15', - 'MBEDTLS_PKCS1_V21', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'], + 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', + 'MBEDTLS_ECDSA_C'], + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ + 'PSA_WANT_ALG_ECDSA', + 'PSA_WANT_ALG_ECDH', 'MBEDTLS_ECDH_C', + 'PSA_WANT_ALG_JPAKE', + 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE', + 'MBEDTLS_ECP_RESTARTABLE', + 'MBEDTLS_PK_PARSE_EC_EXTENDED', + 'MBEDTLS_PK_PARSE_EC_COMPRESSED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', + 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', + 'MBEDTLS_ECP_C'], + 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_ECJPAKE_C', + 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', + 'MBEDTLS_X509_RSASSA_PSS_SUPPORT', + 'MBEDTLS_PKCS1_V21'], + 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_PKCS1_V15'], + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC': [ + 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', + 'PSA_WANT_ALG_RSA_OAEP', + 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', + 'MBEDTLS_RSA_C'], 'MBEDTLS_MD5_C' : ['PSA_WANT_ALG_MD5'], 'MBEDTLS_RIPEMD160_C' : ['PSA_WANT_ALG_RIPEMD160'], @@ -359,12 +361,10 @@ def test(self, options): EXCLUSIVE_GROUPS = { 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', '-MBEDTLS_SSL_TLS_C'], - 'PSA_WANT_ECC_MONTGOMERY_448': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C',], - 'PSA_WANT_ECC_MONTGOMERY_255': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C'], + 'PSA_WANT_ECC_MONTGOMERY_448': ['-PSA_WANT_ALG_ECDSA', + '-PSA_WANT_ALG_JPAKE',], + 'PSA_WANT_ECC_MONTGOMERY_255': ['-PSA_WANT_ALG_ECDSA', + '-PSA_WANT_ALG_JPAKE'], 'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC', '-PSA_WANT_ALG_CCM', '-PSA_WANT_ALG_GCM', @@ -559,11 +559,12 @@ def __init__(self, options, conf): '|MBEDTLS_SHA3_'), # Key exchange types. 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test), - 'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C', - 'MBEDTLS_ECP_C', - 'MBEDTLS_PKCS1_V21', - 'MBEDTLS_PKCS1_V15', - 'MBEDTLS_RSA_C', + + 'pkalgs': ComplementaryDomain(['PSA_WANT_ALG_ECDSA', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC', + 'PSA_WANT_ALG_RSA_OAEP', + 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC', 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], build_and_test), } From 43a1e733d8453dc77518c514626e8234c2abb59b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 16:41:52 +0200 Subject: [PATCH 0412/1080] Fix undocumented free() in x509_string_to_names() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer crashing with use-after-free, instead it's now failing cleanly: failed ! mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid That's better of course but still not great, will be fixed by future commits. Signed-off-by: Manuel Pégourié-Gonnard --- .../fix-string-to-names-memory-management.txt | 18 ++++++++++++++++++ include/mbedtls/x509.h | 3 ++- library/x509_create.c | 8 ++++++-- 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt new file mode 100644 index 0000000000..1b2198287d --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -0,0 +1,18 @@ +Security + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + +Changes + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This make it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 18df19ce6c..081acff9ad 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -332,7 +332,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); * call to mbedtls_asn1_free_named_data_list(). * * \param[out] head Address in which to store the pointer to the head of the - * allocated list of mbedtls_x509_name + * allocated list of mbedtls_x509_name. Must point to NULL on + * entry. * \param[in] name The string representation of a DN to convert * * \return 0 on success, or a negative error code. diff --git a/library/x509_create.c b/library/x509_create.c index 48ac080cbe..093cf88ed9 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -467,8 +467,12 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; size_t data_len = 0; - /* Clear existing chain if present */ - mbedtls_asn1_free_named_data_list(head); + /* Ensure the output parameter is not already populated. + * (If it were, overwriting it would likely cause a memory leak.) + */ + if (*head != NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } while (c <= end) { if (in_attr_type && *c == '=') { From 2dc6b583acde7dfe99e920e7c41edec49de54da5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 16:49:45 +0200 Subject: [PATCH 0413/1080] Restore behaviour of mbedtls_x509write_set_foo_name() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The documentation doesn't say you can't call these functions more than once on the same context, and if you do it shouldn't result in a memory leak. Historically, the call to mbedtls_asn1_free_named_data_list() in mbedtls_x509_string_to_names() (that was removed in the previous commit) was ensuring that. Let's restore it where it makes sense. (These are the only 3 places calling mbedtls_x509_string_to_names() in the library.) Signed-off-by: Manuel Pégourié-Gonnard --- library/x509write_crt.c | 2 ++ library/x509write_csr.c | 1 + 2 files changed, 3 insertions(+) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 7d207481c2..932d28d435 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -81,12 +81,14 @@ void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name) { + mbedtls_asn1_free_named_data_list(&ctx->subject); return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name) { + mbedtls_asn1_free_named_data_list(&ctx->issuer); return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name); } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e65ddb07f4..65403055c6 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -63,6 +63,7 @@ void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_contex int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, const char *subject_name) { + mbedtls_asn1_free_named_data_list(&ctx->subject); return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } From 6b1147993c3a28fc05807db338ece7ae8f881770 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 17:09:14 +0200 Subject: [PATCH 0414/1080] Fix runtime error in cert_write & cert_req MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The runtime error was introduced two commits ago (while avoiding a use-after-free). Now the programs run cleanly but still leak memory. The memory leak is long pre-existing and larger than just DN components (which are made temporarily slightly worse by this commit) and will be fixed properly in the next commit. Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 13 +++++++++---- programs/x509/cert_write.c | 13 +++++++++---- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index f09e93863a..8677cbb04f 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -150,7 +150,6 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; - mbedtls_asn1_named_data *ext_san_dirname = NULL; #if defined(MBEDTLS_X509_CRT_PARSE_C) uint8_t ip[4] = { 0 }; #endif @@ -274,7 +273,12 @@ int main(int argc, char *argv[]) cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, + /* Work around an API mismatch between string_to_names() and + * mbedtls_x509_subject_alternative_name, which holds an + * actual mbedtls_x509_name while a pointer to one would be + * more convenient here. */ + mbedtls_asn1_named_data *tmp_san_dirname = NULL; + if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf( @@ -283,7 +287,9 @@ int main(int argc, char *argv[]) (unsigned int) -ret, buf); goto exit; } - cur->node.san.directory_name = *ext_san_dirname; + cur->node.san.directory_name = *tmp_san_dirname; + mbedtls_free(tmp_san_dirname); + tmp_san_dirname = NULL; } else { mbedtls_free(cur); goto usage; @@ -490,7 +496,6 @@ int main(int argc, char *argv[]) } mbedtls_x509write_csr_free(&req); - mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 9776dc1c37..aa70a17549 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -310,7 +310,6 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; mbedtls_x509_san_list *cur, *prev; - mbedtls_asn1_named_data *ext_san_dirname = NULL; uint8_t ip[4] = { 0 }; /* * Set to sane values @@ -593,7 +592,12 @@ int main(int argc, char *argv[]) cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, + /* Work around an API mismatch between string_to_names() and + * mbedtls_x509_subject_alternative_name, which holds an + * actual mbedtls_x509_name while a pointer to one would be + * more convenient here. */ + mbedtls_asn1_named_data *tmp_san_dirname = NULL; + if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf( @@ -602,7 +606,9 @@ int main(int argc, char *argv[]) (unsigned int) -ret, buf); goto exit; } - cur->node.san.directory_name = *ext_san_dirname; + cur->node.san.directory_name = *tmp_san_dirname; + mbedtls_free(tmp_san_dirname); + tmp_san_dirname = NULL; } else { mbedtls_free(cur); goto usage; @@ -994,7 +1000,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_free(&csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ - mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_x509_crt_free(&issuer_crt); mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&loaded_subject_key); From b0958627224ed9c9f767f06bc5f803b755d5d035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 17:31:35 +0200 Subject: [PATCH 0415/1080] Fix memory leak in cert_write & cert_req MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That memory leak had been present ever since the san command-line argument has been added. Tested that the following invocation is now fully valgrind clean: programs/x509/cert_write san=DN:C=NL,CN=#0000,CN=foo;DN:CN=#0000,O=foo,OU=bar,C=UK;IP:1.2.3.4;IP:4.3.2.1;URI:http\\://example.org/;URI:foo;DNS:foo.example.org;DNS:bar.example.org Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 17 +++++++++++++++++ programs/x509/cert_write.c | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 8677cbb04f..605d78c578 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -495,6 +495,23 @@ int main(int argc, char *argv[]) #endif } + cur = opt.san_list; + while (cur != NULL) { + mbedtls_x509_san_list *next = cur->next; + /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here. + * It's the right thing for entries that were parsed from a certificate, + * where pointers are to the raw certificate, but here all the + * pointers were allocated while parsing from a user-provided string. */ + if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { + mbedtls_x509_name dn = cur->node.san.directory_name; + mbedtls_free(dn.oid.p); + mbedtls_free(dn.val.p); + mbedtls_asn1_free_named_data_list(&dn.next); + } + mbedtls_free(cur); + cur = next; + } + mbedtls_x509write_csr_free(&req); mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index aa70a17549..268036147d 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -997,6 +997,23 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: + cur = opt.san_list; + while (cur != NULL) { + mbedtls_x509_san_list *next = cur->next; + /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here. + * It's the right thing for entries that were parsed from a certificate, + * where pointers are to the raw certificate, but here all the + * pointers were allocated while parsing from a user-provided string. */ + if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { + mbedtls_x509_name dn = cur->node.san.directory_name; + mbedtls_free(dn.oid.p); + mbedtls_free(dn.val.p); + mbedtls_asn1_free_named_data_list(&dn.next); + } + mbedtls_free(cur); + cur = next; + } + #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_free(&csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ From bda3ab927826ae7603a46d8073790cc051848976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 18:25:26 +0200 Subject: [PATCH 0416/1080] Add unit test for new behaviour of string_to_names() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f3a161ca52..6893c8bc7d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -669,6 +669,11 @@ void mbedtls_x509_string_to_names(char *name, char *parsed_name, TEST_LE_S(1, ret); TEST_ASSERT(strcmp((char *) out, parsed_name) == 0); + /* Check that calling a 2nd time with the same param (now non-NULL) + * returns an error as expected. */ + ret = mbedtls_x509_string_to_names(&names, name); + TEST_EQUAL(ret, MBEDTLS_ERR_X509_BAD_INPUT_DATA); + exit: mbedtls_asn1_free_named_data_list(&names); From e2d71ccc647f58462af755f7c869a5a1ad4d96de Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Mon, 18 Mar 2024 12:32:30 +0000 Subject: [PATCH 0417/1080] Mark ssl_tls12_preset_default_sig_algs const To place in flash and save RAM on targets where this applies. Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f95f3c7c99..e7c4141abb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5385,7 +5385,7 @@ static const uint16_t ssl_preset_default_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_default_sig_algs[] = { +static const uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(PSA_WANT_ALG_SHA_512) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) From 7dddc1724fc7fe5adf7313454618aeed610be625 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Wed, 20 Mar 2024 00:43:34 +0000 Subject: [PATCH 0418/1080] Mark ssl_tls12_preset_suiteb_sig_algs const Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e7c4141abb..0c992bf010 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5449,7 +5449,7 @@ static const uint16_t ssl_preset_suiteb_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { +static const uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(PSA_WANT_ALG_SHA_256) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) From 421318c074e9ad39ecf12820755c0486f5eaf088 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 May 2025 19:50:07 +0200 Subject: [PATCH 0419/1080] Update crypto with the union initialization fixes Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index dc6c60204b..35ae18cf89 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit dc6c60204bbf841f0b118840813e561a399e4d73 +Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 From b9da11f289783a763c352f14be29927921a8e0c6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 18:50:51 +0200 Subject: [PATCH 0420/1080] Test with GCC 15 with sloppy union initialization This is a non-regression test for https://github.com/Mbed-TLS/mbedtls/issues/9814 Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 52ba8bf732..6f311ac921 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -93,10 +93,7 @@ component_test_gcc15_drivers_opt () { scripts/config.py full loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, - # disable the new problematic optimization. - loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" - # Also allow a warning that we don't yet comply to. + # Allow a warning that we don't yet comply to. # https://github.com/Mbed-TLS/mbedtls/issues/9944 loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" From e0ce40bc8f2e7af6fb2e12852168620b7f961e57 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 19 May 2025 13:30:42 +0100 Subject: [PATCH 0421/1080] Change hardcoded error values in ssl-opt to take in the PSA error alias ssl-opt checks for specific error code values in the output, but as MBEDTLS_ERR_ECP_IN_PROGRESS is becoming an alias of PSA_OPERATION_INCOMPLETE then this hardcoded value will change. Therefore allow the result to be either the old mbedtls error, or the new PSA error, as not to break the CI. Signed-off-by: Felix Conway --- tests/ssl-opt.sh | 120 +++++++++++++++++++++++------------------------ 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index cd1cae0ed0..6eefd95724 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9412,10 +9412,10 @@ run_test "EC restart: TLS, default" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -9425,10 +9425,10 @@ run_test "EC restart: TLS, max_ops=0" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -9438,10 +9438,10 @@ run_test "EC restart: TLS, max_ops=65535" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # The following test cases for restartable ECDH come in two variants: # * The "(USE_PSA)" variant expects the current behavior, which is the behavior @@ -9466,10 +9466,10 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9481,10 +9481,10 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # This works the same with & without USE_PSA as we never get to ECDH: # we abort as soon as we determined the cert is bad. @@ -9498,10 +9498,10 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 1 \ - -c "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" \ + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" @@ -9518,10 +9518,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9538,10 +9538,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9558,10 +9558,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=none" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9578,10 +9578,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=none" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9596,10 +9596,10 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9611,10 +9611,10 @@ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9625,10 +9625,10 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA enabled we expect only partial restartable behaviour: @@ -9640,10 +9640,10 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no # restartable behaviour at all (not even client auth). @@ -9657,10 +9657,10 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # Tests of asynchronous private key support in SSL From 92a9bd345ce4aec9a4670ff2584e659f56c4e070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 May 2025 12:04:26 +0200 Subject: [PATCH 0422/1080] Remove call to pk_decrypt() in ssl_server2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We no longer use decrypt TLS 1.2 (never did in 1.3) so we no longer need this path. Further simplifications could probably be made (we currently have an enum type with only one possible value...) but for now I'm trying to keep changes minimal. Signed-off-by: Manuel Pégourié-Gonnard --- programs/ssl/ssl_server2.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3c9fb7e2e0..42fa8d6ed4 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1140,7 +1140,6 @@ static int ssl_async_set_key(ssl_async_key_context_t *ctx, typedef enum { ASYNC_OP_SIGN, - ASYNC_OP_DECRYPT, } ssl_async_operation_type_t; typedef struct { @@ -1160,7 +1159,6 @@ typedef struct { static const char *const ssl_async_operation_names[] = { "sign", - "decrypt", }; static int ssl_async_start(mbedtls_ssl_context *ssl, @@ -1261,11 +1259,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { - case ASYNC_OP_DECRYPT: - ret = mbedtls_pk_decrypt(key_slot->pk, - ctx->input, ctx->input_len, - output, output_len, output_size); - break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, From 8de781d99d5059bc6abbe5e9fbd618a6075dee68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 May 2025 12:21:32 +0200 Subject: [PATCH 0423/1080] Remove redundant free loop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This version is incomplete. I failed to noticed it when adding a more complete version, making the existing one redundant. Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 605d78c578..89ab181be6 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -495,6 +495,14 @@ int main(int argc, char *argv[]) #endif } + mbedtls_x509write_csr_free(&req); + mbedtls_pk_free(&key); + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + cur = opt.san_list; while (cur != NULL) { mbedtls_x509_san_list *next = cur->next; @@ -512,22 +520,6 @@ int main(int argc, char *argv[]) cur = next; } - mbedtls_x509write_csr_free(&req); - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - cur = opt.san_list; - while (cur != NULL) { - prev = cur; - cur = cur->next; - mbedtls_free(prev); - } - - mbedtls_exit(exit_code); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && From bb8c0aba74c2e6d7b4ab76887b3cf8fb0c6db1bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 May 2025 12:28:42 +0200 Subject: [PATCH 0424/1080] Add comment on apparent type mismatch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 5 ++++- programs/x509/cert_write.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 89ab181be6..c16ec34987 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -276,7 +276,10 @@ int main(int argc, char *argv[]) /* Work around an API mismatch between string_to_names() and * mbedtls_x509_subject_alternative_name, which holds an * actual mbedtls_x509_name while a pointer to one would be - * more convenient here. */ + * more convenient here. (Note mbedtls_x509_name and + * mbedtls_asn1_named_data are synonymous, again + * string_to_names() uses one while + * cur->node.san.directory_name is nominally the other.) */ mbedtls_asn1_named_data *tmp_san_dirname = NULL; if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 268036147d..f29eef0eb0 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -595,7 +595,10 @@ int main(int argc, char *argv[]) /* Work around an API mismatch between string_to_names() and * mbedtls_x509_subject_alternative_name, which holds an * actual mbedtls_x509_name while a pointer to one would be - * more convenient here. */ + * more convenient here. (Note mbedtls_x509_name and + * mbedtls_asn1_named_data are synonymous, again + * string_to_names() uses one while + * cur->node.san.directory_name is nominally the other.) */ mbedtls_asn1_named_data *tmp_san_dirname = NULL; if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { From 38317281e91477b6f2b9198fff83579640811473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 May 2025 12:29:11 +0200 Subject: [PATCH 0425/1080] Fix type in ChangeLog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/fix-string-to-names-memory-management.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt index 1b2198287d..87bc59694f 100644 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -13,6 +13,6 @@ Security Changes * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This make it likely that existing risky uses of + to point to NULL on entry. This makes it likely that existing risky uses of this function (see the entry in the Security section) will be detected and fixed. From 6b8f517e4d3e4c5f1860cc8bd11d146d5bc1b6df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 May 2025 11:17:39 +0200 Subject: [PATCH 0426/1080] Avoid a useless copy in cert_{req,write} MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I'm just trying to have a shorter name to avoid repeating a long expression. This is a job for a pointer, not copying a struct. Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 8 ++++---- programs/x509/cert_write.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index c16ec34987..e59772ffda 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -514,10 +514,10 @@ int main(int argc, char *argv[]) * where pointers are to the raw certificate, but here all the * pointers were allocated while parsing from a user-provided string. */ if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_x509_name dn = cur->node.san.directory_name; - mbedtls_free(dn.oid.p); - mbedtls_free(dn.val.p); - mbedtls_asn1_free_named_data_list(&dn.next); + mbedtls_x509_name *dn = &cur->node.san.directory_name; + mbedtls_free(dn->oid.p); + mbedtls_free(dn->val.p); + mbedtls_asn1_free_named_data_list(&dn->next); } mbedtls_free(cur); cur = next; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index f29eef0eb0..3cabff4b5a 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -1008,10 +1008,10 @@ int main(int argc, char *argv[]) * where pointers are to the raw certificate, but here all the * pointers were allocated while parsing from a user-provided string. */ if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_x509_name dn = cur->node.san.directory_name; - mbedtls_free(dn.oid.p); - mbedtls_free(dn.val.p); - mbedtls_asn1_free_named_data_list(&dn.next); + mbedtls_x509_name *dn = &cur->node.san.directory_name; + mbedtls_free(dn->oid.p); + mbedtls_free(dn->val.p); + mbedtls_asn1_free_named_data_list(&dn->next); } mbedtls_free(cur); cur = next; From 28ef01a3c16077880c2c969ab71529e9ec93ebe7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 23 May 2025 15:03:26 +0200 Subject: [PATCH 0427/1080] library: debug: make mbedtls_debug_print_psa_ec() static Signed-off-by: Valerio Setti --- library/debug.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index a486353726..febf4444a3 100644 --- a/library/debug.c +++ b/library/debug.c @@ -230,9 +230,9 @@ static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int lev } } -void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) +static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_pk_context *pk) { char str[DEBUG_BUF_SIZE]; const uint8_t *coord_start; From 153a906a5109d4f074b57bdb70e783d681528706 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 23 May 2025 15:08:48 +0200 Subject: [PATCH 0428/1080] library: debug: remove mbedtls_debug_printf_ecdh() The function is not used anywhere and can be removed. Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 6 ----- library/debug.c | 50 ---------------------------------------- library/debug_internal.h | 33 -------------------------- 3 files changed, 89 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index e6f5dadb14..b6c4e0ecb5 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -51,11 +51,6 @@ #endif /* MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \ - mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr) -#endif - #else /* MBEDTLS_DEBUG_C */ #define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0) @@ -64,7 +59,6 @@ #define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) -#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0) #endif /* MBEDTLS_DEBUG_C */ diff --git a/library/debug.c b/library/debug.c index febf4444a3..71e0642590 100644 --- a/library/debug.c +++ b/library/debug.c @@ -412,54 +412,4 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ - defined(MBEDTLS_ECDH_C) -static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, - int level, const char *file, - int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr) -{ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - const mbedtls_ecdh_context *ctx = ecdh; -#else - const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh; -#endif - - switch (attr) { - case MBEDTLS_DEBUG_ECDH_Q: - mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q", - &ctx->Q); - break; - case MBEDTLS_DEBUG_ECDH_QP: - mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp", - &ctx->Qp); - break; - case MBEDTLS_DEBUG_ECDH_Z: - mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z", - &ctx->z); - break; - default: - break; - } -} - -void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr) -{ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr); -#else - switch (ecdh->var) { - default: - mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, - attr); - } -#endif -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && - MBEDTLS_ECDH_C */ - #endif /* MBEDTLS_DEBUG_C */ diff --git a/library/debug_internal.h b/library/debug_internal.h index 4523b4633a..31dd08ded6 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -136,37 +136,4 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_x509_crt *crt); #endif -/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function - only works for the built-in implementation. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ - defined(MBEDTLS_ECDH_C) -typedef enum { - MBEDTLS_DEBUG_ECDH_Q, - MBEDTLS_DEBUG_ECDH_QP, - MBEDTLS_DEBUG_ECDH_Z, -} mbedtls_debug_ecdh_attr; - -/** - * \brief Print a field of the ECDH structure in the SSL context to the debug - * output. This function is always used through the - * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file - * and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param ecdh the ECDH context - * \param attr the identifier of the attribute being output - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr); -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && - MBEDTLS_ECDH_C */ - #endif /* MBEDTLS_DEBUG_INTERNAL_H */ From 4a2e7b9ed80595fb29695b89e6552004f769f362 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 23 May 2025 15:15:22 +0200 Subject: [PATCH 0429/1080] tests: suite_x509parse: set PSA max operations in x509_verify_restart() Set also psa_interruptible_set_max_ops() when mbedtls_ecp_set_max_ops() is set so that the same amount of operations will be used both if legacy ECDSA_C or PSA is used under the hood to perform the operation. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index fae36571b1..7bcac865ec 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -679,6 +679,7 @@ void x509_verify_restart(char *crt_file, char *ca_file, TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); + psa_interruptible_set_max_ops(max_ops); mbedtls_ecp_set_max_ops(max_ops); cnt_restart = 0; From 199a15645dd6508123d60489a2a47ddfaa08a6a7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 May 2025 09:56:27 +0200 Subject: [PATCH 0430/1080] library: debug: make mbedtls_debug_print_ecp() internal Remove the public definition of mbedtls_debug_print_ecp(). The function is only used internally in debug.c, so we can then make the function static. Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 5 ----- library/debug.c | 6 +++--- library/debug_internal.h | 22 ---------------------- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index b6c4e0ecb5..b6d4e27052 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -37,11 +37,6 @@ mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X) #endif -#if defined(MBEDTLS_ECP_C) -#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \ - mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X) -#endif - #if defined(MBEDTLS_X509_CRT_PARSE_C) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ diff --git a/library/debug.c b/library/debug.c index 71e0642590..d36b041d56 100644 --- a/library/debug.c +++ b/library/debug.c @@ -168,9 +168,9 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, } #if defined(MBEDTLS_ECP_LIGHT) -void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X) +static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_ecp_point *X) { char str[DEBUG_BUF_SIZE]; diff --git a/library/debug_internal.h b/library/debug_internal.h index 31dd08ded6..3ffcee12bc 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -93,28 +93,6 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_mpi *X); #endif -#if defined(MBEDTLS_ECP_LIGHT) -/** - * \brief Print an ECP point to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the ECP point being output. Normally the - * variable name - * \param X the ECP point - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X); -#endif - #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Print a X.509 certificate structure to the debug output. This From ffac311aaf8cc5fbe45447766bfd96c229b4a439 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 May 2025 09:58:02 +0200 Subject: [PATCH 0431/1080] library: debug: fix guards for EC helper functions Move mbedtls_debug_print_ecp(), mbedtls_debug_print_ec_coord() and mbedtls_debug_print_psa_ec() under the same guards as debug_print_pk(). Signed-off-by: Valerio Setti --- library/debug.c | 104 ++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/library/debug.c b/library/debug.c index d36b041d56..8d55b41365 100644 --- a/library/debug.c +++ b/library/debug.c @@ -167,6 +167,58 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, } } +#if defined(MBEDTLS_BIGNUM_C) +void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_mpi *X) +{ + char str[DEBUG_BUF_SIZE]; + size_t bitlen; + size_t idx = 0; + + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + NULL == X || + level > debug_threshold) { + return; + } + + bitlen = mbedtls_mpi_bitlen(X); + + mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", + text, (unsigned) bitlen); + debug_send_line(ssl, level, file, line, str); + + if (bitlen == 0) { + str[0] = ' '; str[1] = '0'; str[2] = '0'; + idx = 3; + } else { + int n; + for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { + size_t limb_offset = n / sizeof(mbedtls_mpi_uint); + size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); + unsigned char octet = + (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; + mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); + idx += 3; + /* Wrap lines after 16 octets that each take 3 columns */ + if (idx >= 3 * 16) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); + idx = 0; + } + } + } + + if (idx != 0) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); + } +} +#endif /* MBEDTLS_BIGNUM_C */ + +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) #if defined(MBEDTLS_ECP_LIGHT) static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -261,58 +313,6 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#if defined(MBEDTLS_BIGNUM_C) -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X) -{ - char str[DEBUG_BUF_SIZE]; - size_t bitlen; - size_t idx = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == X || - level > debug_threshold) { - return; - } - - bitlen = mbedtls_mpi_bitlen(X); - - mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", - text, (unsigned) bitlen); - debug_send_line(ssl, level, file, line, str); - - if (bitlen == 0) { - str[0] = ' '; str[1] = '0'; str[2] = '0'; - idx = 3; - } else { - int n; - for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { - size_t limb_offset = n / sizeof(mbedtls_mpi_uint); - size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); - unsigned char octet = - (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); - idx += 3; - /* Wrap lines after 16 octets that each take 3 columns */ - if (idx >= 3 * 16) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - idx = 0; - } - } - } - - if (idx != 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) From 7f363dfe622d36a5e2591b5577b8da815bb5902a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 May 2025 11:59:32 +0200 Subject: [PATCH 0432/1080] programs: ssl_client2: set max restartable op also in PSA Signed-off-by: Valerio Setti --- programs/ssl/ssl_client2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index bb67c40e19..4b5ea7c5d2 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2172,6 +2172,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_ECP_RESTARTABLE) if (opt.ec_max_ops != DFL_EC_MAX_OPS) { + psa_interruptible_set_max_ops(opt.ec_max_ops); mbedtls_ecp_set_max_ops(opt.ec_max_ops); } #endif From 5989da22a9d32cd314411f3f79df4ae580d7d285 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 May 2025 14:35:42 +0200 Subject: [PATCH 0433/1080] Add tests for bug in mbedtls_x509_string_to_names() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The commented out tests cause crashes (in different ways) until the bug is fixed; the first two test are passing already and are here mostly to provide a reference point. The bug report was using programs/x509/cert_write, but string_to_names() is what it was really targetting, which is better for automated tests. The strings used are a minor adapation of those from the report. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.data | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e4e08dafc0..e5224218c5 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -254,6 +254,27 @@ mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCs X509 String to Names #20 (Reject empty AttributeValue) mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 +# Note: the behaviour is incorrect, output from string->names->string should be +# the same as the input, rather than just the last component, see +# https://github.com/Mbed-TLS/mbedtls/issues/10189 +# Still including tests for the current incorrect behaviour because of the +# variants below where we want to ensure at least that no memory corruption +# happens (which would be a lot worse than just a functional bug). +X509 String to Names (repeated OID) +mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=ef":"CN=ef":0:0 + +# Note: when a value starts with a # sign, it's treated as the hex encoding of +# the DER encoding of the value. Here, 0400 is a zero-length OCTET STRING. +# The tag actually doesn't matter for our purposes, only the length. +X509 String to Names (repeated OID, 1st is zero-length) +mbedtls_x509_string_to_names:"CN=#0400,CN=cd,CN=ef":"CN=ef":0:0 + +#X509 String to Names (repeated OID, middle is zero-length) +#mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 + +#X509 String to Names (repeated OID, last is zero-length) +#mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 + X509 Round trip test (Escaped characters) mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 From 03a86e783b6bb2a64229e07545b430f2e1239332 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 May 2025 12:01:14 +0200 Subject: [PATCH 0434/1080] test: suites: pkcs7/x509parse: add missing PSA_INIT and PSA_DONE Both PKCS7 and X509 rely on PK module under the hood and the latter can use PSA to store keys and perform operations. Therefore psa_crypto_init() must be called before any operation can be done with PKCS7 and X509. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkcs7.function | 18 ++++++++++++++++-- tests/suites/test_suite_x509parse.function | 8 ++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index e5dc4bd192..0c4a00b9e3 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -33,9 +33,17 @@ static int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) void pkcs7_asn1_fail(data_t *pkcs7_buf) { int res; + + /* PKCS7 uses X509 which itself relies on PK under the hood and the latter + * can use PSA to store keys and perform operations so psa_crypto_init() + * must be called before. */ + USE_PSA_INIT(); + res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len); TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA); +exit: + USE_PSA_DONE(); } /* END_CASE */ @@ -46,6 +54,11 @@ void pkcs7_parse(char *pkcs7_file, int res_expect) size_t buflen; int res; + /* PKCS7 uses X509 which itself relies on PK under the hood and the latter + * can use PSA to store keys and perform operations so psa_crypto_init() + * must be called before. */ + USE_PSA_INIT(); + res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); TEST_EQUAL(res, 0); @@ -54,6 +67,7 @@ void pkcs7_parse(char *pkcs7_file, int res_expect) exit: mbedtls_free(pkcs7_buf); + USE_PSA_DONE(); } /* END_CASE */ @@ -77,7 +91,7 @@ void pkcs7_verify(char *pkcs7_file, mbedtls_pkcs7 pkcs7; mbedtls_x509_crt **crts = NULL; - MD_OR_USE_PSA_INIT(); + USE_PSA_INIT(); mbedtls_pkcs7_init(&pkcs7); @@ -166,6 +180,6 @@ exit: mbedtls_free(crts); mbedtls_free(data); mbedtls_free(pkcs7_buf); - MD_OR_USE_PSA_DONE(); + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7bcac865ec..8225adb277 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1668,6 +1668,9 @@ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) mbedtls_x509_crt crt; mbedtls_x509_crt_init(&crt); + /* X509 relies on PK under the hood and the latter can use PSA to store keys + * and perform operations so psa_crypto_init() must be called before. */ + USE_PSA_INIT(); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); @@ -1682,6 +1685,7 @@ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) exit: mbedtls_x509_crt_free(&crt); + USE_PSA_DONE(); } /* END_CASE */ @@ -1697,6 +1701,9 @@ void x509_crt_parse_authoritykeyid(char *file, char name_buf[128]; mbedtls_x509_crt_init(&crt); + /* X509 relies on PK under the hood and the latter can use PSA to store keys + * and perform operations so psa_crypto_init() must be called before. */ + USE_PSA_INIT(); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); @@ -1748,6 +1755,7 @@ void x509_crt_parse_authoritykeyid(char *file, exit: mbedtls_x509_crt_free(&crt); + USE_PSA_DONE(); } /* END_CASE */ From 353eb33d0cea58df345d6b368facf9a04ce9bc4d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 May 2025 17:42:53 +0200 Subject: [PATCH 0435/1080] Use TEST_EQUAL(a,b) instead of TEST_ASSERT(a==b) Regexp replacement then `code_style.py --fix`. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 310 +++--- tests/suites/test_suite_ssl.function | 1295 +++++++++++++------------- 2 files changed, 799 insertions(+), 806 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1eed8abd75..3d4901c092 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -637,7 +637,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->ca_cert, (const unsigned char *) mbedtls_test_cas_der[i], mbedtls_test_cas_der_len[i]); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } /* Load own certificate and private key */ @@ -648,25 +648,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->cert, (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_rsa_der, mbedtls_test_srv_key_rsa_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char *) mbedtls_test_srv_crt_ec_der, mbedtls_test_srv_crt_ec_der_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_ec_der, mbedtls_test_srv_key_ec_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } else { if (pk_alg == MBEDTLS_PK_RSA) { @@ -674,25 +674,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->cert, (const unsigned char *) mbedtls_test_cli_crt_rsa_der, mbedtls_test_cli_crt_rsa_der_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, mbedtls_test_cli_key_rsa_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char *) mbedtls_test_cli_crt_ec_der, mbedtls_test_cli_crt_ec_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, mbedtls_test_cli_key_ec_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } @@ -723,16 +723,16 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, cert->pkey); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert != NULL); ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert == NULL); ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, cert->pkey); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ok = 1; @@ -787,9 +787,9 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(input_queue, output_queue, + 100, &(ep->socket), + dtls_context), 0); } else { mbedtls_test_mock_socket_init(&(ep->socket)); } @@ -812,7 +812,7 @@ int mbedtls_test_ssl_endpoint_init( MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { @@ -868,7 +868,7 @@ int mbedtls_test_ssl_endpoint_init( #endif ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); @@ -902,7 +902,7 @@ int mbedtls_test_ssl_endpoint_init( options->opaque_alg, options->opaque_alg2, options->opaque_usage); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); @@ -985,7 +985,7 @@ static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); + TEST_EQUAL(mbedtls_ssl_write(ssl, NULL, 0), 0); } ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); @@ -1032,7 +1032,7 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); + TEST_EQUAL(mbedtls_ssl_read(ssl, NULL, 0), 0); } ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); @@ -1042,7 +1042,7 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, } if (expected_fragments == 0) { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } else if (expected_fragments == 1) { TEST_ASSERT(ret == buf_len || ret == MBEDTLS_ERR_SSL_WANT_READ || @@ -1929,10 +1929,10 @@ int mbedtls_test_ssl_exchange_data( if (expected_fragments_1 == 0) { /* This error is expected when the message is too large and * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); msg_len_1 = 0; } else { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } @@ -1944,10 +1944,10 @@ int mbedtls_test_ssl_exchange_data( if (expected_fragments_2 == 0) { /* This error is expected when the message is too large and * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); msg_len_2 = 0; } else { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } @@ -1957,7 +1957,7 @@ int mbedtls_test_ssl_exchange_data( msg_len_2, &read_1, &fragments_2, expected_fragments_2); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } /* ssl_2 reading */ @@ -1966,15 +1966,15 @@ int mbedtls_test_ssl_exchange_data( msg_len_1, &read_2, &fragments_1, expected_fragments_1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } ret = -1; - TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); - TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); - TEST_ASSERT(fragments_1 == expected_fragments_1); - TEST_ASSERT(fragments_2 == expected_fragments_2); + TEST_EQUAL(0, memcmp(msg_buf_1, in_buf_2, msg_len_1)); + TEST_EQUAL(0, memcmp(msg_buf_2, in_buf_1, msg_len_2)); + TEST_EQUAL(fragments_1, expected_fragments_1); + TEST_EQUAL(fragments_2, expected_fragments_2); } ret = 0; @@ -2026,12 +2026,12 @@ static int check_ssl_version( switch (expected_negotiated_version) { case MBEDTLS_SSL_VERSION_TLS1_2: TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); - TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); + TEST_EQUAL(strcmp(version_string, "TLSv1.2"), 0); break; case MBEDTLS_SSL_VERSION_TLS1_3: TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); + TEST_EQUAL(strcmp(version_string, "TLSv1.3"), 0); break; default: @@ -2142,21 +2142,21 @@ void mbedtls_test_ssl_perform_handshake( /* Client side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, &client_context, - &client_queue, - &server_queue) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, &client_context, + &client_queue, + &server_queue), 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, NULL, NULL, + NULL), 0); } if (strlen(options->cipher) > 0) { @@ -2165,49 +2165,49 @@ void mbedtls_test_ssl_perform_handshake( /* Server side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, &server_context, - &server_queue, - &client_queue) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, &server_context, + &server_queue, + &client_queue), 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, NULL, NULL, + NULL), 0); } mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) - == 0); + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf), + (unsigned char) options->mfl), + 0); + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client.conf), + (unsigned char) options->mfl), + 0); #else - TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); + TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); - - TEST_ASSERT(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); + TEST_EQUAL(mbedtls_ssl_conf_psk( + &client.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); + + TEST_EQUAL(mbedtls_ssl_conf_psk( + &server.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); #if defined(MBEDTLS_SSL_SRV_C) mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); #endif @@ -2227,17 +2227,17 @@ void mbedtls_test_ssl_perform_handshake( } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif @@ -2245,17 +2245,17 @@ void mbedtls_test_ssl_perform_handshake( expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } - TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) - == expected_handshake_result); + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), + expected_handshake_result); if (expected_handshake_result != 0) { /* Connection will have failed by this point, skip to cleanup */ goto exit; } - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client.ssl), 1); /* Make sure server state is moved to HANDSHAKE_OVER also. */ TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), @@ -2263,7 +2263,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_HANDSHAKE_OVER), 0); - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server.ssl), 1); /* Check that both sides have negotiated the expected version. */ mbedtls_test_set_step(0); if (!check_ssl_version(options->expected_negotiated_version, @@ -2286,48 +2286,48 @@ void mbedtls_test_ssl_perform_handshake( if (options->resize_buffers != 0) { /* A server, when using DTLS, might delay a buffer resize to happen * after it receives a message, so we force it. */ - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_EQUAL(client.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_EQUAL(server.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server.ssl)); } #endif if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { /* Start data exchanging test */ - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments), + 0); } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (options->serialize == 1) { - TEST_ASSERT(options->dtls == 1); + TEST_EQUAL(options->dtls, 1); - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, - 0, &context_buf_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), NULL, + 0, &context_buf_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); context_buf = mbedtls_calloc(1, context_buf_len); TEST_ASSERT(context_buf != NULL); - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, - context_buf_len, - &context_buf_len) - == 0); + TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), context_buf, + context_buf_len, + &context_buf_len), + 0); mbedtls_ssl_free(&(server.ssl)); mbedtls_ssl_init(&(server.ssl)); - TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&(server.ssl), &(server.conf)), 0); mbedtls_ssl_set_bio(&(server.ssl), &server_context, mbedtls_test_mock_tcp_send_msg, @@ -2344,30 +2344,30 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif - TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, - context_buf_len) == 0); + TEST_EQUAL(mbedtls_ssl_context_load(&(server.ssl), context_buf, + context_buf_len), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after context deserialization */ if (options->resize_buffers != 0) { - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server.ssl)); } #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments), + 0); } } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ @@ -2375,24 +2375,24 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { /* Start test with renegotiation */ - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); /* After calling this function for the server, it only sends a handshake * request. All renegotiation should happen during data exchanging */ - TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(mbedtls_ssl_renegotiate(&(server.ssl)), 0); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_PENDING); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); /* After calling mbedtls_ssl_renegotiate for the client, * all renegotiation should happen inside this function. @@ -2404,34 +2404,34 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); + + TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after renegotiation */ if (options->resize_buffers != 0) { - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_EQUAL(client.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_EQUAL(server.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server.ssl)); } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4567dbdadb..bebb2c8cf4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -435,50 +435,41 @@ void test_callback_buffer_sanity() memset(input, 0, sizeof(input)); /* Make sure calling put and get on NULL buffer results in error. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) - == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)), -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, 0), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, NULL, 0), -1); /* Make sure calling put and get on a buffer that hasn't been set up results * in error. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) - == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), -1); /* Make sure calling put and get on NULL input only results in * error if the length is not zero, and that a NULL output is valid for data * dropping. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)), 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) - == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)), 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), 0); /* Make sure calling put several times in the row is safe */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) - == sizeof(input)); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), sizeof(input)); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, 2), 2); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 0); exit: @@ -519,7 +510,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, mbedtls_test_ssl_buffer_init(&buf); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, size), 0); /* Check the sanity of input parameters and initialise local variables. That * is, ensure that the amount of data is not negative and that we are not @@ -578,17 +569,16 @@ void test_callback_buffer(int size, int put1, int put1_ret, written = read = 0; for (j = 0; j < ROUNDS; j++) { - TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, - input + written, put[j])); + TEST_EQUAL(put_ret[j], mbedtls_test_ssl_buffer_put(&buf, + input + written, put[j])); written += put_ret[j]; - TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, - output + read, get[j])); + TEST_EQUAL(get_ret[j], mbedtls_test_ssl_buffer_get(&buf, + output + read, get[j])); read += get_ret[j]; TEST_ASSERT(read <= written); if (get_ret[j] > 0) { - TEST_ASSERT(memcmp(output + read - get_ret[j], - input + read - get_ret[j], get_ret[j]) - == 0); + TEST_EQUAL(memcmp(output + read - get_ret[j], + input + read - get_ret[j], get_ret[j]), 0); } } @@ -673,8 +663,8 @@ void ssl_mock_tcp(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + BUFLEN)); /* Send the message to the server */ send_ret = recv_ret = 1; @@ -690,9 +680,9 @@ void ssl_mock_tcp(int blocking) if (send_ret == BUFLEN) { int blocking_ret = send(&client, message, 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE); } } @@ -704,9 +694,9 @@ void ssl_mock_tcp(int blocking) TEST_ASSERT(recv_ret <= BUFLEN); read += recv_ret; } else if (blocking) { - TEST_ASSERT(recv_ret == 0); + TEST_EQUAL(recv_ret, 0); } else { - TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(recv_ret, MBEDTLS_ERR_SSL_WANT_READ); recv_ret = 0; } @@ -714,13 +704,13 @@ void ssl_mock_tcp(int blocking) if (recv_ret == BUFLEN) { int blocking_ret = recv(&server, received, 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ); } } } - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_mock_socket_close(&client); @@ -774,8 +764,8 @@ void ssl_mock_tcp_interleaving(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + BUFLEN)); /* Send the message from both sides, interleaving. */ progress = 1; @@ -803,9 +793,9 @@ void ssl_mock_tcp_interleaving(int blocking) if (send_ret[i] == BUFLEN) { int blocking_ret = send(socket, message[i], 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE); } } } @@ -823,9 +813,9 @@ void ssl_mock_tcp_interleaving(int blocking) TEST_ASSERT(recv_ret[i] <= BUFLEN); read[i] += recv_ret[i]; } else if (blocking) { - TEST_ASSERT(recv_ret[i] == 0); + TEST_EQUAL(recv_ret[i], 0); } else { - TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(recv_ret[i], MBEDTLS_ERR_SSL_WANT_READ); recv_ret[i] = 0; } @@ -834,9 +824,9 @@ void ssl_mock_tcp_interleaving(int blocking) if (recv_ret[i] == BUFLEN) { int blocking_ret = recv(socket, received[i], 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ); } } } @@ -848,7 +838,7 @@ void ssl_mock_tcp_interleaving(int blocking) } for (i = 0; i < ROUNDS; i++) { - TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0); + TEST_EQUAL(memcmp(message[i], received[i], MSGLEN), 0); } exit: @@ -865,14 +855,14 @@ void ssl_message_queue_sanity() USE_PSA_INIT(); /* Trying to push/pull to an empty queue */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) - == MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) - == MBEDTLS_TEST_ERROR_ARG_NULL); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(NULL, 1), + MBEDTLS_TEST_ERROR_ARG_NULL); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(NULL, 1), + MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 0); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -886,22 +876,22 @@ void ssl_message_queue_basic() mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); /* Sanity test - 3 pushes and 3 pops with sufficient space */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 3); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 3); + + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -915,21 +905,21 @@ void ssl_message_queue_overflow_underflow() mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); /* 4 pushes (last one with an error), 4 pops (last one with an error) */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) - == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3), + MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -943,29 +933,29 @@ void ssl_message_queue_interleaved() mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops * (to wrap around the buffer) */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3), 3); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 5), 5); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 8), 8); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 3), 3); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 5), 5); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 8), 8); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -981,13 +971,13 @@ void ssl_message_queue_insufficient_buffer() size_t buffer_len = 5; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 1), 0); /* Popping without a sufficient buffer */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) - == (int) message_len); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) - == (int) buffer_len); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, message_len), + (int) message_len); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len), + (int) buffer_len); exit: mbedtls_test_ssl_message_queue_free(&queue); USE_PSA_DONE(); @@ -1007,40 +997,40 @@ void ssl_message_mock_uninitialized() USE_PSA_INIT(); /* Send with a NULL context */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) - == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN), + MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) - == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN), + MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, + &client, + &client_context), 0); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_TEST_ERROR_SEND_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MBEDTLS_TEST_ERROR_SEND_FAILED); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&server_queue, + MSGLEN), + MSGLEN); /* Test if there's an error when trying to read from a disconnected * socket */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_TEST_ERROR_RECV_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_TEST_ERROR_RECV_FAILED); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); @@ -1062,46 +1052,46 @@ void ssl_message_mock_basic() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send the message to the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); /* Read from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, MSGLEN); /* Send the message to the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN), + MSGLEN); /* Read from the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) - == MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), + MSGLEN); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1124,51 +1114,51 @@ void ssl_message_mock_queue_overflow_underflow() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*2)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*2)); /* Send three message to the server, last one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1) - == MSGLEN - 1); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN - 1), + MSGLEN - 1); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_WRITE); /* Read three messages from the server, last one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1) - == MSGLEN - 1); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN - 1), + MSGLEN - 1); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); @@ -1191,39 +1181,39 @@ void ssl_message_mock_socket_overflow() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send two message to the server, second one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_TEST_ERROR_SEND_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MBEDTLS_TEST_ERROR_SEND_FAILED); /* Read the only message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1246,15 +1236,15 @@ void ssl_message_mock_truncated() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, + &client, + &client_context), 0); memset(received, 0, MSGLEN); /* Fill up the buffer with structured data so that unwanted changes @@ -1262,35 +1252,35 @@ void ssl_message_mock_truncated() for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - 2 * MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + 2 * MSGLEN)); /* Send two messages to the server, the second one small enough to fit in the * receiver's buffer. */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2) - == MSGLEN / 2); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN / 2), + MSGLEN / 2); /* Read a truncated message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2) - == MSGLEN/2); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2), + MSGLEN/2); /* Test that the first half of the message is valid, and second one isn't */ - TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0); TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2) != 0); memset(received, 0, MSGLEN); /* Read a full message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2) - == MSGLEN / 2); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2), + MSGLEN / 2); /* Test that the first half of the message is valid */ - TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1313,33 +1303,33 @@ void ssl_message_mock_socket_read_error() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); /* Force a read error by disconnecting the socket by hand */ server.status = 0; - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_TEST_ERROR_RECV_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_TEST_ERROR_RECV_FAILED); /* Return to a valid state */ server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; @@ -1347,11 +1337,11 @@ void ssl_message_mock_socket_read_error() /* Test that even though the server tried to read once disconnected, the * continuity is preserved */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1374,48 +1364,48 @@ void ssl_message_mock_interleaved_one_way() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, and then two reads * (to wrap around the buffer) */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); @@ -1437,75 +1427,75 @@ void ssl_message_mock_interleaved_two_ways() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads * (to wrap around the buffer) both ways. */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); @@ -1524,12 +1514,12 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) == 0); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_DATAGRAM, + MBEDTLS_SSL_PRESET_DEFAULT), 0); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); /* Read previous record numbers */ for (len = 0; len < prevs->len; len += 6) { @@ -1539,7 +1529,7 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) /* Check new number */ memcpy(ssl.in_ctr + 2, new->x, 6); - TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret); + TEST_EQUAL(mbedtls_ssl_dtls_replay_check(&ssl), ret); exit: mbedtls_ssl_free(&ssl); @@ -1557,13 +1547,13 @@ void ssl_set_hostname_twice(char *input_hostname0, char *input_hostname1) mbedtls_ssl_init(&ssl); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0); + TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname0), 0); output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0); + TEST_EQUAL(strcmp(input_hostname0, output_hostname), 0); - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0); + TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname1), 0); output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0); + TEST_EQUAL(strcmp(input_hostname1, output_hostname), 0); exit: mbedtls_ssl_free(&ssl); @@ -1601,7 +1591,7 @@ void ssl_crypt_record(int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_CALLOC(buf, buflen); @@ -1660,7 +1650,7 @@ void ssl_crypt_record(int cipher_type, int hash_id, /* DTLS 1.2 + CID hides the real content type and * uses a special CID content type in the protected * record. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -1669,24 +1659,24 @@ void ssl_crypt_record(int cipher_type, int hash_id, /* TLS 1.3 hides the real content type and * always uses Application Data as the content type * for protected records. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ /* Decrypt record with t_dec */ ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); /* Compare results */ - TEST_ASSERT(rec.type == rec_backup.type); - TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); - TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); - TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); - TEST_ASSERT(rec.data_len == rec_backup.data_len); - TEST_ASSERT(rec.data_offset == rec_backup.data_offset); - TEST_ASSERT(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len) == 0); + TEST_EQUAL(rec.type, rec_backup.type); + TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0); + TEST_EQUAL(rec.ver[0], rec_backup.ver[0]); + TEST_EQUAL(rec.ver[1], rec_backup.ver[1]); + TEST_EQUAL(rec.data_len, rec_backup.data_len); + TEST_EQUAL(rec.data_offset, rec_backup.data_offset); + TEST_EQUAL(memcmp(rec.buf + rec.data_offset, + rec_backup.buf + rec_backup.data_offset, + rec.data_len), 0); } exit: @@ -1754,7 +1744,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_CALLOC(buf, buflen); @@ -1819,7 +1809,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, /* DTLS 1.2 + CID hides the real content type and * uses a special CID content type in the protected * record. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -1828,26 +1818,26 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, /* TLS 1.3 hides the real content type and * always uses Application Data as the content type * for protected records. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ /* Decrypt record with t_dec */ - TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0); + TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec), 0); /* Compare results */ - TEST_ASSERT(rec.type == rec_backup.type); - TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); - TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); - TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); - TEST_ASSERT(rec.data_len == rec_backup.data_len); - TEST_ASSERT(rec.data_offset == rec_backup.data_offset); - TEST_ASSERT(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len) == 0); + TEST_EQUAL(rec.type, rec_backup.type); + TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0); + TEST_EQUAL(rec.ver[0], rec_backup.ver[0]); + TEST_EQUAL(rec.ver[1], rec_backup.ver[1]); + TEST_EQUAL(rec.data_len, rec_backup.data_len); + TEST_EQUAL(rec.data_offset, rec_backup.data_offset); + TEST_EQUAL(memcmp(rec.buf + rec.data_offset, + rec_backup.buf + rec_backup.data_offset, + rec.data_len), 0); } - TEST_ASSERT(seen_success == 1); + TEST_EQUAL(seen_success, 1); } exit: @@ -1886,16 +1876,16 @@ void ssl_tls13_hkdf_expand_label(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); + TEST_EQUAL((size_t) desired_length, expected->len); PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_hkdf_expand_label( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - dst, desired_length) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_hkdf_expand_label( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + lbl, lbl_len, + ctx->x, ctx->len, + dst, desired_length), 0); TEST_MEMORY_COMPARE(dst, (size_t) desired_length, expected->x, (size_t) expected->len); @@ -1919,7 +1909,7 @@ void ssl_tls13_traffic_key_generation(int hash_alg, mbedtls_ssl_key_set keys; /* Check sanity of test parameters. */ - TEST_ASSERT(client_secret->len == server_secret->len); + TEST_EQUAL(client_secret->len, server_secret->len); TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len && expected_client_write_iv->len == (size_t) desired_iv_len); @@ -1984,17 +1974,17 @@ void ssl_tls13_derive_secret(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); + TEST_EQUAL((size_t) desired_length, expected->len); PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_secret( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - already_hashed, - dst, desired_length) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_secret( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + lbl, lbl_len, + ctx->x, ctx->len, + already_hashed, + dst, desired_length), 0); TEST_MEMORY_COMPARE(dst, desired_length, expected->x, desired_length); @@ -2016,16 +2006,16 @@ void ssl_tls13_exporter(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); + TEST_EQUAL((size_t) desired_length, expected->len); PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_exporter( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - (unsigned char *) label, strlen(label), - (unsigned char *) context_value, strlen(context_value), - dst, desired_length) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_exporter( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + (unsigned char *) label, strlen(label), + (unsigned char *) context_value, strlen(context_value), + dst, desired_length), 0); TEST_MEMORY_COMPARE(dst, desired_length, expected->x, desired_length); @@ -2055,9 +2045,9 @@ void ssl_tls13_derive_early_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_early_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_early_secrets( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len, traffic_expected->x, traffic_expected->len); @@ -2089,9 +2079,9 @@ void ssl_tls13_derive_handshake_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_handshake_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_handshake_secrets( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len, client_expected->x, client_expected->len); @@ -2125,9 +2115,9 @@ void ssl_tls13_derive_application_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_application_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_application_secrets( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len, client_expected->x, client_expected->len); @@ -2159,9 +2149,9 @@ void ssl_tls13_derive_resumption_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_resumption_master_secret( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_resumption_master_secret( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len, resumption_expected->x, resumption_expected->len); @@ -2189,13 +2179,13 @@ void ssl_tls13_create_psk_binder(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_create_psk_binder( - NULL, /* SSL context for debugging only */ - alg, - psk->x, psk->len, - psk_type, - transcript->x, - binder) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_create_psk_binder( + NULL, /* SSL context for debugging only */ + alg, + psk->x, psk->len, + psk_type, + transcript->x, + binder), 0); TEST_MEMORY_COMPARE(binder, hash_len, binder_expected->x, binder_expected->len); @@ -2237,8 +2227,8 @@ void ssl_tls13_record_protection(int ciphersuite, other_endpoint = MBEDTLS_SSL_IS_SERVER; } - TEST_ASSERT(server_write_key->len == client_write_key->len); - TEST_ASSERT(server_write_iv->len == client_write_iv->len); + TEST_EQUAL(server_write_key->len, client_write_key->len); + TEST_EQUAL(server_write_iv->len, client_write_iv->len); memcpy(keys.client_write_key, client_write_key->x, client_write_key->len); @@ -2254,12 +2244,12 @@ void ssl_tls13_record_protection(int ciphersuite, MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( - &transform_send, endpoint, - ciphersuite, &keys, NULL) == 0); - TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( - &transform_recv, other_endpoint, - ciphersuite, &keys, NULL) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_populate_transform( + &transform_send, endpoint, + ciphersuite, &keys, NULL), 0); + TEST_EQUAL(mbedtls_ssl_tls13_populate_transform( + &transform_recv, other_endpoint, + ciphersuite, &keys, NULL), 0); /* Make sure we have enough space in the buffer even if * we use more padding than the KAT. */ @@ -2286,14 +2276,14 @@ void ssl_tls13_record_protection(int ciphersuite, memset(&rec.ctr[0], 0, 8); rec.ctr[7] = ctr; - TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0); + TEST_EQUAL(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec), 0); if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, ciphertext->x, ciphertext->len); } - TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0); + TEST_EQUAL(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec), 0); TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, plaintext->x, plaintext->len); @@ -2315,11 +2305,11 @@ void ssl_tls13_key_evolution(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_evolve_secret( - (psa_algorithm_t) hash_alg, - secret->len ? secret->x : NULL, - input->len ? input->x : NULL, input->len, - secret_new) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_evolve_secret( + (psa_algorithm_t) hash_alg, + secret->len ? secret->x : NULL, + input->len ? input->x : NULL, input->len, + secret_new), 0); TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, expected->x, (size_t) expected->len); @@ -2342,13 +2332,13 @@ void ssl_tls_prf(int type, data_t *secret, data_t *random, MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len, - label, random->x, random->len, - output, result_str->len) == exp_ret); + TEST_EQUAL(mbedtls_ssl_tls_prf(type, secret->x, secret->len, + label, random->x, random->len, + output, result_str->len), exp_ret); if (exp_ret == 0) { - TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, - result_str->len, result_str->len) == 0); + TEST_EQUAL(mbedtls_test_hexcmp(output, result_str->x, + result_str->len, result_str->len), 0); } exit: @@ -2378,94 +2368,94 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, ((void) crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &original, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &original, 0, endpoint_type), 0); } #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &original, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &original, ticket_len, endpoint_type, crt_file), 0); } #endif /* Serialize it */ - TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&original, NULL, 0, &len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_CALLOC(buf, len); - TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len) - == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&original, buf, len, &len), + 0); /* Restore session from serialized data */ - TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0); + TEST_EQUAL(mbedtls_ssl_session_load(&restored, buf, len), 0); /* * Make sure both session structures are identical */ #if defined(MBEDTLS_HAVE_TIME) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(original.start == restored.start); + TEST_EQUAL(original.start, restored.start); } #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) - TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); + TEST_EQUAL(original.ticket_creation_time, restored.ticket_creation_time); #endif #endif /* MBEDTLS_HAVE_TIME */ - TEST_ASSERT(original.tls_version == restored.tls_version); - TEST_ASSERT(original.endpoint == restored.endpoint); - TEST_ASSERT(original.ciphersuite == restored.ciphersuite); + TEST_EQUAL(original.tls_version, restored.tls_version); + TEST_EQUAL(original.endpoint, restored.endpoint); + TEST_EQUAL(original.ciphersuite, restored.ciphersuite); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(original.id_len == restored.id_len); - TEST_ASSERT(memcmp(original.id, - restored.id, sizeof(original.id)) == 0); - TEST_ASSERT(memcmp(original.master, - restored.master, sizeof(original.master)) == 0); + TEST_EQUAL(original.id_len, restored.id_len); + TEST_EQUAL(memcmp(original.id, + restored.id, sizeof(original.id)), 0); + TEST_EQUAL(memcmp(original.master, + restored.master, sizeof(original.master)), 0); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) TEST_ASSERT((original.peer_cert == NULL) == (restored.peer_cert == NULL)); if (original.peer_cert != NULL) { - TEST_ASSERT(original.peer_cert->raw.len == - restored.peer_cert->raw.len); - TEST_ASSERT(memcmp(original.peer_cert->raw.p, - restored.peer_cert->raw.p, - original.peer_cert->raw.len) == 0); + TEST_EQUAL(original.peer_cert->raw.len, + restored.peer_cert->raw.len); + TEST_EQUAL(memcmp(original.peer_cert->raw.p, + restored.peer_cert->raw.p, + original.peer_cert->raw.len), 0); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - TEST_ASSERT(original.peer_cert_digest_type == - restored.peer_cert_digest_type); - TEST_ASSERT(original.peer_cert_digest_len == - restored.peer_cert_digest_len); + TEST_EQUAL(original.peer_cert_digest_type, + restored.peer_cert_digest_type); + TEST_EQUAL(original.peer_cert_digest_len, + restored.peer_cert_digest_len); TEST_ASSERT((original.peer_cert_digest == NULL) == (restored.peer_cert_digest == NULL)); if (original.peer_cert_digest != NULL) { - TEST_ASSERT(memcmp(original.peer_cert_digest, - restored.peer_cert_digest, - original.peer_cert_digest_len) == 0); + TEST_EQUAL(memcmp(original.peer_cert_digest, + restored.peer_cert_digest, + original.peer_cert_digest_len), 0); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - TEST_ASSERT(original.verify_result == restored.verify_result); + TEST_EQUAL(original.verify_result, restored.verify_result); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(original.mfl_code == restored.mfl_code); + TEST_EQUAL(original.mfl_code, restored.mfl_code); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac); + TEST_EQUAL(original.encrypt_then_mac, restored.encrypt_then_mac); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - TEST_ASSERT(original.ticket_len == restored.ticket_len); + TEST_EQUAL(original.ticket_len, restored.ticket_len); if (original.ticket_len != 0) { TEST_ASSERT(original.ticket != NULL); TEST_ASSERT(restored.ticket != NULL); - TEST_ASSERT(memcmp(original.ticket, - restored.ticket, original.ticket_len) == 0); + TEST_EQUAL(memcmp(original.ticket, + restored.ticket, original.ticket_len), 0); } - TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); + TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime); #endif } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -2473,15 +2463,15 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) - TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add); - TEST_ASSERT(original.ticket_flags == restored.ticket_flags); - TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len); + TEST_EQUAL(original.ticket_age_add, restored.ticket_age_add); + TEST_EQUAL(original.ticket_flags, restored.ticket_flags); + TEST_EQUAL(original.resumption_key_len, restored.resumption_key_len); if (original.resumption_key_len != 0) { TEST_ASSERT(original.resumption_key != NULL); TEST_ASSERT(restored.resumption_key != NULL); - TEST_ASSERT(memcmp(original.resumption_key, - restored.resumption_key, - original.resumption_key_len) == 0); + TEST_EQUAL(memcmp(original.resumption_key, + restored.resumption_key, + original.resumption_key_len), 0); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ @@ -2502,16 +2492,16 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_HAVE_TIME) - TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time); + TEST_EQUAL(original.ticket_reception_time, restored.ticket_reception_time); #endif - TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); - TEST_ASSERT(original.ticket_len == restored.ticket_len); + TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime); + TEST_EQUAL(original.ticket_len, restored.ticket_len); if (original.ticket_len != 0) { TEST_ASSERT(original.ticket != NULL); TEST_ASSERT(restored.ticket != NULL); - TEST_ASSERT(memcmp(original.ticket, - restored.ticket, - original.ticket_len) == 0); + TEST_EQUAL(memcmp(original.ticket, + restored.ticket, + original.ticket_len), 0); } #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) TEST_ASSERT(original.hostname != NULL); @@ -2526,12 +2516,12 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_EARLY_DATA) - TEST_ASSERT( - original.max_early_data_size == restored.max_early_data_size); + TEST_EQUAL( + original.max_early_data_size, restored.max_early_data_size); #endif #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - TEST_ASSERT(original.record_size_limit == restored.record_size_limit); + TEST_EQUAL(original.record_size_limit, restored.record_size_limit); #endif exit: @@ -2563,15 +2553,15 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, endpoint_type, crt_file), 0); break; #endif default: @@ -2581,31 +2571,31 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, } /* Get desired buffer size for serializing */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &len0), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); /* Allocate first buffer */ buf1 = mbedtls_calloc(1, len0); TEST_ASSERT(buf1 != NULL); /* Serialize to buffer and free live session */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1) - == 0); - TEST_ASSERT(len0 == len1); + TEST_EQUAL(mbedtls_ssl_session_save(&session, buf1, len0, &len1), + 0); + TEST_EQUAL(len0, len1); mbedtls_ssl_session_free(&session); /* Restore session from serialized data */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0); + TEST_EQUAL(mbedtls_ssl_session_load(&session, buf1, len1), 0); /* Allocate second buffer and serialize to it */ buf2 = mbedtls_calloc(1, len0); TEST_ASSERT(buf2 != NULL); - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2) - == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&session, buf2, len0, &len2), + 0); /* Make sure both serialized versions are identical */ - TEST_ASSERT(len1 == len2); - TEST_ASSERT(memcmp(buf1, buf2, len1) == 0); + TEST_EQUAL(len1, len2); + TEST_EQUAL(memcmp(buf1, buf2, len1), 0); exit: mbedtls_ssl_session_free(&session); @@ -2636,14 +2626,14 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, endpoint_type, crt_file), 0); break; #endif default: @@ -2652,8 +2642,8 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, break; } - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); /* Try all possible bad lengths */ for (bad_len = 1; bad_len < good_len; bad_len++) { @@ -2661,10 +2651,10 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, mbedtls_free(buf); buf = NULL; TEST_CALLOC(buf, bad_len); - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len, - &test_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_ASSERT(test_len == good_len); + TEST_EQUAL(mbedtls_ssl_session_save(&session, buf, bad_len, + &test_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(test_len, good_len); } exit: @@ -2695,15 +2685,15 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, endpoint_type, crt_file), 0); break; #endif @@ -2713,11 +2703,11 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, break; } - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_CALLOC(good_buf, good_len); - TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len, - &good_len) == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&session, good_buf, good_len, + &good_len), 0); mbedtls_ssl_session_free(&session); /* Try all possible bad lengths */ @@ -2728,8 +2718,8 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, TEST_CALLOC_NONNULL(bad_buf, bad_len); memcpy(bad_buf, good_buf, bad_len); - TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_session_load(&session, bad_buf, bad_len), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } exit: @@ -2764,14 +2754,14 @@ void ssl_session_serialize_version_check(int corrupt_major, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, endpoint_type, NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, 0, endpoint_type, NULL), 0); break; #endif @@ -2782,18 +2772,18 @@ void ssl_session_serialize_version_check(int corrupt_major, } /* Infer length of serialized session. */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, - serialized_session, - sizeof(serialized_session), - &serialized_session_len) == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&session, + serialized_session, + sizeof(serialized_session), + &serialized_session_len), 0); mbedtls_ssl_session_free(&session); /* Without any modification, we should be able to successfully * de-serialize the session - double-check that. */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len) == 0); + TEST_EQUAL(mbedtls_ssl_session_load(&session, + serialized_session, + serialized_session_len), 0); mbedtls_ssl_session_free(&session); /* Go through the bytes in the serialized session header and @@ -2812,10 +2802,10 @@ void ssl_session_serialize_version_check(int corrupt_major, *byte ^= corrupted_bit; /* Attempt to deserialize */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len) == - MBEDTLS_ERR_SSL_VERSION_MISMATCH); + TEST_EQUAL(mbedtls_ssl_session_load(&session, + serialized_session, + serialized_session_len), + MBEDTLS_ERR_SSL_VERSION_MISMATCH); /* Undo the change */ *byte ^= corrupted_bit; @@ -2840,15 +2830,15 @@ void ssl_session_id_accessors_check(int tls_version) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: ciphersuite_id = MBEDTLS_TLS1_3_AES_128_GCM_SHA256; - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, MBEDTLS_SSL_IS_SERVER), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: ciphersuite_id = MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256; - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER, NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, 0, MBEDTLS_SSL_IS_SERVER, NULL), 0); break; #endif @@ -2857,15 +2847,18 @@ void ssl_session_id_accessors_check(int tls_version) TEST_ASSERT(0); break; } + + /* We expect pointers to the same strings, not just strings with + * the same content. */ TEST_ASSERT(*mbedtls_ssl_session_get_id(&session) == session.id); - TEST_ASSERT(mbedtls_ssl_session_get_id_len(&session) == session.id_len); + TEST_EQUAL(mbedtls_ssl_session_get_id_len(&session), session.id_len); /* mbedtls_test_ssl_tls1x_populate_session sets a mock suite-id of 0xabcd */ - TEST_ASSERT(mbedtls_ssl_session_get_ciphersuite_id(&session) == 0xabcd); + TEST_EQUAL(mbedtls_ssl_session_get_ciphersuite_id(&session), 0xabcd); /* Test setting a reference id for tls1.3 and tls1.2 */ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); if (ciphersuite_info != NULL) { - TEST_ASSERT(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info) == ciphersuite_id); + TEST_EQUAL(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info), ciphersuite_id); } exit: @@ -2888,15 +2881,15 @@ void mbedtls_endpoint_sanity(int endpoint_type) ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, NULL, NULL, NULL); - TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); + TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, 0, 0, 0); - TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); + TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); exit: mbedtls_test_ssl_endpoint_free(&ep, NULL); @@ -2940,7 +2933,7 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, @@ -2948,12 +2941,12 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), &(second_ep.socket), BUFFSIZE); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), &(second_ep.ssl), @@ -2962,7 +2955,7 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(base_ep.ssl.state == state); + TEST_EQUAL(base_ep.ssl.state, state); } else { TEST_ASSERT(ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && @@ -3415,13 +3408,13 @@ void test_multiple_psks() mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk0, sizeof(psk0), - psk0_identity, sizeof(psk0_identity)) == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk1, sizeof(psk1), - psk1_identity, sizeof(psk1_identity)) == - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk0, sizeof(psk0), + psk0_identity, sizeof(psk0_identity)), 0); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk1, sizeof(psk1), + psk1_identity, sizeof(psk1_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); exit: mbedtls_ssl_config_free(&conf); @@ -3460,43 +3453,43 @@ void test_multiple_psks_opaque(int mode) switch (mode) { case 0: - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk0_raw, sizeof(psk0_raw), - psk0_raw_identity, sizeof(psk0_raw_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk0_raw, sizeof(psk0_raw), + psk0_raw_identity, sizeof(psk0_raw_identity)), + 0); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk1_opaque, + psk1_opaque_identity, + sizeof(psk1_opaque_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); break; case 1: - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk1_raw, sizeof(psk1_raw), - psk1_raw_identity, sizeof(psk1_raw_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk0_opaque, + psk0_opaque_identity, + sizeof(psk0_opaque_identity)), + 0); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk1_raw, sizeof(psk1_raw), + psk1_raw_identity, sizeof(psk1_raw_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); break; case 2: - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk0_opaque, + psk0_opaque_identity, + sizeof(psk0_opaque_identity)), + 0); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk1_opaque, + psk1_opaque_identity, + sizeof(psk1_opaque_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); break; @@ -3529,7 +3522,7 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( mbedtls_ssl_context_get_config(&ssl)), endpoint); @@ -3562,7 +3555,7 @@ void conf_group() mbedtls_ssl_init(&ssl); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL); @@ -3604,35 +3597,35 @@ void force_bad_session_id_len() mbedtls_test_message_socket_init(&client_context); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, + NULL), 0); - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL), 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, options.srv_log_obj); - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE), 0); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP) - == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP), + 0); /* Force a bad session_id_len that will be read by the server in * mbedtls_ssl_cache_set. */ server.ssl.session_negotiate->id_len = 33; if (options.cli_msg_len != 0 || options.srv_msg_len != 0) { /* Start data exchanging test */ - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options.cli_msg_len, - options.expected_cli_fragments, - &(server.ssl), options.srv_msg_len, - options.expected_srv_fragments) - == 0); + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client.ssl), options.cli_msg_len, + options.expected_cli_fragments, + &(server.ssl), options.srv_msg_len, + options.expected_srv_fragments), + 0); } /* Make sure that the cache did not store the session */ @@ -3686,7 +3679,7 @@ void timing_final_delay_accessor() USE_PSA_INIT(); mbedtls_timing_set_delay(&delay_context, 50, 100); - TEST_ASSERT(mbedtls_timing_get_final_delay(&delay_context) == 100); + TEST_EQUAL(mbedtls_timing_get_final_delay(&delay_context), 100); exit: USE_PSA_DONE(); @@ -3710,63 +3703,63 @@ void cid_sanity() mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) - == 0); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); /* Can't use CID functions with stream transport. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, + sizeof(own_cid)), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, + &own_cid_len), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) - == 0); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_DATAGRAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); /* Attempt to set config cid size too big. */ - TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1, + MBEDTLS_SSL_UNEXPECTED_CID_IGNORE), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid), - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) - == 0); + TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid), + MBEDTLS_SSL_UNEXPECTED_CID_IGNORE), + 0); /* Attempt to set CID length not matching config. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - MBEDTLS_SSL_CID_IN_LEN_MAX - 1) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, + MBEDTLS_SSL_CID_IN_LEN_MAX - 1), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)) - == 0); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, + sizeof(own_cid)), + 0); /* Test we get back what we put in. */ - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == 0); + TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, + &own_cid_len), + 0); TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED); TEST_MEMORY_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len); /* Test disabling works. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, - 0) - == 0); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, + 0), + 0); - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == 0); + TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, + &own_cid_len), + 0); TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_DISABLED); @@ -3925,8 +3918,8 @@ void tls13_server_certificate_msg_invalid_vector_len() ret = mbedtls_ssl_tls13_parse_certificate(&(client_ep.ssl), buf, end); TEST_EQUAL(ret, expected_result); - TEST_ASSERT(mbedtls_ssl_cmp_chk_buf_ptr_fail_args( - &expected_chk_buf_ptr_args) == 0); + TEST_EQUAL(mbedtls_ssl_cmp_chk_buf_ptr_fail_args( + &expected_chk_buf_ptr_args), 0); mbedtls_ssl_reset_chk_buf_ptr_fail_args(); @@ -4667,7 +4660,7 @@ void tls13_cli_early_data_state(int scenario) break; case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR); + TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR); TEST_EQUAL(client_ep.ssl.early_data_state, MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); break; @@ -5068,12 +5061,12 @@ complete_handshake: * this first part of the handshake with HRR. */ if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) { - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO) == 0); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_CLIENT_HELLO) == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_HELLO), 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_CLIENT_HELLO), 0); } TEST_EQUAL(mbedtls_test_move_handshake_to_state( @@ -5239,9 +5232,9 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) ret = mbedtls_ssl_handshake(&(server_ep.ssl)); TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER) - == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), + 0); exit: mbedtls_test_ssl_endpoint_free(&client_ep, NULL); @@ -5473,7 +5466,7 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in goto exit; } - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); TEST_EQUAL(server_pattern.counter, 1); server_pattern.counter = 0; @@ -5548,15 +5541,15 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, BUFFSIZE); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); /* Make the server move to the required state */ ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, state); @@ -5573,7 +5566,7 @@ void inject_client_content_on_the_wire(int pk_alg, do { ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); - TEST_EQUAL(ret, expected_ret); + TEST_EQUAL(ret, expected_ret); TEST_ASSERT(srv_pattern.counter >= 1); exit: @@ -5626,15 +5619,15 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, BUFFSIZE); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); /* Make the server move past the initial dummy state */ ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, @@ -5714,7 +5707,7 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(exported_key_length > 0); TEST_CALLOC(key_buffer_server, exported_key_length); @@ -5729,13 +5722,13 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int key_buffer_server, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); - TEST_ASSERT(ret == 0); - TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0); + TEST_EQUAL(ret, 0); + TEST_EQUAL(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length), 0); exit: mbedtls_test_ssl_endpoint_free(&server_ep, NULL); @@ -5759,7 +5752,7 @@ void ssl_tls_exporter_uses_label(int proto) MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); char label_server[] = "test-label-server"; char label_client[] = "test-label-client"; @@ -5770,12 +5763,12 @@ void ssl_tls_exporter_uses_label(int proto) key_buffer_server, sizeof(key_buffer_server), label_server, sizeof(label_server), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, sizeof(key_buffer_client), label_client, sizeof(label_client), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: @@ -5798,7 +5791,7 @@ void ssl_tls_exporter_uses_context(int proto) MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); char label[] = "test-label"; uint8_t key_buffer_server[24] = { 0 }; @@ -5809,12 +5802,12 @@ void ssl_tls_exporter_uses_context(int proto) key_buffer_server, sizeof(key_buffer_server), label, sizeof(label), context_server, sizeof(context_server), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, sizeof(key_buffer_client), label, sizeof(label), context_client, sizeof(context_client), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: @@ -5841,7 +5834,7 @@ void ssl_tls13_exporter_uses_length(void) &client_ep, &options, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); char label[] = "test-label"; uint8_t key_buffer_server[16] = { 0 }; @@ -5851,12 +5844,12 @@ void ssl_tls13_exporter_uses_length(void) key_buffer_server, sizeof(key_buffer_server), label, sizeof(label), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, sizeof(key_buffer_client), label, sizeof(label), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: @@ -5888,13 +5881,13 @@ void ssl_tls_exporter_rejects_bad_parameters( MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer, exported_key_length, label, label_length, context, context_length, 1); - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: mbedtls_test_ssl_endpoint_free(&server_ep, NULL); @@ -5926,13 +5919,13 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); if (check_server) { ret = mbedtls_test_move_handshake_to_state(&server_ep.ssl, &client_ep.ssl, state); @@ -5949,7 +5942,7 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) NULL, 0, 0); /* FIXME: A more appropriate error code should be created for this case. */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: mbedtls_test_ssl_endpoint_free(&server_ep, NULL); From b6bb3fb6efbb45d80ff486b54fb44d3dadc6bd7e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 May 2025 21:57:52 +0200 Subject: [PATCH 0436/1080] Flatten out mbedtls_test_ssl_endpoint_certificate structure No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 18 ++---- tests/src/test_helpers/ssl_helpers.c | 89 +++++++++++++--------------- 2 files changed, 48 insertions(+), 59 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 95bfdb6633..f712660aae 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -186,15 +186,6 @@ typedef struct mbedtls_test_message_socket_context { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* - * Structure with endpoint's certificates for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint_certificate { - mbedtls_x509_crt *ca_cert; - mbedtls_x509_crt *cert; - mbedtls_pk_context *pkey; -} mbedtls_test_ssl_endpoint_certificate; - /* * Endpoint structure for SSL communication tests. */ @@ -203,7 +194,11 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; - mbedtls_test_ssl_endpoint_certificate cert; + + /* Objects owned by the endpoint */ + mbedtls_x509_crt *ca_chain; + mbedtls_x509_crt *cert; + mbedtls_pk_context *pkey; } mbedtls_test_ssl_endpoint; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -432,8 +427,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) /* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. + * Load default CA certificates and endpoint keys into \p ep. * * \retval 0 on success, otherwise error code. */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3d4901c092..dc34892084 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -579,28 +579,25 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, */ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) { - mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); - if (cert != NULL) { - if (cert->ca_cert != NULL) { - mbedtls_x509_crt_free(cert->ca_cert); - mbedtls_free(cert->ca_cert); - cert->ca_cert = NULL; - } - if (cert->cert != NULL) { - mbedtls_x509_crt_free(cert->cert); - mbedtls_free(cert->cert); - cert->cert = NULL; - } - if (cert->pkey != NULL) { + if (ep->ca_chain != NULL) { + mbedtls_x509_crt_free(ep->ca_chain); + mbedtls_free(ep->ca_chain); + ep->ca_chain = NULL; + } + if (ep->cert != NULL) { + mbedtls_x509_crt_free(ep->cert); + mbedtls_free(ep->cert); + ep->cert = NULL; + } + if (ep->pkey != NULL) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - psa_destroy_key(cert->pkey->priv_id); - } -#endif - mbedtls_pk_free(cert->pkey); - mbedtls_free(cert->pkey); - cert->pkey = NULL; + if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) { + psa_destroy_key(ep->pkey->priv_id); } +#endif + mbedtls_pk_free(ep->pkey); + mbedtls_free(ep->pkey); + ep->pkey = NULL; } } @@ -612,7 +609,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int i = 0; int ret = -1; int ok = 0; - mbedtls_test_ssl_endpoint_certificate *cert = NULL; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; #endif @@ -621,20 +617,19 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - cert = &(ep->cert); - TEST_CALLOC(cert->ca_cert, 1); - TEST_CALLOC(cert->cert, 1); - TEST_CALLOC(cert->pkey, 1); + TEST_CALLOC(ep->ca_chain, 1); + TEST_CALLOC(ep->cert, 1); + TEST_CALLOC(ep->pkey, 1); - mbedtls_x509_crt_init(cert->ca_cert); - mbedtls_x509_crt_init(cert->cert); - mbedtls_pk_init(cert->pkey); + mbedtls_x509_crt_init(ep->ca_chain); + mbedtls_x509_crt_init(ep->cert); + mbedtls_pk_init(ep->pkey); /* Load the trusted CA */ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { ret = mbedtls_x509_crt_parse_der( - cert->ca_cert, + ep->ca_chain, (const unsigned char *) mbedtls_test_cas_der[i], mbedtls_test_cas_der_len[i]); TEST_EQUAL(ret, 0); @@ -645,25 +640,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { if (pk_alg == MBEDTLS_PK_RSA) { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, mbedtls_test_srv_crt_rsa_sha256_der_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_srv_key_rsa_der, mbedtls_test_srv_key_rsa_der_len, NULL, 0); TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_srv_crt_ec_der, mbedtls_test_srv_crt_ec_der_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_srv_key_ec_der, mbedtls_test_srv_key_ec_der_len, NULL, 0); TEST_EQUAL(ret, 0); @@ -671,25 +666,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, } else { if (pk_alg == MBEDTLS_PK_RSA) { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_cli_crt_rsa_der, mbedtls_test_cli_crt_rsa_der_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, mbedtls_test_cli_key_rsa_der_len, NULL, 0); TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_cli_crt_ec_der, mbedtls_test_cli_crt_ec_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, mbedtls_test_cli_key_ec_der_len, NULL, 0); TEST_EQUAL(ret, 0); @@ -700,7 +695,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (opaque_alg != 0) { psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, + TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); /* Then manually usage, alg and alg2 as requested by the test. */ psa_set_key_usage_flags(&key_attr, opaque_usage); @@ -708,10 +703,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (opaque_alg2 != PSA_ALG_NONE) { psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); } - TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); - mbedtls_pk_free(cert->pkey); - mbedtls_pk_init(cert->pkey); - TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0); + mbedtls_pk_free(ep->pkey); + mbedtls_pk_init(ep->pkey); + TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0); } #else (void) opaque_alg; @@ -719,10 +714,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, (void) opaque_usage; #endif - mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); + mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, + ep->pkey); TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert != NULL); @@ -730,8 +725,8 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert == NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, + ep->pkey); TEST_EQUAL(ret, 0); ok = 1; From 35a2d9b65a07b1bf4ae09e9814c7b3581cb92e2c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 May 2025 22:17:53 +0200 Subject: [PATCH 0437/1080] Remove testing of mbedtls_ssl_conf_own_cert(NULL) A future commit will test it on its own instead of as part of every positive test. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index dc34892084..f5a8412591 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -716,15 +716,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, - ep->pkey); - TEST_EQUAL(ret, 0); - TEST_ASSERT(ep->conf.key_cert != NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); - TEST_EQUAL(ret, 0); - TEST_ASSERT(ep->conf.key_cert == NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, ep->pkey); TEST_EQUAL(ret, 0); From 0677e02b785f8b3e64d85c7d65690520f884b060 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 18:05:20 +0200 Subject: [PATCH 0438/1080] Move timer into the endpoint structure No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 3 +++ tests/src/test_helpers/ssl_helpers.c | 20 ++++++-------------- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index f712660aae..a7bc065bf3 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -194,6 +194,9 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; +#if defined(MBEDTLS_TIMING_C) + mbedtls_timing_delay_context timer; +#endif /* Objects owned by the endpoint */ mbedtls_x509_crt *ca_chain; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f5a8412591..90810c55e9 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -786,6 +786,11 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif } else { mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), mbedtls_test_mock_tcp_send_nb, @@ -2100,9 +2105,6 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer_client, timer_server; -#endif #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) unsigned char *context_buf = NULL; size_t context_buf_len; @@ -2133,11 +2135,6 @@ void mbedtls_test_ssl_perform_handshake( options, &client_context, &client_queue, &server_queue), 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, @@ -2156,11 +2153,6 @@ void mbedtls_test_ssl_perform_handshake( options, &server_context, &server_queue, &client_queue), 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, @@ -2323,7 +2315,7 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_ssl_set_user_data_p(&server.ssl, &server); #if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_ssl_set_timer_cb(&server.ssl, &server.timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif From 2744a439778cb748b05a0dd981f992f25d938cf4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 13:27:22 +0200 Subject: [PATCH 0439/1080] Refactor set_ciphersuites to work on the endpoint structure Link the ciphersuite list that's passed to mbedtls_ssl_conf_ciphersuites(), and needs to survive in memory as long as the configuration object is live, in the endpoint structure. This way it doesn't have to be a local variable in mbedtls_test_ssl_do_handshake_with_endpoints(). Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 49 +++++++++++++++------------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index a7bc065bf3..c198bc30c3 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -199,6 +199,7 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* Objects owned by the endpoint */ + int *ciphersuites; mbedtls_x509_crt *ca_chain; mbedtls_x509_crt *cert; mbedtls_pk_context *pkey; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 90810c55e9..ac1f1cbdb2 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -914,11 +914,13 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { - test_ssl_endpoint_certificate_free(ep); - mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); + mbedtls_free(ep->ciphersuites); + ep->ciphersuites = NULL; + test_ssl_endpoint_certificate_free(ep); + if (context != NULL) { mbedtls_test_message_socket_close(context); } else { @@ -1053,31 +1055,38 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) +static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep, + const char *cipher) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - forced_ciphersuite[1] = 0; + if (cipher == NULL || cipher[0] == 0) { + return 1; + } - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); + int ok = 0; + + TEST_CALLOC(ep->ciphersuites, 2); + ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher); + ep->ciphersuites[1] = 0; + + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]); TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); + TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version); + TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version); - if (conf->max_tls_version > ciphersuite_info->max_tls_version) { - conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; + if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) { + ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; } - if (conf->min_tls_version < ciphersuite_info->min_tls_version) { - conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; + if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) { + ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; } - mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); + mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites); + ok = 1; exit: - return; + return ok; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -2098,8 +2107,6 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options) { - /* forced_ciphersuite needs to last until the end of the handshake */ - int forced_ciphersuite[2]; enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) @@ -2142,9 +2149,7 @@ void mbedtls_test_ssl_perform_handshake( NULL), 0); } - if (strlen(options->cipher) > 0) { - set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); - } + TEST_ASSERT(set_ciphersuite(&client, options->cipher)); /* Server side */ if (options->dtls != 0) { From c4949d1426077bfaa870ea29401646549002d7ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 19:45:29 +0200 Subject: [PATCH 0440/1080] mbedtls_ssl_conf_alpn_protocols: declare list elements as const This reflects the fact that the library will not modify the list, and allows the list to be read from a const buffer. Signed-off-by: Gilles Peskine --- ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt | 4 ++++ include/mbedtls/ssl.h | 5 +++-- library/ssl_client.c | 2 +- library/ssl_tls.c | 9 +++++---- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_client.c | 2 +- 6 files changed, 15 insertions(+), 9 deletions(-) create mode 100644 ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt new file mode 100644 index 0000000000..0e396bbeff --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt @@ -0,0 +1,4 @@ +API changes + * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared + as having const elements, reflecting the fact that the library will + not modify it diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c77cec88e3..60e58295a1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1569,7 +1569,7 @@ struct mbedtls_ssl_config { #endif /* MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_SSL_ALPN) - const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ + const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) @@ -4011,7 +4011,8 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos); +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, + const char *const *protos); /** * \brief Get the name of the negotiated Application Layer Protocol. diff --git a/library/ssl_client.c b/library/ssl_client.c index cb57a97669..307da0fabb 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -141,7 +141,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, * ProtocolName protocol_name_list<2..2^16-1> * } ProtocolNameList; */ - for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { + for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) { /* * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of * protocol names is less than 255. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f95f3c7c99..1c0aab0ac2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2534,10 +2534,11 @@ void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, + const char *const *protos) { size_t cur_len, tot_len; - const char **p; + const char *const *p; /* * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings @@ -5111,7 +5112,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ALPN) { uint8_t alpn_len; - const char **cur; + const char *const *cur; if ((size_t) (end - p) < 1) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -8547,7 +8548,7 @@ int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, } /* Use our order of preference */ - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { + for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { size_t const alpn_len = strlen(*alpn); p = protocol_name_list; while (p < protocol_name_list_end) { diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df7dfbfa61..ec778f9ed8 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -869,7 +869,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { size_t list_len, name_len; - const char **p; + const char *const *p; /* If we didn't send it, the server shouldn't send it */ if (ssl->conf->alpn_list == NULL) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9386801512..b7b075cc97 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -158,7 +158,7 @@ static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl, /* Check that the server chosen protocol was in our list and save it */ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len); - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { + for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { if (protocol_name_len == strlen(*alpn) && memcmp(p, *alpn, protocol_name_len) == 0) { ssl->alpn_chosen = *alpn; From 9b993681fddc083a05b78cc54cd59cdb44f96b55 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 18:44:12 +0200 Subject: [PATCH 0441/1080] mbedtls_test_ssl_perform_handshake: declare options as const Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 4 ++-- tests/src/test_helpers/ssl_helpers.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index c198bc30c3..7cff97c7ce 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -457,7 +457,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, */ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, + const mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *output_queue); @@ -609,7 +609,7 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options); + const mbedtls_test_handshake_test_options *options); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index ac1f1cbdb2..0141fb4e21 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -736,7 +736,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, + const mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *output_queue) @@ -2105,7 +2105,7 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options) + const mbedtls_test_handshake_test_options *options) { enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; From 29969593e4edae8fa6d8ea713f294bb5c3acc434 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 19:24:28 +0200 Subject: [PATCH 0442/1080] Move DTLS context into the endpoint structure This is a step towards making mbedtls_test_ssl_endpoint_init() and mbedtls_test_ssl_endpoint_free() more self-contained. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 5 ++++ tests/src/test_helpers/ssl_helpers.c | 38 ++++++++++++++-------------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 7cff97c7ce..ec08d09cc0 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -194,6 +194,11 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; + + /* Objects only used by DTLS. + * They should be guarded by MBEDTLS_SSL_PROTO_DTLS, but + * currently aren't because some code accesses them without guards. */ + mbedtls_test_message_socket_context dtls_context; #if defined(MBEDTLS_TIMING_C) mbedtls_timing_delay_context timer; #endif diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 0141fb4e21..580cc9b821 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -741,10 +741,12 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *output_queue) { + (void) dtls_context; // no longer used + int ret = -1; uintptr_t user_data_n; - if (dtls_context != NULL && + if (options->dtls && (input_queue == NULL || output_queue == NULL)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -760,6 +762,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); + mbedtls_test_message_socket_init(&ep->dtls_context); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); @@ -772,17 +775,17 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); - if (dtls_context != NULL) { + if (options->dtls) { TEST_EQUAL(mbedtls_test_message_socket_setup(input_queue, output_queue, 100, &(ep->socket), - dtls_context), 0); + &ep->dtls_context), 0); } else { mbedtls_test_mock_socket_init(&(ep->socket)); } /* Non-blocking callbacks without timeout */ - if (dtls_context != NULL) { - mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, + if (options->dtls) { + mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context, mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); @@ -799,7 +802,7 @@ int mbedtls_test_ssl_endpoint_init( } ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, - (dtls_context != NULL) ? + options->dtls ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); @@ -867,7 +870,7 @@ int mbedtls_test_ssl_endpoint_init( } #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->dtls) { mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); } #endif @@ -914,6 +917,8 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { + (void) context; // no longer used + mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); @@ -921,8 +926,8 @@ void mbedtls_test_ssl_endpoint_free( ep->ciphersuites = NULL; test_ssl_endpoint_certificate_free(ep); - if (context != NULL) { - mbedtls_test_message_socket_close(context); + if (ep->dtls_context.socket != NULL) { + mbedtls_test_message_socket_close(&ep->dtls_context); } else { mbedtls_test_mock_socket_close(&(ep->socket)); } @@ -2125,9 +2130,6 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { @@ -2139,7 +2141,7 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, &client_context, + options, NULL, &client_queue, &server_queue), 0); } else { @@ -2155,7 +2157,7 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, &server_context, + options, NULL, &server_queue, &client_queue), 0); } else { @@ -2312,7 +2314,7 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_ssl_setup(&(server.ssl), &(server.conf)), 0); - mbedtls_ssl_set_bio(&(server.ssl), &server_context, + mbedtls_ssl_set_bio(&(server.ssl), &server.dtls_context, mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); @@ -2426,10 +2428,8 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); exit: - mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? &server_context : NULL); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server, NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); From b092e78ab3017df9addd531230141e1764b00036 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 20:15:03 +0200 Subject: [PATCH 0443/1080] New auxiliary function mbedtls_test_ssl_dtls_join_endpoints Create an auxiliary function to perform some endpoint setup that involves both the client and the server. This is only needed for DTLS. The code that will eventually be in this function is currently mostly in mbedtls_test_ssl_endpoint_init(). This commit adds the new function to the control flow; a subsequent commit will move the relevant code. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 18 ++++++++++++++++++ tests/src/test_helpers/ssl_helpers.c | 17 +++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ec08d09cc0..ca43663632 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -450,6 +450,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, * `mbedtls_test_ssl_endpoint_free()` after calling this function * even if it fails. * + * \note For DTLS, after calling this function on both endpoints, + * call mbedtls_test_ssl_dtls_join_endpoints(). + * * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or * MBEDTLS_SSL_IS_CLIENT. * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and @@ -474,6 +477,21 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context); +/* Join a DTLS client with a DTLS server. + * + * You must call this function after setting up the endpoint objects + * and before starting a DTLS handshake. + * + * \param client The client. It must have been set up with + * mbedtls_test_ssl_endpoint_init(). + * \param server The server. It must have been set up with + * mbedtls_test_ssl_endpoint_init(). + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server); + /* * This function moves ssl handshake from \p ssl to prescribed \p state. * /p second_ssl is used as second endpoint and their sockets have to be diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 580cc9b821..f917acc574 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -933,6 +933,19 @@ void mbedtls_test_ssl_endpoint_free( } } +int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* Nothing to do yet. */ + (void) client; + (void) server; + ret = 0; + + return ret; +} + int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, mbedtls_ssl_context *second_ssl, int state) @@ -2169,6 +2182,10 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); + if (options->dtls) { + TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(&client, &server), 0); + } + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf), (unsigned char) options->mfl), From 6c154e7d512712029ea3fa1413044f1a3926fd86 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 20:23:52 +0200 Subject: [PATCH 0444/1080] Move queue management into mbedtls_test_ssl_dtls_join_endpoints This allows mbedtls_test_ssl_endpoint_init() to no longer interact with the other endpoint. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 43 ++++++++++++---------------- 2 files changed, 20 insertions(+), 24 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ca43663632..d98f48ead8 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -205,6 +205,7 @@ typedef struct mbedtls_test_ssl_endpoint { /* Objects owned by the endpoint */ int *ciphersuites; + mbedtls_test_ssl_message_queue queue_input; mbedtls_x509_crt *ca_chain; mbedtls_x509_crt *cert; mbedtls_pk_context *pkey; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f917acc574..453e8e7808 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -742,16 +742,12 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_message_queue *output_queue) { (void) dtls_context; // no longer used + (void) input_queue; // no longer used + (void) output_queue; // no longer used int ret = -1; uintptr_t user_data_n; - if (options->dtls && - (input_queue == NULL || output_queue == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - - } - if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -775,13 +771,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); - if (options->dtls) { - TEST_EQUAL(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - &ep->dtls_context), 0); - } else { - mbedtls_test_mock_socket_init(&(ep->socket)); - } + mbedtls_test_mock_socket_init(&(ep->socket)); /* Non-blocking callbacks without timeout */ if (options->dtls) { @@ -938,11 +928,19 @@ int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* Nothing to do yet. */ - (void) client; - (void) server; - ret = 0; + ret = mbedtls_test_message_socket_setup(&client->queue_input, + &server->queue_input, + 100, &(client->socket), + &client->dtls_context); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_message_socket_setup(&server->queue_input, + &client->queue_input, + 100, &(server->socket), + &server->dtls_context); + TEST_EQUAL(ret, 0); +exit: return ret; } @@ -2142,7 +2140,6 @@ void mbedtls_test_ssl_perform_handshake( MD_OR_USE_PSA_INIT(); mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_ssl_message_queue server_queue, client_queue; #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { @@ -2154,9 +2151,8 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, NULL, - &client_queue, - &server_queue), 0); + options, NULL, NULL, + NULL), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, @@ -2170,9 +2166,8 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, - &server_queue, - &client_queue), 0); + options, NULL, NULL, + NULL), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, From ca8a9ac4afd6dca70c95111d343cbe4d655cf8a9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 20:52:24 +0200 Subject: [PATCH 0445/1080] Remove unused parameters to endpoint init/free The DTLS context and the queues now conveyed inside the endpoint object. Remove the unused parameters. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 12 +-- tests/src/test_helpers/ssl_helpers.c | 44 +++----- tests/suites/test_suite_ssl.function | 148 +++++++++++++-------------- 3 files changed, 85 insertions(+), 119 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index d98f48ead8..4a64b0fc4e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -458,25 +458,17 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, * MBEDTLS_SSL_IS_CLIENT. * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. * * \retval 0 on success, otherwise error code. */ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue); + const mbedtls_test_handshake_test_options *options); /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context); +void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep); /* Join a DTLS client with a DTLS server. * diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 453e8e7808..3e02a24ef2 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -736,15 +736,8 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue) + const mbedtls_test_handshake_test_options *options) { - (void) dtls_context; // no longer used - (void) input_queue; // no longer used - (void) output_queue; // no longer used - int ret = -1; uintptr_t user_data_n; @@ -904,11 +897,8 @@ int mbedtls_test_ssl_endpoint_init( } void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) + mbedtls_test_ssl_endpoint *ep) { - (void) context; // no longer used - mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); @@ -2082,13 +2072,11 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( options->server_max_version = proto; options->client_max_version = proto; - ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options); if (ret != 0) { return ret; } - ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options); if (ret != 0) { return ret; } @@ -2151,13 +2139,11 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL), 0); + options), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL), 0); + options), 0); } TEST_ASSERT(set_ciphersuite(&client, options->cipher)); @@ -2166,13 +2152,11 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL), 0); + options), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL), 0); + options), 0); } mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); @@ -2440,8 +2424,8 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); @@ -2615,11 +2599,11 @@ int mbedtls_test_get_tls13_ticket( mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - client_options, NULL, NULL, NULL); + client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - server_options, NULL, NULL, NULL); + server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -2647,8 +2631,8 @@ int mbedtls_test_get_tls13_ticket( ok = 1; exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); if (ret == 0 && !ok) { /* Exiting due to a test assertion that isn't ret == 0 */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index bebb2c8cf4..052a9d8f4a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2879,20 +2879,18 @@ void mbedtls_endpoint_sanity(int endpoint_type) MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options); TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, 0, 0, 0); TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); - ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options); TEST_EQUAL(ret, 0); exit: - mbedtls_test_ssl_endpoint_free(&ep, NULL); + mbedtls_test_ssl_endpoint_free(&ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -2931,15 +2929,14 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); - ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); @@ -2965,8 +2962,8 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int exit: mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&base_ep, NULL); - mbedtls_test_ssl_endpoint_free(&second_ep, NULL); + mbedtls_test_ssl_endpoint_free(&base_ep); + mbedtls_test_ssl_endpoint_free(&second_ep); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -3225,8 +3222,7 @@ void recombine_server_first_flight(int version, client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, - NULL), 0); + &client_options), 0); server_options.server_min_version = version; server_options.server_max_version = version; @@ -3235,8 +3231,7 @@ void recombine_server_first_flight(int version, server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, - NULL), 0); + &server_options), 0); TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket, &server.socket, @@ -3321,8 +3316,8 @@ goal_reached: #endif exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); MD_OR_USE_PSA_DONE(); @@ -3598,11 +3593,10 @@ void force_bad_session_id_len() MD_OR_USE_PSA_INIT(); TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL), 0); + &options), 0); TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL), 0); + &options), 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, @@ -3631,8 +3625,8 @@ void force_bad_session_id_len() /* Make sure that the cache did not store the session */ TEST_EQUAL(srv_pattern.counter, 1); exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_free_handshake_options(&options); mbedtls_debug_set_threshold(0); MD_OR_USE_PSA_DONE(); @@ -3793,16 +3787,14 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.group_list = iana_tls_group_list; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, - NULL), 0); + &client_options), 0); /* Server side */ server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, - NULL), 0); + &server_options), 0); TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), @@ -3836,8 +3828,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) } exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); @@ -3868,13 +3860,13 @@ void tls13_server_certificate_msg_invalid_vector_len() client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); mbedtls_test_init_handshake_options(&server_options); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), @@ -3932,8 +3924,8 @@ void tls13_server_certificate_msg_invalid_vector_len() exit: mbedtls_ssl_reset_chk_buf_ptr_fail_args(); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); MD_OR_USE_PSA_DONE(); @@ -4124,11 +4116,11 @@ void tls13_resume_session_with_ticket() * Prepare for handshake with the ticket. */ ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -4161,8 +4153,8 @@ void tls13_resume_session_with_ticket() MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -4286,13 +4278,13 @@ void tls13_read_early_data(int scenario) } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -4367,8 +4359,8 @@ void tls13_read_early_data(int scenario) MBEDTLS_SSL_HANDSHAKE_OVER), 0); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -4440,11 +4432,11 @@ void tls13_cli_early_data_state(int scenario) } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -4741,8 +4733,8 @@ void tls13_cli_early_data_state(int scenario) #endif exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -4817,11 +4809,11 @@ void tls13_write_early_data(int scenario) } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -5090,8 +5082,8 @@ complete_handshake: } while (1); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -5140,11 +5132,11 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) * Prepare for handshake with the ticket. */ ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -5237,8 +5229,8 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) 0); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -5344,11 +5336,11 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -5491,8 +5483,8 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in TEST_EQUAL(server_pattern.counter, 1); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -5540,11 +5532,11 @@ void inject_client_content_on_the_wire(int pk_alg, options.pk_alg = pk_alg; ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, @@ -5571,8 +5563,8 @@ void inject_client_content_on_the_wire(int pk_alg, exit: mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server); + mbedtls_test_ssl_endpoint_free(&client); mbedtls_debug_set_threshold(0); PSA_DONE(); } @@ -5618,11 +5610,11 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, @@ -5685,8 +5677,8 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, exit: mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server); + mbedtls_test_ssl_endpoint_free(&client); mbedtls_debug_set_threshold(0); mbedtls_free(first_frag); PSA_DONE(); @@ -5731,8 +5723,8 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int TEST_EQUAL(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length), 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer_server); mbedtls_free(key_buffer_client); @@ -5772,8 +5764,8 @@ void ssl_tls_exporter_uses_label(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -5811,8 +5803,8 @@ void ssl_tls_exporter_uses_context(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -5853,8 +5845,8 @@ void ssl_tls13_exporter_uses_length(void) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -5890,8 +5882,8 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer); mbedtls_free(label); @@ -5917,11 +5909,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options); TEST_EQUAL(ret, 0); - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE); @@ -5945,8 +5935,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } From 07432b9d0cc3a7ec82e1e92e6230550774f6fc6c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:07:44 +0200 Subject: [PATCH 0446/1080] Unify identical code This is made possible by the endpoint init simplification. No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3e02a24ef2..184c0cd05b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2136,29 +2136,15 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Client side */ - if (options->dtls != 0) { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options), 0); - } else { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options), 0); - } - + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options), 0); TEST_ASSERT(set_ciphersuite(&client, options->cipher)); /* Server side */ - if (options->dtls != 0) { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options), 0); - } else { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options), 0); - } - + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options), 0); mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); if (options->dtls) { From e30b5c73f32915e99599c876e3d1c5a6fc50b1be Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:05:48 +0200 Subject: [PATCH 0447/1080] mbedtls_test_ssl_perform_handshake: make client, server pointers This will facilitate future refactoring that breaks out code into auxiliary functions. No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 183 ++++++++++++++------------- 1 file changed, 93 insertions(+), 90 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 184c0cd05b..adbb13280d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2112,7 +2112,12 @@ void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options) { enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; + mbedtls_test_ssl_endpoint client_struct; + memset(&client_struct, 0, sizeof(client_struct)); + mbedtls_test_ssl_endpoint *const client = &client_struct; + mbedtls_test_ssl_endpoint server_struct; + memset(&server_struct, 0, sizeof(server_struct)); + mbedtls_test_ssl_endpoint *const server = &server_struct; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif @@ -2126,8 +2131,6 @@ void mbedtls_test_ssl_perform_handshake( int expected_handshake_result = options->expected_handshake_result; MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { @@ -2136,26 +2139,26 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Client side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, MBEDTLS_SSL_IS_CLIENT, options), 0); - TEST_ASSERT(set_ciphersuite(&client, options->cipher)); + TEST_ASSERT(set_ciphersuite(client, options->cipher)); /* Server side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, MBEDTLS_SSL_IS_SERVER, options), 0); - mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); + mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); if (options->dtls) { - TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(&client, &server), 0); + TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf), + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), (unsigned char) options->mfl), 0); - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client.conf), + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), (unsigned char) options->mfl), 0); #else @@ -2165,46 +2168,46 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (options->psk_str != NULL && options->psk_str->len > 0) { TEST_EQUAL(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, + &client->conf, options->psk_str->x, options->psk_str->len, (const unsigned char *) psk_identity, strlen(psk_identity)), 0); TEST_EQUAL(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, + &server->conf, options->psk_str->x, options->psk_str->len, (const unsigned char *) psk_identity, strlen(psk_identity)), 0); #if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); + mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); #endif } #endif #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server.conf), + mbedtls_ssl_conf_renegotiation(&(server->conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client.conf), + mbedtls_ssl_conf_renegotiation(&(client->conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), + mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), + mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), options->legacy_renegotiation); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client->socket), + &(server->socket), BUFFSIZE), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif @@ -2212,8 +2215,8 @@ void mbedtls_test_ssl_perform_handshake( expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client->ssl), + &(server->ssl), MBEDTLS_SSL_HANDSHAKE_OVER), expected_handshake_result); @@ -2222,30 +2225,30 @@ void mbedtls_test_ssl_perform_handshake( goto exit; } - TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client.ssl), 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client->ssl), 1); /* Make sure server state is moved to HANDSHAKE_OVER also. */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), - &(client.ssl), + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server->ssl), + &(client->ssl), MBEDTLS_SSL_HANDSHAKE_OVER), 0); - TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server.ssl), 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1); /* Check that both sides have negotiated the expected version. */ mbedtls_test_set_step(0); if (!check_ssl_version(options->expected_negotiated_version, - &client.ssl)) { + &client->ssl)) { goto exit; } mbedtls_test_set_step(1); if (!check_ssl_version(options->expected_negotiated_version, - &server.ssl)) { + &server->ssl)) { goto exit; } if (options->expected_ciphersuite != 0) { - TEST_EQUAL(server.ssl.session->ciphersuite, + TEST_EQUAL(server->ssl.session->ciphersuite, options->expected_ciphersuite); } @@ -2253,25 +2256,25 @@ void mbedtls_test_ssl_perform_handshake( if (options->resize_buffers != 0) { /* A server, when using DTLS, might delay a buffer resize to happen * after it receives a message, so we force it. */ - TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(client.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_EQUAL(client.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_EQUAL(server.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_EQUAL(server.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client->ssl)); + TEST_EQUAL(client->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client->ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); } #endif if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { /* Start data exchanging test */ TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, + &(client->ssl), options->cli_msg_len, options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, + &(server->ssl), options->srv_msg_len, options->expected_srv_fragments), 0); } @@ -2279,60 +2282,60 @@ void mbedtls_test_ssl_perform_handshake( if (options->serialize == 1) { TEST_EQUAL(options->dtls, 1); - TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), NULL, + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL, 0, &context_buf_len), MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); context_buf = mbedtls_calloc(1, context_buf_len); TEST_ASSERT(context_buf != NULL); - TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), context_buf, + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf, context_buf_len, &context_buf_len), 0); - mbedtls_ssl_free(&(server.ssl)); - mbedtls_ssl_init(&(server.ssl)); + mbedtls_ssl_free(&(server->ssl)); + mbedtls_ssl_init(&(server->ssl)); - TEST_EQUAL(mbedtls_ssl_setup(&(server.ssl), &(server.conf)), 0); + TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0); - mbedtls_ssl_set_bio(&(server.ssl), &server.dtls_context, + mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context, mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); - mbedtls_ssl_set_user_data_p(&server.ssl, &server); + mbedtls_ssl_set_user_data_p(&server->ssl, server); #if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &server.timer, + mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif - TEST_EQUAL(mbedtls_ssl_context_load(&(server.ssl), context_buf, + TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf, context_buf_len), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after context deserialization */ if (options->resize_buffers != 0) { - TEST_EQUAL(server.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_EQUAL(server.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); } #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, + &(client->ssl), options->cli_msg_len, options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, + &(server->ssl), options->srv_msg_len, options->expected_srv_fragments), 0); } @@ -2342,23 +2345,23 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { /* Start test with renegotiation */ - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_INITIAL_HANDSHAKE); /* After calling this function for the server, it only sends a handshake * request. All renegotiation should happen during data exchanging */ - TEST_EQUAL(mbedtls_ssl_renegotiate(&(server.ssl)), 0); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); /* After calling mbedtls_ssl_renegotiate for the client, @@ -2367,51 +2370,51 @@ void mbedtls_test_ssl_perform_handshake( * between client and server so this function will return waiting error * on the socket. All rest of renegotiation should happen * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client.ssl)); + ret = mbedtls_ssl_renegotiate(&(client->ssl)); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after renegotiation */ if (options->resize_buffers != 0) { - TEST_EQUAL(client.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_EQUAL(client.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_EQUAL(server.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_EQUAL(server.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client->ssl)); + TEST_EQUAL(client->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client->ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client->ssl) == client); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server->conf) == server); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server->ssl) == server); exit: - mbedtls_test_ssl_endpoint_free(&client); - mbedtls_test_ssl_endpoint_free(&server); + mbedtls_test_ssl_endpoint_free(client); + mbedtls_test_ssl_endpoint_free(server); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); From 78df6aebbccbd9fda1c26f872fc59a7e130c2a2a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:14:25 +0200 Subject: [PATCH 0448/1080] Move renegotiation testing into its own function No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 143 +++++++++++++++------------ 1 file changed, 80 insertions(+), 63 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index adbb13280d..e00f2d42be 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2108,6 +2108,85 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +#if defined(MBEDTLS_SSL_RENEGOTIATION) +static int test_renegotiation(const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) +{ + int ok = 0; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + (void) options; // only used in some configurations + + /* Start test with renegotiation */ + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + /* After calling this function for the server, it only sends a handshake + * request. All renegotiation should happen during data exchanging */ + TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_PENDING); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + + /* After calling mbedtls_ssl_renegotiate for the client, + * all renegotiation should happen inside this function. + * However in this test, we cannot perform simultaneous communication + * between client and server so this function will return waiting error + * on the socket. All rest of renegotiation should happen + * during data exchanging */ + ret = mbedtls_ssl_renegotiate(&(client->ssl)); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(ret == 0 || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); + + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after renegotiation */ + if (options->resize_buffers != 0) { + TEST_EQUAL(client->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client->ssl)); + TEST_EQUAL(client->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client->ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); + } +#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ + + ok = 1; + +exit: + return ok; +} +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options) { @@ -2124,9 +2203,6 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) unsigned char *context_buf = NULL; size_t context_buf_len; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int ret = -1; #endif int expected_handshake_result = options->expected_handshake_result; @@ -2344,66 +2420,7 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { - /* Start test with renegotiation */ - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - /* After calling this function for the server, it only sends a handshake - * request. All renegotiation should happen during data exchanging */ - TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - - /* After calling mbedtls_ssl_renegotiate for the client, - * all renegotiation should happen inside this function. - * However in this test, we cannot perform simultaneous communication - * between client and server so this function will return waiting error - * on the socket. All rest of renegotiation should happen - * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client->ssl)); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after renegotiation */ - if (options->resize_buffers != 0) { - TEST_EQUAL(client->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client->ssl)); - TEST_EQUAL(client->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client->ssl)); - TEST_EQUAL(server->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server->ssl)); - TEST_EQUAL(server->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server->ssl)); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ + TEST_ASSERT(test_renegotiation(options, client, server)); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ From e23a6d12fcae9f68da3dbb04974b11ac4b071ac3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:17:09 +0200 Subject: [PATCH 0449/1080] Move serialization testing into its own function No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 146 ++++++++++++++------------- 1 file changed, 78 insertions(+), 68 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index e00f2d42be..a638fb821e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2187,6 +2187,83 @@ static int test_renegotiation(const mbedtls_test_handshake_test_options *options } #endif /* MBEDTLS_SSL_RENEGOTIATION */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +static int test_serialization(const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) +{ + int ok = 0; + unsigned char *context_buf = NULL; + size_t context_buf_len; + + TEST_EQUAL(options->dtls, 1); + + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL, + 0, &context_buf_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + + context_buf = mbedtls_calloc(1, context_buf_len); + TEST_ASSERT(context_buf != NULL); + + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf, + context_buf_len, + &context_buf_len), + 0); + + mbedtls_ssl_free(&(server->ssl)); + mbedtls_ssl_init(&(server->ssl)); + + TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0); + + mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + + mbedtls_ssl_set_user_data_p(&server->ssl, server); + +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf, + context_buf_len), 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after context deserialization */ + if (options->resize_buffers != 0) { + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); + } +#endif + /* Retest writing/reading */ + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client->ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server->ssl), options->srv_msg_len, + options->expected_srv_fragments), + 0); + } + + ok = 1; + +exit: + mbedtls_free(context_buf); + return ok; +} +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ + void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options) { @@ -2199,10 +2276,6 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_test_ssl_endpoint *const server = &server_struct; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; #endif int expected_handshake_result = options->expected_handshake_result; @@ -2356,65 +2429,7 @@ void mbedtls_test_ssl_perform_handshake( } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (options->serialize == 1) { - TEST_EQUAL(options->dtls, 1); - - TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL, - 0, &context_buf_len), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - context_buf = mbedtls_calloc(1, context_buf_len); - TEST_ASSERT(context_buf != NULL); - - TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf, - context_buf_len, - &context_buf_len), - 0); - - mbedtls_ssl_free(&(server->ssl)); - mbedtls_ssl_init(&(server->ssl)); - - TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0); - - mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - - mbedtls_ssl_set_user_data_p(&server->ssl, server); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf, - context_buf_len), 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after context deserialization */ - if (options->resize_buffers != 0) { - TEST_EQUAL(server->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server->ssl)); - TEST_EQUAL(server->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server->ssl)); - } -#endif - /* Retest writing/reading */ - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client->ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server->ssl), options->srv_msg_len, - options->expected_srv_fragments), - 0); - } + TEST_ASSERT(test_serialization(options, client, server)); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ @@ -2436,11 +2451,6 @@ void mbedtls_test_ssl_perform_handshake( if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); } -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_free(context_buf); - } #endif MD_OR_USE_PSA_DONE(); } From bd953400709fa70f780750f0e12e268367cfaec3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 15:20:28 +0200 Subject: [PATCH 0450/1080] Unify SSL version checks between client and server Stop calling mbedtls_test_set_step() in mbedtls_test_ssl_perform_handshake(). This leaves the caller free to use the test step as they wish. No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 33 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a638fb821e..b11ca88624 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2016,15 +2016,23 @@ static int exchange_data(mbedtls_ssl_context *ssl_1, #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version, - const mbedtls_ssl_context *ssl) + const mbedtls_ssl_context *client, + const mbedtls_ssl_context *server) { - const char *version_string = mbedtls_ssl_get_version(ssl); + /* First check that both sides have chosen the same version. + * If so, we can make more sanity checks just on one side. + * If not, something is deeply wrong. */ + TEST_EQUAL(client->tls_version, server->tls_version); + + /* Make further checks on the client to validate that the + * reported data about the version is correct. */ + const char *version_string = mbedtls_ssl_get_version(client); mbedtls_ssl_protocol_version version_number = - mbedtls_ssl_get_version_number(ssl); + mbedtls_ssl_get_version_number(client); - TEST_EQUAL(ssl->tls_version, expected_negotiated_version); + TEST_EQUAL(client->tls_version, expected_negotiated_version); - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (client->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { TEST_EQUAL(version_string[0], 'D'); ++version_string; } @@ -2383,18 +2391,11 @@ void mbedtls_test_ssl_perform_handshake( 0); TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1); - /* Check that both sides have negotiated the expected version. */ - mbedtls_test_set_step(0); - if (!check_ssl_version(options->expected_negotiated_version, - &client->ssl)) { - goto exit; - } - mbedtls_test_set_step(1); - if (!check_ssl_version(options->expected_negotiated_version, - &server->ssl)) { - goto exit; - } + /* Check that both sides have negotiated the expected version. */ + TEST_ASSERT(check_ssl_version(options->expected_negotiated_version, + &client->ssl, + &server->ssl)); if (options->expected_ciphersuite != 0) { TEST_EQUAL(server->ssl.session->ciphersuite, From 7a8fd4639238c7ca20160092903becefd6f92ea6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 15:41:54 +0200 Subject: [PATCH 0451/1080] Separate test function to perform an SSL connection Split mbedtls_test_ssl_perform_connection() out of mbedtls_test_ssl_perform_handshake(). No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 43 +++++++ tests/src/test_helpers/ssl_helpers.c | 172 +++++++++++++++------------ 2 files changed, 137 insertions(+), 78 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 4a64b0fc4e..dc2ab78691 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -624,6 +624,49 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +/** Perform an SSL handshake and exchange data over the connection. + * + * This function also handles cases where the handshake is expected to fail. + * + * If the handshake succeeds as expected, this function validates that + * connection parameters are as expected, exchanges data over the + * connection, and exercises some optional protocol features if they + * are enabled. See the code to see what features are validated and exercised. + * + * The handshake is expected to fail in the following cases: + * - If `options->expected_handshake_result != 0`. + * - If `options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN`. + * + * \param[in] options Options for the connection. + * \param client The client endpoint. It must have been set up with + * mbedtls_test_ssl_endpoint_init() with \p options + * and #MBEDTLS_SSL_IS_CLIENT. + * \param server The server endpoint. It must have been set up with + * mbedtls_test_ssl_endpoint_init() with \p options + * and #MBEDTLS_SSL_IS_CLIENT. + * + * \return 1 on success, 0 on failure. On failure, this function + * calls mbedtls_test_fail(), indicating the failure + * reason and location. The causes of failure are: + * - Inconsistent options or bad endpoint state. + * - Operational problem during the handshake. + * - The handshake was expected to pass, but failed. + * - The handshake was expected to fail, but passed or + * failed with a different result. + * - The handshake passed as expected, but some connection + * parameter (e.g. protocol version, cipher suite, ...) + * is not as expected. + * - The handshake passed as expected, but something + * went wrong when attempting to exchange data. + * - The handshake passed as expected, but something + * went wrong when exercising other features + * (e.g. renegotiation, serialization, ...). + */ +int mbedtls_test_ssl_perform_connection( + const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server); + void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index b11ca88624..dbea090163 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2272,87 +2272,14 @@ static int test_serialization(const mbedtls_test_handshake_test_options *options } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ -void mbedtls_test_ssl_perform_handshake( - const mbedtls_test_handshake_test_options *options) +int mbedtls_test_ssl_perform_connection( + const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) { enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client_struct; - memset(&client_struct, 0, sizeof(client_struct)); - mbedtls_test_ssl_endpoint *const client = &client_struct; - mbedtls_test_ssl_endpoint server_struct; - memset(&server_struct, 0, sizeof(server_struct)); - mbedtls_test_ssl_endpoint *const server = &server_struct; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif int expected_handshake_result = options->expected_handshake_result; - - MD_OR_USE_PSA_INIT(); - -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - } -#endif - - /* Client side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, - MBEDTLS_SSL_IS_CLIENT, - options), 0); - TEST_ASSERT(set_ciphersuite(client, options->cipher)); - - /* Server side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, - MBEDTLS_SSL_IS_SERVER, - options), 0); - mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); - - if (options->dtls) { - TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), - (unsigned char) options->mfl), - 0); - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), - (unsigned char) options->mfl), - 0); -#else - TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_EQUAL(mbedtls_ssl_conf_psk( - &client->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); - - TEST_EQUAL(mbedtls_ssl_conf_psk( - &server->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); -#endif - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ + int ok = 0; TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client->socket), &(server->socket), @@ -2379,6 +2306,7 @@ void mbedtls_test_ssl_perform_handshake( if (expected_handshake_result != 0) { /* Connection will have failed by this point, skip to cleanup */ + ok = 1; goto exit; } @@ -2440,6 +2368,94 @@ void mbedtls_test_ssl_perform_handshake( } #endif /* MBEDTLS_SSL_RENEGOTIATION */ + ok = 1; + +exit: + return ok; +} + +void mbedtls_test_ssl_perform_handshake( + const mbedtls_test_handshake_test_options *options) +{ + mbedtls_test_ssl_endpoint client_struct; + memset(&client_struct, 0, sizeof(client_struct)); + mbedtls_test_ssl_endpoint *const client = &client_struct; + mbedtls_test_ssl_endpoint server_struct; + memset(&server_struct, 0, sizeof(server_struct)); + mbedtls_test_ssl_endpoint *const server = &server_struct; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + const char *psk_identity = "foo"; +#endif + + MD_OR_USE_PSA_INIT(); + +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + } +#endif + + /* Client side */ + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, + MBEDTLS_SSL_IS_CLIENT, + options), 0); + TEST_ASSERT(set_ciphersuite(client, options->cipher)); + + /* Server side */ + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, + MBEDTLS_SSL_IS_SERVER, + options), 0); + mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); + + if (options->dtls) { + TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); + } + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), + (unsigned char) options->mfl), + 0); + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), + (unsigned char) options->mfl), + 0); +#else + TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + if (options->psk_str != NULL && options->psk_str->len > 0) { + TEST_EQUAL(mbedtls_ssl_conf_psk( + &client->conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); + + TEST_EQUAL(mbedtls_ssl_conf_psk( + &server->conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); +#if defined(MBEDTLS_SSL_SRV_C) + mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); +#endif + } +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + mbedtls_ssl_conf_renegotiation(&(server->conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_renegotiation(&(client->conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + + mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), + options->legacy_renegotiation); + mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), + options->legacy_renegotiation); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + + TEST_ASSERT(mbedtls_test_ssl_perform_connection(options, client, server)); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client); TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client->ssl) == client); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server->conf) == server); From 27586d83f016f539dcc27faaae125943533c16af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 17:01:42 +0200 Subject: [PATCH 0452/1080] Move more endpoint configuration into the setup function Applying SSL configuration settings recorded in the `mbedtls_test_handshake_test_options` structure to an `mbedtls_test_ssl_endpoint` object was split between `mbedtls_test_ssl_endpoint_init()` and `mbedtls_test_ssl_perform_handshake()`. This was surprising, and made it harder to use `mbedtls_test_ssl_endpoint_init()` for custom behavior. It also meant some code duplication in `mbedtls_test_ssl_perform_handshake()`. Move most configuration setup from `mbedtls_test_ssl_perform_handshake()` to `mbedtls_test_ssl_endpoint_init()`. This changes the behavior in two ways: * `mbedtls_test_ssl_endpoint_init()` now takes some options into account that it previously ignored. This is ok because we don't set these options in any of the existing tests. * When calling `mbedtls_test_ssl_perform_handshake()`, some SSL configuration settings are now set (calls to `mbedtls_ssl_conf_xxx()`) before the call to `mbedtls_ssl_setup()` instead of after. This should be ok since it is forbidden to change the configuration after `mbedtls_ssl_setup()`, although the previous test code was getting away with it. This commit does not move all configuration before `mbedtls_ssl_setup()`, that would be out of scope of the current series of patches. Thus there are some internal behavior changes, but they should not affect any relevant aspect of the tests' behavior. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 192 +++++++++++++-------------- 1 file changed, 92 insertions(+), 100 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index dbea090163..a7b154a7e1 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -572,8 +572,60 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; } + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_SSL_SRV_C) +static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, + const unsigned char *name, size_t name_len) +{ + (void) p_info; + (void) ssl; + (void) name; + (void) name_len; + + return 0; +} +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && + MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_SSL_SRV_C */ + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep, + const char *cipher) +{ + if (cipher == NULL || cipher[0] == 0) { + return 1; + } + + int ok = 0; + + TEST_CALLOC(ep->ciphersuites, 2); + ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher); + ep->ciphersuites[1] = 0; + + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]); + + TEST_ASSERT(ciphersuite_info != NULL); + TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version); + TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version); + + if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) { + ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; + } + if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) { + ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; + } + + mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites); + ok = 1; + +exit: + return ok; +} + /* * Deinitializes certificates from endpoint represented by \p ep. */ @@ -740,6 +792,9 @@ int mbedtls_test_ssl_endpoint_init( { int ret = -1; uintptr_t user_data_n; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + const char *psk_identity = "foo"; +#endif if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -813,6 +868,10 @@ int mbedtls_test_ssl_endpoint_init( } } + if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { + TEST_ASSERT(set_ciphersuite(ep, options->cipher)); + } + if (options->group_list != NULL) { mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } @@ -828,6 +887,7 @@ int mbedtls_test_ssl_endpoint_init( options->max_early_data_size); } #endif + #if defined(MBEDTLS_SSL_ALPN) /* check that alpn_list contains at least one valid entry */ if (options->alpn_list[0] != NULL) { @@ -836,6 +896,15 @@ int mbedtls_test_ssl_endpoint_init( #endif #endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + mbedtls_ssl_conf_renegotiation(&ep->conf, + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_legacy_renegotiation(&ep->conf, + options->legacy_renegotiation); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, @@ -844,6 +913,14 @@ int mbedtls_test_ssl_endpoint_init( } #endif +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&ep->conf, + (unsigned char) options->mfl), + 0); +#else + TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); TEST_EQUAL(ret, 0); @@ -881,6 +958,21 @@ int mbedtls_test_ssl_endpoint_init( options->opaque_usage); TEST_EQUAL(ret, 0); +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + if (options->psk_str != NULL && options->psk_str->len > 0) { + TEST_EQUAL(mbedtls_ssl_conf_psk( + &ep->conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); +#if defined(MBEDTLS_SSL_SRV_C) + if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { + mbedtls_ssl_conf_psk_cb(&ep->conf, psk_dummy_callback, NULL); + } +#endif + } +#endif + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); @@ -1060,59 +1152,6 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, return -1; } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep, - const char *cipher) -{ - if (cipher == NULL || cipher[0] == 0) { - return 1; - } - - int ok = 0; - - TEST_CALLOC(ep->ciphersuites, 2); - ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - ep->ciphersuites[1] = 0; - - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]); - - TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version); - - if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) { - ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; - } - if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) { - ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; - } - - mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites); - ok = 1; - -exit: - return ok; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_SSL_SRV_C) -static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - (void) p_info; - (void) ssl; - (void) name; - (void) name_len; - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_SSL_SRV_C */ - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, @@ -2383,9 +2422,6 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_test_ssl_endpoint server_struct; memset(&server_struct, 0, sizeof(server_struct)); mbedtls_test_ssl_endpoint *const server = &server_struct; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif MD_OR_USE_PSA_INIT(); @@ -2399,7 +2435,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, MBEDTLS_SSL_IS_CLIENT, options), 0); - TEST_ASSERT(set_ciphersuite(client, options->cipher)); /* Server side */ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, @@ -2411,49 +2446,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); } -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), - (unsigned char) options->mfl), - 0); - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), - (unsigned char) options->mfl), - 0); -#else - TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_EQUAL(mbedtls_ssl_conf_psk( - &client->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); - - TEST_EQUAL(mbedtls_ssl_conf_psk( - &server->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); -#endif - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_ASSERT(mbedtls_test_ssl_perform_connection(options, client, server)); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client); From fb2ce055a3303efd37895df48a2b11e0cb5adbab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 17:36:12 +0200 Subject: [PATCH 0453/1080] SSL tests: make client authentication more uniform, defaulting on There was a discrepancy between how `mbedtls_test_ssl_endpoint_init()` and `mbedtls_test_ssl_perform_handshake()` handled client authentication: `mbedtls_test_ssl_endpoint_init()` defaulted to `MBEDTLS_SSL_VERIFY_REQUIRED` on both sides, whereas `mbedtls_test_ssl_perform_handshake()` obeyed `options->srv_auth_mode` which defaulted to no verification of the client certificate. Make this more uniform. Now `mbedtls_test_ssl_endpoint_init()` obeys `options->srv_auth_mode` on servers (still forcing verification on clients, which is the library default anyway). Also, `options->srv_auth_mode` is now enabled by default. Thus: * Tests that call `mbedtls_test_ssl_perform_handshake()` now perform client certificate verification, unless they disable it explicitly. * Tests that call `mbedtls_test_ssl_endpoint_init()` on a server are unchanged. (They would change if they were setting `options->srv_auth_mode` explicitly, which previously was ignored, but no test function did this.) This means that a few test functions now perform client certificate verification whereas they previously don't. This is harmless except in `handshake_ciphersuite_select`, where one test case `Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque` fails with client authentication because the test code doesn't deal with the weirdness of static ECDH correctly with respect to client authentication. So keep the previous behavior in `handshake_ciphersuite_select`, by explicitly turning off client authentication. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 9 ++++++--- tests/suites/test_suite_ssl.function | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a7b154a7e1..c38d24aa8e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -71,7 +71,7 @@ void mbedtls_test_init_handshake_options( opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; opts->pk_alg = MBEDTLS_PK_RSA; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; + opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; @@ -876,7 +876,11 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { + mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode); + } else { + mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + } #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); @@ -2440,7 +2444,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, MBEDTLS_SSL_IS_SERVER, options), 0); - mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); if (options->dtls) { TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 052a9d8f4a..652576b127 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3043,6 +3043,7 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, options.opaque_alg = psa_alg; options.opaque_alg2 = psa_alg2; options.opaque_usage = psa_usage; + options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; options.expected_handshake_result = expected_handshake_result; options.expected_ciphersuite = expected_ciphersuite; From 6e4d245b0060de4b46c1683f7400e22fc4b471fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 17:13:52 +0200 Subject: [PATCH 0454/1080] Move certificate and key parsing to auxiliary functions No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 116 +++++++++++++++------------ 1 file changed, 65 insertions(+), 51 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index c38d24aa8e..68ac122f8d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -653,6 +653,68 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) } } +static int load_endpoint_rsa(mbedtls_test_ssl_endpoint *ep) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, + mbedtls_test_srv_crt_rsa_sha256_der_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_srv_key_rsa_der, + mbedtls_test_srv_key_rsa_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } else { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_cli_crt_rsa_der, + mbedtls_test_cli_crt_rsa_der_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_cli_key_rsa_der, + mbedtls_test_cli_key_rsa_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } + +exit: + return ret; +} + +static int load_endpoint_ecc(mbedtls_test_ssl_endpoint *ep) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_srv_crt_ec_der, + mbedtls_test_srv_crt_ec_der_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_srv_key_ec_der, + mbedtls_test_srv_key_ec_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } else { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_cli_crt_ec_der, + mbedtls_test_cli_crt_ec_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_cli_key_ec_der, + mbedtls_test_cli_key_ec_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } + +exit: + return ret; +} + int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, int opaque_alg, int opaque_alg2, @@ -689,58 +751,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, /* Load own certificate and private key */ - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } else { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } + if (pk_alg == MBEDTLS_PK_RSA) { + TEST_EQUAL(load_endpoint_rsa(ep), 0); } else { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } else { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } + TEST_EQUAL(load_endpoint_ecc(ep), 0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) From a6e71f95fbe92da7c68c0eb99908a06d0e1aeeeb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Jun 2025 21:32:05 +0200 Subject: [PATCH 0455/1080] Don't change the configuration after mbedtls_ssl_setup In `mbedtls_test_ssl_endpoint_init()`, don't change the SSL configuration object (`mbedtls_ssl_config`) after setting up an SSL context by calling `mbedtls_ssl_setup()`. This works in practice, but is officially forbidden. No intended behavior change. The test code calls the library slightly differently, but this shouldn't make any difference in practice. If it does make a difference, it fixes a bug in the test code. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 55 +++++++++++++++------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 68ac122f8d..a122f356cb 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -835,24 +835,6 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_mock_socket_init(&(ep->socket)); - /* Non-blocking callbacks without timeout */ - if (options->dtls) { - mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_test_mock_tcp_send_nb, - mbedtls_test_mock_tcp_recv_nb, - NULL); - } - ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, options->dtls ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : @@ -939,14 +921,6 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_EQUAL(ret, 0); - - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); - TEST_EQUAL(ret, 0); - } - #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->dtls) { mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); @@ -993,6 +967,35 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); + + /* We've finished the configuration. Now set up a context. */ + + ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); + TEST_EQUAL(ret, 0); + + if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { + ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); + TEST_EQUAL(ret, 0); + } + + /* Non-blocking callbacks without timeout */ + if (options->dtls) { + mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), + mbedtls_test_mock_tcp_send_nb, + mbedtls_test_mock_tcp_recv_nb, + NULL); + } + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); mbedtls_ssl_set_user_data_p(&ep->ssl, ep); From 00eb072846f268758a76d3d8c361c923b14d57b4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Jun 2025 21:50:05 +0200 Subject: [PATCH 0456/1080] mbedtls_test_ssl_endpoint_init: store user_data_n in the endpoint object This will allow splitting the configuration and setup stages of `mbedtls_test_ssl_endpoint_init()`, while still checking that the value is carried over from the configuration to the session context. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index dc2ab78691..276b165c66 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -194,6 +194,7 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; + uintptr_t user_data_cookie; /* A unique value associated with this endpoint */ /* Objects only used by DTLS. * They should be guarded by MBEDTLS_SSL_PROTO_DTLS, but diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a122f356cb..f92b93b240 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -805,7 +805,6 @@ int mbedtls_test_ssl_endpoint_init( const mbedtls_test_handshake_test_options *options) { int ret = -1; - uintptr_t user_data_n; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif @@ -828,10 +827,10 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); (void) mbedtls_test_rnd_std_rand(NULL, - (void *) &user_data_n, - sizeof(user_data_n)); - mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); - mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); + (void *) &ep->user_data_cookie, + sizeof(ep->user_data_cookie)); + mbedtls_ssl_conf_set_user_data_n(&ep->conf, ep->user_data_cookie); + mbedtls_ssl_set_user_data_n(&ep->ssl, ep->user_data_cookie); mbedtls_test_mock_socket_init(&(ep->socket)); @@ -965,7 +964,8 @@ int mbedtls_test_ssl_endpoint_init( } #endif - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), + ep->user_data_cookie); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); /* We've finished the configuration. Now set up a context. */ @@ -996,7 +996,7 @@ int mbedtls_test_ssl_endpoint_init( NULL); } - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), ep->user_data_cookie); mbedtls_ssl_set_user_data_p(&ep->ssl, ep); return 0; From 6edb76cba4655bc007e51c7f58e69631d0e4eba3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Jun 2025 21:53:52 +0200 Subject: [PATCH 0457/1080] mbedtls_test_ssl_endpoint_init: split configuration and setup Split `mbedtls_test_ssl_endpoint_init()` into two separate stages: constructing the SSL configuration, and setting up an SSL session context with that configuration. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 61 +++++++++++++++++++++++----- tests/src/test_helpers/ssl_helpers.c | 31 +++++++++++++- 2 files changed, 80 insertions(+), 12 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 276b165c66..5bfdedaaf0 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -447,18 +447,59 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int opaque_alg, int opaque_alg2, int opaque_usage); -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. +/** Initialize the configuration in an SSL endpoint structure. + * + * \note You must call `mbedtls_test_ssl_endpoint_free()` after + * calling this function, even if it fails. This is necessary to + * free data that may have been stored in the endpoint structure. + * + * \param[out] ep The endpoint structure to configure. + * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT. + * \param[in] options The options to use for configuring the endpoint + * structure. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init_conf( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + const mbedtls_test_handshake_test_options *options); + +/** Initialize the session context in an endpoint structure. + * + * \note The endpoint structure must have been set up with + * mbedtls_test_ssl_endpoint_init_conf() with the same \p options. + * Between calling mbedtls_test_ssl_endpoint_init_conf() and + * mbedtls_test_ssl_endpoint_init_ssl(), you may configure `ep->ssl` + * further if you know what you're doing. + * + * \note You must call `mbedtls_test_ssl_endpoint_free()` after + * calling this function, even if it fails. This is necessary to + * free data that may have been stored in the endpoint structure. + * + * \param[out] ep The endpoint structure to set up. + * \param[in] options The options used for configuring the endpoint + * structure. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init_ssl( + mbedtls_test_ssl_endpoint *ep, + const mbedtls_test_handshake_test_options *options); + +/** Initialize the configuration and a context in an SSL endpoint structure. + * + * This function is equivalent to calling + * mbedtls_test_ssl_endpoint_init_conf() followed by + * mbedtls_test_ssl_endpoint_init_ssl(). * - * \note For DTLS, after calling this function on both endpoints, - * call mbedtls_test_ssl_dtls_join_endpoints(). + * \note You must call `mbedtls_test_ssl_endpoint_free()` after + * calling this function, even if it fails. This is necessary to + * free data that may have been stored in the endpoint structure. * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. + * \param[out] ep The endpoint structure to configure. + * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT. + * \param[in] options The options to use for configuring the endpoint + * structure. * * \retval 0 on success, otherwise error code. */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f92b93b240..e6c082eacb 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -800,7 +800,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, return ret; } -int mbedtls_test_ssl_endpoint_init( +int mbedtls_test_ssl_endpoint_init_conf( mbedtls_test_ssl_endpoint *ep, int endpoint_type, const mbedtls_test_handshake_test_options *options) { @@ -968,7 +968,22 @@ int mbedtls_test_ssl_endpoint_init( ep->user_data_cookie); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); - /* We've finished the configuration. Now set up a context. */ + return 0; + +exit: + if (ret == 0) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } + return ret; +} + +int mbedtls_test_ssl_endpoint_init_ssl( + mbedtls_test_ssl_endpoint *ep, + const mbedtls_test_handshake_test_options *options) +{ + int endpoint_type = mbedtls_ssl_conf_get_endpoint(&ep->conf); + int ret = -1; ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); TEST_EQUAL(ret, 0); @@ -1009,6 +1024,18 @@ int mbedtls_test_ssl_endpoint_init( return ret; } +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + const mbedtls_test_handshake_test_options *options) +{ + int ret = mbedtls_test_ssl_endpoint_init_conf(ep, endpoint_type, options); + if (ret != 0) { + return ret; + } + ret = mbedtls_test_ssl_endpoint_init_ssl(ep, options); + return ret; +} + void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep) { From 8e5ee478e115f6e72209028909537ec42f48a170 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 2 Jun 2025 12:31:15 +0200 Subject: [PATCH 0458/1080] Add temporary component for SHA3 testing With the removal of MBEDTLS_SHA3_C the test cases with disabled SHA3 dependency are never executed. Adding a temporary `all.sh` component which disabling the `PSA_WANT_ALG_SHA3_*` macros to cover these test cases. Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 5fd9ede124..b1e633271e 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -351,3 +351,15 @@ component_test_memory_buffer_allocator () { # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. tests/ssl-opt.sh -e '^DTLS proxy' } + +# Temporary component for SHA3 config option removal +# Must be removed when SHA3 removal is merged +component_test_full_no_sha3 () { + msg "build: full config without SHA3" + scripts/config.py full + scripts/config.py unset-all PSA_WANT_ALG_SHA3_* + make + + msg "test: full - PSA_WANT_ALG_SHA3_*" + make test +} From b9d728467af673327841693baa0e69e7cface3a9 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 2 Jun 2025 17:22:53 +0200 Subject: [PATCH 0459/1080] Fix calling `config.py` and update comment Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index b1e633271e..4f212be60d 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -353,11 +353,12 @@ component_test_memory_buffer_allocator () { } # Temporary component for SHA3 config option removal -# Must be removed when SHA3 removal is merged +# Will be removed according to this issue: +# https://github.com/Mbed-TLS/mbedtls/issues/10203 component_test_full_no_sha3 () { msg "build: full config without SHA3" scripts/config.py full - scripts/config.py unset-all PSA_WANT_ALG_SHA3_* + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' make msg "test: full - PSA_WANT_ALG_SHA3_*" From 86b9d3f299114c7159e618fad0c3419c81010ec7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Apr 2025 14:00:40 +0200 Subject: [PATCH 0460/1080] documentation of mbedtls_ssl_async_sign_t with RSA: update to PSA Stop referring to low-level APIs that are becoming private. Also drop the requirement on supporting what is now PSA_ALG_RSA_PKCS1V15_SIGN_RAW. That was needed for TLS 1.0/1.1 which signs MD5||SHA1, but is no longer needed since Mbed TLS 3.0 dropped support for these protocol versions. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c77cec88e3..59bd2f73b2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -987,20 +987,10 @@ typedef int mbedtls_ssl_cache_set_t(void *data, * to store an operation context for later retrieval * by the resume or cancel callback. * - * \note For RSA signatures, this function must produce output - * that is consistent with PKCS#1 v1.5 in the same way as - * mbedtls_rsa_pkcs1_sign(). Before the private key operation, - * apply the padding steps described in RFC 8017, section 9.2 - * "EMSA-PKCS1-v1_5" as follows. - * - If \p md_alg is #MBEDTLS_MD_NONE, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the DigestInfo to be - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 3, with `T = hash` and `tLen = hash_len`. - * - If `md_alg != MBEDTLS_MD_NONE`, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the hash to be encoded and - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 2, with `digestAlgorithm` obtained by calling - * mbedtls_oid_get_oid_by_md() on \p md_alg. + * \note For an RSA key, this function must produce a PKCS#1v1.5 + * signature in the standard format (like + * #PSA_ALG_RSA_PKCS1V15_SIGN). \c md_alg is guaranteed to be + * a hash that is supported by the library. * * \note For ECDSA signatures, the output format is the DER encoding * `Ecdsa-Sig-Value` defined in From b825dcfe2db9dcfd4da37c422c583b3cae506ea3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 19:41:09 +0200 Subject: [PATCH 0461/1080] Update file names in comments Signed-off-by: Gilles Peskine --- library/x509_oid.c | 2 +- library/x509_oid.h | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index d05a36d5bc..1637c1cff7 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -1,5 +1,5 @@ /** - * \file oid.c + * \file x509_oid.c * * \brief Object Identifier (OID) database * diff --git a/library/x509_oid.h b/library/x509_oid.h index d4bbd09ff3..5f51367053 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -1,5 +1,5 @@ /** - * \file oid.h + * \file x509_oid.h * * \brief Object Identifier (OID) database */ @@ -7,8 +7,8 @@ * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#ifndef MBEDTLS_OID_H -#define MBEDTLS_OID_H +#ifndef MBEDTLS_X509_OID_H +#define MBEDTLS_X509_OID_H #include "mbedtls/private_access.h" #include "tf-psa-crypto/build_info.h" @@ -692,4 +692,4 @@ int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_ } #endif -#endif /* oid.h */ +#endif /* x509_oid.h */ From 86a47f85fa9d33bc7e7fbf12828f66603992800c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:20:12 +0200 Subject: [PATCH 0462/1080] Switch to "x509_oid.h" in code that uses OID functions Keep "mbedtls/oid.h" in code that only uses OID macros. ``` git grep -l mbedtls_oid_ '**/*.[hc]' tests/suites/*.function | xargs perl -i -pe 's!["<]mbedtls/oid\.h[">]!"x509_oid.h"!g' ``` Signed-off-by: Gilles Peskine --- library/pkcs7.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_oid.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- tests/suites/test_suite_x509_oid.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index ff0567c6f6..3c5040bfd6 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/error.h" #if defined(MBEDTLS_FS_IO) diff --git a/library/x509.c b/library/x509.c index 9fc6389d27..e0d54b6dc4 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include #include diff --git a/library/x509_create.c b/library/x509_create.c index 48ac080cbe..7ca5517528 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index faea404dba..959ae21931 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_csr.c b/library/x509_csr.c index 2e435645b1..bba9eaae23 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_oid.c b/library/x509_oid.c index 1637c1cff7..6ba04cf80d 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -11,7 +11,7 @@ #if defined(MBEDTLS_OID_C) -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/rsa.h" #include "mbedtls/error_common.h" #include "mbedtls/pk.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 7d207481c2..4bacdad531 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/md.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e65ddb07f4..74991f383d 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform_util.h" #include "psa/crypto.h" diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index e96425e1aa..efcfee28f6 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "string.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7bcac865ec..b6fb2020ab 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -6,7 +6,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" #include "mbedtls/pk.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f3a161ca52..e30eed949d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -4,7 +4,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/rsa.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" From 86e45ba0ba58fb9c88c4481253da53b6f918e2c7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:33:39 +0200 Subject: [PATCH 0463/1080] Rename OID functions and types to mbedtls_x509_oid_xxx in x509_oid Avoid clashes with the functions and the type that are still defined in TF-PSA-Crypto. They are now internal names, so it doesn't really matter, but having the same name as the ones declared in TF-PSA-Crypto's `oid.h` would cause problems during the transition. Remove the unused name for `struct mbedtls_oid_descriptor_t`, and rename the rest: ``` perl -i -pe 's/mbedtls_oid_/mbedtls_x509_oid_/g' library/x509_oid.[hc] ./framework/scripts/code_style.py --fix library/x509_oid.[hc] ``` Signed-off-by: Gilles Peskine --- library/x509_oid.c | 87 +++++++++++++++++++++++----------------------- library/x509_oid.h | 52 +++++++++++++-------------- 2 files changed, 70 insertions(+), 69 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index 6ba04cf80d..7bbe4d58d8 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -27,7 +27,7 @@ #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) /* - * Macro to generate mbedtls_oid_descriptor_t + * Macro to generate mbedtls_x509_oid_descriptor_t */ #if !defined(MBEDTLS_X509_REMOVE_INFO) #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } @@ -46,8 +46,8 @@ const mbedtls_asn1_buf *oid) \ { \ const TYPE_T *p = (LIST); \ - const mbedtls_oid_descriptor_t *cur = \ - (const mbedtls_oid_descriptor_t *) p; \ + const mbedtls_x509_oid_descriptor_t *cur = \ + (const mbedtls_x509_oid_descriptor_t *) p; \ if (p == NULL || oid == NULL) return NULL; \ while (cur->asn1 != NULL) { \ if (cur->asn1_len == oid->len && \ @@ -55,7 +55,7 @@ return p; \ } \ p++; \ - cur = (const mbedtls_oid_descriptor_t *) p; \ + cur = (const mbedtls_x509_oid_descriptor_t *) p; \ } \ return NULL; \ } @@ -63,7 +63,7 @@ #if !defined(MBEDTLS_X509_REMOVE_INFO) /* * Macro to generate a function for retrieving a single attribute from the - * descriptor of an mbedtls_oid_descriptor_t wrapper. + * descriptor of an mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ @@ -77,7 +77,7 @@ /* * Macro to generate a function for retrieving a single attribute from an - * mbedtls_oid_descriptor_t wrapper. + * mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ @@ -90,7 +90,7 @@ /* * Macro to generate a function for retrieving two attributes from an - * mbedtls_oid_descriptor_t wrapper. + * mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ ATTR2_TYPE, ATTR2) \ @@ -106,7 +106,7 @@ /* * Macro to generate a function for retrieving the OID based on a single - * attribute from a mbedtls_oid_descriptor_t wrapper. + * attribute from a mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ @@ -125,7 +125,7 @@ /* * Macro to generate a function for retrieving the OID based on two - * attributes from a mbedtls_oid_descriptor_t wrapper. + * attributes from a mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ ATTR2_TYPE, ATTR2) \ @@ -148,7 +148,7 @@ * For X520 attribute types */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; const char *short_name; } oid_x520_attr_t; @@ -256,7 +256,7 @@ static const oid_x520_attr_t oid_x520_attr_type[] = }; FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) -FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, @@ -266,7 +266,7 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, * For X509 extensions */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; int ext_type; } oid_x509_ext_t; @@ -325,10 +325,10 @@ static const oid_x509_ext_t oid_x509_ext[] = }; FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) -FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) #if !defined(MBEDTLS_X509_REMOVE_INFO) -static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = +static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = { OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, "id-kp-serverAuth", @@ -346,22 +346,23 @@ static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = NULL_OID_DESCRIPTOR, }; -FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) -FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, - mbedtls_oid_descriptor_t, +FN_OID_TYPED_FROM_ASN1(mbedtls_x509_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_extended_key_usage, + mbedtls_x509_oid_descriptor_t, ext_key_usage, const char *, description) -static const mbedtls_oid_descriptor_t oid_certificate_policies[] = +static const mbedtls_x509_oid_descriptor_t oid_certificate_policies[] = { OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), NULL_OID_DESCRIPTOR, }; -FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) -FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, - mbedtls_oid_descriptor_t, +FN_OID_TYPED_FROM_ASN1(mbedtls_x509_oid_descriptor_t, certificate_policies, + oid_certificate_policies) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, + mbedtls_x509_oid_descriptor_t, certificate_policies, const char *, description) @@ -371,7 +372,7 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, * For SignatureAlgorithmIdentifier */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; mbedtls_pk_type_t pk_alg; } oid_sig_alg_t; @@ -473,21 +474,21 @@ static const oid_sig_alg_t oid_sig_alg[] = FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) #if !defined(MBEDTLS_X509_REMOVE_INFO) -FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, +FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_x509_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) #endif -FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, +FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, +FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, @@ -499,7 +500,7 @@ FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, * For PublicKeyInfo (PKCS1, RFC 5480) */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_pk_type_t pk_alg; } oid_pk_alg_t; @@ -524,8 +525,8 @@ static const oid_pk_alg_t oid_pk_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) -FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, @@ -536,7 +537,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, * For elliptic curves that use namedCurve inside ECParams (RFC 5480) */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_ecp_group_id grp_id; } oid_ecp_grp_t; @@ -609,8 +610,8 @@ static const oid_ecp_grp_t oid_ecp_grp[] = }; FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) -FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, @@ -621,7 +622,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, * encoded in the AlgorithmIdentifier (RFC 8410) */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_ecp_group_id grp_id; } oid_ecp_grp_algid_t; @@ -646,12 +647,12 @@ static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = }; FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) -FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp_algid, oid_ecp_grp_algid_t, grp_id_algid, mbedtls_ecp_group_id, grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp_algid, oid_ecp_grp_algid_t, oid_ecp_grp_algid, mbedtls_ecp_group_id, @@ -663,7 +664,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, * For PKCS#5 PBES2 encryption algorithm */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_cipher_type_t cipher_alg; } oid_cipher_alg_t; @@ -696,7 +697,7 @@ static const oid_cipher_alg_t oid_cipher_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) -FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, @@ -707,7 +708,7 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, * For digestAlgorithm */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; } oid_md_alg_t; @@ -786,8 +787,8 @@ static const oid_md_alg_t oid_md_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) -FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, @@ -797,7 +798,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, * For HMAC digestAlgorithm */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_hmac; } oid_md_hmac_t; @@ -870,14 +871,14 @@ static const oid_md_hmac_t oid_md_hmac[] = }; FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) -FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) #if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) /* * For PKCS#12 PBEs */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; mbedtls_cipher_type_t cipher_alg; } oid_pkcs12_pbe_alg_t; @@ -903,7 +904,7 @@ static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) -FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, +FN_OID_GET_ATTR2(mbedtls_x509_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, diff --git a/library/x509_oid.h b/library/x509_oid.h index 5f51367053..8798d0faaf 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -473,14 +473,14 @@ extern "C" { /** * \brief Base OID descriptor structure */ -typedef struct mbedtls_oid_descriptor_t { +typedef struct { const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */ size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */ #if !defined(MBEDTLS_X509_REMOVE_INFO) const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */ const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */ #endif -} mbedtls_oid_descriptor_t; +} mbedtls_x509_oid_descriptor_t; /** * \brief Translate an X.509 extension OID into local values @@ -490,7 +490,7 @@ typedef struct mbedtls_oid_descriptor_t { * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); +int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); /** * \brief Translate an X.509 attribute type OID into the short name @@ -501,7 +501,7 @@ int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); +int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); /** * \brief Translate PublicKeyAlgorithm OID into pk_type @@ -511,7 +511,7 @@ int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **sh * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); +int mbedtls_x509_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); /** * \brief Translate pk_type into PublicKeyAlgorithm OID @@ -522,8 +522,8 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, + const char **oid, size_t *olen); #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /** @@ -534,7 +534,7 @@ int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); +int mbedtls_x509_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); /** * \brief Translate EC group identifier into NamedCurve OID @@ -545,8 +545,8 @@ int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *gr * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); /** * \brief Translate AlgorithmIdentifier OID into an EC group identifier, @@ -557,7 +557,7 @@ int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); +int mbedtls_x509_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); /** * \brief Translate EC group identifier into AlgorithmIdentifier OID, @@ -569,8 +569,8 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /** @@ -582,8 +582,8 @@ int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); +int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); /** * \brief Translate SignatureAlgorithm OID into description @@ -593,7 +593,7 @@ int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); +int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type and pk_type into SignatureAlgorithm OID @@ -605,8 +605,8 @@ int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc) * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const char **oid, size_t *olen); /** * \brief Translate hmac algorithm OID into md_type @@ -616,7 +616,7 @@ int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t m * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); +int mbedtls_x509_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); /** * \brief Translate hash algorithm OID into md_type @@ -626,7 +626,7 @@ int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_h * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); +int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); #if !defined(MBEDTLS_X509_REMOVE_INFO) /** @@ -637,7 +637,7 @@ int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_al * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); +int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); #endif /** @@ -648,7 +648,7 @@ int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char * * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); +int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type into hash algorithm OID @@ -659,7 +659,7 @@ int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); #if defined(MBEDTLS_CIPHER_C) /** @@ -670,7 +670,7 @@ int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); +int mbedtls_x509_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); #if defined(MBEDTLS_PKCS12_C) /** @@ -683,8 +683,8 @@ int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, - mbedtls_cipher_type_t *cipher_alg); +int mbedtls_x509_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, + mbedtls_cipher_type_t *cipher_alg); #endif /* MBEDTLS_PKCS12_C */ #endif /* MBEDTLS_CIPHER_C */ From d2fe51cfc49120b7b6a5370365c972ab6c5c6bf8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:36:20 +0200 Subject: [PATCH 0464/1080] Add the x509_oid module to the build Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/x509_oid.c | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index a32b4bc264..f896850f23 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -6,6 +6,7 @@ set(src_x509 x509_crl.c x509_crt.c x509_csr.c + x509_oid.c x509write.c x509write_crt.c x509write_csr.c diff --git a/library/Makefile b/library/Makefile index 1c0e4d942a..fb61911896 100644 --- a/library/Makefile +++ b/library/Makefile @@ -198,6 +198,7 @@ OBJS_X509= \ x509_crl.o \ x509_crt.o \ x509_csr.o \ + x509_oid.o \ x509write.o \ x509write_crt.o \ x509write_csr.o \ diff --git a/library/x509_oid.c b/library/x509_oid.c index 7bbe4d58d8..6fe6e707f5 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -7,7 +7,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_OID_C) From 532e3ee104e657e4db8d49f524125d8ac9228452 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:37:15 +0200 Subject: [PATCH 0465/1080] Switch library and tests to the x509_oid module ``` git grep -l -P 'mbedtls_oid_get_(?!numeric_string\b)' | xargs perl -i -pe 's/\bmbedtls_oid_get_(?!numeric_string\b)/mbedtls_x509_oid_get_/' ./framework/scripts/code_style.py --since HEAD~1 --fix ``` Signed-off-by: Gilles Peskine --- library/pkcs7.c | 4 +-- library/x509.c | 10 +++--- library/x509_crt.c | 6 ++-- library/x509_csr.c | 2 +- library/x509write_crt.c | 4 +-- library/x509write_csr.c | 4 +-- tests/suites/test_suite_x509_oid.data | 40 +++++++++++----------- tests/suites/test_suite_x509_oid.function | 12 +++---- tests/suites/test_suite_x509parse.function | 6 ++-- 9 files changed, 44 insertions(+), 44 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 3c5040bfd6..cfe570a788 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -480,7 +480,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, return ret; } - ret = mbedtls_oid_get_md_alg(&signed_data->digest_alg_identifiers, &md_alg); + ret = mbedtls_x509_oid_get_md_alg(&signed_data->digest_alg_identifiers, &md_alg); if (ret != 0) { return MBEDTLS_ERR_PKCS7_INVALID_ALG; } @@ -659,7 +659,7 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, return MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID; } - ret = mbedtls_oid_get_md_alg(&pkcs7->signed_data.digest_alg_identifiers, &md_alg); + ret = mbedtls_x509_oid_get_md_alg(&pkcs7->signed_data.digest_alg_identifiers, &md_alg); if (ret != 0) { return ret; } diff --git a/library/x509.c b/library/x509.c index e0d54b6dc4..a3d7a18b1c 100644 --- a/library/x509.c +++ b/library/x509.c @@ -208,7 +208,7 @@ static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_ p += md_oid.len; /* Get md_alg from md_oid */ - if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_md_alg(&md_oid, md_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } @@ -282,7 +282,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, return ret; } - if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_md_alg(&alg_id, md_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } @@ -719,7 +719,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509 { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } @@ -904,7 +904,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) && (name->val.tag != MBEDTLS_ASN1_IA5_STRING); - if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { + if ((ret = mbedtls_x509_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { ret = mbedtls_snprintf(p, n, "%s=", short_name); } else { if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) { @@ -1044,7 +1044,7 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si size_t n = size; const char *desc = NULL; - ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc); + ret = mbedtls_x509_oid_get_sig_alg_desc(sig_oid, &desc); if (ret != 0) { ret = mbedtls_snprintf(p, n, "???"); } else { diff --git a/library/x509_crt.c b/library/x509_crt.c index 959ae21931..5528763ff8 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -926,7 +926,7 @@ static int x509_get_crt_ext(unsigned char **p, /* * Detect supported extensions */ - ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); + ret = mbedtls_x509_oid_get_x509_ext_type(&extn_oid, &ext_type); if (ret != 0) { /* Give the callback (if any) a chance to handle the extension */ @@ -1692,7 +1692,7 @@ static int x509_info_ext_key_usage(char **buf, size_t *size, const char *sep = ""; while (cur != NULL) { - if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { + if (mbedtls_x509_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { desc = "???"; } @@ -1721,7 +1721,7 @@ static int x509_info_cert_policies(char **buf, size_t *size, const char *sep = ""; while (cur != NULL) { - if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { + if (mbedtls_x509_oid_get_certificate_policies(&cur->buf, &desc) != 0) { desc = "???"; } diff --git a/library/x509_csr.c b/library/x509_csr.c index bba9eaae23..0a77bef39b 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -114,7 +114,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, /* * Detect supported extensions and skip unsupported extensions */ - ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); + ret = mbedtls_x509_oid_get_x509_ext_type(&extn_oid, &ext_type); if (ret != 0) { /* Give the callback (if any) a chance to handle the extension */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4bacdad531..6cc281a195 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -413,8 +413,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 74991f383d..f3dc9d9dac 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -228,8 +228,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { return ret; } diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data index 42b0505801..592c964962 100644 --- a/tests/suites/test_suite_x509_oid.data +++ b/tests/suites/test_suite_x509_oid.data @@ -105,42 +105,42 @@ oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 OID hash id - invalid oid oid_get_md_alg_id:"2B864886f70d0204":-1 -mbedtls_oid_get_md_hmac - RIPEMD160 +mbedtls_x509_oid_get_md_hmac - RIPEMD160 depends_on:PSA_WANT_ALG_RIPEMD160 -mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 +mbedtls_x509_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 -mbedtls_oid_get_md_hmac - SHA1 +mbedtls_x509_oid_get_md_hmac - SHA1 depends_on:PSA_WANT_ALG_SHA_1 -mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 -mbedtls_oid_get_md_hmac - SHA224 +mbedtls_x509_oid_get_md_hmac - SHA224 depends_on:PSA_WANT_ALG_SHA_224 -mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 -mbedtls_oid_get_md_hmac - SHA256 +mbedtls_x509_oid_get_md_hmac - SHA256 depends_on:PSA_WANT_ALG_SHA_256 -mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 -mbedtls_oid_get_md_hmac - SHA384 +mbedtls_x509_oid_get_md_hmac - SHA384 depends_on:PSA_WANT_ALG_SHA_384 -mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 -mbedtls_oid_get_md_hmac - SHA512 +mbedtls_x509_oid_get_md_hmac - SHA512 depends_on:PSA_WANT_ALG_SHA_512 -mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 -mbedtls_oid_get_md_hmac - SHA3_224 +mbedtls_x509_oid_get_md_hmac - SHA3_224 depends_on:PSA_WANT_ALG_SHA3_224 -mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 +mbedtls_x509_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 -mbedtls_oid_get_md_hmac - SHA3_256 +mbedtls_x509_oid_get_md_hmac - SHA3_256 depends_on:PSA_WANT_ALG_SHA3_256 -mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 +mbedtls_x509_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 -mbedtls_oid_get_md_hmac - SHA3_384 +mbedtls_x509_oid_get_md_hmac - SHA3_384 depends_on:PSA_WANT_ALG_SHA3_384 -mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 +mbedtls_x509_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 -mbedtls_oid_get_md_hmac - SHA3_512 +mbedtls_x509_oid_get_md_hmac - SHA3_512 depends_on:PSA_WANT_ALG_SHA3_512 -mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 +mbedtls_x509_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index efcfee28f6..46d7d99d68 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -21,7 +21,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str) asn1_buf.p = oid->x; asn1_buf.len = oid->len; - ret = mbedtls_oid_get_certificate_policies(&asn1_buf, &desc); + ret = mbedtls_x509_oid_get_certificate_policies(&asn1_buf, &desc); if (strlen(result_str) == 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); } else { @@ -42,7 +42,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str) asn1_buf.p = oid->x; asn1_buf.len = oid->len; - ret = mbedtls_oid_get_extended_key_usage(&asn1_buf, &desc); + ret = mbedtls_x509_oid_get_extended_key_usage(&asn1_buf, &desc); if (strlen(result_str) == 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); } else { @@ -63,7 +63,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type) ext_oid.p = oid->x; ext_oid.len = oid->len; - ret = mbedtls_oid_get_x509_ext_type(&ext_oid, &ext_type); + ret = mbedtls_x509_oid_get_x509_ext_type(&ext_oid, &ext_type); if (exp_type == 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); } else { @@ -84,7 +84,7 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) md_oid.p = oid->x; md_oid.len = oid->len; - ret = mbedtls_oid_get_md_alg(&md_oid, &md_id); + ret = mbedtls_x509_oid_get_md_alg(&md_oid, &md_id); if (exp_md_id < 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); @@ -97,7 +97,7 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id) +void mbedtls_x509_oid_get_md_hmac(data_t *oid, int exp_md_id) { mbedtls_asn1_buf md_oid = { 0, 0, NULL }; int ret; @@ -107,7 +107,7 @@ void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id) md_oid.p = oid->x; md_oid.len = oid->len; - ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id); + ret = mbedtls_x509_oid_get_md_hmac(&md_oid, &md_id); if (exp_md_id < 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b6fb2020ab..19b37b3102 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1010,8 +1010,8 @@ void mbedtls_x509_dn_get_next(char *name_str, parsed_cur = &parsed; len = 0; for (i = 0; parsed_cur != NULL; i++) { - TEST_EQUAL(mbedtls_oid_get_attr_short_name(&parsed_cur->oid, - &short_name), 0); + TEST_EQUAL(mbedtls_x509_oid_get_attr_short_name(&parsed_cur->oid, + &short_name), 0); len += mbedtls_snprintf((char *) out + len, out_size - len, "%s ", short_name); parsed_cur = mbedtls_x509_dn_get_next(parsed_cur); } @@ -1516,7 +1516,7 @@ void x509_oid_desc(data_t *buf, char *ref_desc) oid.p = buf->x; oid.len = buf->len; - ret = mbedtls_oid_get_extended_key_usage(&oid, &desc); + ret = mbedtls_x509_oid_get_extended_key_usage(&oid, &desc); if (strcmp(ref_desc, "notfound") == 0) { TEST_ASSERT(ret != 0); From b7ef4df0014d35b778b6fd42e979914ac040b3f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:45:03 +0200 Subject: [PATCH 0466/1080] Remove OID tables that are not used in X.509 Signed-off-by: Gilles Peskine --- library/x509_oid.c | 330 ---------------------- library/x509_oid.h | 124 -------- tests/suites/test_suite_x509_oid.data | 40 --- tests/suites/test_suite_x509_oid.function | 23 -- 4 files changed, 517 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index 6fe6e707f5..f5eb8fe0de 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -12,9 +12,6 @@ #if defined(MBEDTLS_OID_C) #include "x509_oid.h" -#include "mbedtls/rsa.h" -#include "mbedtls/error_common.h" -#include "mbedtls/pk.h" #include #include @@ -496,214 +493,6 @@ FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, mbedtls_md_type_t, md_alg) -/* - * For PublicKeyInfo (PKCS1, RFC 5480) - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_pk_type_t pk_alg; -} oid_pk_alg_t; - -static const oid_pk_alg_t oid_pk_alg[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"), - MBEDTLS_PK_RSA, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"), - MBEDTLS_PK_ECKEY, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"), - MBEDTLS_PK_ECKEY_DH, - }, - { - NULL_OID_DESCRIPTOR, - MBEDTLS_PK_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_pk_alg, - oid_pk_alg_t, - oid_pk_alg, - mbedtls_pk_type_t, - pk_alg) - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -/* - * For elliptic curves that use namedCurve inside ECParams (RFC 5480) - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_ecp_group_id grp_id; -} oid_ecp_grp_t; - -static const oid_ecp_grp_t oid_ecp_grp[] = -{ -#if defined(PSA_WANT_ECC_SECP_R1_192) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"), - MBEDTLS_ECP_DP_SECP192R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_192 */ -#if defined(PSA_WANT_ECC_SECP_R1_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"), - MBEDTLS_ECP_DP_SECP224R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_224 */ -#if defined(PSA_WANT_ECC_SECP_R1_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"), - MBEDTLS_ECP_DP_SECP256R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_256 */ -#if defined(PSA_WANT_ECC_SECP_R1_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), - MBEDTLS_ECP_DP_SECP384R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_384 */ -#if defined(PSA_WANT_ECC_SECP_R1_521) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), - MBEDTLS_ECP_DP_SECP521R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_521 */ -#if defined(PSA_WANT_ECC_SECP_K1_192) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), - MBEDTLS_ECP_DP_SECP192K1, - }, -#endif /* PSA_WANT_ECC_SECP_K1_192 */ -#if defined(PSA_WANT_ECC_SECP_K1_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), - MBEDTLS_ECP_DP_SECP256K1, - }, -#endif /* PSA_WANT_ECC_SECP_K1_256 */ -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"), - MBEDTLS_ECP_DP_BP256R1, - }, -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"), - MBEDTLS_ECP_DP_BP384R1, - }, -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"), - MBEDTLS_ECP_DP_BP512R1, - }, -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ - { - NULL_OID_DESCRIPTOR, - MBEDTLS_ECP_DP_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp, - oid_ecp_grp_t, - oid_ecp_grp, - mbedtls_ecp_group_id, - grp_id) - -/* - * For Elliptic Curve algorithms that are directly - * encoded in the AlgorithmIdentifier (RFC 8410) - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_ecp_group_id grp_id; -} oid_ecp_grp_algid_t; - -static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = -{ -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - { - OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"), - MBEDTLS_ECP_DP_CURVE25519, - }, -#endif /* PSA_WANT_ECC_MONTGOMERY_255 */ -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - { - OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"), - MBEDTLS_ECP_DP_CURVE448, - }, -#endif /* PSA_WANT_ECC_MONTGOMERY_448 */ - { - NULL_OID_DESCRIPTOR, - MBEDTLS_ECP_DP_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp_algid, - oid_ecp_grp_algid_t, - grp_id_algid, - mbedtls_ecp_group_id, - grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp_algid, - oid_ecp_grp_algid_t, - oid_ecp_grp_algid, - mbedtls_ecp_group_id, - grp_id) -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(MBEDTLS_CIPHER_C) -/* - * For PKCS#5 PBES2 encryption algorithm - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_cipher_type_t cipher_alg; -} oid_cipher_alg_t; - -static const oid_cipher_alg_t oid_cipher_alg[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"), - MBEDTLS_CIPHER_DES_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), - MBEDTLS_CIPHER_DES_EDE3_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), - MBEDTLS_CIPHER_AES_128_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), - MBEDTLS_CIPHER_AES_192_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), - MBEDTLS_CIPHER_AES_256_CBC, - }, - { - NULL_OID_DESCRIPTOR, - MBEDTLS_CIPHER_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_cipher_alg, - oid_cipher_alg_t, - cipher_alg, - mbedtls_cipher_type_t, - cipher_alg) -#endif /* MBEDTLS_CIPHER_C */ - /* * For digestAlgorithm */ @@ -794,123 +583,4 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_md, mbedtls_md_type_t, md_alg) -/* - * For HMAC digestAlgorithm - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_md_type_t md_hmac; -} oid_md_hmac_t; - -static const oid_md_hmac_t oid_md_hmac[] = -{ -#if defined(PSA_WANT_ALG_SHA_1) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"), - MBEDTLS_MD_SHA1, - }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), - MBEDTLS_MD_SHA224, - }, -#endif /* PSA_WANT_ALG_SHA_224 */ -#if defined(PSA_WANT_ALG_SHA_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), - MBEDTLS_MD_SHA256, - }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), - MBEDTLS_MD_SHA384, - }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), - MBEDTLS_MD_SHA512, - }, -#endif /* PSA_WANT_ALG_SHA_512 */ -#if defined(PSA_WANT_ALG_SHA3_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"), - MBEDTLS_MD_SHA3_224, - }, -#endif /* PSA_WANT_ALG_SHA3_224 */ -#if defined(PSA_WANT_ALG_SHA3_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"), - MBEDTLS_MD_SHA3_256, - }, -#endif /* PSA_WANT_ALG_SHA3_256 */ -#if defined(PSA_WANT_ALG_SHA3_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"), - MBEDTLS_MD_SHA3_384, - }, -#endif /* PSA_WANT_ALG_SHA3_384 */ -#if defined(PSA_WANT_ALG_SHA3_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), - MBEDTLS_MD_SHA3_512, - }, -#endif /* PSA_WANT_ALG_SHA3_512 */ -#if defined(PSA_WANT_ALG_RIPEMD160) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), - MBEDTLS_MD_RIPEMD160, - }, -#endif /* PSA_WANT_ALG_RIPEMD160 */ - { - NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) - -#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) -/* - * For PKCS#12 PBEs - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_md_type_t md_alg; - mbedtls_cipher_type_t cipher_alg; -} oid_pkcs12_pbe_alg_t; - -static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, - "pbeWithSHAAnd3-KeyTripleDES-CBC", - "PBE with SHA1 and 3-Key 3DES"), - MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, - "pbeWithSHAAnd2-KeyTripleDES-CBC", - "PBE with SHA1 and 2-Key 3DES"), - MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, - }, - { - NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) -FN_OID_GET_ATTR2(mbedtls_x509_oid_get_pkcs12_pbe_alg, - oid_pkcs12_pbe_alg_t, - pkcs12_pbe_alg, - mbedtls_md_type_t, - md_alg, - mbedtls_cipher_type_t, - cipher_alg) -#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */ - #endif /* MBEDTLS_OID_C */ diff --git a/library/x509_oid.h b/library/x509_oid.h index 8798d0faaf..2416d0b101 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -11,17 +11,11 @@ #define MBEDTLS_X509_OID_H #include "mbedtls/private_access.h" -#include "tf-psa-crypto/build_info.h" - #include "mbedtls/asn1.h" #include "mbedtls/pk.h" #include -#if defined(MBEDTLS_CIPHER_C) -#include "mbedtls/cipher.h" -#endif - #include "mbedtls/md.h" /** OID is not found. */ @@ -503,76 +497,6 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ */ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); -/** - * \brief Translate PublicKeyAlgorithm OID into pk_type - * - * \param oid OID to use - * \param pk_alg place to store public key algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); - -/** - * \brief Translate pk_type into PublicKeyAlgorithm OID - * - * \param pk_alg Public key type to look for - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, - const char **oid, size_t *olen); - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -/** - * \brief Translate NamedCurve OID into an EC group identifier - * - * \param oid OID to use - * \param grp_id place to store group id - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); - -/** - * \brief Translate EC group identifier into NamedCurve OID - * - * \param grp_id EC group identifier - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); - -/** - * \brief Translate AlgorithmIdentifier OID into an EC group identifier, - * for curves that are directly encoded at this level - * - * \param oid OID to use - * \param grp_id place to store group id - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); - -/** - * \brief Translate EC group identifier into AlgorithmIdentifier OID, - * for curves that are directly encoded at this level - * - * \param grp_id EC group identifier - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type * @@ -608,16 +532,6 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); -/** - * \brief Translate hmac algorithm OID into md_type - * - * \param oid OID to use - * \param md_hmac place to store message hmac algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); - /** * \brief Translate hash algorithm OID into md_type * @@ -650,44 +564,6 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c */ int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); -/** - * \brief Translate md_type into hash algorithm OID - * - * \param md_alg message digest algorithm - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); - -#if defined(MBEDTLS_CIPHER_C) -/** - * \brief Translate encryption algorithm OID into cipher_type - * - * \param oid OID to use - * \param cipher_alg place to store cipher algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); - -#if defined(MBEDTLS_PKCS12_C) -/** - * \brief Translate PKCS#12 PBE algorithm OID into md_type and - * cipher_type - * - * \param oid OID to use - * \param md_alg place to store message digest algorithm - * \param cipher_alg place to store cipher algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, - mbedtls_cipher_type_t *cipher_alg); -#endif /* MBEDTLS_PKCS12_C */ -#endif /* MBEDTLS_CIPHER_C */ - #ifdef __cplusplus } #endif diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data index 592c964962..3f58b18435 100644 --- a/tests/suites/test_suite_x509_oid.data +++ b/tests/suites/test_suite_x509_oid.data @@ -104,43 +104,3 @@ oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 OID hash id - invalid oid oid_get_md_alg_id:"2B864886f70d0204":-1 - -mbedtls_x509_oid_get_md_hmac - RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160 -mbedtls_x509_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 - -mbedtls_x509_oid_get_md_hmac - SHA1 -depends_on:PSA_WANT_ALG_SHA_1 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 - -mbedtls_x509_oid_get_md_hmac - SHA224 -depends_on:PSA_WANT_ALG_SHA_224 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 - -mbedtls_x509_oid_get_md_hmac - SHA256 -depends_on:PSA_WANT_ALG_SHA_256 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 - -mbedtls_x509_oid_get_md_hmac - SHA384 -depends_on:PSA_WANT_ALG_SHA_384 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 - -mbedtls_x509_oid_get_md_hmac - SHA512 -depends_on:PSA_WANT_ALG_SHA_512 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 - -mbedtls_x509_oid_get_md_hmac - SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224 -mbedtls_x509_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 - -mbedtls_x509_oid_get_md_hmac - SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256 -mbedtls_x509_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 - -mbedtls_x509_oid_get_md_hmac - SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384 -mbedtls_x509_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 - -mbedtls_x509_oid_get_md_hmac - SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512 -mbedtls_x509_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index 46d7d99d68..8273a71519 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -95,26 +95,3 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) } } /* END_CASE */ - -/* BEGIN_CASE */ -void mbedtls_x509_oid_get_md_hmac(data_t *oid, int exp_md_id) -{ - mbedtls_asn1_buf md_oid = { 0, 0, NULL }; - int ret; - mbedtls_md_type_t md_id = 0; - - md_oid.tag = MBEDTLS_ASN1_OID; - md_oid.p = oid->x; - md_oid.len = oid->len; - - ret = mbedtls_x509_oid_get_md_hmac(&md_oid, &md_id); - - if (exp_md_id < 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); - TEST_ASSERT(md_id == 0); - } else { - TEST_ASSERT(ret == 0); - TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); - } -} -/* END_CASE */ From 32a1112e885f7d41fb80bb48304a032e116feb09 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Apr 2025 21:51:46 +0200 Subject: [PATCH 0467/1080] Remove MBEDTLS_OID_X509_EXT_xxx constants They're just aliases for the corresponding MBEDTLS_X509_EXT_xxx. We don't need separate names. Signed-off-by: Gilles Peskine --- include/mbedtls/x509.h | 37 ++++++++++++--------------- library/x509_crt.c | 4 +-- library/x509_oid.c | 16 ++++++------ library/x509_oid.h | 23 +---------------- tests/suites/test_suite_x509_oid.data | 12 ++++----- 5 files changed, 34 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 18df19ce6c..9d988a1a97 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -167,26 +167,23 @@ * * Comments refer to the status for using certificates. Status can be * different for writing certificates or reading CRLs or CSRs. - * - * Those are defined in oid.h as oid.c needs them in a data structure. Since - * these were previously defined here, let's have aliases for compatibility. - */ -#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE -#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES -#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS -#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ -#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME -#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS -#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ -#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS -#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS -#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE -#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS -#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY -#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL -#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE + */ +#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) +#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) +#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) +#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3) +#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4) +#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ +#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6) +#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) +#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ +#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9) +#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10) +#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) +#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) +#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) +#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) +#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* * Storage format identifiers diff --git a/library/x509_crt.c b/library/x509_crt.c index 5528763ff8..0b0e8d1e91 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1015,7 +1015,7 @@ static int x509_get_crt_ext(unsigned char **p, } break; - case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: + case MBEDTLS_X509_EXT_CERTIFICATE_POLICIES: /* Parse certificate policies type */ if ((ret = x509_get_certificate_policies(p, end_ext_octet, &crt->certificate_policies)) != 0) { @@ -1866,7 +1866,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, } } - if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { + if (crt->ext_types & MBEDTLS_X509_EXT_CERTIFICATE_POLICIES) { ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/library/x509_oid.c b/library/x509_oid.c index f5eb8fe0de..0a5da54cf5 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -273,47 +273,47 @@ static const oid_x509_ext_t oid_x509_ext[] = OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints"), - MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, + MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, }, { OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), - MBEDTLS_OID_X509_EXT_KEY_USAGE, + MBEDTLS_X509_EXT_KEY_USAGE, }, { OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage"), - MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, + MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE, }, { OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name"), - MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, + MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, }, { OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type"), - MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, + MBEDTLS_X509_EXT_NS_CERT_TYPE, }, { OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies"), - MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, + MBEDTLS_X509_EXT_CERTIFICATE_POLICIES, }, { OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, "id-ce-subjectKeyIdentifier", "Subject Key Identifier"), - MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, + MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER, }, { OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, "id-ce-authorityKeyIdentifier", "Authority Key Identifier"), - MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, + MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER, }, { NULL_OID_DESCRIPTOR, diff --git a/library/x509_oid.h b/library/x509_oid.h index 2416d0b101..5b12677a61 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -13,6 +13,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" +#include "mbedtls/x509.h" #include @@ -23,28 +24,6 @@ /** output buffer is too small */ #define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B -/* This is for the benefit of X.509, but defined here in order to avoid - * having a "backwards" include of x.509.h here */ -/* - * X.509 extension types (internal, arbitrary values for bitsets) - */ -#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) -#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) -#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) -#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3) -#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4) -#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5) -#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6) -#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) -#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8) -#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9) -#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10) -#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) -#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) -#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) -#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) - /* * Maximum number of OID components allowed */ diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data index 3f58b18435..09bd6523a0 100644 --- a/tests/suites/test_suite_x509_oid.data +++ b/tests/suites/test_suite_x509_oid.data @@ -35,22 +35,22 @@ OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier oid_get_extended_key_usage:"551D23":"" OID get x509 extension - id-ce-basicConstraints -oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS +oid_get_x509_extension:"551D13":MBEDTLS_X509_EXT_BASIC_CONSTRAINTS OID get x509 extension - id-ce-keyUsage -oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE +oid_get_x509_extension:"551D0F":MBEDTLS_X509_EXT_KEY_USAGE OID get x509 extension - id-ce-extKeyUsage -oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE +oid_get_x509_extension:"551D25":MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE OID get x509 extension - id-ce-subjectAltName -oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME +oid_get_x509_extension:"551D11":MBEDTLS_X509_EXT_SUBJECT_ALT_NAME OID get x509 extension - id-netscape-certtype -oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE +oid_get_x509_extension:"6086480186F8420101":MBEDTLS_X509_EXT_NS_CERT_TYPE OID get x509 extension - id-ce-certificatePolicies -oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES +oid_get_x509_extension:"551D20":MBEDTLS_X509_EXT_CERTIFICATE_POLICIES OID get x509 extension - invalid oid oid_get_x509_extension:"5533445566":0 From 47f1d7be950d44bc2fb404f9e3530aee7d2ae757 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 21:04:51 +0200 Subject: [PATCH 0468/1080] Replace MBEDTLS_ERR_OID_BUF_TOO_SMALL with PSA_ERROR_BUFFER_TOO_SMALL Remove the definition of `MBEDTLS_ERR_OID_BUF_TOO_SMALL` in `x509_oid.h`, and use the corresponding PSA error instead. ``` git grep -l MBEDTLS_ERR_OID_BUF_TOO_SMALL | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_BUF_TOO_SMALL\b/PSA_ERROR_BUFFER_TOO_SMALL/p' edit library/x509_oid.h ``` Signed-off-by: Gilles Peskine --- include/mbedtls/x509.h | 2 +- library/x509.c | 4 ++-- library/x509_create.c | 2 +- library/x509_oid.h | 2 -- tests/suites/test_suite_x509parse.data | 2 +- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 9d988a1a97..5a3bd8a2a1 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -498,7 +498,7 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); * \param oid OID to translate * * \return Length of the string written (excluding final NULL) or - * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error + * PSA_ERROR_BUFFER_TOO_SMALL in case of error */ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); diff --git a/library/x509.c b/library/x509.c index a3d7a18b1c..fe4e3e3afe 100644 --- a/library/x509.c +++ b/library/x509.c @@ -849,7 +849,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, ret = mbedtls_snprintf(p, n, ".%u", value); } if (ret < 2 || (size_t) ret >= n) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return PSA_ERROR_BUFFER_TOO_SMALL; } n -= (size_t) ret; p += ret; @@ -912,7 +912,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) p += ret; ret = mbedtls_snprintf(p, n, "="); print_hexstring = 1; - } else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) { + } else if (ret == PSA_ERROR_BUFFER_TOO_SMALL) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } else { ret = mbedtls_snprintf(p, n, "\?\?="); diff --git a/library/x509_create.c b/library/x509_create.c index 7ca5517528..7621698d5a 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -314,7 +314,7 @@ static int oid_subidentifier_encode_into(unsigned char **p, size_t num_bytes = oid_subidentifier_num_bytes(value); if ((size_t) (bound - *p) < num_bytes) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return PSA_ERROR_BUFFER_TOO_SMALL; } (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); value >>= 7; diff --git a/library/x509_oid.h b/library/x509_oid.h index 5b12677a61..46cfd54adc 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -21,8 +21,6 @@ /** OID is not found. */ #define MBEDTLS_ERR_OID_NOT_FOUND -0x002E -/** output buffer is too small */ -#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B /* * Maximum number of OID components allowed diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index bbdd9f90db..6a04ff0f5e 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2737,7 +2737,7 @@ X509 OID numstring #2 (buffer just fits) x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":18:17 X509 OID numstring #3 (buffer too small) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL +x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:PSA_ERROR_BUFFER_TOO_SMALL X509 OID numstring #4 (larger number) x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14 From 4c832213202b52bd2b6efa7d5625c85c81a19002 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 23:05:12 +0200 Subject: [PATCH 0469/1080] Replace MBEDTLS_ERR_OID_NOT_FOUND with MBEDTLS_ERR_X509_UNKNOWN_OID Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with `MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not used for anything. Public functions in X.509 propagate this error code, so it needs to have a public name. Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then ``` git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g' ``` Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509.c | 2 +- library/x509_oid.c | 10 +++++----- library/x509_oid.h | 19 ++++++++----------- tests/suites/test_suite_x509_oid.function | 8 ++++---- tests/suites/test_suite_x509parse.data | 10 +++++----- 7 files changed, 25 insertions(+), 28 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c992bf010..519b5b4a2b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7016,7 +7016,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ switch (ret) { case 0: /*ok*/ - case MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_X509_UNKNOWN_OID: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 70175e0d60..44525dd153 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -505,7 +505,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, switch (ret) { case 0: /*ok*/ break; - case MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_X509_UNKNOWN_OID: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/library/x509.c b/library/x509.c index fe4e3e3afe..54275ebce0 100644 --- a/library/x509.c +++ b/library/x509.c @@ -314,7 +314,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, /* Only MFG1 is recognised for now */ if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, - MBEDTLS_ERR_OID_NOT_FOUND); + MBEDTLS_ERR_X509_UNKNOWN_OID); } /* Parse HashAlgorithm */ diff --git a/library/x509_oid.c b/library/x509_oid.c index 0a5da54cf5..3517ee3841 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -66,7 +66,7 @@ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ { \ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ *ATTR1 = data->descriptor.ATTR1; \ return 0; \ } @@ -80,7 +80,7 @@ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ { \ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ *ATTR1 = data->ATTR1; \ return 0; \ } @@ -95,7 +95,7 @@ ATTR2_TYPE * ATTR2) \ { \ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ *(ATTR1) = data->ATTR1; \ *(ATTR2) = data->ATTR2; \ return 0; \ @@ -117,7 +117,7 @@ } \ cur++; \ } \ - return MBEDTLS_ERR_OID_NOT_FOUND; \ + return MBEDTLS_ERR_X509_UNKNOWN_OID; \ } /* @@ -138,7 +138,7 @@ } \ cur++; \ } \ - return MBEDTLS_ERR_OID_NOT_FOUND; \ + return MBEDTLS_ERR_X509_UNKNOWN_OID; \ } /* diff --git a/library/x509_oid.h b/library/x509_oid.h index 46cfd54adc..6b2da9895a 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -19,9 +19,6 @@ #include "mbedtls/md.h" -/** OID is not found. */ -#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E - /* * Maximum number of OID components allowed */ @@ -459,7 +456,7 @@ typedef struct { * \param oid OID to use * \param ext_type place to store the extension type * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); @@ -470,7 +467,7 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ * \param oid OID to use * \param short_name place to store the string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); @@ -481,7 +478,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char * \param md_alg place to store message digest algorithm * \param pk_alg place to store public key algorithm * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); @@ -492,7 +489,7 @@ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, * \param oid OID to use * \param desc place to store string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); @@ -504,7 +501,7 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** * \param oid place to store ASN.1 OID string pointer * \param olen length of the OID * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); @@ -515,7 +512,7 @@ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_typ * \param oid OID to use * \param md_alg place to store message digest algorithm * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); @@ -526,7 +523,7 @@ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t * * \param oid OID to use * \param desc place to store string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); #endif @@ -537,7 +534,7 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c * \param oid OID to use * \param desc place to store string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index 8273a71519..f10c68dc54 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -23,7 +23,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str) ret = mbedtls_x509_oid_get_certificate_policies(&asn1_buf, &desc); if (strlen(result_str) == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); } else { TEST_ASSERT(ret == 0); TEST_ASSERT(strcmp((char *) desc, result_str) == 0); @@ -44,7 +44,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str) ret = mbedtls_x509_oid_get_extended_key_usage(&asn1_buf, &desc); if (strlen(result_str) == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); } else { TEST_ASSERT(ret == 0); TEST_ASSERT(strcmp((char *) desc, result_str) == 0); @@ -65,7 +65,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type) ret = mbedtls_x509_oid_get_x509_ext_type(&ext_oid, &ext_type); if (exp_type == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); } else { TEST_ASSERT(ret == 0); TEST_ASSERT(ext_type == exp_type); @@ -87,7 +87,7 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) ret = mbedtls_x509_oid_get_md_alg(&md_oid, &md_id); if (exp_md_id < 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); TEST_ASSERT(md_id == 0); } else { TEST_ASSERT(ret == 0); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6a04ff0f5e..c7c465b7e6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1386,11 +1386,11 @@ x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a3008060013045465737 X509 CRT ASN1 (TBS, inv AlgID, OID empty) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, OID unknown) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C @@ -2845,7 +2845,7 @@ X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters) x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID) -x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -2866,7 +2866,7 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1) x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_OID_NOT_FOUND) +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag) x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) @@ -2881,7 +2881,7 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID) x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 From 71ccc723cdf98f314c2ba0c97d5442fc79a1041a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 22:47:50 +0200 Subject: [PATCH 0470/1080] Remove macros for crypto OID Signed-off-by: Gilles Peskine --- library/x509_oid.h | 157 --------------------------------------------- 1 file changed, 157 deletions(-) diff --git a/library/x509_oid.h b/library/x509_oid.h index 6b2da9895a..51cf96c862 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -195,7 +195,6 @@ /* * PKCS#1 OIDs */ -#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */ #define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ #define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ #define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ @@ -234,67 +233,6 @@ #define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ - -#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ - -#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ - -#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */ - -#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */ - -#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */ - -#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */ - -#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */ - -#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */ - -#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */ - -#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ - -/* - * Encryption algorithms, - * the following standardized object identifiers are specified at - * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C. - */ -#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ -#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ -#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ -#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */ -#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */ -#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */ - -/* - * Key Wrapping algorithms - */ -/* - * RFC 5649 - */ -#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */ -#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */ -#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */ -#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */ -#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */ -#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */ -/* - * PKCS#5 OIDs - */ -#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */ -#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */ -#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */ - -/* - * PKCS#5 PBES1 algorithms - */ -#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */ -#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */ -#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ -#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ - /* * PKCS#7 OIDs */ @@ -305,95 +243,8 @@ #define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ #define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ -/* - * PKCS#8 OIDs - */ #define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ -/* - * PKCS#12 PBE OIDs - */ -#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */ - -#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */ - -/* - * EC key algorithms from RFC 5480 - */ - -/* id-ecPublicKey OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */ -#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01" - -/* id-ecDH OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) - * schemes(1) ecdh(12) } */ -#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c" - -/* - * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2 - */ - -/* secp192r1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */ -#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01" - -/* secp224r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */ -#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21" - -/* secp256r1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */ -#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07" - -/* secp384r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */ -#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22" - -/* secp521r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */ -#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23" - -/* secp192k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */ -#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f" - -/* secp224k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */ -#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20" - -/* secp256k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */ -#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a" - -/* RFC 5639 4.1 - * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1) - * identified-organization(3) teletrust(36) algorithm(3) signature- - * algorithm(3) ecSign(2) 8} - * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1} - * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */ -#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01" - -/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */ -#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07" - -/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */ -#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B" - -/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */ -#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D" - -/* - * SEC1 C.1 - * - * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } - * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)} - */ -#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01" -#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01" /* * ECDSA signature identifiers, from RFC 5480 @@ -425,14 +276,6 @@ * ecdsa-with-SHA2(3) 4 } */ #define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" -/* - * EC key algorithms from RFC 8410 - */ - -#define MBEDTLS_OID_X25519 MBEDTLS_OID_THAWTE "\x6e" /**< id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 } */ -#define MBEDTLS_OID_X448 MBEDTLS_OID_THAWTE "\x6f" /**< id-X448 OBJECT IDENTIFIER ::= { 1 3 101 111 } */ -#define MBEDTLS_OID_ED25519 MBEDTLS_OID_THAWTE "\x70" /**< id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } */ -#define MBEDTLS_OID_ED448 MBEDTLS_OID_THAWTE "\x71" /**< id-Ed448 OBJECT IDENTIFIER ::= { 1 3 101 113 } */ #ifdef __cplusplus extern "C" { From f9ca8ed9ddacdff3ef9b9a9ff0902a02c072a79d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:10:35 +0200 Subject: [PATCH 0471/1080] Create a public header file for OID values This will be a subset of the former ``, with only macro definitions, no function declarations. Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 include/mbedtls/oid.h diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h new file mode 100644 index 0000000000..27ea58024e --- /dev/null +++ b/include/mbedtls/oid.h @@ -0,0 +1,16 @@ +/** + * \file oid.h + * + * \brief Object Identifier (OID) values + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_OID_H +#define MBEDTLS_OID_H + +#include "mbedtls/build_info.h" + + +#endif /* oid.h */ From cd4c0d7b005e632a77f6618117eeae578a98c780 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 23:45:12 +0200 Subject: [PATCH 0472/1080] Move OID string definitions back to mbedtls/oid.h Some code that parses or writes X.509 needs to know OID values. We provide a convenient list. Don't remove this list from the public interface of the library. For user convenience, expose these values in the same header as before and with the same name as before: `MBEDTLS_OID_xxx` in ``. Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 251 ++++++++++++++++++++ library/pkcs7.c | 1 + library/x509.c | 1 + library/x509_create.c | 1 + library/x509_crt.c | 1 + library/x509_csr.c | 1 + library/x509_oid.c | 1 + library/x509_oid.h | 253 --------------------- library/x509write_crt.c | 1 + library/x509write_csr.c | 1 + tests/suites/test_suite_x509parse.function | 1 + tests/suites/test_suite_x509write.function | 1 + 12 files changed, 261 insertions(+), 253 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 27ea58024e..5ef87d3d6a 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -12,5 +12,256 @@ #include "mbedtls/build_info.h" +/* + * Top level OID tuples + */ +#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ +#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ +#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ +#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ + +/* + * ISO Member bodies OID parts + */ +#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ +#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ +#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ +#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ +#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_ANSI_X9_62 + +/* + * ISO Identified organization OID parts + */ +#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ +#define MBEDTLS_OID_ORG_OIW "\x0e" +#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" +#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" +#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" +#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */ +#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_THAWTE +#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ +#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_CERTICOM +#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ +#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_TELETRUST + +/* + * ISO ITU OID parts + */ +#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ +#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ + +#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ +#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ + +#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ +#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ + +/* ISO arc for standard certificate and CRL extensions */ +#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ + +#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ + +/** + * Private Internet Extensions + * { iso(1) identified-organization(3) dod(6) internet(1) + * security(5) mechanisms(5) pkix(7) } + */ +#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ + "\x01" +#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" + +/* + * Arc for standard naming attributes + */ +#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ +#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ +#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ +#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ +#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ +#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ +#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ +#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ +#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ +#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ +#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ +#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ +#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ +#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ +#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ +#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ +#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ +#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ + +#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ +#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ + +/* + * OIDs for standard certificate extensions + */ +#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ +#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ +#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ +#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ +#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ +#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ +#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ +#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ +#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ +#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ +#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ +#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ +#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ +#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ +#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ + +/* + * Certificate policies + */ +#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ + +/* + * Netscape certificate extensions + */ +#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" +#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" +#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" +#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" +#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" +#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" +#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" +#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" +#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" +#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" +#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" + +/* + * OIDs for CRL extensions + */ +#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" +#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ + +/* + * X.509 v3 Extended key usage OIDs + */ +#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ + +#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ +#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ +#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ +#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ +#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ +#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ +#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ + +/** + * Wi-SUN Alliance Field Area Network + * { iso(1) identified-organization(3) dod(6) internet(1) + * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } + */ +#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" + +#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ +#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ + +/* + * PKCS definition OIDs + */ + +#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ +#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ +#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ +#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ +#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ + +/* + * PKCS#1 OIDs + */ +#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ +#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ +#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ +#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ +#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ +#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ + +#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" + +#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ + +/* RFC 4055 */ +#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ +#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ + +/* + * Digest algorithms + */ +#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ + +#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ + +/* + * PKCS#7 OIDs + */ +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ + +#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ + + +/* + * ECDSA signature identifiers, from RFC 5480 + */ +#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ +#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ + +/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" + +/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" + +/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 2 } */ +#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" + +/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 3 } */ +#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" + +/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 4 } */ +#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" #endif /* oid.h */ diff --git a/library/pkcs7.c b/library/pkcs7.c index cfe570a788..3481cbdb1b 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,6 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/x509.c b/library/x509.c index 54275ebce0..f315821fdf 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,6 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 7621698d5a..e5ade5d997 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,6 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index 0b0e8d1e91..0a43d8789f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,6 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index 0a77bef39b..32a3bb2e78 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,6 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_oid.c b/library/x509_oid.c index 3517ee3841..e8bd0d19d8 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -11,6 +11,7 @@ #if defined(MBEDTLS_OID_C) +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_oid.h b/library/x509_oid.h index 51cf96c862..f3646f8a1a 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -24,259 +24,6 @@ */ #define MBEDTLS_OID_MAX_COMPONENTS 128 -/* - * Top level OID tuples - */ -#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ -#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ -#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ -#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ - -/* - * ISO Member bodies OID parts - */ -#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ -#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ -#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ -#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ -#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_ANSI_X9_62 - -/* - * ISO Identified organization OID parts - */ -#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ -#define MBEDTLS_OID_ORG_OIW "\x0e" -#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" -#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" -#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" -#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */ -#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_THAWTE -#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ -#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_CERTICOM -#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ -#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_TELETRUST - -/* - * ISO ITU OID parts - */ -#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ -#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ - -#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ -#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ - -#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ -#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ - -/* ISO arc for standard certificate and CRL extensions */ -#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ - -#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ - -/** - * Private Internet Extensions - * { iso(1) identified-organization(3) dod(6) internet(1) - * security(5) mechanisms(5) pkix(7) } - */ -#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ - "\x01" -#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" - -/* - * Arc for standard naming attributes - */ -#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ -#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ -#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ -#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ -#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ -#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ -#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ -#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ -#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ -#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ -#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ -#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ -#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ -#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ -#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ -#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ -#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ -#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ - -#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ -#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ - -/* - * OIDs for standard certificate extensions - */ -#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ -#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ -#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ -#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ -#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ -#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ -#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ -#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ -#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ -#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ -#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ -#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ -#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ -#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ -#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ - -/* - * Certificate policies - */ -#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ - -/* - * Netscape certificate extensions - */ -#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" -#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" -#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" -#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" -#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" -#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" -#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" -#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" -#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" -#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" -#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" - -/* - * OIDs for CRL extensions - */ -#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" -#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ - -/* - * X.509 v3 Extended key usage OIDs - */ -#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ - -#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ -#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ -#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ -#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ -#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ -#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ -#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ - -/** - * Wi-SUN Alliance Field Area Network - * { iso(1) identified-organization(3) dod(6) internet(1) - * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } - */ -#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" - -#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ -#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ - -/* - * PKCS definition OIDs - */ - -#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ -#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ -#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ -#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ -#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ -#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ - -/* - * PKCS#1 OIDs - */ -#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ -#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ -#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ -#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ -#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ -#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ - -#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" - -#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ - -/* RFC 4055 */ -#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ -#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ - -/* - * Digest algorithms - */ -#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ - -#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ - -/* - * PKCS#7 OIDs - */ -#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ -#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ -#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ -#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ -#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ -#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ - -#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ - - -/* - * ECDSA signature identifiers, from RFC 5480 - */ -#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ -#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ - -/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" - -/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" - -/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 2 } */ -#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" - -/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 3 } */ -#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" - -/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 4 } */ -#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" - - #ifdef __cplusplus extern "C" { #endif diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6cc281a195..e530ae8dbe 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,6 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index f3dc9d9dac..b353d37de5 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,6 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 19b37b3102..d03884ffe9 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -6,6 +6,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e30eed949d..f43e01ea9e 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -4,6 +4,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/rsa.h" #include "mbedtls/asn1.h" From 63544116703e43c21fd3867d32028d14bb511e1e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 20:23:25 +0200 Subject: [PATCH 0473/1080] Remove unused function mbedtls_oid_get_md_alg() is used in X.509, but mbedtls_oid_get_oid_by_md() is only used in crypto. Signed-off-by: Gilles Peskine --- library/x509_oid.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index e8bd0d19d8..06a9e92fc8 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -578,10 +578,5 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_md, - oid_md_alg_t, - oid_md_alg, - mbedtls_md_type_t, - md_alg) #endif /* MBEDTLS_OID_C */ From 02ec5855184a1281e3901c280fca7a8253d19c10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 20:52:07 +0200 Subject: [PATCH 0474/1080] Replace MBEDTLS_OID_C by function-specific dependencies For each function in `x509_oid.c`, determine where it is used and only include it in the build if it is needed by the X.509 code. Define the corresponding internal tables only when they are consumed by a function. This makes Mbed TLS completely independent of the compilation option `MBEDTLS_OID_C`. This option remains present only in sample configs for crypto, where it must stay until TF-PSA-Crypto no longer relies on this option. Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 8 ++---- include/mbedtls/mbedtls_config.h | 6 ++-- library/x509_oid.c | 33 ++++++++++++++++++---- library/x509_oid.h | 19 +++++++++++-- tests/suites/test_suite_x509_oid.function | 13 +++------ tests/suites/test_suite_x509parse.function | 2 +- 6 files changed, 55 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4328f7198c..22ddaa80fd 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -287,14 +287,12 @@ #endif #if defined(MBEDTLS_X509_USE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C)) + (!defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_USE_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_X509_CREATE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_PARSE_C)) + (!defined(MBEDTLS_ASN1_WRITE_C) || !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" #endif @@ -389,7 +387,7 @@ #endif #if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ - ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ + ( !defined(MBEDTLS_PK_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \ ( !defined(MBEDTLS_MD_C) ) ) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d5a488341d..ddab7d0c32 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1100,7 +1100,7 @@ * * Module: library/pkcs7.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C, * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C * @@ -1115,7 +1115,7 @@ * * Module: library/x509_create.c * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C, * * \warning You must call psa_crypto_init() before doing any X.509 operation. * @@ -1247,7 +1247,7 @@ * library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C * * \warning You must call psa_crypto_init() before doing any X.509 operation. * diff --git a/library/x509_oid.c b/library/x509_oid.c index 06a9e92fc8..80c8873452 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -9,7 +9,10 @@ #include "x509_internal.h" -#if defined(MBEDTLS_OID_C) +/* Each group of tables and functions has its own dependencies, but + * don't even bother to define helper macros if X.509 is completely + * disabled. */ +#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) #include "mbedtls/oid.h" #include "x509_oid.h" @@ -145,6 +148,7 @@ /* * For X520 attribute types */ +#if defined(MBEDTLS_X509_USE_C) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; const char *short_name; @@ -259,10 +263,12 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_attr_short_name, x520_attr, const char *, short_name) +#endif /* MBEDTLS_X509_USE_C */ /* * For X509 extensions */ +#if defined(MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; int ext_type; @@ -324,8 +330,9 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) +#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = { OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, @@ -364,11 +371,13 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, certificate_policies, const char *, description) -#endif /* MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ /* * For SignatureAlgorithmIdentifier */ +#if defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; @@ -471,14 +480,15 @@ static const oid_sig_alg_t oid_sig_alg[] = FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_USE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_x509_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) -#endif +#endif /* MBEDTLS_X509_USE_C && !MBEDTLS_X509_REMOVE_INFO */ +#if defined(MBEDTLS_X509_USE_C) FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, oid_sig_alg_t, sig_alg, @@ -486,6 +496,8 @@ FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, md_alg, mbedtls_pk_type_t, pk_alg) +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, @@ -493,10 +505,17 @@ FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, pk_alg, mbedtls_md_type_t, md_alg) +#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ + +#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ +#if defined(MBEDTLS_X509_OID_HAVE_GET_MD_ALG) /* * For digestAlgorithm */ +/* The table of digest OIDs is duplicated in TF-PSA-Crypto (which uses it to + * look up the OID for a hash algorithm in RSA PKCS#1v1.5 signature and + * verification). */ typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; @@ -579,4 +598,6 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -#endif /* MBEDTLS_OID_C */ +#endif /* (MBEDTLS_X509_USE_C && MBEDTLS_X509_RSASSA_PSS_SUPPORT) || MBEDTLS_PKCS7_C */ + +#endif /* some X.509 is enabled */ diff --git a/library/x509_oid.h b/library/x509_oid.h index f3646f8a1a..c2fe8dc403 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -40,6 +40,8 @@ typedef struct { #endif } mbedtls_x509_oid_descriptor_t; +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_X509_CSR_PARSE_C) +#define MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE /** * \brief Translate an X.509 extension OID into local values * @@ -49,7 +51,9 @@ typedef struct { * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); +#endif /* MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate an X.509 attribute type OID into the short name * (e.g. the OID for an X520 Common Name into "CN") @@ -60,7 +64,9 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type * @@ -73,6 +79,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Translate SignatureAlgorithm OID into description * @@ -82,7 +89,10 @@ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) /** * \brief Translate md_type and pk_type into SignatureAlgorithm OID * @@ -95,7 +105,11 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** */ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); +#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ +#if (defined(MBEDTLS_X509_USE_C) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)) || \ + defined(MBEDTLS_PKCS7_C) +#define MBEDTLS_X509_OID_HAVE_GET_MD_ALG /** * \brief Translate hash algorithm OID into md_type * @@ -105,8 +119,9 @@ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_typ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); +#endif /* MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Translate Extended Key Usage OID into description * @@ -116,7 +131,6 @@ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t * * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); -#endif /** * \brief Translate certificate policies OID into description @@ -127,6 +141,7 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ #ifdef __cplusplus } diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index f10c68dc54..b988aa0f67 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -5,12 +5,7 @@ #include "string.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void oid_get_certificate_policies(data_t *oid, char *result_str) { mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; @@ -31,7 +26,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void oid_get_extended_key_usage(data_t *oid, char *result_str) { mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; @@ -52,7 +47,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ void oid_get_x509_extension(data_t *oid, int exp_type) { mbedtls_asn1_buf ext_oid = { 0, 0, NULL }; @@ -73,7 +68,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ void oid_get_md_alg_id(data_t *oid, int exp_md_id) { mbedtls_asn1_buf md_oid = { 0, 0, NULL }; diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index d03884ffe9..9ee693e665 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1504,7 +1504,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void x509_oid_desc(data_t *buf, char *ref_desc) { mbedtls_x509_buf oid; From b828820f7a90b2e3ea1856d897d4b4a07453fd37 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 21:07:47 +0200 Subject: [PATCH 0475/1080] Declare oid_xxx_numeric_string only when they are defined Signed-off-by: Gilles Peskine --- include/mbedtls/x509.h | 4 ++++ tests/suites/test_suite_x509write.function | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 5a3bd8a2a1..17b3c5d3b4 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -489,6 +489,7 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); p += (size_t) ret; \ } while (0) +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate an ASN.1 OID into its numeric representation * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") @@ -501,7 +502,9 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); * PSA_ERROR_BUFFER_TOO_SMALL in case of error */ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CREATE_C) /** * \brief Translate a string containing a dotted-decimal * representation of an ASN.1 OID into its encoded form @@ -520,6 +523,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * allocate oid->buf */ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); +#endif /* MBEDTLS_X509_CREATE_C */ #ifdef __cplusplus } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f43e01ea9e..51a5d37584 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -704,7 +704,7 @@ void x509_set_extension_length_check() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C */ void oid_from_numeric_string(char *oid_str, int error_ret, data_t *exp_oid_buf) { From dcd43fcc457b8aa8fdaeebc0ef0d4ec1ee76255c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 21:09:10 +0200 Subject: [PATCH 0476/1080] Move oid_xxx_numeric_string back to oid.h The header `mbedtls/oid.h` now belongs to the X.509 library. Move the declarations of `mbedtls_oid_get_numeric_string()` and `mbedtls_oid_from_numeric_string()` back to this header, which is where they were in all previous releases of Mbed TLS. This avoids gratuitously breaking backward compatibility. Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 36 ++++++++++++++++++++++++++++++++++++ include/mbedtls/x509.h | 36 ------------------------------------ 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 5ef87d3d6a..375ea60cb6 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -264,4 +264,40 @@ * ecdsa-with-SHA2(3) 4 } */ #define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" +#if defined(MBEDTLS_X509_USE_C) +/** + * \brief Translate an ASN.1 OID into its numeric representation + * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") + * + * \param buf buffer to put representation in + * \param size size of the buffer + * \param oid OID to translate + * + * \return Length of the string written (excluding final NULL) or + * PSA_ERROR_BUFFER_TOO_SMALL in case of error + */ +int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); +#endif /* MBEDTLS_X509_USE_C */ + +#if defined(MBEDTLS_X509_CREATE_C) +/** + * \brief Translate a string containing a dotted-decimal + * representation of an ASN.1 OID into its encoded form + * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). + * On success, this function allocates oid->buf from the + * heap. It must be freed by the caller using mbedtls_free(). + * + * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID + * \param oid_str string representation of the OID to parse + * \param size length of the OID string, not including any null terminator + * + * \return 0 if successful + * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not + * represent a valid OID + * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to + * allocate oid->buf + */ +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); +#endif /* MBEDTLS_X509_CREATE_C */ + #endif /* oid.h */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 17b3c5d3b4..2afcfb2f9f 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -489,42 +489,6 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); p += (size_t) ret; \ } while (0) -#if defined(MBEDTLS_X509_USE_C) -/** - * \brief Translate an ASN.1 OID into its numeric representation - * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") - * - * \param buf buffer to put representation in - * \param size size of the buffer - * \param oid OID to translate - * - * \return Length of the string written (excluding final NULL) or - * PSA_ERROR_BUFFER_TOO_SMALL in case of error - */ -int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); -#endif /* MBEDTLS_X509_USE_C */ - -#if defined(MBEDTLS_X509_CREATE_C) -/** - * \brief Translate a string containing a dotted-decimal - * representation of an ASN.1 OID into its encoded form - * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). - * On success, this function allocates oid->buf from the - * heap. It must be freed by the caller using mbedtls_free(). - * - * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse - * \param size length of the OID string, not including any null terminator - * - * \return 0 if successful - * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not - * represent a valid OID - * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to - * allocate oid->buf - */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); -#endif /* MBEDTLS_X509_CREATE_C */ - #ifdef __cplusplus } #endif From 53e11cb5d5b33d02f21ff4a9e593ccdc833b47ca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 21:12:15 +0200 Subject: [PATCH 0477/1080] Changelog entry for the OID module in Mbed TLS 4.0 Signed-off-by: Gilles Peskine --- ChangeLog.d/oid.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/oid.txt diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt new file mode 100644 index 0000000000..53828d85b1 --- /dev/null +++ b/ChangeLog.d/oid.txt @@ -0,0 +1,8 @@ +Removals + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. From 9e147f264c80738982623f0d0aeb9376f69c0f86 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 May 2025 20:08:51 +0200 Subject: [PATCH 0478/1080] Exclude crypto's oid.h now that it is in mbedtls Otherwise Doxygen complains about two `\file` with the same name. This is a temporary exclusion which can be removed once crypto no longer has an oid.h. Signed-off-by: Gilles Peskine --- doxygen/mbedtls.doxyfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 6b09ae39a3..cd52300b02 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -7,7 +7,9 @@ EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy -EXCLUDE = ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h +EXCLUDE = \ + ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h \ + ../tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES From 7e7dc6fdda85adff09a7b978a27067d590986da3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 May 2025 12:45:29 +0200 Subject: [PATCH 0479/1080] Align endif comments with auxiliary macros Signed-off-by: Gilles Peskine --- library/x509_oid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index 80c8873452..d69fd513ba 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -330,7 +330,7 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) -#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ +#endif /* MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = @@ -598,6 +598,6 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -#endif /* (MBEDTLS_X509_USE_C && MBEDTLS_X509_RSASSA_PSS_SUPPORT) || MBEDTLS_PKCS7_C */ +#endif /* MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ #endif /* some X.509 is enabled */ From 4aa974f7c73a1012b85d7e47678177d3c793805c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 23 Apr 2025 17:04:18 +0200 Subject: [PATCH 0480/1080] Remove `MBEDTLS_SHA3_C` config option Signed-off-by: Gabor Mezei --- programs/test/selftest.c | 5 ++++- tests/scripts/components-configuration-crypto.sh | 5 +++-- tests/scripts/depends.py | 4 ---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 515757311d..8516f3a251 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -290,7 +290,10 @@ const selftest_t selftests[] = #if defined(MBEDTLS_SHA512_C) { "sha512", mbedtls_sha512_self_test }, #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(PSA_WANT_ALG_SHA3_224) || \ + defined(PSA_WANT_ALG_SHA3_256) || \ + defined(PSA_WANT_ALG_SHA3_384) || \ + defined(PSA_WANT_ALG_SHA3_512) { "sha3", mbedtls_sha3_self_test }, #endif #if defined(MBEDTLS_DES_C) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a06ef1d132..16a399ab4e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1557,7 +1557,7 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_SHA256_C scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C - scripts/config.py unset MBEDTLS_SHA3_C + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' # Build # ----- @@ -1597,7 +1597,7 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA3_C + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' fi } @@ -1680,6 +1680,7 @@ config_psa_crypto_hmac_use_psa () { # Disable also the builtin hashes since they are supported by the driver # and MD module is able to perform PSA dispathing. scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C fi diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index cfd9f406d4..138631352f 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -348,10 +348,6 @@ def test(self, options): 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', 'PSA_WANT_ALG_SHA_512'], - 'MBEDTLS_SHA3_C' : ['PSA_WANT_ALG_SHA3_224', - 'PSA_WANT_ALG_SHA3_256', - 'PSA_WANT_ALG_SHA3_384', - 'PSA_WANT_ALG_SHA3_512'], 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } From 588769cc65d88f7d3f8f4d82bb805ce919497744 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 24 Apr 2025 12:11:26 +0200 Subject: [PATCH 0481/1080] Update error generation Adapt the `generate_errors.pl` to handle `PSA_WANT` macros and update to handle SHA3 macros. Signed-off-by: Gabor Mezei --- scripts/generate_errors.pl | 60 +++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index aae1fc8870..499307b9d8 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -96,8 +96,8 @@ } } -my $ll_old_define = ""; -my $hl_old_define = ""; +my @ll_old_define = ("", "", ""); +my @hl_old_define = ("", "", ""); my $ll_code_check = ""; my $hl_code_check = ""; @@ -129,6 +129,14 @@ $define_name = "SSL_TLS" if ($define_name eq "SSL"); $define_name = "PEM_PARSE,PEM_WRITE" if ($define_name eq "PEM"); $define_name = "PKCS7" if ($define_name eq "PKCS7"); + $define_name = "ALG_SHA3_224,ALG_SHA3_256,ALG_SHA3_384,ALG_SHA3_512" + if ($define_name eq "SHA3"); + + my $define_prefix = "MBEDTLS_"; + $define_prefix = "PSA_WANT_" if ($module_name eq "SHA3"); + + my $define_suffix = "_C"; + $define_suffix = "" if ($module_name eq "SHA3"); my $include_name = $module_name; $include_name =~ tr/A-Z/a-z/; @@ -154,26 +162,30 @@ if ($found_ll) { $code_check = \$ll_code_check; - $old_define = \$ll_old_define; + $old_define = \@ll_old_define; $white_space = ' '; } else { $code_check = \$hl_code_check; - $old_define = \$hl_old_define; + $old_define = \@hl_old_define; $white_space = ' '; } - if ($define_name ne ${$old_define}) + my $old_define_name = \${$old_define}[0]; + my $old_define_prefix = \${$old_define}[1]; + my $old_define_suffix = \${$old_define}[2]; + + if ($define_name ne ${$old_define_name}) { - if (${$old_define} ne "") + if (${$old_define_name} ne "") { ${$code_check} .= "#endif /* "; $first = 0; - foreach my $dep (split(/,/, ${$old_define})) + foreach my $dep (split(/,/, ${$old_define_name})) { - ${$code_check} .= " || " if ($first++); - ${$code_check} .= "MBEDTLS_${dep}_C"; + ${$code_check} .= " || \n " if ($first++); + ${$code_check} .= "${$old_define_prefix}${dep}${$old_define_suffix}"; } ${$code_check} .= " */\n\n"; } @@ -183,42 +195,44 @@ $first = 0; foreach my $dep (split(/,/, ${define_name})) { - ${$code_check} .= " || " if ($first); - $headers .= " || " if ($first++); + ${$code_check} .= " || \\\n " if ($first); + $headers .= " || \\\n " if ($first++); - ${$code_check} .= "defined(MBEDTLS_${dep}_C)"; - $headers .= "defined(MBEDTLS_${dep}_C)" if - ($include_name ne ""); + ${$code_check} .= "defined(${define_prefix}${dep}${define_suffix})"; + $headers .= "defined(${define_prefix}${dep}${define_suffix})" + if ($include_name ne ""); } ${$code_check} .= "\n"; $headers .= "\n#include \"mbedtls/${include_name}.h\"\n". "#endif\n\n" if ($include_name ne ""); - ${$old_define} = $define_name; + ${$old_define_name} = $define_name; + ${$old_define_prefix} = $define_prefix; + ${$old_define_suffix} = $define_suffix; } ${$code_check} .= "${white_space}case -($error_name):\n". "${white_space} return( \"$module_name - $description\" );\n" }; -if ($ll_old_define ne "") +if ($ll_old_define[0] ne "") { $ll_code_check .= "#endif /* "; my $first = 0; - foreach my $dep (split(/,/, $ll_old_define)) + foreach my $dep (split(/,/, $ll_old_define[0])) { - $ll_code_check .= " || " if ($first++); - $ll_code_check .= "MBEDTLS_${dep}_C"; + $ll_code_check .= " || \n " if ($first++); + $ll_code_check .= "${ll_old_define[1]}${dep}${ll_old_define[2]}"; } $ll_code_check .= " */\n"; } -if ($hl_old_define ne "") +if ($hl_old_define[0] ne "") { $hl_code_check .= "#endif /* "; my $first = 0; - foreach my $dep (split(/,/, $hl_old_define)) + foreach my $dep (split(/,/, $hl_old_define[0])) { - $hl_code_check .= " || " if ($first++); - $hl_code_check .= "MBEDTLS_${dep}_C"; + $hl_code_check .= " || \n " if ($first++); + $hl_code_check .= "${hl_old_define[1]}${dep}${hl_old_define[2]}"; } $hl_code_check .= " */\n"; } From 72cc7bb706159e79be5726d6d7096db9931f9449 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 24 Apr 2025 16:26:37 +0200 Subject: [PATCH 0482/1080] Start the generation at the beginning of the line The markers for the generated code need to indented due to the code style check. During the replacement remove the spaces along with the markers. Signed-off-by: Gabor Mezei --- scripts/generate_errors.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 499307b9d8..f4154e37cc 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -238,8 +238,8 @@ } $error_format =~ s/HEADER_INCLUDED\n/$headers/g; -$error_format =~ s/LOW_LEVEL_CODE_CHECKS\n/$ll_code_check/g; -$error_format =~ s/HIGH_LEVEL_CODE_CHECKS\n/$hl_code_check/g; +$error_format =~ s/ *LOW_LEVEL_CODE_CHECKS\n/$ll_code_check/g; +$error_format =~ s/ *HIGH_LEVEL_CODE_CHECKS\n/$hl_code_check/g; open(ERROR_FILE, ">$error_file") or die "Opening destination file '$error_file': $!"; print ERROR_FILE $error_format; From 2d6374a0f918d7f2026ad05c20d7e6ec7e04e0a0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 25 Mar 2025 08:29:17 +0000 Subject: [PATCH 0483/1080] adjust everest header paths in generate_visualc_files.pl Signed-off-by: Ben Taylor --- scripts/generate_visualc_files.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 81521896b4..7ef46968b5 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -50,7 +50,7 @@ my $test_drivers_source_dir = 'framework/tests/src/drivers'; my @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest ); my @thirdparty_source_dirs = qw( tf-psa-crypto/drivers/everest/library @@ -65,10 +65,10 @@ include tf-psa-crypto/include tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/everest - tf-psa-crypto/drivers/everest/include/everest/vs2013 - tf-psa-crypto/drivers/everest/include/everest/kremlib + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib tests/include tf-psa-crypto/tests/include framework/tests/include From 243b54f3869953a674ff6730685a623a98a1d9cd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 27 Mar 2025 13:41:29 +0000 Subject: [PATCH 0484/1080] update further everest paths Signed-off-by: Ben Taylor --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a099356389..bda3977d07 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -441,7 +441,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -480,7 +480,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include) + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From 142347383fb312f45ef87cee95c8de0aeaf0df6c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 10:42:19 +0100 Subject: [PATCH 0485/1080] Add ChangeLog for removal of everest headers Signed-off-by: Ben Taylor --- ChangeLog.d/remove-everest-headers.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/remove-everest-headers.txt diff --git a/ChangeLog.d/remove-everest-headers.txt b/ChangeLog.d/remove-everest-headers.txt new file mode 100644 index 0000000000..7dfdddcd52 --- /dev/null +++ b/ChangeLog.d/remove-everest-headers.txt @@ -0,0 +1,3 @@ +Removals + * Removed everest headers from mbedtls as they will be moved to + tf-psa-crypto. From 40bc3489630ab02fd7ae5c6b4518d92062e0481e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 14:49:29 +0100 Subject: [PATCH 0486/1080] corrected ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/move-everest-headers.txt | 2 ++ ChangeLog.d/remove-everest-headers.txt | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/move-everest-headers.txt delete mode 100644 ChangeLog.d/remove-everest-headers.txt diff --git a/ChangeLog.d/move-everest-headers.txt b/ChangeLog.d/move-everest-headers.txt new file mode 100644 index 0000000000..f80a6d16e4 --- /dev/null +++ b/ChangeLog.d/move-everest-headers.txt @@ -0,0 +1,2 @@ +Changes + * Update path's for new everest header path. diff --git a/ChangeLog.d/remove-everest-headers.txt b/ChangeLog.d/remove-everest-headers.txt deleted file mode 100644 index 7dfdddcd52..0000000000 --- a/ChangeLog.d/remove-everest-headers.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Removed everest headers from mbedtls as they will be moved to - tf-psa-crypto. From de864e7a1c63645f7f66c0fe69aca84b84d1c73d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Apr 2025 10:46:17 +0100 Subject: [PATCH 0487/1080] Remove ChangeLog as it is not required Signed-off-by: Ben Taylor --- ChangeLog.d/move-everest-headers.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ChangeLog.d/move-everest-headers.txt diff --git a/ChangeLog.d/move-everest-headers.txt b/ChangeLog.d/move-everest-headers.txt deleted file mode 100644 index f80a6d16e4..0000000000 --- a/ChangeLog.d/move-everest-headers.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Update path's for new everest header path. From 83e5a7bf75ba8a24392ecdc93fe68f48fd56557a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 29 May 2025 08:11:48 +0100 Subject: [PATCH 0488/1080] update framework submodule to pull in everest changes Signed-off-by: Ben Taylor --- .gitmodules | 2 +- framework | 2 +- tf-psa-crypto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitmodules b/.gitmodules index 4612b3d0c9..7e34e96984 100644 --- a/.gitmodules +++ b/.gitmodules @@ -3,4 +3,4 @@ url = https://github.com/Mbed-TLS/mbedtls-framework [submodule "tf-psa-crypto"] path = tf-psa-crypto - url = https://github.com/Mbed-TLS/TF-PSA-Crypto.git + url = git@github.com:bjwtaylor/TF-PSA-Crypto.git diff --git a/framework b/framework index 1a83e0c84d..fdb0615d9a 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 +Subproject commit fdb0615d9a72c95cdf7f67e77bfcf0418dce756f diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..8706d77f96 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit 8706d77f9632eb2d3d0e58b713281f4232c1ee20 From c45f3d6a1d5cbe8e381d603a325627d9d14c83a4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 4 Jun 2025 15:47:54 +0200 Subject: [PATCH 0489/1080] Update PSA repo Signed-off-by: Gabor Mezei --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..d056817e03 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit d056817e037e350320519613848309559909f581 From 2649800f7c3f48eee871c905219f4e3c895498a5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Jun 2025 10:38:25 +0200 Subject: [PATCH 0490/1080] Do not disable `PSA_WANT_SHA3` macros when driver accel is used The SW implementation is guarded with the `MBEDTLS_PSA_BUILTIN_ALG_SHA3` macros and not enabled when driver accelaration is set. So disabling the `PSA_WANT` macros is not needed. Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration-crypto.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 16a399ab4e..e72b837898 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1557,7 +1557,6 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_SHA256_C scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' # Build # ----- @@ -1597,7 +1596,6 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' fi } @@ -1680,7 +1678,6 @@ config_psa_crypto_hmac_use_psa () { # Disable also the builtin hashes since they are supported by the driver # and MD module is able to perform PSA dispathing. scripts/config.py unset-all MBEDTLS_SHA - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C fi From 43c891ae98e044e2ec33f2711a755773a168e197 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 3 Jun 2025 14:46:12 +0100 Subject: [PATCH 0491/1080] Remove requirement on MBEDTLS_PLATFORM_C from configs Signed-off-by: Felix Conway --- configs/crypto-config-ccm-psk-tls1_2.h | 1 - configs/crypto-config-suite-b.h | 1 - configs/crypto-config-thread.h | 1 - tests/scripts/components-configuration-crypto.sh | 1 - 4 files changed, 4 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index 7a33b0daa9..e4de8b3fb6 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -31,7 +31,6 @@ #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_PLATFORM_C /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 92549bade1..3fec3d0f10 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -49,7 +49,6 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_PLATFORM_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index d1c449ea98..f71b1f079a 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -56,7 +56,6 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_PLATFORM_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index e72b837898..9de7597c1c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2205,7 +2205,6 @@ END #define MBEDTLS_AES_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C - #define MBEDTLS_PLATFORM_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_SELF_TEST END From c54da23c765aa437785e1e02f4bb8fe9bd9697ed Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 3 Jun 2025 14:46:36 +0100 Subject: [PATCH 0492/1080] Update tf-psa-crypto pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index d056817e03..694fa1b81c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d056817e037e350320519613848309559909f581 +Subproject commit 694fa1b81cce46e8e160c8bda1a700f8c2a68586 From ef013a69709de0af579d679bd3d1c699529d49bb Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 24 Sep 2024 14:12:43 +0200 Subject: [PATCH 0493/1080] Use PSA macros for the `hashes` domain Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 63 ++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 138631352f..0cb55377a7 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -328,26 +328,26 @@ def test(self, options): 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', 'MBEDTLS_RSA_C'], - 'MBEDTLS_MD5_C' : ['PSA_WANT_ALG_MD5'], - 'MBEDTLS_RIPEMD160_C' : ['PSA_WANT_ALG_RIPEMD160'], - 'MBEDTLS_SHA1_C' : ['PSA_WANT_ALG_SHA_1'], - 'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'PSA_WANT_ALG_SHA_224'], - 'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'MBEDTLS_LMS_C', - 'MBEDTLS_LMS_PRIVATE', - 'PSA_WANT_ALG_SHA_256', - 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], - 'MBEDTLS_SHA384_C' : ['PSA_WANT_ALG_SHA_384'], - 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', - 'PSA_WANT_ALG_SHA_512'], + 'PSA_WANT_ALG_MD5': ['MBEDTLS_MD5_C'], + 'PSA_WANT_ALG_RIPEMD160': ['MBEDTLS_RIPEMD160_C'], + 'PSA_WANT_ALG_SHA_1': ['MBEDTLS_SHA1_C'], + 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', + 'MBEDTLS_ENTROPY_FORCE_SHA256', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', + 'MBEDTLS_SHA224_C'], + 'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', + 'MBEDTLS_ENTROPY_FORCE_SHA256', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', + 'MBEDTLS_LMS_C', + 'MBEDTLS_LMS_PRIVATE', + 'MBEDTLS_SHA256_C', + 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], + 'PSA_WANT_ALG_SHA_384': ['MBEDTLS_SHA384_C'], + 'PSA_WANT_ALG_SHA_512': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', + 'MBEDTLS_SHA512_C'], 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } @@ -355,8 +355,8 @@ def test(self, options): # These are not necessarily dependencies, but just minimal required changes # if a given define is the only one enabled from an exclusive group. EXCLUSIVE_GROUPS = { - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', - '-MBEDTLS_SSL_TLS_C'], + 'PSA_WANT_ALG_SHA_512': ['-MBEDTLS_SSL_COOKIE_C', + '-MBEDTLS_SSL_TLS_C'], 'PSA_WANT_ECC_MONTGOMERY_448': ['-PSA_WANT_ALG_ECDSA', '-PSA_WANT_ALG_JPAKE',], 'PSA_WANT_ECC_MONTGOMERY_255': ['-PSA_WANT_ALG_ECDSA', @@ -503,10 +503,12 @@ def __init__(self, options, conf): for expr in psa_info.generate_expressions([key_type])) if symbol in self.all_config_symbols} - # Find hash modules by name. - hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') + # Find hash modules by category. + hash_symbols = {symbol + for alg, symbol in algs.items() + if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)} - # Find elliptic curve enabling macros + # Find elliptic curve enabling macros by name. # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|' r'MBEDTLS_ECP_DP_SECP224K1_ENABLED') @@ -540,19 +542,16 @@ def __init__(self, options, conf): build_and_test), # Elliptic curves. Run the test suites. - 'curves': ExclusiveDomain(curve_symbols, build_and_test, - exclude=r'MBEDTLS_ECP_DP_SECP224K1_ENABLED'), + 'curves': ExclusiveDomain(curve_symbols, build_and_test), - # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, + # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, SHA3*, # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used # across various modules, but it depends on either SHA256 or SHA512. # As a consequence an "exclusive" test of anything other than SHA256 # or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible. 'hashes': DualDomain(hash_symbols, build_and_test, - exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \ - '|MBEDTLS_SHA224_' \ - '|MBEDTLS_SHA384_' \ - '|MBEDTLS_SHA3_'), + exclude=r'PSA_WANT_ALG_(?!SHA_(256|512))'), + # Key exchange types. 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test), From 3795f8ab7409259a67500e773c9d53b067e4b910 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 6 Jun 2025 12:31:52 +0200 Subject: [PATCH 0494/1080] Remove temporary component created for SHA3 testing Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 4f212be60d..5fd9ede124 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -351,16 +351,3 @@ component_test_memory_buffer_allocator () { # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. tests/ssl-opt.sh -e '^DTLS proxy' } - -# Temporary component for SHA3 config option removal -# Will be removed according to this issue: -# https://github.com/Mbed-TLS/mbedtls/issues/10203 -component_test_full_no_sha3 () { - msg "build: full config without SHA3" - scripts/config.py full - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' - make - - msg "test: full - PSA_WANT_ALG_SHA3_*" - make test -} From 67aa959ea1ede35671535d14df1711175f2a7dfb Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 10 Jun 2025 16:59:44 +0100 Subject: [PATCH 0495/1080] Fixed some minor typos in comments. Signed-off-by: Ari Weiler-Ofek --- library/ssl_msg.c | 4 ++-- library/ssl_tls12_client.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index dba8d74ba1..5774bfc865 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4189,7 +4189,7 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) ret = 0; goto exit; } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially bufffered", + MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially buffered", hs->in_msg_seq)); } @@ -5957,7 +5957,7 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, } else { /* * If we are past the point where we can send early data or we have - * already reached the maximum early data size, return immediatly. + * already reached the maximum early data size, return immediately. * Otherwise, progress the handshake as much as possible to not delay * it too much. If we reach a point where we can still send early data, * then we will send some. diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 114c32aea1..7be56eb121 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1773,7 +1773,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported", + MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not supported", grp_id)); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } From c6654fc1b0b91413ca4c46f6a430096f6c4288c4 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 4 Jun 2025 14:54:58 +0100 Subject: [PATCH 0496/1080] Replace MBEDTLS_ERR_ECP_IN_PROGRESS with alias PSA_OPERATION_INCOMPLETE in documentation Signed-off-by: Felix Conway --- include/mbedtls/x509_crt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 8a220cd414..de91499365 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -733,7 +733,7 @@ int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, * to disable restartable ECC. * * \return See \c mbedtls_crt_verify_with_profile(), or - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * \return #PSA_OPERATION_INCOMPLETE if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, From 4f94ae8baa64479d11d6f839c73ff2fb54b86b3b Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 4 Jun 2025 14:55:45 +0100 Subject: [PATCH 0497/1080] Doxygen: only render public files Signed-off-by: Felix Conway --- doxygen/mbedtls.doxyfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cd52300b02..78c22052ab 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,10 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy -EXCLUDE = \ - ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h \ - ../tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h +INPUT = ../include ../tf-psa-crypto/include ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES From 1704578f2fab6195983b52f1c1e079c1e78550a0 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 4 Jun 2025 14:57:21 +0100 Subject: [PATCH 0498/1080] Update tf-psa-crypto pointer to bring in doxygen pre-work Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index d056817e03..694fa1b81c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d056817e037e350320519613848309559909f581 +Subproject commit 694fa1b81cce46e8e160c8bda1a700f8c2a68586 From 67f63821a5f6027213f99e7e7f29c09a67a773c2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 29 May 2025 17:25:21 +0100 Subject: [PATCH 0499/1080] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..9af7c0e7ba 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit 9af7c0e7ba4d6bf2a9c3e56a3e3f04b4b053ce47 From 035247d46f3a847b279659e4b8739fad6aaeb62a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 11 Jun 2025 11:07:10 +0100 Subject: [PATCH 0500/1080] Re-add doxygen/input to INPUT variable Signed-off-by: Felix Conway --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 78c22052ab..cc2c51eba7 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,7 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include ../tf-psa-crypto/include ../tests/include/alt-dummy +INPUT = ../include input ../tf-psa-crypto/include ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES From 6ee4d9220e1f8aff36e41a3895121bf2c9287daa Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Wed, 11 Jun 2025 17:40:42 +0100 Subject: [PATCH 0501/1080] Fixed the same typo in ssl-opt.sh Signed-off-by: Ari Weiler-Ofek --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6eefd95724..5b2425bf55 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11693,7 +11693,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on 0 \ -c "Buffering HS message" \ -c "found fragmented DTLS handshake message"\ - -c "Next handshake message 1 not or only partially bufffered" \ + -c "Next handshake message 1 not or only partially buffered" \ -c "Next handshake message has been buffered - load"\ -S "Buffering HS message" \ -S "Next handshake message has been buffered - load"\ From ae89dcc4beefeb06a31f030f80726a7e524cc57c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 May 2025 15:34:28 +0200 Subject: [PATCH 0502/1080] library: tls12: remove usage of MBEDTLS_PK_USE_PSA_EC_DATA PK module will now always use PSA storing pattern when working with EC keys therefore MBEDTLS_PK_USE_PSA_EC_DATA is assumed to be always enabled. Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 18 ------------ library/ssl_tls12_server.c | 57 -------------------------------------- 2 files changed, 75 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 114c32aea1..80b60aeafc 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1758,10 +1758,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); -#endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */ - uint16_t tls_id = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE; mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); @@ -1786,23 +1782,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_type = key_type; /* Store peer's public key in psa format. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; ret = 0; -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - size_t olen = 0; - ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, - ssl->handshake->xxdh_psa_peerkey, - sizeof(ssl->handshake->xxdh_psa_peerkey)); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret); - return ret; - } - ssl->handshake->xxdh_psa_peerkey_len = olen; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 2b2b49f2b0..b2b5e33c0b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2525,12 +2525,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; size_t key_len; -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - uint16_t tls_id = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id; - mbedtls_ecp_keypair *key; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ pk = mbedtls_ssl_own_key(ssl); @@ -2542,11 +2536,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) switch (pk_type) { case MBEDTLS_PK_OPAQUE: -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } @@ -2561,7 +2553,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) if (pk_type != MBEDTLS_PK_OPAQUE) { /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK * module and only have ECDSA capabilities. Since we need @@ -2594,7 +2585,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ret = 0; break; } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* Opaque key is created by the user (externally from Mbed TLS) * so we assume it already has the right algorithm and flags @@ -2604,53 +2594,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ret = 0; break; -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - key = mbedtls_pk_ec_rw(*pk); - grp_id = mbedtls_pk_get_ec_group_id(pk); - if (grp_id == MBEDTLS_ECP_DP_NONE) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - /* This elliptic curve is not supported */ - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* If the above conversion to TLS ID was fine, then also this one will - be, so there is no need to check the return value here */ - mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_psa_bits); - - ssl->handshake->xxdh_psa_type = key_type; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - - ret = mbedtls_ecp_write_key_ext(key, &key_len, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_platform_zeroize(buf, sizeof(buf)); - break; - } - - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - mbedtls_platform_zeroize(buf, sizeof(buf)); - break; - } - - mbedtls_platform_zeroize(buf, sizeof(buf)); - ret = 0; - break; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ default: ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } From c394fd0ebc0e09654466cf306ccfc16907f09a89 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 May 2025 15:42:56 +0200 Subject: [PATCH 0503/1080] library: debug: replace MBEDTLS_PK_USE_PSA_EC_DATA with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY MBEDTLS_PK_USE_PSA_EC_DATA is a legacy symbol that is used in 3.6 LTS branch, but now it is assumed to be always true. It's only kept for legacy reasons so it's better to replace it with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY instead. Signed-off-by: Valerio Setti --- library/debug.c | 34 ++++------------------------------ 1 file changed, 4 insertions(+), 30 deletions(-) diff --git a/library/debug.c b/library/debug.c index 8d55b41365..5210f0c684 100644 --- a/library/debug.c +++ b/library/debug.c @@ -219,29 +219,8 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -#if defined(MBEDTLS_ECP_LIGHT) -static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X) -{ - char str[DEBUG_BUF_SIZE]; - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->X); - - mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y); -} -#endif /* MBEDTLS_ECP_LIGHT */ - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t len) @@ -311,7 +290,7 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -342,16 +321,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) - if (items[i].type == MBEDTLS_PK_DEBUG_ECP) { - mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); - } else -#endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); } else -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ { debug_send_line(ssl, level, file, line, "should not happen\n"); } } From eaf578978edd3d91185e5a412d3c8cbf472a7ca0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 May 2025 17:07:09 +0200 Subject: [PATCH 0504/1080] library: remove ECDSA_C dependency from ECP_RESTARTABLE Signed-off-by: Valerio Setti --- include/mbedtls/x509_crt.h | 10 +++++----- library/x509_crt.c | 26 +++++++++++++------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index de91499365..a3f07892f6 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -272,7 +272,7 @@ typedef struct { #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ } mbedtls_x509_crt_verify_chain; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Context for resuming X.509 verify operations @@ -299,12 +299,12 @@ typedef struct { } mbedtls_x509_crt_restart_ctx; -#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#else /* MBEDTLS_ECP_RESTARTABLE */ /* Now we can declare functions that take a pointer to that */ typedef void mbedtls_x509_crt_restart_ctx; -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -880,7 +880,7 @@ void mbedtls_x509_crt_init(mbedtls_x509_crt *crt); */ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Initialize a restart context */ @@ -890,7 +890,7 @@ void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx); * \brief Free the components of a restart context */ void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx); -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** diff --git a/library/x509_crt.c b/library/x509_crt.c index 0a43d8789f..4ac5d9b7e6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2124,7 +2124,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return -1; } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { return mbedtls_pk_verify_restartable(&parent->pk, child->sig_md, hash, hash_len, @@ -2234,7 +2234,7 @@ static int x509_crt_find_parent_in( mbedtls_x509_crt *parent, *fallback_parent; int signature_is_good = 0, fallback_signature_is_good; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* did we have something in progress? */ if (rs_ctx != NULL && rs_ctx->parent != NULL) { /* restore saved state */ @@ -2268,12 +2268,12 @@ static int x509_crt_find_parent_in( } /* Signature */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) check_signature: #endif ret = x509_crt_check_signature(child, parent, rs_ctx); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent = parent; @@ -2358,7 +2358,7 @@ static int x509_crt_find_parent( *parent_is_trusted = 1; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* restore then clear saved state if we have some stored */ if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { *parent_is_trusted = rs_ctx->parent_is_trusted; @@ -2374,7 +2374,7 @@ static int x509_crt_find_parent( *parent_is_trusted, path_cnt, self_cnt, rs_ctx, now); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent_is_trusted = *parent_is_trusted; @@ -2501,7 +2501,7 @@ static int x509_crt_verify_chain( } #endif -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* resume if we had an operation in progress */ if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { /* restore saved state */ @@ -2515,7 +2515,7 @@ static int x509_crt_verify_chain( goto find_parent; } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ child = crt; self_cnt = 0; @@ -2561,7 +2561,7 @@ static int x509_crt_verify_chain( return 0; } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) find_parent: #endif @@ -2593,7 +2593,7 @@ static int x509_crt_verify_chain( ver_chain->len - 1, self_cnt, rs_ctx, &now); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->in_progress = x509_crt_rs_find_parent; @@ -3087,7 +3087,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, ver_chain.trust_ca_cb_result = NULL; #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { mbedtls_x509_crt_restart_free(rs_ctx); } @@ -3223,7 +3223,7 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) } } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ @@ -3254,7 +3254,7 @@ void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) mbedtls_pk_restart_free(&ctx->pk); mbedtls_x509_crt_restart_init(ctx); } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) { From a81d6dfb05631ac5d8cd0003913665f048287f15 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 May 2025 12:37:15 +0200 Subject: [PATCH 0505/1080] tests|programs: remove usage of mbedtls_ecp_set_max_ops() PK restartable operations are now implemented using PSA interruptible ones, so mbedtls_ecp_set_max_ops() can be removed in favor of psa_interruptible_set_max_ops(). Signed-off-by: Valerio Setti --- programs/ssl/ssl_client2.c | 1 - tests/suites/test_suite_x509parse.function | 1 - 2 files changed, 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4b5ea7c5d2..d5e7fdf304 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2173,7 +2173,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_ECP_RESTARTABLE) if (opt.ec_max_ops != DFL_EC_MAX_OPS) { psa_interruptible_set_max_ops(opt.ec_max_ops); - mbedtls_ecp_set_max_ops(opt.ec_max_ops); } #endif diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 1276941147..09b248e8fe 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -681,7 +681,6 @@ void x509_verify_restart(char *crt_file, char *ca_file, TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); psa_interruptible_set_max_ops(max_ops); - mbedtls_ecp_set_max_ops(max_ops); cnt_restart = 0; do { From d7d0acbeb6b4186a62aa6e7429d5bda56c0cea52 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 12 Jun 2025 06:26:06 +0200 Subject: [PATCH 0506/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 694fa1b81c..1a7ceaf8e2 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 694fa1b81cce46e8e160c8bda1a700f8c2a68586 +Subproject commit 1a7ceaf8e28e6b2a48f3743ce706a339dabeb509 From d1090d70ffd084b8750b64334a32b8b6d473ee19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 May 2025 13:06:27 +0200 Subject: [PATCH 0507/1080] Update crypto submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..9af7c0e7ba 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit 9af7c0e7ba4d6bf2a9c3e56a3e3f04b4b053ce47 From d2262f23049356528e7a7849dcd18928f484255e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 May 2025 13:07:42 +0200 Subject: [PATCH 0508/1080] Uncomment tests now that crypto is fixed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e5224218c5..96311f3b56 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -269,11 +269,11 @@ mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=ef":"CN=ef":0:0 X509 String to Names (repeated OID, 1st is zero-length) mbedtls_x509_string_to_names:"CN=#0400,CN=cd,CN=ef":"CN=ef":0:0 -#X509 String to Names (repeated OID, middle is zero-length) -#mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 +X509 String to Names (repeated OID, middle is zero-length) +mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 -#X509 String to Names (repeated OID, last is zero-length) -#mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 +X509 String to Names (repeated OID, last is zero-length) +mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 X509 Round trip test (Escaped characters) mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 From 5f6310b65f6ad3cf2faa62b9c8a2109ecf0bedb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 May 2025 12:38:52 +0200 Subject: [PATCH 0509/1080] Add ChangeLog entry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/fix-string-to-names-store-named-data.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt new file mode 100644 index 0000000000..422ce07f85 --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -0,0 +1,12 @@ +Security + * Fix a bug in mbedtls_asn1_store_named_data() where it would sometimes leave + an item in the output list in an inconsistent state with val.p == NULL but + val.len > 0. This impacts applications that call this function directly, + or indirectly via mbedtls_x509_string_to_names() or one of the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions. The + inconsistent state of the output could then cause a NULL dereference either + inside the same call to mbedtls_x509_string_to_names(), or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLS, or that call mbedtls_asn1_store_named_data() + directly. Found by Linh Le and Ngan Nguyen from Calif. From dc82fa67c5cfab62010d4d642015c267b0739307 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 May 2025 13:10:44 +0200 Subject: [PATCH 0510/1080] Keep only the X.509 part from the Changelog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../fix-string-to-names-store-named-data.txt | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt index 422ce07f85..e517cbb72a 100644 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -1,12 +1,8 @@ Security - * Fix a bug in mbedtls_asn1_store_named_data() where it would sometimes leave - an item in the output list in an inconsistent state with val.p == NULL but - val.len > 0. This impacts applications that call this function directly, - or indirectly via mbedtls_x509_string_to_names() or one of the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions. The - inconsistent state of the output could then cause a NULL dereference either - inside the same call to mbedtls_x509_string_to_names(), or in subsequent + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent users of the output structure, such as mbedtls_x509_write_names(). This only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLS, or that call mbedtls_asn1_store_named_data() - directly. Found by Linh Le and Ngan Nguyen from Calif. + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. From f5a63d1456f109c369500d89f605ea308ea14f1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 10 Jun 2025 09:56:40 +0200 Subject: [PATCH 0511/1080] Fix invalid test data by aligning with 3.6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 96311f3b56..4dcd967226 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -273,7 +273,7 @@ X509 String to Names (repeated OID, middle is zero-length) mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 X509 String to Names (repeated OID, last is zero-length) -mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 +mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=#0000":0:MAY_FAIL_GET_NAME X509 Round trip test (Escaped characters) mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 From 3de417fce26e95ae2cc047989106ac320a2bf9be Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:03:42 +0200 Subject: [PATCH 0512/1080] scripts: generate_visualc_files.pl: prepare for Everest headers relocation This change allows the Perl script to manage Everest headers in tf-psa-crypto repo both before and after psa#235. Once psa#235 will be merged this commit can be simplified, i.e. it will be returned to its original state with paths of Everest headers updated. Signed-off-by: Valerio Setti --- scripts/generate_visualc_files.pl | 60 ++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 16 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 7ef46968b5..714abd739a 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -49,9 +49,20 @@ my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; my $test_drivers_source_dir = 'framework/tests/src/drivers'; -my @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest -); +# This is a dirty patch to allow mbedtls#10091 to be merged without updating +# tf-psa-crypto to psa#235. Once psa#235 will be merged, this dirty fix can +# be removed. +# The same holds also for @include_directories below. +my @thirdparty_header_dirs; +if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { + @thirdparty_header_dirs = qw( + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + ); +} else { + @thirdparty_header_dirs = qw( + tf-psa-crypto/drivers/everest/include/everest + ); +} my @thirdparty_source_dirs = qw( tf-psa-crypto/drivers/everest/library tf-psa-crypto/drivers/everest/library/kremlib @@ -61,19 +72,36 @@ # Directories to add to the include path. # Order matters in case there are files with the same name in more than # one directory: the compiler will use the first match. -my @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs -); +my @include_directories; +if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { + @include_directories = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib + tests/include + tf-psa-crypto/tests/include + framework/tests/include + framework/tests/programs + ); +} else { + @include_directories = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + tf-psa-crypto/drivers/everest/include/ + tf-psa-crypto/drivers/everest/include/everest + tf-psa-crypto/drivers/everest/include/everest/vs2013 + tf-psa-crypto/drivers/everest/include/everest/kremlib + tests/include + tf-psa-crypto/tests/include + framework/tests/include + framework/tests/programs + ); +} my $include_directories = join(';', map {"../../$_"} @include_directories); # Directories to add to the include path when building the libraries, but not From 0815c67ce153db7641d388ffea3a9856fcc8b461 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 12 Apr 2025 11:52:18 +0200 Subject: [PATCH 0513/1080] programs: pkey: Use tf-psa-crypto/build_info.h pkey programs are crypto programs (only linked to the TF-PSA-Crypto library) thus use the TF-PSA-Crypto build-time configuration info file tf-psa-crypto/build_info.h instead of the Mbed TLS one. Signed-off-by: Ronald Cron --- programs/pkey/gen_key.c | 2 +- programs/pkey/pk_sign.c | 2 +- programs/pkey/pk_verify.c | 2 +- programs/pkey/rsa_sign_pss.c | 2 +- programs/pkey/rsa_verify_pss.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index f1ed511241..4d329f2db0 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 92d96608e3..1598986f6e 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 8ae612bdf6..d9e3bf1ee3 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index a5e06fb197..94333ae54c 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 2bb140fe4e..19f92affb3 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ From a3b562aa1742fa46f7f3c3e268aae1f33bc77a3e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 16 Jun 2025 15:21:13 +0200 Subject: [PATCH 0514/1080] programs: test: Let zeroize be an Mbed TLS test program In TF-PSA-Crypto there is the crypto specific one. Signed-off-by: Ronald Cron --- programs/test/CMakeLists.txt | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 089f8a67e8..949708420c 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -2,20 +2,16 @@ set(libs ${mbedtls_target} ) -set(executables_libs +set(executables metatest query_compile_time_config query_included_headers selftest udp_proxy -) -add_dependencies(${programs_target} ${executables_libs}) -add_dependencies(${ssl_opt_target} udp_proxy) - -set(executables_mbedcrypto zeroize ) -add_dependencies(${programs_target} ${executables_mbedcrypto}) +add_dependencies(${programs_target} ${executables}) +add_dependencies(${ssl_opt_target} udp_proxy) add_dependencies(${ssl_opt_target} query_compile_time_config) if(TEST_CPP) @@ -74,7 +70,7 @@ else() link_to_source(query_config.c) endif() -foreach(exe IN LISTS executables_libs executables_mbedcrypto) +foreach(exe IN LISTS executables) set(source ${exe}.c) set(extra_sources "") if(NOT EXISTS ${source} AND @@ -102,16 +98,9 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) # Request C11, required for memory poisoning set_target_properties(${exe} PROPERTIES C_STANDARD 11) - - # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 - list(FIND executables_libs ${exe} exe_index) - if (${exe_index} GREATER -1) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - else() - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - endif() + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) endforeach() -install(TARGETS ${executables_libs} ${executables_mbedcrypto} +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 653a86dc2a36d6fa6b37ada91d9ca01a7ee63ff8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:16:16 +0200 Subject: [PATCH 0515/1080] CMakeLists: prepare for Everest headers relocation Signed-off-by: Valerio Setti --- CMakeLists.txt | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bda3977d07..84bed5aba3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -434,6 +434,14 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) add_dependencies(mbedtls_test mbedtls_test_keys_header) endif() + # This is a dirty fix to allow mbedtls#10091 to be merged without psa#325. + # Once the latter will be merged, this can be simplified to just use + # the new path. + if(EXISTS "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") + set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") + else() + set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include") + endif() target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include @@ -441,7 +449,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + PRIVATE ${EVEREST_HEADERS_PATH} PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -480,7 +488,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) + PRIVATE ${EVEREST_HEADERS_PATH}) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From 3150913be7e369de73b663af57cab429fe372997 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:34:33 +0200 Subject: [PATCH 0516/1080] Revert "update framework submodule to pull in everest changes" This reverts commit 83e5a7bf75ba8a24392ecdc93fe68f48fd56557a. Signed-off-by: Valerio Setti --- .gitmodules | 2 +- framework | 2 +- tf-psa-crypto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitmodules b/.gitmodules index 7e34e96984..4612b3d0c9 100644 --- a/.gitmodules +++ b/.gitmodules @@ -3,4 +3,4 @@ url = https://github.com/Mbed-TLS/mbedtls-framework [submodule "tf-psa-crypto"] path = tf-psa-crypto - url = git@github.com:bjwtaylor/TF-PSA-Crypto.git + url = https://github.com/Mbed-TLS/TF-PSA-Crypto.git diff --git a/framework b/framework index fdb0615d9a..1a83e0c84d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit fdb0615d9a72c95cdf7f67e77bfcf0418dce756f +Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 diff --git a/tf-psa-crypto b/tf-psa-crypto index 8706d77f96..35ae18cf89 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 8706d77f9632eb2d3d0e58b713281f4232c1ee20 +Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 From e4960bc15986b86d3d928344245ff3deadedd8ec Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:35:07 +0200 Subject: [PATCH 0517/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 1a83e0c84d..977db0c8bc 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 +Subproject commit 977db0c8bcb083b436652d9339bd142f46bf64bb From d1e4ccf0a0c0bf1203b022ed6f50ab5224d96b42 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 16 Jun 2025 16:55:15 +0200 Subject: [PATCH 0518/1080] cmake: Fix library order A library that depends on another one should come first in the list of libraries to link against. Signed-off-by: Ronald Cron --- programs/test/cmake_package/CMakeLists.txt | 2 +- programs/test/cmake_package_install/CMakeLists.txt | 2 +- programs/test/cmake_subproject/CMakeLists.txt | 4 ++-- programs/util/CMakeLists.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt index 85270bc8c7..287a0c38c2 100644 --- a/programs/test/cmake_package/CMakeLists.txt +++ b/programs/test/cmake_package/CMakeLists.txt @@ -35,4 +35,4 @@ find_package(MbedTLS REQUIRED) add_executable(cmake_package cmake_package.c) target_link_libraries(cmake_package - MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509) + MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index f10109e94c..0d7dbe4dad 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -38,4 +38,4 @@ find_package(MbedTLS REQUIRED) add_executable(cmake_package_install cmake_package_install.c) target_link_libraries(cmake_package_install - MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509) + MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index 7acdcc3393..5bd0c8742b 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -14,9 +14,9 @@ add_subdirectory(${MBEDTLS_DIR} build) # Link against all the Mbed TLS libraries. Verifies that the targets have been # created using the specified prefix set(libs - subproject_test_tfpsacrypto - subproject_test_mbedx509 subproject_test_mbedtls + subproject_test_mbedx509 + subproject_test_tfpsacrypto ) add_executable(cmake_subproject cmake_subproject.c) diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index c1b6b75866..fb3ba188a6 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -1,6 +1,6 @@ set(libs - ${tfpsacrypto_target} ${mbedx509_target} + ${tfpsacrypto_target} ) set(executables From 26893d99f67933bfe44db750045bf0f556fcb967 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Jun 2025 23:04:46 +0200 Subject: [PATCH 0519/1080] Revert "CMakeLists: prepare for Everest headers relocation" This reverts commit 653a86dc2a36d6fa6b37ada91d9ca01a7ee63ff8. Signed-off-by: Valerio Setti --- CMakeLists.txt | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 84bed5aba3..bda3977d07 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -434,14 +434,6 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) add_dependencies(mbedtls_test mbedtls_test_keys_header) endif() - # This is a dirty fix to allow mbedtls#10091 to be merged without psa#325. - # Once the latter will be merged, this can be simplified to just use - # the new path. - if(EXISTS "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") - set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") - else() - set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include") - endif() target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include @@ -449,7 +441,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE ${EVEREST_HEADERS_PATH} + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -488,7 +480,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE ${EVEREST_HEADERS_PATH}) + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From f5e27fa3616f33b9662d830fa2b58b553401084a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Jun 2025 23:06:24 +0200 Subject: [PATCH 0520/1080] Revert "update further everest paths" This reverts commit 243b54f3869953a674ff6730685a623a98a1d9cd. Signed-off-by: Valerio Setti --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bda3977d07..a099356389 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -441,7 +441,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + PRIVATE tf-psa-crypto/drivers/everest/include PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -480,7 +480,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) + PRIVATE tf-psa-crypto/drivers/everest/include) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From 2d7ded653fa6cab47b29870ce4623fd4e1814aad Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 18 Jun 2025 00:08:46 +0200 Subject: [PATCH 0521/1080] scripts: generate_visualc_files: fix include_directories Signed-off-by: Valerio Setti --- scripts/generate_visualc_files.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 714abd739a..5a18afc0c1 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -78,7 +78,7 @@ include tf-psa-crypto/include tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + tf-psa-crypto/drivers/everest/include/ tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib From d9fa0755d906322ac041bf7754b89352002462f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Jun 2025 12:11:55 +0200 Subject: [PATCH 0522/1080] Update tf-psa-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need #311 Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 1a7ceaf8e2..eb77caabba 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 1a7ceaf8e28e6b2a48f3743ce706a339dabeb509 +Subproject commit eb77caabba98c415fe68d2440779b9f9aec6b2a4 From 6a3b877d601cded7ffddb736671503c5ce8d8b79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Jun 2025 12:14:02 +0200 Subject: [PATCH 0523/1080] Remove OID from generate_error.pl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no longer any associated error code, so this commit does not change the generated file in any way. Signed-off-by: Manuel Pégourié-Gonnard --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index f4154e37cc..977047af54 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -38,7 +38,7 @@ my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 - NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160 + NET PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); my @high_level_modules = qw( CIPHER ECP MD PEM PK PKCS12 PKCS5 From 838a114f051d80207b878b3b8aebdc56b60b1bbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Jun 2025 12:16:38 +0200 Subject: [PATCH 0524/1080] Remove MBEDTLS_OID_C from sample configs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This option no longer exists (and there's a Changelog entry saying so). After this commit, git grep -l -w MBEDTLS_OID_C shows the only remaining occurences are in text files (.txt, .md). Signed-off-by: Manuel Pégourié-Gonnard --- configs/crypto-config-suite-b.h | 1 - configs/crypto-config-thread.h | 1 - 2 files changed, 2 deletions(-) diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 3fec3d0f10..dd304c1c5d 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -49,7 +49,6 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index f71b1f079a..18206e1a9f 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -58,7 +58,6 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C -#define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C From 79b513894a28718604f7cb531380bfea0354844f Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 11 Jun 2025 16:04:06 +0100 Subject: [PATCH 0525/1080] Add __attribute__ ((nonstring)) to remove unterminated-string-initialization warning Signed-off-by: Felix Conway --- library/ssl_tls13_keys.c | 3 ++- library/ssl_tls13_keys.h | 3 ++- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 3 ++- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 3 ++- tests/suites/test_suite_ssl_decrypt.function | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index dbc703a6c1..51afb044cc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -80,7 +80,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * the HkdfLabel structure on success. */ -static const char tls13_label_prefix[6] = "tls13 "; +/* We need to tell the compiler that we meant to leave out the null character. */ +static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ (2 /* expansion length */ \ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 14f6e4876c..f6d02b522a 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -40,8 +40,9 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/* We need to tell the compiler that we meant to leave out the null character. */ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1]; + const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); union mbedtls_ssl_tls13_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index ca090ccc66..83cd3c00dd 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -25,7 +25,8 @@ int psa_aead_encrypt_decrypt_main(void) uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; const uint8_t plaintext[] = "Hello World!"; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; size_t nonce_length = sizeof(nonce); size_t ciphertext_length; diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index a923feb618..22d0bfb0f0 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -25,7 +25,8 @@ int psa_cipher_encrypt_decrypt_main(void) uint8_t original[BUFFER_SIZE] = { 0 }; uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; size_t encrypted_length; size_t decrypted_length; diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 909e6cfa44..72824163a5 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -37,7 +37,8 @@ void ssl_decrypt_null(int hash_id) mbedtls_ssl_write_version(rec_good.ver, MBEDTLS_SSL_TRANSPORT_STREAM, version); - const char sample_plaintext[3] = "ABC"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const char sample_plaintext[3] __attribute__ ((nonstring)) = "ABC"; mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); uint8_t *buf = NULL; From 5b84ae14e9f09aae0597d1ab5bd3ed356159f9ba Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 12 Jun 2025 11:28:56 +0100 Subject: [PATCH 0526/1080] Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING This macro applies __attribute__((nonstring)) when using a compiler that supports it Signed-off-by: Felix Conway --- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 2 +- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 3 ++- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 3 ++- tests/suites/test_suite_ssl_decrypt.function | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 51afb044cc..865e02c2dc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -81,7 +81,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = */ /* We need to tell the compiler that we meant to leave out the null character. */ -static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; +static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ (2 /* expansion length */ \ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index f6d02b522a..1509e9a4d4 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -42,7 +42,7 @@ /* We need to tell the compiler that we meant to leave out the null character. */ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); + const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING; union mbedtls_ssl_tls13_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 83cd3c00dd..313397bbcd 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -26,7 +26,8 @@ int psa_aead_encrypt_decrypt_main(void) uint8_t decrypt[BUFFER_SIZE] = { 0 }; const uint8_t plaintext[] = "Hello World!"; /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; size_t nonce_length = sizeof(nonce); size_t ciphertext_length; diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 22d0bfb0f0..30b6982e04 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -26,7 +26,8 @@ int psa_cipher_encrypt_decrypt_main(void) uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; size_t encrypted_length; size_t decrypted_length; diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 72824163a5..37265def88 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -38,7 +38,7 @@ void ssl_decrypt_null(int hash_id) MBEDTLS_SSL_TRANSPORT_STREAM, version); /* We need to tell the compiler that we meant to leave out the null character. */ - const char sample_plaintext[3] __attribute__ ((nonstring)) = "ABC"; + const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC"; mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); uint8_t *buf = NULL; From b9891f1fd2eb3238fc852cb52c9054c7937e51e1 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Fri, 13 Jun 2025 09:36:28 +0100 Subject: [PATCH 0527/1080] Add changelog Signed-off-by: Felix Conway --- ChangeLog.d/unterminated-string-initialization.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt new file mode 100644 index 0000000000..75a72cae6b --- /dev/null +++ b/ChangeLog.d/unterminated-string-initialization.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. From cfbee27b45d81f784b12fce96888a0b6ae52b4f4 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Sat, 14 Jun 2025 22:13:35 +0100 Subject: [PATCH 0528/1080] Add include so psasim files can find new macro Signed-off-by: Felix Conway --- .../psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c | 1 + .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 313397bbcd..a8b57c2efb 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -4,6 +4,7 @@ */ #include "psa/crypto.h" +#include "../tf-psa-crypto/core/common.h" #include #include #include diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 30b6982e04..25c0b8a61e 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -4,6 +4,7 @@ */ #include "psa/crypto.h" +#include "../tf-psa-crypto/core/common.h" #include #include #include From 69f570643174ecab710b81f713cfd792d3a21d4a Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Thu, 19 Jun 2025 08:55:15 +0100 Subject: [PATCH 0529/1080] Add explanatory comment above #include "../tf-psa-crypto/core/common.h" Signed-off-by: Ari Weiler-Ofek --- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index a8b57c2efb..17219938b8 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -4,6 +4,22 @@ */ #include "psa/crypto.h" +/* + * Temporary hack: psasim’s Makefile only does: + * -Itests/psa-client-server/psasim/include + * -I$(MBEDTLS_ROOT_PATH)/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include + * + * None of those cover tf-psa-crypto/core, so we rely on the + * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative + * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, + * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the + * new GCC-15 unterminated-string-initialization warning). + * + * See GitHub issue #10223 for the proper long-term fix. + * https://github.com/Mbed-TLS/mbedtls/issues/10223 + */ #include "../tf-psa-crypto/core/common.h" #include #include From 78b0521449ed6efda145028574a29096786ea412 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Thu, 19 Jun 2025 18:23:32 +0100 Subject: [PATCH 0530/1080] Remove trailing whitespace Signed-off-by: Ari Weiler-Ofek --- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 17219938b8..71173d2b52 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -6,17 +6,15 @@ #include "psa/crypto.h" /* * Temporary hack: psasim’s Makefile only does: - * -Itests/psa-client-server/psasim/include - * -I$(MBEDTLS_ROOT_PATH)/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - * + * -Itests/psa-client-server/psasim/include + * -I$(MBEDTLS_ROOT_PATH)/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include * None of those cover tf-psa-crypto/core, so we rely on the * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the * new GCC-15 unterminated-string-initialization warning). - * * See GitHub issue #10223 for the proper long-term fix. * https://github.com/Mbed-TLS/mbedtls/issues/10223 */ From 06d64ad6a0503cc6dc1a9584fad8f9ed4c12676e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 20 Jun 2025 12:00:16 +0200 Subject: [PATCH 0531/1080] library: Makefile: use wildcard to select sources for crypto library This gives the possibility to add new source files in tf-psa-crypto library without any need to update this Makefile. Signed-off-by: Valerio Setti --- library/Makefile | 80 +++--------------------------------------------- 1 file changed, 4 insertions(+), 76 deletions(-) diff --git a/library/Makefile b/library/Makefile index fb61911896..2f695c696b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -109,82 +109,10 @@ DLEXT = dylib endif endif -OBJS_CRYPTO= \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aes.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesni.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesce.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aria.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1parse.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1write.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/base64.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_core.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod_raw.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/block_cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/camellia.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ccm.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chacha20.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chachapoly.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher_wrap.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cmac.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/constant_time.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ctr_drbg.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/des.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdh.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecjpake.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves_new.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy_poll.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/gcm.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hkdf.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hmac_drbg.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lmots.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lms.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md5.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/memory_buffer_alloc.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/nist_kw.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/oid.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pem.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_ecc.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_wrap.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs12.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs5.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkparse.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkwrite.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform_util.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/poly1305.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_aead.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ecp.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ffdh.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_hash.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_mac.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_pake.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_rsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_util.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ripemd160.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa_alt_helpers.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha1.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha256.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha512.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \ - # This line is intentionally left blank +OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) +GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o +OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) +OBJS_CRYPTO += $(GENERATED_OBJS_CRYPTO) THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc From 07b95f07ed6e59eb8da873d839fd76c01658ce13 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 22 Jun 2025 21:15:52 +0100 Subject: [PATCH 0532/1080] Updated framework pointer (release-sync) Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 977db0c8bc..2a3e2c5ea0 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 977db0c8bcb083b436652d9339bd142f46bf64bb +Subproject commit 2a3e2c5ea053c14b745dbdf41f609b1edc6a72fa From ed7c0d146ba3e6ad3f84f000b74ee7d8d1a4b7da Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 22 Jun 2025 21:16:15 +0100 Subject: [PATCH 0533/1080] Updated tf-psa-crypto pointer (release-sync) Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index eb77caabba..a07506eab0 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit eb77caabba98c415fe68d2440779b9f9aec6b2a4 +Subproject commit a07506eab0b693152d5a522273b812d222ddd87c From 95c48b3b44cfbbf57b72fef635f396b6abdcc6b5 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 23 Jun 2025 14:11:00 +0100 Subject: [PATCH 0534/1080] Turn Wunterminated-string-initialization back into an error Signed-off-by: Felix Conway --- tests/scripts/components-compiler.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 6f311ac921..9e74572c13 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -93,9 +93,6 @@ component_test_gcc15_drivers_opt () { scripts/config.py full loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - # Allow a warning that we don't yet comply to. - # https://github.com/Mbed-TLS/mbedtls/issues/9944 - loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From 8e8dc114068d835f549d0d06e320cf3fa17b4c88 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 11:29:11 +0200 Subject: [PATCH 0535/1080] scripts: generate_visualc_files: remove temporary Everest path fixes Remove temporary path fixes for Everest's headers that were introduced in #10225. Only the new and correct path of the header files is kept. Signed-off-by: Valerio Setti --- scripts/generate_visualc_files.pl | 60 +++++++++---------------------- 1 file changed, 16 insertions(+), 44 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 5a18afc0c1..ef684b79d8 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -49,20 +49,9 @@ my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; my $test_drivers_source_dir = 'framework/tests/src/drivers'; -# This is a dirty patch to allow mbedtls#10091 to be merged without updating -# tf-psa-crypto to psa#235. Once psa#235 will be merged, this dirty fix can -# be removed. -# The same holds also for @include_directories below. -my @thirdparty_header_dirs; -if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { - @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - ); -} else { - @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/everest - ); -} +my @thirdparty_header_dirs = qw( + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest +); my @thirdparty_source_dirs = qw( tf-psa-crypto/drivers/everest/library tf-psa-crypto/drivers/everest/library/kremlib @@ -72,36 +61,19 @@ # Directories to add to the include path. # Order matters in case there are files with the same name in more than # one directory: the compiler will use the first match. -my @include_directories; -if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { - @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs - ); -} else { - @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/everest - tf-psa-crypto/drivers/everest/include/everest/vs2013 - tf-psa-crypto/drivers/everest/include/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs - ); -} +my @include_directories = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + tf-psa-crypto/drivers/everest/include/ + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib + tests/include + tf-psa-crypto/tests/include + framework/tests/include + framework/tests/programs +); my $include_directories = join(';', map {"../../$_"} @include_directories); # Directories to add to the include path when building the libraries, but not From b836d468705ac4a2e2d65bdd1ee8c8df44b97a52 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:18:47 +0200 Subject: [PATCH 0536/1080] Fix accidentally skipped test assertion Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4567dbdadb..a6f368520b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5939,7 +5939,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) } else { ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state); } - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE); + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + TEST_EQUAL(ret, 0); + } char label[] = "test-label"; uint8_t key_buffer[24] = { 0 }; From 760608d47b9bb3a73239701e1fba9f47eeedd654 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:26:35 +0200 Subject: [PATCH 0537/1080] Properly initialize SSL endpoint objects In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed early, e.g. due to `psa_crypto_init()` failing. This was largely harmless, but could have caused weird test results in case of failure, and was flagged by Coverity. Use a more systematic style for initializing the stack object as soon as it's declared. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 54 +++++++++++++++++----------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a6f368520b..58212bad9c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2879,6 +2879,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint ep; + memset(&ep, 0, sizeof(ep)); int ret = -1; mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); @@ -2910,6 +2911,8 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint base_ep, second_ep; + memset(&base_ep, 0, sizeof(base_ep)); + memset(&second_ep, 0, sizeof(second_ep)); int ret = -1; (void) tls_version; @@ -2935,8 +2938,6 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int #endif MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); - mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, NULL, NULL, NULL); @@ -3587,6 +3588,8 @@ void force_bad_session_id_len() enum { BUFFSIZE = 1024 }; mbedtls_test_handshake_test_options options; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; mbedtls_test_message_socket_context server_context, client_context; @@ -3597,9 +3600,6 @@ void force_bad_session_id_len() options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); MD_OR_USE_PSA_INIT(); @@ -3782,6 +3782,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_psa_stats_t stats; size_t free_slots_before = -1; mbedtls_test_handshake_test_options client_options, server_options; @@ -3791,8 +3793,6 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the @@ -3856,6 +3856,8 @@ void tls13_server_certificate_msg_invalid_vector_len() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); unsigned char *buf, *end; size_t buf_len; int step = 0; @@ -3867,8 +3869,6 @@ void tls13_server_certificate_msg_invalid_vector_len() /* * Test set-up */ - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); MD_OR_USE_PSA_INIT(); @@ -4105,12 +4105,12 @@ void tls13_resume_session_with_ticket() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4190,6 +4190,8 @@ void tls13_read_early_data(int scenario) const char *early_data = "This is early data."; size_t early_data_len = strlen(early_data); mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4200,8 +4202,6 @@ void tls13_read_early_data(int scenario) MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4389,6 +4389,8 @@ void tls13_cli_early_data_state(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4399,8 +4401,6 @@ void tls13_cli_early_data_state(int scenario) }; uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4762,6 +4762,8 @@ void tls13_write_early_data(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4772,8 +4774,6 @@ void tls13_write_early_data(int scenario) }; int beyond_first_hello = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5111,6 +5111,8 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5120,8 +5122,6 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) uint32_t written_early_data_size = 0; uint32_t read_early_data_size = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5264,6 +5264,8 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5282,8 +5284,6 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in uint32_t written_early_data_size = 0; uint32_t max_early_data_size; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5709,6 +5709,8 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int uint8_t *key_buffer_server = NULL; uint8_t *key_buffer_client = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5754,6 +5756,8 @@ void ssl_tls_exporter_uses_label(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5793,6 +5797,8 @@ void ssl_tls_exporter_uses_context(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5833,6 +5839,8 @@ void ssl_tls13_exporter_uses_length(void) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5876,6 +5884,8 @@ void ssl_tls_exporter_rejects_bad_parameters( char *label = NULL; uint8_t *context = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; TEST_ASSERT(exported_key_length > 0); @@ -5914,6 +5924,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) int ret = -1; mbedtls_test_ssl_endpoint server_ep, client_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); From 3388c4acee780726dd3c5c5aabebc9c96bcf8cc1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Jun 2025 15:56:59 +0200 Subject: [PATCH 0538/1080] library: debug: add support for RSA keys in PSA friendly format Signed-off-by: Valerio Setti --- library/debug.c | 109 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 98 insertions(+), 11 deletions(-) diff --git a/library/debug.c b/library/debug.c index 5210f0c684..fc2f089cbe 100644 --- a/library/debug.c +++ b/library/debug.c @@ -220,20 +220,20 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t len) { char str[DEBUG_BUF_SIZE]; - size_t i, idx = 0; + size_t i, len_bytes = PSA_BITS_TO_BYTES(len), idx = 0; mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", - text, (unsigned int) len * 8); + text, (unsigned int) len); debug_send_line(ssl, level, file, line, str); - for (i = 0; i < len; i++) { + for (i = 0; i < len_bytes; i++) { if (i >= 4096) { break; } @@ -251,16 +251,14 @@ static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int lev (unsigned int) buf[i]); } - if (len > 0) { - for (/* i = i */; i % 16 != 0; i++) { - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); - } - + if (len_bytes > 0) { mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); debug_send_line(ssl, level, file, line, str); } } +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) @@ -283,15 +281,99 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level /* X coordinate */ coord_start = pk->pub_raw + 1; mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); /* Y coordinate */ coord_start = coord_start + coord_len; mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names +static size_t debug_count_valid_bits(unsigned char **buf, size_t len) +{ + size_t i, bits; + + /* Ignore initial null bytes (if any). */ + while ((len > 0) && (**buf == 0x00)) { + (*buf)++; + len--; + } + + if (len == 0) { + return 0; + } + + bits = len * 8; + + /* Ignore initial null bits (if any). */ + for (i = 7; i > 0; i--) { + if ((**buf & (0x1 << i)) != 0) { + break; + } + bits--; + } + + return bits; +} + +static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_pk_context *pk) +{ + char str[DEBUG_BUF_SIZE]; + unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names + unsigned char *start_cur; + unsigned char *end_cur; + size_t len, bits; + int ret; + + if (pk->pub_raw_len > sizeof(key_der)) { + return; + } + + memcpy(key_der, pk->pub_raw, pk->pub_raw_len); + start_cur = key_der; + end_cur = key_der + pk->pub_raw_len; + + ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, + MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); + if (ret != 0) { + return; + } + + ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); + if (ret != 0) { + return; + } + + bits = debug_count_valid_bits(&start_cur, len); + if (bits == 0) { + return; + } + len = PSA_BITS_TO_BYTES(bits); + + mbedtls_snprintf(str, sizeof(str), "%s.N", text); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); + + start_cur += len; + + ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); + if (ret != 0) { + return; + } + + bits = debug_count_valid_bits(&start_cur, len); + if (bits == 0) { + return; + } + + mbedtls_snprintf(str, sizeof(str), "%s.E", text); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); +} +#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names + static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) @@ -321,6 +403,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names + if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { //no-check-names + mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); + } else +#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); From 11345e9de3b17ff3001770f2994dc16f276f13b3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Jun 2025 13:39:44 +0200 Subject: [PATCH 0539/1080] tests: x509parse: fix return values for invalid RSA keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 4 +-- tests/suites/test_suite_x509parse.function | 33 +++++++++++++++------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c7c465b7e6..c0850b6db7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1770,11 +1770,11 @@ x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 09b248e8fe..8f0da5a9cb 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1118,17 +1118,29 @@ exit: void x509parse_crt(data_t *buf, char *result_str, int result) { mbedtls_x509_crt crt; -#if !defined(MBEDTLS_X509_REMOVE_INFO) + #if !defined(MBEDTLS_X509_REMOVE_INFO) unsigned char output[2000] = { 0 }; - int res; -#else + #else ((void) result_str); -#endif + #endif + /* Pick an error which is not used in the test_suite_x509parse.data file. */ + int result_ext = MBEDTLS_ERR_ERROR_GENERIC_ERROR; + int res; + +#if !defined(MBEDTLS_PK_USE_PSA_RSA_DATA) + /* Support for mbedtls#10213 before psa#308. Once psa#308 will be + * merged this dirty fix can be removed. */ + if (result == MBEDTLS_ERR_PK_INVALID_PUBKEY) { + result_ext = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + } +#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result); + res = mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len); + fprintf(stderr, "\n res=%d, result=%d, result_ext=%d \n", res, result, result_ext); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1143,7 +1155,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result); + res = mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { memset(output, 0, 2000); @@ -1161,8 +1174,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL), - result); + res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1178,8 +1191,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL), - result); + res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); From 2747ac1e70525099d2a549a00f449fa40875c75b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Jun 2025 13:42:58 +0200 Subject: [PATCH 0540/1080] tests: x509parse: fix RSA key in DER certificates The previous key was not correct so it could not be imported into PSA for validation inside the PK module. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 434 ++++++++++++------------- 1 file changed, 217 insertions(+), 217 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c0850b6db7..c2a7f30fd9 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1330,15 +1330,15 @@ x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 4) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, valid version tag + length, version number overflow) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, serial missing) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C @@ -1370,47 +1370,47 @@ x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b05000 X509 CRT ASN1 (TBS, inv AlgID, OID missing) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff3000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201033000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, OID empty) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) +x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, OID unknown) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) +x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, param length mismatch) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv AlgID, params present but empty) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_X509_RSASSA_PSS_SUPPORT -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, Issuer missing) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C @@ -1434,83 +1434,83 @@ x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b050030013 X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDN empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, Validity missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1534,63 +1534,63 @@ x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv Validity, notBefore missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Validity, notBefore no length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notBefore invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notAfter missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Validity, notAfter length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notAfter invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter') depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, Subject missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1614,79 +1614,79 @@ x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv Subject, RDN inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, RDN empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds ) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, SubPubKeyInfo missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1730,11 +1730,11 @@ x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d30000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010100050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010005000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1795,263 +1795,263 @@ x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b05003 # and hence we obtain an INVALID_TAG error during extension parsing. X509 CRT ASN1 (TBS, inv IssuerID, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201030500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv IssuerID, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, outer length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, outer length 0) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, inner length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, no extnValue) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, critical length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, critical length 0) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, critical length 2) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 @@ -2063,199 +2063,199 @@ mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, data remaining after name SEQUENCE) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, name component length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, name component inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, name component length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, name component unexpected tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName component empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName invalid OID tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName EXPLICIT tag missing depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected EXPLICIT tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inv outer length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length 0) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner tag invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected OID tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID no length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data invalid tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #1) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #2) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #3) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS +x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage repeated) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS +x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT (TBS, valid v3Ext in v3 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 @@ -2263,117 +2263,117 @@ x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303 X509 CRT ASN1 (SignatureAlgorithm missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, bad tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (inv SignatureAlgorithm, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 CRT ASN1 (Signature missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, bad tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (inv Signature, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (inv Signature, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, inv data #1) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string with invalid encoding (missing number of unused bits) -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (inv Signature, inv data #2) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string with invalid encoding (number of unused bits too large) -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) +x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (empty Signature) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = empty bit string in DER encoding -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 +x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 X509 CRT ASN1 (dummy 24-bit Signature) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string "011001100110111101101111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 +x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 # The ASN.1 module rejects non-octet-aligned bit strings. X509 CRT ASN1 (inv Signature: not octet-aligned) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string "01100110011011110110111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) +x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (inv Signature, length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (well-formed) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (GeneralizedTime in notBefore, UTCTime in notAfter) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (UTCTime in notBefore, GeneralizedTime in notAfter) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 CN) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 C) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 L) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 ST) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 O) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 OU) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with unknown X520 part) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with composite RDN) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 @@ -2381,11 +2381,11 @@ x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d0101050 X509 CRT ASN1 (Name with PKCS9 email) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with unknown PKCS9 part) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (ECDSA signature, RSA key) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA @@ -2421,19 +2421,19 @@ x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516 X509 CRT ASN1 (Unsupported critical policy recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRT ASN1 (Unsupported critical policy not recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE X509 CRT ASN1 (Unsupported non critical policy recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 6676f72a5f69b3a6abe6092b0d148c1c7df5862a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:05:34 +0200 Subject: [PATCH 0541/1080] library: debug: rename mbedtls_debug_print_ec_coord() Signed-off-by: Valerio Setti --- library/debug.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/debug.c b/library/debug.c index fc2f089cbe..3b58b593bf 100644 --- a/library/debug.c +++ b/library/debug.c @@ -221,9 +221,9 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names -static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len) +static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len) { char str[DEBUG_BUF_SIZE]; size_t i, len_bytes = PSA_BITS_TO_BYTES(len), idx = 0; @@ -281,12 +281,12 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level /* X coordinate */ coord_start = pk->pub_raw + 1; mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); + mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); /* Y coordinate */ coord_start = coord_start + coord_len; mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); + mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ @@ -355,7 +355,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve len = PSA_BITS_TO_BYTES(bits); mbedtls_snprintf(str, sizeof(str), "%s.N", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); + mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); start_cur += len; @@ -370,7 +370,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve } mbedtls_snprintf(str, sizeof(str), "%s.E", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); + mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); } #endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names From 1e4423bcfaa0e7b3b983f460c9644260c73872ae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:16:09 +0200 Subject: [PATCH 0542/1080] library: debug: add comment for follow-up in mbedtls_debug_print_psa_rsa() Signed-off-by: Valerio Setti --- library/debug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/debug.c b/library/debug.c index 3b58b593bf..71872fd3b9 100644 --- a/library/debug.c +++ b/library/debug.c @@ -337,6 +337,8 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve start_cur = key_der; end_cur = key_der + pk->pub_raw_len; + /* This integer parsing solution should be replaced with mbedtls_asn1_get_integer(). + * See #10238. */ ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); if (ret != 0) { From 210b61111bcaa92406a9e59504472a81bdcc2dde Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:19:05 +0200 Subject: [PATCH 0543/1080] tests: suite_x509parse: fix indentation in x509parse_crt() Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 8f0da5a9cb..3220a6eb9e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1118,11 +1118,11 @@ exit: void x509parse_crt(data_t *buf, char *result_str, int result) { mbedtls_x509_crt crt; - #if !defined(MBEDTLS_X509_REMOVE_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) unsigned char output[2000] = { 0 }; - #else +#else ((void) result_str); - #endif +#endif /* Pick an error which is not used in the test_suite_x509parse.data file. */ int result_ext = MBEDTLS_ERR_ERROR_GENERIC_ERROR; int res; From 27eb0141b9493f89b8dbd71d6a2fecd331a77b7e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:40:18 +0200 Subject: [PATCH 0544/1080] tests: suite_x509parse: rename variable in x509parse_crt() - rename result_ext to result_back_comp - add a comment to describe its purpose Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 3220a6eb9e..4f0605cd1c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1123,15 +1123,18 @@ void x509parse_crt(data_t *buf, char *result_str, int result) #else ((void) result_str); #endif - /* Pick an error which is not used in the test_suite_x509parse.data file. */ - int result_ext = MBEDTLS_ERR_ERROR_GENERIC_ERROR; + /* Tests whose result is MBEDTLS_ERR_PK_INVALID_PUBKEY might return + * MBEDTLS_ERR_ASN1_UNEXPECTED_TAG until psa#308 is merged. This variable + * is therefore used for backward compatiblity and will be removed in + * mbedtls#10229. */ + int result_back_comp = result; int res; #if !defined(MBEDTLS_PK_USE_PSA_RSA_DATA) /* Support for mbedtls#10213 before psa#308. Once psa#308 will be * merged this dirty fix can be removed. */ if (result == MBEDTLS_ERR_PK_INVALID_PUBKEY) { - result_ext = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + result_back_comp = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; } #endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ @@ -1139,8 +1142,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) USE_PSA_INIT(); res = mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len); - fprintf(stderr, "\n res=%d, result=%d, result_ext=%d \n", res, result, result_ext); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1156,7 +1158,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); res = mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { memset(output, 0, 2000); @@ -1175,7 +1177,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1192,7 +1194,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); From a18627a6257b7d6cd1be71b9e3863133245ae882 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:50:05 +0200 Subject: [PATCH 0545/1080] library: debug: add comment to explain no-code-check comments Signed-off-by: Valerio Setti --- library/debug.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/debug.c b/library/debug.c index 71872fd3b9..e17f7e01eb 100644 --- a/library/debug.c +++ b/library/debug.c @@ -220,6 +220,7 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) +/* no-check-names will be removed in mbedtls#10229. */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, @@ -256,6 +257,7 @@ static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int leve debug_send_line(ssl, level, file, line, str); } } +/* no-check-names will be removed in mbedtls#10229. */ #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) @@ -290,6 +292,7 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +/* no-check-names will be removed in mbedtls#10229. */ #if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static size_t debug_count_valid_bits(unsigned char **buf, size_t len) { @@ -323,6 +326,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve const char *text, const mbedtls_pk_context *pk) { char str[DEBUG_BUF_SIZE]; + /* no-check-names will be removed in mbedtls#10229. */ unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names unsigned char *start_cur; unsigned char *end_cur; @@ -374,6 +378,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve mbedtls_snprintf(str, sizeof(str), "%s.E", text); mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); } +/* no-check-names will be removed in mbedtls#10229. */ #endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, @@ -405,6 +410,7 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ +/* no-check-names will be removed in mbedtls#10229. */ #if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { //no-check-names mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); From 0c92466bb04432585e564da5ff7a26c0879a2558 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:53:55 +0200 Subject: [PATCH 0546/1080] library: debug: rename len as bitlen in mbedtls_debug_print_integer() Signed-off-by: Valerio Setti --- library/debug.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index e17f7e01eb..9ded720749 100644 --- a/library/debug.c +++ b/library/debug.c @@ -224,13 +224,13 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, - const unsigned char *buf, size_t len) + const unsigned char *buf, size_t bitlen) { char str[DEBUG_BUF_SIZE]; - size_t i, len_bytes = PSA_BITS_TO_BYTES(len), idx = 0; + size_t i, len_bytes = PSA_BITS_TO_BYTES(bitlen), idx = 0; mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", - text, (unsigned int) len); + text, (unsigned int) bitlen); debug_send_line(ssl, level, file, line, str); From 069617fdcecf472ea60526c263100248cf2e3036 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:56:09 +0200 Subject: [PATCH 0547/1080] library: debug: improve input param check in mbedtls_debug_print_psa_rsa() Signed-off-by: Valerio Setti --- library/debug.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/debug.c b/library/debug.c index 9ded720749..20ef3fd879 100644 --- a/library/debug.c +++ b/library/debug.c @@ -333,6 +333,13 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve size_t len, bits; int ret; + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + level > debug_threshold) { + return; + } + if (pk->pub_raw_len > sizeof(key_der)) { return; } From e0fb40e6fb75547dfe62f818ed64206299d0d234 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 20 Jun 2025 00:08:42 +0200 Subject: [PATCH 0548/1080] library: debug: add error log message in mbedtls_debug_print_psa_rsa() Signed-off-by: Valerio Setti --- library/debug.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/debug.c b/library/debug.c index 20ef3fd879..94b1c2778f 100644 --- a/library/debug.c +++ b/library/debug.c @@ -341,6 +341,10 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve } if (pk->pub_raw_len > sizeof(key_der)) { + snprintf(str, sizeof(str), + "RSA public key too large: %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, + pk->pub_raw_len, sizeof(key_der)); + debug_send_line(ssl, level, file, line, str); return; } From abfa8acb39bc9d76c7b71239d52c8d8020845937 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 09:26:16 +0200 Subject: [PATCH 0549/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2a3e2c5ea0..893ad9e845 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2a3e2c5ea053c14b745dbdf41f609b1edc6a72fa +Subproject commit 893ad9e8450a8e7459679d952abd5d6df26c41c4 From 2c77014bc0a3e4d9381eb9a4b2371e331dc79470 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:39:10 +0200 Subject: [PATCH 0550/1080] Copy of text about private identifiers from crypto Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/private-decls.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 docs/4.0-migration-guide/private-decls.md diff --git a/docs/4.0-migration-guide/private-decls.md b/docs/4.0-migration-guide/private-decls.md new file mode 100644 index 0000000000..6ca097af3a --- /dev/null +++ b/docs/4.0-migration-guide/private-decls.md @@ -0,0 +1,14 @@ +## Private declarations + +Sample programs have not been fully updated yet and some of them might still +use APIs that are no longer public. You can recognize them by the fact that they +define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or +`MBEDTLS_ALLOW_PRIVATE_ACCESS`) at the very top (before including headers). When +you see one of these two macros in a sample program, be aware it has not been +updated and parts of it do not demonstrate current practice. + +We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or +`MBEDTLS_ALLOW_PRIVATE_ACCESS` in your own application. If you do so, your code +may not compile or work with future minor releases. If there's something you +want to do that you feel can only be achieved by using one of these two macros, +please reach out on github or the mailing list. From c10c233676b18a9bdc9452cfff7920bf48fdf0d1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:39:35 +0200 Subject: [PATCH 0551/1080] Migration guide: more info about private elements in public headers Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/private-decls.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/4.0-migration-guide/private-decls.md b/docs/4.0-migration-guide/private-decls.md index 6ca097af3a..ff974746c5 100644 --- a/docs/4.0-migration-guide/private-decls.md +++ b/docs/4.0-migration-guide/private-decls.md @@ -1,5 +1,24 @@ ## Private declarations +Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. + +### Understanding private declarations in public headers + +In Mbed TLS 4.x, private elements in header files include: + +* Anything appearing in a header file whose path contains `/private` (unless re-exported and documented in another non-private header). +* Structure and union fields declared with `MBEDTLS_PRIVATE(field_name)` in the source code, and appearing as `private_field_name` in the rendered documentation. (This was already the case since Mbed TLS 3.0.) +* Any preprocessor macro that is not documented with a Doxygen comment. + In the source code, Doxygen comments start with `/**` or `/*!`. If a macro only has a comment above that starts with `/*`, the macro is considered private. + In the rendered documentation, private macros appear with only an automatically rendered parameter list, value and location, but no custom text. +* Any declaration that is guarded by the preprocessor macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`. + +### Usage of private declarations + +Some private declarations are present in public headers for technical reasons, because they need to be visible to the compiler. Others are present for historical reasons and may be cleaned up in later versions of the library. We strongly recommend against relying on these declarations, since they may be removed or may have their semantics changed without notice. + +Note that Mbed TLS 4.0 still relies on some private interfaces of TF-PSA-Crypto 1.0. We expect to remove this reliance gradually in future minor releases. + Sample programs have not been fully updated yet and some of them might still use APIs that are no longer public. You can recognize them by the fact that they define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or From 042ee3b3185e1ab0715a785d0206a56efebde74b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:18:47 +0200 Subject: [PATCH 0552/1080] Fix accidentally skipped test assertion Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4567dbdadb..a6f368520b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5939,7 +5939,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) } else { ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state); } - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE); + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + TEST_EQUAL(ret, 0); + } char label[] = "test-label"; uint8_t key_buffer[24] = { 0 }; From 0038408f55286ba5436f42523bd235bccfbf0d31 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:26:35 +0200 Subject: [PATCH 0553/1080] Properly initialize SSL endpoint objects In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed early, e.g. due to `psa_crypto_init()` failing. This was largely harmless, but could have caused weird test results in case of failure, and was flagged by Coverity. Use a more systematic style for initializing the stack object as soon as it's declared. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 54 +++++++++++++++++----------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a6f368520b..58212bad9c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2879,6 +2879,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint ep; + memset(&ep, 0, sizeof(ep)); int ret = -1; mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); @@ -2910,6 +2911,8 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint base_ep, second_ep; + memset(&base_ep, 0, sizeof(base_ep)); + memset(&second_ep, 0, sizeof(second_ep)); int ret = -1; (void) tls_version; @@ -2935,8 +2938,6 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int #endif MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); - mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, NULL, NULL, NULL); @@ -3587,6 +3588,8 @@ void force_bad_session_id_len() enum { BUFFSIZE = 1024 }; mbedtls_test_handshake_test_options options; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; mbedtls_test_message_socket_context server_context, client_context; @@ -3597,9 +3600,6 @@ void force_bad_session_id_len() options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); MD_OR_USE_PSA_INIT(); @@ -3782,6 +3782,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_psa_stats_t stats; size_t free_slots_before = -1; mbedtls_test_handshake_test_options client_options, server_options; @@ -3791,8 +3793,6 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the @@ -3856,6 +3856,8 @@ void tls13_server_certificate_msg_invalid_vector_len() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); unsigned char *buf, *end; size_t buf_len; int step = 0; @@ -3867,8 +3869,6 @@ void tls13_server_certificate_msg_invalid_vector_len() /* * Test set-up */ - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); MD_OR_USE_PSA_INIT(); @@ -4105,12 +4105,12 @@ void tls13_resume_session_with_ticket() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4190,6 +4190,8 @@ void tls13_read_early_data(int scenario) const char *early_data = "This is early data."; size_t early_data_len = strlen(early_data); mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4200,8 +4202,6 @@ void tls13_read_early_data(int scenario) MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4389,6 +4389,8 @@ void tls13_cli_early_data_state(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4399,8 +4401,6 @@ void tls13_cli_early_data_state(int scenario) }; uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4762,6 +4762,8 @@ void tls13_write_early_data(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4772,8 +4774,6 @@ void tls13_write_early_data(int scenario) }; int beyond_first_hello = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5111,6 +5111,8 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5120,8 +5122,6 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) uint32_t written_early_data_size = 0; uint32_t read_early_data_size = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5264,6 +5264,8 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5282,8 +5284,6 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in uint32_t written_early_data_size = 0; uint32_t max_early_data_size; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5709,6 +5709,8 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int uint8_t *key_buffer_server = NULL; uint8_t *key_buffer_client = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5754,6 +5756,8 @@ void ssl_tls_exporter_uses_label(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5793,6 +5797,8 @@ void ssl_tls_exporter_uses_context(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5833,6 +5839,8 @@ void ssl_tls13_exporter_uses_length(void) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5876,6 +5884,8 @@ void ssl_tls_exporter_rejects_bad_parameters( char *label = NULL; uint8_t *context = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; TEST_ASSERT(exported_key_length > 0); @@ -5914,6 +5924,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) int ret = -1; mbedtls_test_ssl_endpoint server_ep, client_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); From 42bfc164a254a5b658e76daddf04573ef80a487e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 27 Jun 2025 11:00:26 +0100 Subject: [PATCH 0554/1080] Updated tf-psa-crypto pointer (tf-psa-crypto-1.0.0-beta) Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5ff707caa3..0cc63061c6 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5ff707caa307bf738128030bfe7d014b65b7eb3e +Subproject commit 0cc63061c6bfc141d64ec8ba562b4c7bca842a6c From 09dc57d323168b2f64ea01a8affc89d2a23fdb08 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 27 Jun 2025 09:29:32 +0100 Subject: [PATCH 0555/1080] Version Bump Signed-off-by: Minos Galanakis --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- library/CMakeLists.txt | 2 +- library/Makefile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index fb4439adc4..2f79b571ba 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v4.0.0 API Documentation + * @mainpage Mbed TLS v4.0.0-beta API Documentation * * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cc2c51eba7..04a4f170d0 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v4.0.0" +PROJECT_NAME = "Mbed TLS v4.0.0-beta" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f896850f23..451dbfdb7c 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -171,7 +171,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedx509_target} SHARED ${src_x509}) set_base_compile_options(${mbedx509_target}) target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 8) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) diff --git a/library/Makefile b/library/Makefile index 2f695c696b..a880f26171 100644 --- a/library/Makefile +++ b/library/Makefile @@ -82,7 +82,7 @@ endif endif SOEXT_TLS?=so.21 -SOEXT_X509?=so.7 +SOEXT_X509?=so.8 SOEXT_CRYPTO?=so.16 # Set AR_DASH= (empty string) to use an ar implementation that does not accept From 8bccf16218fafc0491e1ee113f948fbfe8a2f082 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Jun 2025 15:23:39 +0100 Subject: [PATCH 0556/1080] Assemble ChangeLog Signed-off-by: Minos Galanakis --- ChangeLog | 325 ++++++++++++++++++ ChangeLog.d/9126.txt | 5 - ChangeLog.d/9302.txt | 6 - ChangeLog.d/9684.txt | 2 - ChangeLog.d/9685.txt | 2 - ChangeLog.d/9690.txt | 8 - ChangeLog.d/9874.txt | 5 - ChangeLog.d/9892.txt | 4 - ChangeLog.d/9956.txt | 6 - ChangeLog.d/9964.txt | 25 -- ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 4 - ChangeLog.d/add-psa-iop-generate-key.txt | 3 - ChangeLog.d/add-psa-iop-key-agreement.txt | 4 - ChangeLog.d/add-psa-key-agreement.txt | 3 - ChangeLog.d/add-tls-exporter.txt | 6 - ChangeLog.d/asn1-missing-guard-in-rsa.txt | 3 - ChangeLog.d/check-config.txt | 9 - ChangeLog.d/configuration-split.txt | 16 - ChangeLog.d/dynamic-keystore.txt | 10 - ChangeLog.d/ecdsa-conversion-overflow.txt | 6 - ChangeLog.d/error-unification.txt | 11 - ChangeLog.d/fix-aesni-asm-clobbers.txt | 5 - .../fix-clang-psa-build-without-dhm.txt | 3 - ...ion-when-memcpy-is-function-like-macro.txt | 2 - ChangeLog.d/fix-compilation-with-djgpp.txt | 2 - ...concurrently-loading-non-existent-keys.txt | 4 - ChangeLog.d/fix-driver-schema-check.txt | 3 - ChangeLog.d/fix-legacy-compression-issue.txt | 6 - .../fix-msvc-version-guard-format-zu.txt | 5 - ChangeLog.d/fix-psa-cmac.txt | 4 - ...nation_warning_messages_for_GNU_SOURCE.txt | 5 - .../fix-rsa-performance-regression.txt | 3 - .../fix-secure-element-key-creation.txt | 5 - ChangeLog.d/fix-server-mode-only-build.txt | 3 - .../fix-string-to-names-memory-management.txt | 18 - .../fix-string-to-names-store-named-data.txt | 8 - ChangeLog.d/fix-test-suite-pk-warnings.txt | 3 - .../fix_reporting_of_key_usage_issues.txt | 11 - ChangeLog.d/fix_ubsan_mp_aead_gcm.txt | 3 - ...tls_psa_ecp_generate_key-no_public_key.txt | 3 - ChangeLog.d/mbedtls_psa_register_se_key.txt | 3 - ...sa_rsa_load_representation-memory_leak.txt | 3 - ChangeLog.d/mbedtls_ssl_set_hostname.txt | 16 - ChangeLog.d/oid.txt | 8 - ChangeLog.d/pk-norsa-warning.txt | 2 - ChangeLog.d/psa-always-on.txt | 10 - ChangeLog.d/psa-crypto-config-always-on.txt | 7 - ...decrypt-ccm_star-iv_length_enforcement.txt | 3 - ChangeLog.d/psa_generate_key_custom.txt | 9 - ChangeLog.d/psa_util-bits-0.txt | 3 - .../psa_util_in_builds_without_psa.txt | 5 - ChangeLog.d/removal-of-rng.txt | 5 - ChangeLog.d/remove-compat-2.x.txt | 2 - ChangeLog.d/remove-crypto-alt-interface.txt | 5 - ChangeLog.d/remove-via-padlock-support.txt | 3 - ChangeLog.d/remove_RSA_key_exchange.txt | 2 - .../replace-close-with-mbedtls_net_close.txt | 4 - ChangeLog.d/repo-split.txt | 5 - ChangeLog.d/rm-ssl-conf-curves.txt | 4 - ...ring-conversions-out-of-the-oid-module.txt | 4 - ChangeLog.d/tls-hs-defrag-in.txt | 7 - ChangeLog.d/tls-key-exchange-rsa.txt | 2 - ChangeLog.d/tls12-check-finished-calc.txt | 6 - ChangeLog.d/tls13-cert-regressions.txt | 18 - .../tls13-middlebox-compat-disabled.txt | 4 - ChangeLog.d/tls13-without-tickets.txt | 3 - .../unterminated-string-initialization.txt | 3 - 67 files changed, 325 insertions(+), 380 deletions(-) delete mode 100644 ChangeLog.d/9126.txt delete mode 100644 ChangeLog.d/9302.txt delete mode 100644 ChangeLog.d/9684.txt delete mode 100644 ChangeLog.d/9685.txt delete mode 100644 ChangeLog.d/9690.txt delete mode 100644 ChangeLog.d/9874.txt delete mode 100644 ChangeLog.d/9892.txt delete mode 100644 ChangeLog.d/9956.txt delete mode 100644 ChangeLog.d/9964.txt delete mode 100644 ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt delete mode 100644 ChangeLog.d/add-psa-iop-generate-key.txt delete mode 100644 ChangeLog.d/add-psa-iop-key-agreement.txt delete mode 100644 ChangeLog.d/add-psa-key-agreement.txt delete mode 100644 ChangeLog.d/add-tls-exporter.txt delete mode 100644 ChangeLog.d/asn1-missing-guard-in-rsa.txt delete mode 100644 ChangeLog.d/check-config.txt delete mode 100644 ChangeLog.d/configuration-split.txt delete mode 100644 ChangeLog.d/dynamic-keystore.txt delete mode 100644 ChangeLog.d/ecdsa-conversion-overflow.txt delete mode 100644 ChangeLog.d/error-unification.txt delete mode 100644 ChangeLog.d/fix-aesni-asm-clobbers.txt delete mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt delete mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt delete mode 100644 ChangeLog.d/fix-compilation-with-djgpp.txt delete mode 100644 ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt delete mode 100644 ChangeLog.d/fix-driver-schema-check.txt delete mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt delete mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt delete mode 100644 ChangeLog.d/fix-psa-cmac.txt delete mode 100644 ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt delete mode 100644 ChangeLog.d/fix-rsa-performance-regression.txt delete mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt delete mode 100644 ChangeLog.d/fix-server-mode-only-build.txt delete mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt delete mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt delete mode 100644 ChangeLog.d/fix-test-suite-pk-warnings.txt delete mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt delete mode 100644 ChangeLog.d/fix_ubsan_mp_aead_gcm.txt delete mode 100644 ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt delete mode 100644 ChangeLog.d/mbedtls_psa_register_se_key.txt delete mode 100644 ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt delete mode 100644 ChangeLog.d/oid.txt delete mode 100644 ChangeLog.d/pk-norsa-warning.txt delete mode 100644 ChangeLog.d/psa-always-on.txt delete mode 100644 ChangeLog.d/psa-crypto-config-always-on.txt delete mode 100644 ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt delete mode 100644 ChangeLog.d/psa_generate_key_custom.txt delete mode 100644 ChangeLog.d/psa_util-bits-0.txt delete mode 100644 ChangeLog.d/psa_util_in_builds_without_psa.txt delete mode 100644 ChangeLog.d/removal-of-rng.txt delete mode 100644 ChangeLog.d/remove-compat-2.x.txt delete mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt delete mode 100644 ChangeLog.d/remove-via-padlock-support.txt delete mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt delete mode 100644 ChangeLog.d/replace-close-with-mbedtls_net_close.txt delete mode 100644 ChangeLog.d/repo-split.txt delete mode 100644 ChangeLog.d/rm-ssl-conf-curves.txt delete mode 100644 ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt delete mode 100644 ChangeLog.d/tls-hs-defrag-in.txt delete mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt delete mode 100644 ChangeLog.d/tls12-check-finished-calc.txt delete mode 100644 ChangeLog.d/tls13-cert-regressions.txt delete mode 100644 ChangeLog.d/tls13-middlebox-compat-disabled.txt delete mode 100644 ChangeLog.d/tls13-without-tickets.txt delete mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog b/ChangeLog index 1c48958e39..7de639e45a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,330 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 4.0.0-beta branch released 2025-07-04 + +API changes + * The experimental functions psa_generate_key_ext() and + psa_key_derivation_output_key_ext() have been replaced by + psa_generate_key_custom() and psa_key_derivation_output_key_custom(). + They have almost exactly the same interface, but the variable-length + data is passed in a separate parameter instead of a flexible array + member. This resolves a build failure under C++ compilers that do not + support flexible array members (a C99 feature not adopted by C++). + Fixes #9020. + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. + * All API functions now use the PSA random generator psa_get_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + tf-psa-crypto/docs/4.0-migration-guide.md. + +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126. + * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem + to perform cryptographic operations, with a few exceptions documented + in docs/architecture/psa-migration/psa-limitations.md. This + corresponds to the behavior of Mbed TLS 3.x when + MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO + is now always enabled. + * psa_crypto_init() must be called before performing any cryptographic + operation, including indirect requests such as parsing a key or + certificate or starting a TLS handshake. + * The `PSA_WANT_XXX` symbols as defined in + tf-psa-crypto/include/psa/crypto_config.h are now always used in the + configuration of the cryptographic mechanisms exposed by the PSA API. + This corresponds to the configuration behavior of Mbed TLS 3.x when + MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG + is now always enabled and the configuration option has been removed. + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Removals + * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. + Fixes #5903. + * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options + at the module and function level for crypto mechanisms only. The remaining + alt interfaces for platform, threading and timing are unchanged. + Fixes #8149. + * Remove support for the RSA-PSK key exchange in TLS 1.2. + * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was + already deprecated and superseeded by + mbedtls_x509write_crt_set_serial_raw(). + * Remove the function mbedtls_ssl_conf_curves() which had been deprecated + in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. + * Remove support for the DHE-PSK key exchange in TLS 1.2. + * Remove support for the DHE-RSA key exchange in TLS 1.2. + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen + * Remove support for the RSA key exchange in TLS 1.2. + * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). + * Removal of the following sample programs: + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c + * Remove compat-2-x.h header from mbedtls. + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. + +Features + * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, + the number of volatile PSA keys is virtually unlimited, at the expense + of increased code size. This option is off by default, but enabled in + the default mbedtls_config.h. Fixes #9216. + * Add a new psa_key_agreement() PSA API to perform key agreement and return + an identifier for the newly created key. + * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which + uses static storage for keys, enabling malloc-less use of key slots. + The size of each buffer is given by the option + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the + largest PSA key enabled in the build. + * Add an interruptible version of key agreement to the PSA interface. + See psa_key_agreement_iop_setup() and related functions. + * Add an interruptible version of generate key to the PSA interface. + See psa_generate_key_iop_setup() and related functions. + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. + +Security + * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does + not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when + MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. + CVE-2024-45157 + * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and + mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the + largest supported curve. In some configurations with PSA disabled, + all values of bits are affected. This never happens in internal library + calls, but can affect applications that call these functions directly. + CVE-2024-45158 + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert). + CVE-2024-45159 + * Fix a buffer underrun in mbedtls_pk_write_key_der() when + called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, + and the output buffer is smaller than the actual output. + Fix a related buffer underrun in mbedtls_pk_write_key_pem() + when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled + and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. + CVE-2024-49195 + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. + CVE-2025-27809 + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-47917 + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 + +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. + * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled + as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. + * Fix undefined behaviour (incrementing a NULL pointer by zero length) when + passing in zero length additional data to multipart AEAD. + * Fix rare concurrent access bug where attempting to operate on a + non-existent key while concurrently creating a new key could potentially + corrupt the key store. + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537. + * Fix issue of redefinition warning messages for _GNU_SOURCE in + entropy_poll.c and sha_256.c. There was a build warning during + building for linux platform. + Resolves #9026 + * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. + * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in + CMAC is enabled, but no built-in unauthenticated cipher is enabled. + Fixes #9209. + * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. + Fixes #9029. + * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes + long. Credit to Cryptofuzz. Fixes #9314. + * Fix interference between PSA volatile keys and built-in keys + when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and + MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. + * Document and enforce the limitation of mbedtls_psa_register_se_key() + to persistent keys. Resolves #9253. + * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled + but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. + * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, + some code was defining 0-size arrays, resulting in compilation errors. + Fixed by disabling the offending code in configurations without PSA + Crypto, where it never worked. Fixes #9311. + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. + fixes #8995, #9243. + * Fix a memory leak that could occur when failing to process an RSA + key through some PSA functions due to low memory conditions. + * Fixed a regression introduced in 3.6.0 where the CA callback set with + mbedtls_ssl_conf_ca_cb() would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS + 1.3. + * Fixed a regression introduced in 3.6.0 where clients that relied on + optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() + with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop + working when connections were upgraded to TLS 1.3. Fixed by adding + support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 + standard makes server authentication mandatory; users are advised not to + use authmode none, and to carefully check the results when using optional + mode. + * Fixed a regression introduced in 3.6.0 where context-specific certificate + verify callbacks, set with mbedtls_ssl_set_verify() as opposed to + mbedtls_ssl_conf_verify(), would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for context-specific verify + callback in TLS 1.3. + * Fix unintended performance regression when using short RSA public keys. + Fixes #9232. + * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with + peers that have middlebox compatibility enabled, as long as no + problematic middlebox is in the way. Fixes #9551. + * Fix invalid JSON schemas for driver descriptions used by + generate_driver_wrappers.py. + * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' + and 'mbedtls_net_connect' to prevent possible double close fd + problems. Fixes #9711. + * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or + mbedtls_psa_der_to_raw() is called with bits=0. + * Fix compilation on MS-DOS DJGPP. Fixes #9813. + * Fix missing constraints on the AES-NI inline assembly which is used on + GCC-like compilers when building AES for generic x86_64 targets. This + may have resulted in incorrect code with some compilers, depending on + optimizations. Fixes #9819. + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_handshake() for details. + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013 or MinGW. + Fixes #10017. + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. + +Changes + * Warn if mbedtls/check_config.h is included manually, as this can + lead to spurious errors. Error if a *adjust*.h header is included + manually, as this can lead to silently inconsistent configurations, + potentially resulting in buffer overflows. + When migrating from Mbed TLS 2.x, if you had a custom config.h that + included check_config.h, remove this inclusion from the Mbed TLS 3.x + configuration file (renamed to mbedtls_config.h). This change was made + in Mbed TLS 3.0, but was not announced in a changelog entry at the time. + * Functions regarding numeric string conversions for OIDs have been moved + from the OID module and now reside in X.509 module. This helps to reduce + the code size as these functions are not commonly used outside of X.509. + * Improve performance of PSA key generation with ECC keys: it no longer + computes the public key (which was immediately discarded). Fixes #9732. + * Cryptography and platform configuration options have been migrated + from the Mbed TLS library configuration file mbedtls_config.h to + crypto_config.h that will become the TF-PSA-Crypto configuration file, + see config-split.md for more information. The reference and test custom + configuration files respectively in configs/ and tests/configs/ have + been updated accordingly. + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them + to the PSA configuration scheme based on PSA_WANT_XXX symbols + (see psa-conditional-inclusion-c.md for more information). + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the + cryptographic and platform configuration options from mbedtls_config.h + to crypto_config.h (see config-split.md for more information and configs/ + for examples). + * Move the crypto part of the library (content of tf-psa-crypto directory) + from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and + tests development will now occur in TF-PSA-Crypto, which Mbed TLS + references as a Git submodule. + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This makes it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. + = Mbed TLS 3.6.0 branch released 2024-03-28 API changes diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt deleted file mode 100644 index 22939df86f..0000000000 --- a/ChangeLog.d/9126.txt +++ /dev/null @@ -1,5 +0,0 @@ -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt deleted file mode 100644 index d61ba19632..0000000000 --- a/ChangeLog.d/9302.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which - uses static storage for keys, enabling malloc-less use of key slots. - The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the - largest PSA key enabled in the build. diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt deleted file mode 100644 index 115ded87a0..0000000000 --- a/ChangeLog.d/9684.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt deleted file mode 100644 index 9820aff759..0000000000 --- a/ChangeLog.d/9685.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt deleted file mode 100644 index d00eb16bc9..0000000000 --- a/ChangeLog.d/9690.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a buffer underrun in mbedtls_pk_write_key_der() when - called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, - and the output buffer is smaller than the actual output. - Fix a related buffer underrun in mbedtls_pk_write_key_pem() - when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled - and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. - CVE-2024-49195 diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt deleted file mode 100644 index a4d2e032ee..0000000000 --- a/ChangeLog.d/9874.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to - specify the AEAD for ticket protection. diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt deleted file mode 100644 index 01d21b6e5f..0000000000 --- a/ChangeLog.d/9892.txt +++ /dev/null @@ -1,4 +0,0 @@ -Removals - * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by - mbedtls_x509write_crt_set_serial_raw(). diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt deleted file mode 100644 index cea4af1ec6..0000000000 --- a/ChangeLog.d/9956.txt +++ /dev/null @@ -1,6 +0,0 @@ -Removals - * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the - following SSL functions are removed: - - mbedtls_ssl_conf_dh_param_bin - - mbedtls_ssl_conf_dh_param_ctx - - mbedtls_ssl_conf_dhm_min_bitlen diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt deleted file mode 100644 index ca0cc4b48d..0000000000 --- a/ChangeLog.d/9964.txt +++ /dev/null @@ -1,25 +0,0 @@ -Removals - * Removal of the following sample programs: - pkey/rsa_genkey.c - pkey/pk_decrypt.c - pkey/dh_genprime.c - pkey/rsa_verify.c - pkey/mpi_demo.c - pkey/rsa_decrypt.c - pkey/key_app.c - pkey/dh_server.c - pkey/ecdh_curve25519.c - pkey/pk_encrypt.c - pkey/rsa_sign.c - pkey/key_app_writer.c - pkey/dh_client.c - pkey/ecdsa.c - pkey/rsa_encrypt.c - wince_main.c - aes/crypt_and_hash.c - random/gen_random_ctr_drbg.c - random/gen_entropy.c - hash/md_hmac_demo.c - hash/hello.c - hash/generic_sum.c - cipher/cipher_aead_demo.c diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt deleted file mode 100644 index 079cd741dc..0000000000 --- a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/add-psa-iop-generate-key.txt deleted file mode 100644 index 0f586ee197..0000000000 --- a/ChangeLog.d/add-psa-iop-generate-key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add an interruptible version of generate key to the PSA interface. - See psa_generate_key_iop_setup() and related functions. diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/add-psa-iop-key-agreement.txt deleted file mode 100644 index 92dfde1843..0000000000 --- a/ChangeLog.d/add-psa-iop-key-agreement.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add an interruptible version of key agreement to the PSA interface. - See psa_key_agreement_iop_setup() and related functions. - diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/add-psa-key-agreement.txt deleted file mode 100644 index 771e6e2602..0000000000 --- a/ChangeLog.d/add-psa-key-agreement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a new psa_key_agreement() PSA API to perform key agreement and return - an identifier for the newly created key. diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt deleted file mode 100644 index 1aea653e09..0000000000 --- a/ChangeLog.d/add-tls-exporter.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add the function mbedtls_ssl_export_keying_material() which allows the - client and server to extract additional shared symmetric keys from an SSL - session, according to the TLS-Exporter specification in RFC 8446 and 5705. - This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in - mbedtls_config.h. diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt deleted file mode 100644 index bb5b470881..0000000000 --- a/ChangeLog.d/asn1-missing-guard-in-rsa.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt deleted file mode 100644 index 8570a11757..0000000000 --- a/ChangeLog.d/check-config.txt +++ /dev/null @@ -1,9 +0,0 @@ -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/configuration-split.txt deleted file mode 100644 index f4d9bc63ac..0000000000 --- a/ChangeLog.d/configuration-split.txt +++ /dev/null @@ -1,16 +0,0 @@ -Changes - * Cryptography and platform configuration options have been migrated - from the Mbed TLS library configuration file mbedtls_config.h to - crypto_config.h that will become the TF-PSA-Crypto configuration file, - see config-split.md for more information. The reference and test custom - configuration files respectively in configs/ and tests/configs/ have - been updated accordingly. - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them - to the PSA configuration scheme based on PSA_WANT_XXX symbols - (see psa-conditional-inclusion-c.md for more information). - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the - cryptographic and platform configuration options from mbedtls_config.h - to crypto_config.h (see config-split.md for more information and configs/ - for examples). diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt deleted file mode 100644 index c6aac3c991..0000000000 --- a/ChangeLog.d/dynamic-keystore.txt +++ /dev/null @@ -1,10 +0,0 @@ -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - -Bugfix - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt deleted file mode 100644 index 83b7f2f88b..0000000000 --- a/ChangeLog.d/ecdsa-conversion-overflow.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt deleted file mode 100644 index bcf5ba1f3d..0000000000 --- a/ChangeLog.d/error-unification.txt +++ /dev/null @@ -1,11 +0,0 @@ -API changes - * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() - functions can now return PSA_ERROR_xxx values. - There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes. - This will not affect most applications since the error values are - between -32767 and -1 as before. - -Removals - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), - since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt deleted file mode 100644 index 538f0c5115..0000000000 --- a/ChangeLog.d/fix-aesni-asm-clobbers.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix missing constraints on the AES-NI inline assembly which is used on - GCC-like compilers when building AES for generic x86_64 targets. This - may have resulted in incorrect code with some compilers, depending on - optimizations. Fixes #9819. diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt deleted file mode 100644 index 7ae1c68a40..0000000000 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt deleted file mode 100644 index 11e7d25392..0000000000 --- a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt deleted file mode 100644 index 5b79fb69de..0000000000 --- a/ChangeLog.d/fix-compilation-with-djgpp.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation on MS-DOS DJGPP. Fixes #9813. diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt deleted file mode 100644 index 8a406a12e8..0000000000 --- a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt deleted file mode 100644 index 9b6d8acd6e..0000000000 --- a/ChangeLog.d/fix-driver-schema-check.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix invalid JSON schemas for driver descriptions used by - generate_driver_wrappers.py. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt deleted file mode 100644 index 2549af8733..0000000000 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt deleted file mode 100644 index eefda618ca..0000000000 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that - occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013 or MinGW. - Fixes #10017. diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt deleted file mode 100644 index e3c8aecc2d..0000000000 --- a/ChangeLog.d/fix-psa-cmac.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt deleted file mode 100644 index b5c26505c2..0000000000 --- a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/fix-rsa-performance-regression.txt deleted file mode 100644 index 603612a314..0000000000 --- a/ChangeLog.d/fix-rsa-performance-regression.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt deleted file mode 100644 index 23a46c068d..0000000000 --- a/ChangeLog.d/fix-secure-element-key-creation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt deleted file mode 100644 index d1d8341f79..0000000000 --- a/ChangeLog.d/fix-server-mode-only-build.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt deleted file mode 100644 index 87bc59694f..0000000000 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ /dev/null @@ -1,18 +0,0 @@ -Security - * Fix possible use-after-free or double-free in code calling - mbedtls_x509_string_to_names(). This was caused by the function calling - mbedtls_asn1_free_named_data_list() on its head argument, while the - documentation did no suggest it did, making it likely for callers relying - on the documented behaviour to still hold pointers to memory blocks after - they were free()d, resulting in high risk of use-after-free or double-free, - with consequences ranging up to arbitrary code execution. - In particular, the two sample programs x509/cert_write and x509/cert_req - were affected (use-after-free if the san string contains more than one DN). - Code that does not call mbedtls_string_to_names() directly is not affected. - Found by Linh Le and Ngan Nguyen from Calif. - -Changes - * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This makes it likely that existing risky uses of - this function (see the entry in the Security section) will be detected and - fixed. diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt deleted file mode 100644 index e517cbb72a..0000000000 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a bug in mbedtls_x509_string_to_names() and the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, - where some inputs would cause an inconsistent state to be reached, causing - a NULL dereference either in the function itself, or in subsequent - users of the output structure, such as mbedtls_x509_write_names(). This - only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt deleted file mode 100644 index 26042193cc..0000000000 --- a/ChangeLog.d/fix-test-suite-pk-warnings.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt deleted file mode 100644 index b81fb426a7..0000000000 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt deleted file mode 100644 index e4726a45d7..0000000000 --- a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt deleted file mode 100644 index 69c00e1a77..0000000000 --- a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Improve performance of PSA key generation with ECC keys: it no longer - computes the public key (which was immediately discarded). Fixes #9732. diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt deleted file mode 100644 index 2fc2751ac0..0000000000 --- a/ChangeLog.d/mbedtls_psa_register_se_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt deleted file mode 100644 index dba25af611..0000000000 --- a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt deleted file mode 100644 index 250a5baafa..0000000000 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ /dev/null @@ -1,16 +0,0 @@ -Default behavior changes - * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, - mbedtls_ssl_handshake() now fails with - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if certificate-based authentication of the server is attempted. - This is because authenticating a server without knowing what name - to expect is usually insecure. - -Security - * Note that TLS clients should generally call mbedtls_ssl_set_hostname() - if they use certificate authentication (i.e. not pre-shared keys). - Otherwise, in many scenarios, the server could be impersonated. - The library will now prevent the handshake and return - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if mbedtls_ssl_set_hostname() has not been called. - Reported by Daniel Stenberg. diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt deleted file mode 100644 index 53828d85b1..0000000000 --- a/ChangeLog.d/oid.txt +++ /dev/null @@ -1,8 +0,0 @@ -Removals - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt deleted file mode 100644 index d00aa8a870..0000000000 --- a/ChangeLog.d/pk-norsa-warning.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt deleted file mode 100644 index 45f4d9b101..0000000000 --- a/ChangeLog.d/psa-always-on.txt +++ /dev/null @@ -1,10 +0,0 @@ -Default behavior changes - * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa-crypto-config-always-on.txt deleted file mode 100644 index d255f8c3c1..0000000000 --- a/ChangeLog.d/psa-crypto-config-always-on.txt +++ /dev/null @@ -1,7 +0,0 @@ -Default behavior changes - * The `PSA_WANT_XXX` symbols as defined in - tf-psa-crypto/include/psa/crypto_config.h are now always used in the - configuration of the cryptographic mechanisms exposed by the PSA API. - This corresponds to the configuration behavior of Mbed TLS 3.x when - MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG - is now always enabled and the configuration option has been removed. diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt deleted file mode 100644 index 39e03b93ba..0000000000 --- a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt deleted file mode 100644 index 3fc1bd7d1f..0000000000 --- a/ChangeLog.d/psa_generate_key_custom.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() have been replaced by - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt deleted file mode 100644 index 9aa70ad978..0000000000 --- a/ChangeLog.d/psa_util-bits-0.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or - mbedtls_psa_der_to_raw() is called with bits=0. diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt deleted file mode 100644 index 7c0866dd30..0000000000 --- a/ChangeLog.d/psa_util_in_builds_without_psa.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt deleted file mode 100644 index a8a19f4ee3..0000000000 --- a/ChangeLog.d/removal-of-rng.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * All API functions now use the PSA random generator psa_get_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - tf-psa-crypto/docs/4.0-migration-guide.md. diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt deleted file mode 100644 index 37f012c217..0000000000 --- a/ChangeLog.d/remove-compat-2.x.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove compat-2-x.h header from mbedtls. diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt deleted file mode 100644 index f9ab4c221c..0000000000 --- a/ChangeLog.d/remove-crypto-alt-interface.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt deleted file mode 100644 index a3f4b96573..0000000000 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt deleted file mode 100644 index f9baaf1701..0000000000 --- a/ChangeLog.d/remove_RSA_key_exchange.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt deleted file mode 100644 index 213cf55b40..0000000000 --- a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt deleted file mode 100644 index f03b5ed7fe..0000000000 --- a/ChangeLog.d/repo-split.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt deleted file mode 100644 index 4b29adc4c9..0000000000 --- a/ChangeLog.d/rm-ssl-conf-curves.txt +++ /dev/null @@ -1,4 +0,0 @@ -Removals - * Remove the function mbedtls_ssl_conf_curves() which had been deprecated - in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. - diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt deleted file mode 100644 index 938e9eccb6..0000000000 --- a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt deleted file mode 100644 index 6bab02a029..0000000000 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ /dev/null @@ -1,7 +0,0 @@ -Bugfix - * Support re-assembly of fragmented handshake messages in TLS (both - 1.2 and 1.3). The lack of support was causing handshake failures with - some servers, especially with TLS 1.3 in practice. There are a few - limitations, notably a fragmented ClientHello is only supported when - TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_handshake() for details. diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt deleted file mode 100644 index 4df6b3e303..0000000000 --- a/ChangeLog.d/tls-key-exchange-rsa.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt deleted file mode 100644 index cd52d32ffd..0000000000 --- a/ChangeLog.d/tls12-check-finished-calc.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed - or there was a cryptographic hardware failure when calculating the - Finished message, it could be calculated incorrectly. This would break - the security guarantees of the TLS handshake. - CVE-2025-27810 diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt deleted file mode 100644 index 8dd8a327d6..0000000000 --- a/ChangeLog.d/tls13-cert-regressions.txt +++ /dev/null @@ -1,18 +0,0 @@ -Bugfix - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt deleted file mode 100644 index f5331bc063..0000000000 --- a/ChangeLog.d/tls13-middlebox-compat-disabled.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt deleted file mode 100644 index 8ceef21ee5..0000000000 --- a/ChangeLog.d/tls13-without-tickets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt deleted file mode 100644 index 75a72cae6b..0000000000 --- a/ChangeLog.d/unterminated-string-initialization.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. From 71157fd57482ae691c1f006b5fc424d24703c54d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Jun 2025 15:24:47 +0100 Subject: [PATCH 0557/1080] Update BRANCHES.md Signed-off-by: Minos Galanakis --- BRANCHES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BRANCHES.md b/BRANCHES.md index 49f7e289bb..78f8f69b49 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) maintained until March 2027, see - . + . Users are urged to always use the latest version of a maintained branch. From dd27691c61ec3f19c24063511ef66b8d74bb3770 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 2 Apr 2025 15:55:04 +0100 Subject: [PATCH 0558/1080] remove fuzz_privkey.c and fuzz_pubkey.c Signed-off-by: Ben Taylor --- programs/fuzz/.gitignore | 2 - programs/fuzz/CMakeLists.txt | 2 - programs/fuzz/fuzz_privkey.c | 105 ----------------------------------- programs/fuzz/fuzz_pubkey.c | 93 ------------------------------- 4 files changed, 202 deletions(-) delete mode 100644 programs/fuzz/fuzz_privkey.c delete mode 100644 programs/fuzz/fuzz_pubkey.c diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore index 34e3ed0882..9b8da61954 100644 --- a/programs/fuzz/.gitignore +++ b/programs/fuzz/.gitignore @@ -2,8 +2,6 @@ fuzz_client fuzz_dtlsclient fuzz_dtlsserver fuzz_pkcs7 -fuzz_privkey -fuzz_pubkey fuzz_server fuzz_x509crl fuzz_x509crt diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 8f463178b8..54b07b4ddc 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -9,7 +9,6 @@ if(FUZZINGENGINE_LIB) endif() set(executables_no_common_c - fuzz_pubkey fuzz_x509crl fuzz_x509crt fuzz_x509csr @@ -18,7 +17,6 @@ set(executables_no_common_c add_dependencies(${programs_target} ${executables_no_common_c}) set(executables_with_common_c - fuzz_privkey fuzz_client fuzz_dtlsclient fuzz_dtlsserver diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c deleted file mode 100644 index 8055603c64..0000000000 --- a/programs/fuzz/fuzz_privkey.c +++ /dev/null @@ -1,105 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "common.h" - -//4 Kb should be enough for every bug ;-) -#define MAX_LEN 0x1000 - -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) -const char *pers = "fuzz_privkey"; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) - int ret; - mbedtls_pk_context pk; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - - if (Size > MAX_LEN) { - //only work on small inputs - Size = MAX_LEN; - } - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#else - (void) Data; - (void) Size; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - - return 0; -} diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c deleted file mode 100644 index 69e85e0380..0000000000 --- a/programs/fuzz/fuzz_pubkey.c +++ /dev/null @@ -1,93 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include "mbedtls/pk.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_PK_PARSE_C - int ret; - mbedtls_pk_context pk; - - mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_pk_parse_public_key(&pk, Data, Size); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - - /* It's a public key, so the private value should not have - * been changed from its initialization to 0. */ - mbedtls_mpi d; - mbedtls_mpi_init(&d); - if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) { - abort(); - } - if (mbedtls_mpi_cmp_int(&d, 0) != 0) { - abort(); - } - mbedtls_mpi_free(&d); - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_pk_free(&pk); -#else - (void) Data; - (void) Size; -#endif //MBEDTLS_PK_PARSE_C - - return 0; -} From 107b21ce533bbd8fc4c5018ecf2d383894e8b74d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 10:06:53 +0100 Subject: [PATCH 0559/1080] removed common.* from programs/fuzz Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 3 +- programs/fuzz/common.c | 107 ----------------------------------- programs/fuzz/common.h | 28 --------- 3 files changed, 2 insertions(+), 136 deletions(-) delete mode 100644 programs/fuzz/common.c delete mode 100644 programs/fuzz/common.h diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 54b07b4ddc..5dbc928907 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,12 +37,13 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources common.c) + list(APPEND exe_sources ../../tf-psa-crypto/programs/fuzz/common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c deleted file mode 100644 index 41fa858a41..0000000000 --- a/programs/fuzz/common.c +++ /dev/null @@ -1,107 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "common.h" -#include -#include -#include -#include -#include "mbedtls/ctr_drbg.h" - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -void dummy_init(void) -{ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: fuzzing without constant time\n"); -#endif -} - -int dummy_send(void *ctx, const unsigned char *buf, size_t len) -{ - //silence warning about unused parameter - (void) ctx; - (void) buf; - - //pretends we wrote everything ok - if (len > INT_MAX) { - return -1; - } - return (int) len; -} - -int fuzz_recv(void *ctx, unsigned char *buf, size_t len) -{ - //reads from the buffer from fuzzer - fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; - - if (biomemfuzz->Offset == biomemfuzz->Size) { - //EOF - return 0; - } - if (len > INT_MAX) { - return -1; - } - if (len + biomemfuzz->Offset > biomemfuzz->Size) { - //do not overflow - len = biomemfuzz->Size - biomemfuzz->Offset; - } - memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); - biomemfuzz->Offset += len; - return (int) len; -} - -int dummy_random(void *p_rng, unsigned char *output, size_t output_len) -{ - int ret; - size_t i; - -#if defined(MBEDTLS_CTR_DRBG_C) - //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng - if (p_rng != NULL) { - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); - } else { - //fall through to pseudo-random - ret = 0; - } -#else - (void) p_rng; - ret = 0; -#endif - for (i = 0; i < output_len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} - -int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - (void) data; - - //use mbedtls_entropy_func to find bugs in it - //test performance impact of entropy - //ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return 0; -} - -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - (void) timeout; - - return fuzz_recv(ctx, buf, len); -} diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h deleted file mode 100644 index 88dceacf72..0000000000 --- a/programs/fuzz/common.h +++ /dev/null @@ -1,28 +0,0 @@ -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include -#include - -typedef struct fuzzBufferOffset { - const uint8_t *Data; - size_t Size; - size_t Offset; -} fuzzBufferOffset_t; - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif -void dummy_init(void); - -int dummy_send(void *ctx, const unsigned char *buf, size_t len); -int fuzz_recv(void *ctx, unsigned char *buf, size_t len); -int dummy_random(void *p_rng, unsigned char *output, size_t output_len); -int dummy_entropy(void *data, unsigned char *output, size_t len); -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/* Implemented in the fuzz_*.c sources and required by onefile.c */ -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); From 2584eaddf919af004f34e42f94589edb83f68ed4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 13:46:13 +0100 Subject: [PATCH 0560/1080] add fix for fuzz Makefile for new common path Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 71cba0bcdc..5548148cfb 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -9,6 +9,8 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif +LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ + # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) @@ -28,13 +30,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o common.o $(DEP) - echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP) - echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From eea3ddaf2c6b416dc349400a5dede9deedd99b0b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Apr 2025 13:24:51 +0100 Subject: [PATCH 0561/1080] corrected cmake path Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 5dbc928907..61c5b63c00 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,7 +37,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources ../../tf-psa-crypto/programs/fuzz/common.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) From dc027791e903047001f39c498f5a4dd1d0b97d61 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Apr 2025 15:33:41 +0100 Subject: [PATCH 0562/1080] update common. to fuzz_common.h Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- programs/fuzz/onefile.c | 70 --------------------------------- 10 files changed, 9 insertions(+), 79 deletions(-) delete mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 61c5b63c00..bd9bf91d94 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,7 +31,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources onefile.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 6d3b73fa93..440c0245ff 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index efe1362275..7a1da13c38 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 31eb514275..98a70216e1 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 9ec9351794..f236190c2c 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index bb9dd0a58c..05b7480cbc 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 2840fbbb0c..92e0f5d12e 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 29331b94d4..c99ae2e7b1 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index e0aaabc019..4ab071f1ca 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c deleted file mode 100644 index 6c02a641da..0000000000 --- a/programs/fuzz/onefile.c +++ /dev/null @@ -1,70 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "common.h" - -/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway - * in case it contains platform-specific #defines related to malloc or - * stdio functions. */ -#include "mbedtls/build_info.h" - -int main(int argc, char **argv) -{ - FILE *fp; - uint8_t *Data; - size_t Size; - const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; - - if (argc != 2) { - fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); - return 1; - } - //opens the file, get its size, and reads it into a buffer - fp = fopen(argv[1], "rb"); - if (fp == NULL) { - fprintf(stderr, "%s: Error in fopen\n", argv0); - perror(argv[1]); - return 2; - } - if (fseek(fp, 0L, SEEK_END) != 0) { - fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Size = ftell(fp); - if (Size == (size_t) -1) { - fprintf(stderr, "%s: Error in ftell\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fseek(fp, 0L, SEEK_SET) != 0) { - fprintf(stderr, "%s: Error in fseek(0)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Data = malloc(Size); - if (Data == NULL) { - fprintf(stderr, "%s: Could not allocate memory\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fread(Data, Size, 1, fp) != 1) { - fprintf(stderr, "%s: Error in fread\n", argv0); - perror(argv[1]); - free(Data); - fclose(fp); - return 2; - } - - //launch fuzzer - LLVMFuzzerTestOneInput(Data, Size); - free(Data); - fclose(fp); - return 0; -} From a59cef43f2327be71ba69769e5d1f0b9328a3ba8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 8 Apr 2025 08:45:21 +0100 Subject: [PATCH 0563/1080] add fixes for the fuzz Make system Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 5548148cfb..71f1a580fd 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,6 +13,7 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) +APPS += $(basename $(wildcard (MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_*.c)) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -30,13 +31,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From aa5aa47aa5658d6b5c0421af39cf51deed134578 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 8 Apr 2025 09:15:43 +0100 Subject: [PATCH 0564/1080] corrected Makefile path for fuzz progs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 71f1a580fd..833055246b 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,7 +13,8 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(wildcard (MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_*.c)) +APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c)) +APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c)) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From c42f5d4c901d3a4f4c2e59b9d10dcbb76d57bb20 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Apr 2025 09:53:57 +0100 Subject: [PATCH 0565/1080] added fix for Makefile in fuzz programs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 833055246b..3edd9e0c63 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -33,8 +33,8 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE $(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else $(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" From 728704058742fc2e3db0bb005533e21e8196b740 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 08:43:59 +0100 Subject: [PATCH 0566/1080] fixed issue with binary cleanup in fuzz programs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 3edd9e0c63..93dd4c92b1 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -44,7 +44,9 @@ endif clean: ifndef WINDOWS rm -rf $(BINARIES) *.o + rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe + rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o endif From 38b063a91ec343f12f0b36d7af46cbec26259361 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 13:50:27 +0100 Subject: [PATCH 0567/1080] add fix to fuzz makefile for windows Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 93dd4c92b1..50857ca487 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -48,5 +48,5 @@ ifndef WINDOWS else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o + if exist $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o del /Q /F $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o endif From 51ab2d4ffb1c19971b3b998210e89e6788772b2e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Apr 2025 10:33:59 +0100 Subject: [PATCH 0568/1080] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-fuzz-progs.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove-fuzz-progs.txt diff --git a/ChangeLog.d/remove-fuzz-progs.txt b/ChangeLog.d/remove-fuzz-progs.txt new file mode 100644 index 0000000000..84aeec9a8d --- /dev/null +++ b/ChangeLog.d/remove-fuzz-progs.txt @@ -0,0 +1,2 @@ +Removals + * Remove fuzz_privkey and fuzz_pubkey. From ebaf90ff3f7b78d183b26d44299164404332f820 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Apr 2025 07:58:30 +0100 Subject: [PATCH 0569/1080] Remove ChangeLog as it is not required Signed-off-by: Ben Taylor --- ChangeLog.d/remove-fuzz-progs.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ChangeLog.d/remove-fuzz-progs.txt diff --git a/ChangeLog.d/remove-fuzz-progs.txt b/ChangeLog.d/remove-fuzz-progs.txt deleted file mode 100644 index 84aeec9a8d..0000000000 --- a/ChangeLog.d/remove-fuzz-progs.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove fuzz_privkey and fuzz_pubkey. From 9784b40ba7f814f4db65199141c0259de9d8f154 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 21 May 2025 08:01:28 +0100 Subject: [PATCH 0570/1080] Remove wildcard as it is no longer required Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 50857ca487..09e8600d74 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,8 +13,8 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c)) -APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c)) +APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c) +APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From 946b0d982abf51bab79383858927caefe58df3ab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 21 May 2025 08:06:15 +0100 Subject: [PATCH 0571/1080] Corrected windows paths Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 09e8600d74..bac5cd38ed 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -48,5 +48,5 @@ ifndef WINDOWS else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - if exist $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o del /Q /F $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o + if exist $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o del /Q /F $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o endif From 80490a2f1a5090424480548e93983b015eec1019 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 08:24:01 +0100 Subject: [PATCH 0572/1080] Revert some changes to allow merge Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 5 +- programs/fuzz/fuzz_common.c | 107 +++++++++++++++++++++++++++++++++++ programs/fuzz/fuzz_common.h | 28 +++++++++ programs/fuzz/onefile.c | 70 +++++++++++++++++++++++ 4 files changed, 207 insertions(+), 3 deletions(-) create mode 100644 programs/fuzz/fuzz_common.c create mode 100644 programs/fuzz/fuzz_common.h create mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index bd9bf91d94..53d771cc14 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,19 +31,18 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) + list(APPEND exe_sources onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) + list(APPEND exe_sources fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/fuzz_common.c b/programs/fuzz/fuzz_common.c new file mode 100644 index 0000000000..de16913728 --- /dev/null +++ b/programs/fuzz/fuzz_common.c @@ -0,0 +1,107 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include "fuzz_common.h" +#include +#include +#include +#include +#include "mbedtls/ctr_drbg.h" + +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) +{ + (void) time; + return 0x5af2a056; +} +#endif + +void dummy_init(void) +{ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + mbedtls_platform_set_time(dummy_constant_time); +#else + fprintf(stderr, "Warning: fuzzing without constant time\n"); +#endif +} + +int dummy_send(void *ctx, const unsigned char *buf, size_t len) +{ + //silence warning about unused parameter + (void) ctx; + (void) buf; + + //pretends we wrote everything ok + if (len > INT_MAX) { + return -1; + } + return (int) len; +} + +int fuzz_recv(void *ctx, unsigned char *buf, size_t len) +{ + //reads from the buffer from fuzzer + fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; + + if (biomemfuzz->Offset == biomemfuzz->Size) { + //EOF + return 0; + } + if (len > INT_MAX) { + return -1; + } + if (len + biomemfuzz->Offset > biomemfuzz->Size) { + //do not overflow + len = biomemfuzz->Size - biomemfuzz->Offset; + } + memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); + biomemfuzz->Offset += len; + return (int) len; +} + +int dummy_random(void *p_rng, unsigned char *output, size_t output_len) +{ + int ret; + size_t i; + +#if defined(MBEDTLS_CTR_DRBG_C) + //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng + if (p_rng != NULL) { + //use mbedtls_ctr_drbg_random to find bugs in it + ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); + } else { + //fall through to pseudo-random + ret = 0; + } +#else + (void) p_rng; + ret = 0; +#endif + for (i = 0; i < output_len; i++) { + //replace result with pseudo random + output[i] = (unsigned char) rand(); + } + return ret; +} + +int dummy_entropy(void *data, unsigned char *output, size_t len) +{ + size_t i; + (void) data; + + //use mbedtls_entropy_func to find bugs in it + //test performance impact of entropy + //ret = mbedtls_entropy_func(data, output, len); + for (i = 0; i < len; i++) { + //replace result with pseudo random + output[i] = (unsigned char) rand(); + } + return 0; +} + +int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout) +{ + (void) timeout; + + return fuzz_recv(ctx, buf, len); +} diff --git a/programs/fuzz/fuzz_common.h b/programs/fuzz/fuzz_common.h new file mode 100644 index 0000000000..88dceacf72 --- /dev/null +++ b/programs/fuzz/fuzz_common.h @@ -0,0 +1,28 @@ +#include "mbedtls/build_info.h" + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif +#include +#include + +typedef struct fuzzBufferOffset { + const uint8_t *Data; + size_t Size; + size_t Offset; +} fuzzBufferOffset_t; + +#if defined(MBEDTLS_HAVE_TIME) +mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); +#endif +void dummy_init(void); + +int dummy_send(void *ctx, const unsigned char *buf, size_t len); +int fuzz_recv(void *ctx, unsigned char *buf, size_t len); +int dummy_random(void *p_rng, unsigned char *output, size_t output_len); +int dummy_entropy(void *data, unsigned char *output, size_t len); +int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout); + +/* Implemented in the fuzz_*.c sources and required by onefile.c */ +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c new file mode 100644 index 0000000000..483512855c --- /dev/null +++ b/programs/fuzz/onefile.c @@ -0,0 +1,70 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include +#include +#include +#include "fuzz_common.h" + +/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway + * in case it contains platform-specific #defines related to malloc or + * stdio functions. */ +#include "mbedtls/build_info.h" + +int main(int argc, char **argv) +{ + FILE *fp; + uint8_t *Data; + size_t Size; + const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; + + if (argc != 2) { + fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); + return 1; + } + //opens the file, get its size, and reads it into a buffer + fp = fopen(argv[1], "rb"); + if (fp == NULL) { + fprintf(stderr, "%s: Error in fopen\n", argv0); + perror(argv[1]); + return 2; + } + if (fseek(fp, 0L, SEEK_END) != 0) { + fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + Size = ftell(fp); + if (Size == (size_t) -1) { + fprintf(stderr, "%s: Error in ftell\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + if (fseek(fp, 0L, SEEK_SET) != 0) { + fprintf(stderr, "%s: Error in fseek(0)\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + Data = malloc(Size); + if (Data == NULL) { + fprintf(stderr, "%s: Could not allocate memory\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + if (fread(Data, Size, 1, fp) != 1) { + fprintf(stderr, "%s: Error in fread\n", argv0); + perror(argv[1]); + free(Data); + fclose(fp); + return 2; + } + + //launch fuzzer + LLVMFuzzerTestOneInput(Data, Size); + free(Data); + fclose(fp); + return 0; +} From d6cc47e45064cbddc74e945ca2de60a5d5580ca3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 09:24:43 +0100 Subject: [PATCH 0573/1080] Add some name changes in to allow merge Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- programs/fuzz/{fuzz_common.c => common.c} | 2 +- programs/fuzz/{fuzz_common.h => common.h} | 0 programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- programs/fuzz/onefile.c | 2 +- 12 files changed, 11 insertions(+), 11 deletions(-) rename programs/fuzz/{fuzz_common.c => common.c} (99%) rename programs/fuzz/{fuzz_common.h => common.h} (100%) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 53d771cc14..54b07b4ddc 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,7 +37,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources fuzz_common.c) + list(APPEND exe_sources common.c) endif() add_executable(${exe} ${exe_sources}) diff --git a/programs/fuzz/fuzz_common.c b/programs/fuzz/common.c similarity index 99% rename from programs/fuzz/fuzz_common.c rename to programs/fuzz/common.c index de16913728..41fa858a41 100644 --- a/programs/fuzz/fuzz_common.c +++ b/programs/fuzz/common.c @@ -1,6 +1,6 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_common.h b/programs/fuzz/common.h similarity index 100% rename from programs/fuzz/fuzz_common.h rename to programs/fuzz/common.h diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 440c0245ff..6d3b73fa93 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 7a1da13c38..efe1362275 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 98a70216e1..31eb514275 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index f236190c2c..9ec9351794 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 05b7480cbc..bb9dd0a58c 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 92e0f5d12e..2840fbbb0c 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index c99ae2e7b1..29331b94d4 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4ab071f1ca..e0aaabc019 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index 483512855c..6c02a641da 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" /* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway * in case it contains platform-specific #defines related to malloc or From c9b7175a6876bcfef375c08dd53475c10d665996 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 10 Jun 2025 13:16:32 +0100 Subject: [PATCH 0574/1080] Add in fuzz path variable Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bac5cd38ed..b7664414b9 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,6 +3,8 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ + DEP=${MBEDLIBS} ifdef FUZZINGENGINE @@ -32,13 +34,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From 56d54c6349d8b23508d98f9f3920c275873e5dcd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 13 Jun 2025 10:29:21 +0100 Subject: [PATCH 0575/1080] Remove fuzz progs from Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index b7664414b9..fd565069a3 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz/ DEP=${MBEDLIBS} @@ -11,12 +11,10 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH)/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c) -APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -34,13 +32,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) - echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/ommon.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) - echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From d9fc98a569491a88e1e02bd2434958e94f5b21db Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:21:01 +0100 Subject: [PATCH 0576/1080] Correct CFLAGS path int Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index fd565069a3..bcd67f336f 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -11,7 +11,7 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH)/fuzz/ +LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH) # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) From 5578c06ab317eac0d7ecf3bad1d7d783b9bc5e33 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:22:14 +0100 Subject: [PATCH 0577/1080] Remove duplicated slash Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bcd67f336f..1945a08f29 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz DEP=${MBEDLIBS} From b8ebc21ea2be839aac4d06f99b09913eb59f875f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:23:18 +0100 Subject: [PATCH 0578/1080] Correct typo Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 1945a08f29..29483eafda 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -32,7 +32,7 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/ommon.o $(DEP) +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(DEP) echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else From 0204470f388f432d83884f379b830cb121604d3b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:40:01 +0200 Subject: [PATCH 0579/1080] Slight improvement to the Doxygen entry point Signed-off-by: Gilles Peskine --- doxygen/input/doc_mainpage.h | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index fb4439adc4..6b4343b5e0 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -12,8 +12,25 @@ /** * @mainpage Mbed TLS v4.0.0 API Documentation * - * This documentation describes the internal structure of Mbed TLS. It was - * automatically generated from specially formatted comment blocks in - * Mbed TLS's source code using Doxygen. (See - * https://www.doxygen.nl for more information on Doxygen) + * This documentation describes the application programming interface (API) + * of Mbed TLS. + * It was automatically generated from specially formatted comment blocks in + * Mbed TLS's source code using [Doxygen](https://www.doxygen.nl). + * + * ## Main entry points + * + * You can explore the full API from the “Files” or “Files list” section. + * Locate the header file for the module that you are interested in and + * explore its contents. + * + * Some parts of the API are best explored from the “Topics” or + * “Group list” section. + * This is notable the case for the PSA Cryptography API. + * Note that many parts of the API are not classified under a topic and + * can only be seen through the file structure. + * + * For information on configuring the library at compile time, see the + * configuration header files mbedtls/mbedtls_config.h and + * psa/crypto_config.h. + * */ From 8ba67aef0d8ad051728ce4f321423d843d768c48 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:40:11 +0200 Subject: [PATCH 0580/1080] Rendered documentation: info about private elements in public headers Signed-off-by: Gilles Peskine --- doxygen/input/doc_mainpage.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 6b4343b5e0..597eee9928 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -33,4 +33,20 @@ * configuration header files mbedtls/mbedtls_config.h and * psa/crypto_config.h. * + * ## Private interfaces + * + * For technical reasons, the rendered documentation includes elements + * that are not considered part of the stable API. Private elements may + * be removed or may have their semantics changed in a future minor release + * without notice. + * + * The following elements are considered private: + * + * - Any header file whose path contains `/private`, and its contents + * (unless re-exported and documented in another non-private header). + * - Any structure or union field whose name starts with `private_`. + * - Any preprocessor macro that is just listed with its automatically + * rendered parameter list, value and location. Macros are part of + * the API only if their documentation includes have custom text. + * */ From 1c2d9a3d7437339199b5ce844d8ff6b55b714cdc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:00:43 +0200 Subject: [PATCH 0581/1080] Migration guide for OID Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/oid.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 docs/4.0-migration-guide/oid.md diff --git a/docs/4.0-migration-guide/oid.md b/docs/4.0-migration-guide/oid.md new file mode 100644 index 0000000000..875f062155 --- /dev/null +++ b/docs/4.0-migration-guide/oid.md @@ -0,0 +1,7 @@ +## OID module + +The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. + +Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_()` and `mbedtls_oid_get_oid_by_()`). + +The header `` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509. From 2607918066a3dc640947ec52d7d095b3fcf5fe24 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:15:03 +0200 Subject: [PATCH 0582/1080] Move PSA transition document to TF-PSA-Crypto It went with Mbed TLS in the repository split, but belongs in TF-PSA-Crypto. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 1318 ---------------------------------------- 1 file changed, 1318 deletions(-) delete mode 100644 docs/psa-transition.md diff --git a/docs/psa-transition.md b/docs/psa-transition.md deleted file mode 100644 index 0758061f82..0000000000 --- a/docs/psa-transition.md +++ /dev/null @@ -1,1318 +0,0 @@ -# Transitioning to the PSA API - -> I have code written for `mbedtls_` cryptography APIs. How do I migrate to `psa_` APIs? - -## Introduction - -Mbed TLS is gradually moving from legacy `mbedtls_xxx` APIs to newer `psa_xxx` APIs for cryptography. Note that this only concerns cryptography APIs, not X.509 or SSL/TLS APIs. - -This guide is intended to help migrate existing applications that use Mbed TLS for cryptography. It aims to cover common use cases, but cannot cover all possible scenarios. - -### Suggested reading - -This document is long, but you probably don't need to read all of it. You should start with the following sections: - -1. [Where can I find documentation?](#where-can-i-find-documentation) -2. [General considerations](#general-considerations) - -Then use the [summary of API modules](#summary-of-api-modules), the table of contents or a text search to locate the sections that interest you, based on what legacy interfaces your code is currently using. - -### Where can I find documentation? - -**Tutorial**: See the [getting started guide](https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/). - -**Reference**: The [PSA Crypto API specification](https://arm-software.github.io/psa-api/crypto/) is available online. Mbed TLS implements a large subset of the specification which is documented in the [`psa/crypto*.h` headers](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto_8h/). - -### Additional resources - -* [Mbed TLS open issues](https://github.com/Mbed-TLS/mbedtls/issues) -* [PSA API open issues](https://github.com/ARM-software/psa-api/issues) (not just cryptography APIs) -* [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org/) - -### Why change the API? - -* Mbed TLS APIs are traditionally very transparent: the caller can access internal fields of operations. This is less true in the 3.x major version than before, but still the case to some extent. This offers applications some flexibility, but it removes flexibility from the implementation. For example, it is hard to support hardware acceleration, because the API constrains how the data must be represented. PSA APIs were designed to be more opaque, giving more freedom to the implementation. -* Mbed TLS legacy APIs require key material to be present in the application memory. The PSA Crypto API natively supports operations on keys stored in an external [location](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/lifetimes.html#c.psa_key_location_t) (secure enclave, secure element, HSM, etc.). -* PSA APIs have [consistent conventions](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#parameter-conventions) which many legacy APIs in Mbed TLS do not follow. For example, many legacy cryptography functions require the caller to know how large an output buffer needs to be based on the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size and those sizes are checked. -* Mbed TLS legacy APIs require passing around a random generator argument where needed. This has historically been problematic with functions that were created without an RNG argument but later needed one as part of a security countermeasure. The PSA crypto subsystem maintains a global random generator, resolving this problem. - -### Migration timeline - -* Mbed TLS 2.15.0 (Nov 2018): first release with a draft implementation of the PSA API. -* Mbed TLS 2.18.0 (Jun 2019): The PSA API is available in the default build. -* Mbed TLS 3.1.0 (Dec 2021): TLS 1.3 support is the first major feature that requires the PSA API. -* Mbed TLS 4.0.0 (2024?): X.509 and TLS require the PSA API. Removal of some legacy crypto APIs. -* Mbed TLS 5.0.0 (??): Removal of the remaining non-PSA crypto APIs. - -## General considerations - -### Configuration of the PSA subsystem - -To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled. (It is enabled in the default configuration.) - -By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API (configured by `MBEDTLS_XXX` macros). The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. - -### Header files - -Applications only need to include a single header file: -``` -#include -``` - -### General application layout - -Before any cryptographic operation, call [`psa_crypto_init`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__initialization/#group__initialization_1ga2de150803fc2f7dc6101d5af7e921dd9) and check that it succeeds. (A failure indicates an abnormal system state from which most applications cannot recover.) - -If you wish to free all resources associated with PSA cryptography, call [`mbedtls_psa_crypto_free`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#_CPPv423mbedtls_psa_crypto_freev). - -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually (no need to create an `mbedtls_entropy_context` and an `mbedtls_xxx_drbg_context`). - -### Error codes - -Mbed TLS functions return a status of type `int`: 0 for success (or occasionally a positive value which is the output length), or a negative value `MBEDTLS_ERR_xxx` indicating an error. - -PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/#group__error_1ga05676e70ba5c6a7565aff3c36677c1f9): `PSA_SUCCESS == 0` for success, or a negative value [`PSA_ERROR_xxx`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/) indicating an error. - -### Memory management - -Apart from keys, as described in “[Key management](#key-management)” below, APIs that need to preserve state between function calls store this state in a structure allocated by the calling code. For example, multipart operations store state in a multipart operation object. - -All PSA operation objects must be zero-initialized (or equivalently, initialized with the provided `PSA_XXX_INIT` macro or `psa_xxx_init()` function) before calling any API function. - -Functions that output data require an output buffer of sufficient size. For all PSA crypto API functions that have an output buffer, there is a corresponding macro, generally called `PSA_XXX_OUTPUT_SIZE`, that calculates a sufficient size for the output buffer, given the relevant parameters. In some cases, there may be macros with less precision which can be resolved at compile time. For example, for the size of a buffer containing a hash, you can use `PSA_HASH_LENGTH(hash_alg)` where `hash_alg` is a specific hash algorithm, or `PSA_HASH_MAX_SIZE` for a buffer that is long enough for any supported hash. See the relevant sections of this document and of the reference documentation for more details. - -#### Key management - -One of the major differences between the legacy API and the PSA API is that in the PSA API, access to keys is indirect. Operations that require a key take a parameter of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t), which is an identifier for the key. This allows the API to be used with keys that are not directly accessible to the application, for example because they are stored in a secure environment that does not allow the key material to be exported. - -To use a key: - -1. First create a key object with a key creation function. The two most common ones are [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) if you have the key material available and [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to create a random key. The key creation function has the key identifier as an output parameter. -2. Use the key as desired, passing the key identifier obtained during the key creation. -3. Finally destroy the key object with [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2). - -See “[Cipher key management](#cipher-key-management)”, “[MAC key management](#mac-key-management)”, “[Key lifecycle for asymmetric cryptography](#key-lifecycle-for-asymmetric-cryptography)”, “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” and “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)” for more details about key management in specific workflows, including information about choosing the key's attributes. - -If you need access to the key material, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If you need the public key corresponding to a key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). - -Note that a key consumes a key store entry, which is distinct from heap memory, until it is destroyed or the application exits. (This is not true for persistent keys, which instead consume disk space. Since persistent keys have no analog in the legacy API, we will not discuss them further in this document.) - -## Summary of API modules - -| Header | Function prefix | PSA equivalent | -| ------ | --------------- | -------------- | -| `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) | -| `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) | -| `asn1.h` | `mbedtls_asn1_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `asn1write.h` | `mbedtls_asn1_write_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `base64.h` | `mbedtls_base64_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `bignum.h` | `mbedtls_mpi_` | None (no low-level arithmetic) | -| `build_info.h` | `MBEDTLS_` | No change (not a crypto API) | -| `camellia.h` | `mbedtls_camellia_` | [Symmetric encryption](#symmetric-encryption) | -| `ccm.h` | `mbedtls_ccm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `chacha20.h` | `mbedtls_chacha20_` | [Symmetric encryption](#symmetric-encryption) | -| `chachapoly.h` | `mbedtls_chachapoly_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `check_config.h` | N/A | No public APIs (internal support header) | -| `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | -| `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | -| `compat-2.x.h` | various | None (transitional APIs) | -| `config_psa.h` | N/A | No public APIs (internal support header) | -| `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | -| `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | -| `debug.h` | `mbedtls_debug_` | No change (not a crypto API) | -| `des.h` | `mbedtls_des_` | [Symmetric encryption](#symmetric-encryption) | -| `dhm.h` | `mbedtls_dhm_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecdh.h` | `mbedtls_ecdh_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecdsa.h` | `mbedtls_ecdsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecjpake.h` | `mbedtls_ecjpake_` | [EC-JPAKE](#ec-jpake) | -| `ecp.h` | `mbedtls_ecp_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `entropy.h` | `mbedtls_entropy_` | [Random generation interface](#random-generation-interface), [Entropy sources](#entropy-sources) | -| `error.h` | `mbedtls_*err*` | [Error messages](#error-messages) | -| `gcm.h` | `mbedtls_gcm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `hkdf.h` | `mbedtls_hkdf_` | [HKDF](#hkdf) | -| `hmac_drbg.h` | `mbedtls_hmac_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | -| `lms.h` | `mbedtls_lms_` | No change ([LMS signatures](#lms-signatures)) | -| `mbedtls_config.h` | `MBEDTLS_` | [Compile-time configuration](#compile-time-configuration) | -| `md.h` | `mbedtls_md_` | [Hashes and MAC](#hashes-and-mac) | -| `md5.h` | `mbedtls_md5_` | [Hashes and MAC](#hashes-and-mac) | -| `memory_buffer_alloc.h` | `mbedtls_memory_buffer_alloc_` | No change (not a crypto API) | -| `net_sockets.h` | `mbedtls_net_` | No change (not a crypto API) | -| `nist_kw.h` | `mbedtls_nist_kw_` | Migration path not yet defined | -| `oid.h` | `mbedtls_oid_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `pem.h` | `mbedtls_pem_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `pk.h` | `mbedtls_pk_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `pkcs5.h` | `mbedtls_pkcs5_` | [PKCS#5 module](#pkcs5-module) | -| `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) | -| `pkcs12.h` | `mbedtls_pkcs12_` | [PKCS#12 module](#pkcs12-module) | -| `platform.h` | `mbedtls_platform_` | No change (not a crypto API) | -| `platform_time.h` | `mbedtls_*time*` | No change (not a crypto API) | -| `platform_util.h` | `mbedtls_platform_` | No change (not a crypto API) | -| `poly1305.h` | `mbedtls_poly1305_` | None (but there is Chacha20-Poly1305 [AEAD](#symmetric-encryption)) | -| `private_access.h` | N/A | No public APIs (internal support header) | -| `psa_util.h` | N/A | No public APIs (internal support header) | -| `ripemd160.h` | `mbedtls_ripemd160_` | [Hashes and MAC](#hashes-and-mac) | -| `rsa.h` | `mbedtls_rsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `sha1.h` | `mbedtls_sha1_` | [Hashes and MAC](#hashes-and-mac) | -| `sha3.h` | `mbedtls_sha3_` | [Hashes and MAC](#hashes-and-mac) | -| `sha256.h` | `mbedtls_sha256_` | [Hashes and MAC](#hashes-and-mac) | -| `sha512.h` | `mbedtls_sha512_` | [Hashes and MAC](#hashes-and-mac) | -| `ssl.h` | `mbedtls_ssl_` | No change (not a crypto API) | -| `ssl_cache.h` | `mbedtls_ssl_cache_` | No change (not a crypto API) | -| `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuite_` | No change (not a crypto API) | -| `ssl_cookie.h` | `mbedtls_ssl_cookie_` | No change (not a crypto API) | -| `ssl_ticket.h` | `mbedtls_ssl_ticket_` | No change (not a crypto API) | -| `threading.h` | `mbedtls_threading_` | No change (not a crypto API) | -| `timing.h` | `mbedtls_timing_` | No change (not a crypto API) | -| `version.h` | `mbedtls_version_` | No change (not a crypto API) | -| `x509.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_crl.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_crt.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_csr.h` | `mbedtls_x509` | No change (not a crypto API) | - -## Compile-time configuration - -### Cryptographic mechanism availability - -The cryptographic mechanisms available through the PSA API are determined by the contents of the header file `"psa/crypto_config.h"`. You can override the file location with the macro [`MBEDTLS_PSA_CRYPTO_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a25f7e358caa101570cb9519705c2b873), and you can set [`MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1abd1870cc0d2681183a3018a7247cb137) to the path of an additional file (similar to `MBEDTLS_CONFIG_FILE` and `MBEDTLS_USER_CONFIG_FILE` for legacy configuration symbols). - -The availability of cryptographic mechanisms in the PSA API is based on a systematic pattern: - -* To make `PSA_ALG_aaa` available, enable `PSA_WANT_ALG_aaa`. - For parametrized algorithms, there is a `PSA_WANT_` symbol both for the main macro and for each argument. For example, to make `PSA_ALG_HMAC(PSA_ALG_SHA_256)` available, enable both `PSA_WANT_ALG_HMAC` and `PSA_WANT_ALG_SHA_256`. - -* To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`. - - As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix: - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options are enabled. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORT` enables support for `psa_export_key` to export a key of that type. - - Enabling any support for a key pair type automatically enables support for the corresponding public key type, as well as support for `psa_export_public_key` on the private key. - -* To make `PSA_ECC_FAMILY_fff` available for size sss, enable `PSA_WANT_ECC_fff_sss`. - -Note that all `PSA_WANT_xxx` symbols must be set to a non-zero value. In particular, setting `PSA_WANT_xxx` to an empty value may not be handled consistently. - -For example, the following configuration enables hashing with SHA-256, AEAD with AES-GCM, signature with deterministic ECDSA using SHA-256 on the curve secp256r1 using a randomly generated key as well as the corresponding verification, and ECDH key exchange on secp256r1 and Curve25519. - -``` -#define PSA_WANT_ALG_SHA_256 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_ALG_GCM 1 - -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -// ^^ In Mbed TLS <= 3.4, enable PSA_WANT_KEY_TYPE_ECC_KEY_PAIR instead -// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -#define PSA_WANT_ECC_SECP_R1_256 1 // secp256r1 (suitable for ECDSA and ECDH) -#define PSA_WANT_ECC_MONTGOMERY_255 1 // Curve25519 (suitable for ECDH) -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_ECDH -``` - -If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will normally not include it. This allows builds that use few features to have a small code size. However, this is not guaranteed: a mechanism that is not explicitly requested can be enabled because it is a dependency of another configuration option, because it is used internally, or because the granularity is not fine enough to distinguish between it and another mechanism that is requested. - -Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols. - -### Optimization options - -When PSA Crypto mechanisms are implemented by the built-in code from Mbed TLS, the legacy optimization options (e.g. `MBEDTLS_SHA256_SMALLER`, `MBEDTLS_ECP_WINDOW_SIZE`, etc.) apply to the PSA implementation as well (they invoke the same code under the hood). - -The PSA Crypto API may use accelerator drivers. In this case any options controlling the driver behavior are driver-specific. - -### Alternative implementations (`MBEDTLS_xxx_ALT` options) - -In the Mbed TLS legacy interface, you can replace some cryptographic primitives and modes by an alternative implementation, by enabling configuration options of the form `MBEDTLS_xxx_ALT` and linking with your own implementation of the affected function or module. Alternative implementations remain supported in Mbed TLS 3.x even if the application code uses the PSA API. However, they will be removed from the next version of the library. - -The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/driver-only-builds.md) for more information. - -### Self-tests - -There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed-TLS/mbedtls/issues/7781) enabled by `MBEDTLS_SELF_TEST`. - -## Miscellaneous support modules - -### Error messages - -At the time of writing, there is no equivalent to the error messages provided by `mbedtls_strerror`. However, you can use the companion program `programs/psa/psa_constant_names` to convert various numbers (`psa_status_t`, `psa_algorithm_t`, `psa_key_type_t`, `psa_ecc_family_t`, `psa_dh_family_t`, `psa_key_usage_t`) to a programmer-friendly representation. The conversion doesn't depend on the library configuration or the target platform, so you can use a native build of this program even if you cross-compile your application. - -``` -$ programs/psa/psa_constant_names error -138 -PSA_ERROR_BUFFER_TOO_SMALL -$ programs/psa/psa_constant_names type 0x7112 -PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) -$ programs/psa/psa_constant_names alg 0x06000609 -PSA_ALG_ECDSA(PSA_ALG_SHA_256) -``` - -The other functions in `error.h` are specific to the construction of Mbed TLS error code and are not relevant to the PSA API. PSA error codes are never the combination of multiple codes. - -### Constant-time functions - -The PSA API does not have an equivalent to the timing-side-channel-resistance utility functions in `constant_time.h`. Continue using `constant_time.h` as needed. - -Note that the PSA API does include features that reduce the need for `mbedtls_ct_memcmp`: - -* To compare a MAC with a reference value, use `psa_mac_verify` rather than `psa_mac_compute` followed by `mbedtls_ct_memcmp`, or use `psa_mac_verify_setup` and `psa_mac_verify_finish` in the multi-part case. See “[MAC calculation](#mac-calculation)”. -* The AEAD decryption functions take care of verifying the tag. See “[Authenticated cipher operations](#authenticated-cipher-operations)”. - -## Symmetric encryption - -All PSA APIs have algorithm agility, where the functions depend only on the nature of the operation and the choice of a specific algorithm comes from an argument. There is no special API for a particular block cipher (`aes.h`, `aria.h`, `camellia.h`, `des.h`), a particular block cipher mode (`ccm.h`, `gcm.h`) or a particular stream cipher (`chacha20.h`, `chachapoly.h`). To migrate code using those low-level modules, please follow the recommendations in the following sections, using the same principles as the corresponding `cipher.h` API. - -### Cipher mechanism selection - -Instead of `mbedtls_cipher_id_t` (`MBEDTLS_CIPHER_ID_xxx` constants), `mbedtls_cipher_type_t` (`MBEDTLS_CIPHER_base_size_mode` constants), `mbedtls_cipher_mode_t` (`MBEDTLS_CIPHER_MODE_xxx` constants) and `mbedtls_cipher_padding_t` (`MBEDTLS_CIPHER_PADDING_xxx` constants), use the [`PSA_KEY_TYPE_xxx` and `PSA_ALG_xxx` constants](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/). - -For modes that are based on a block cipher, the key type encodes the choice of block cipher: -[`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), -[`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), -[`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81), -[`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). -The algorithm encodes the mode and if relevant the padding type: - -* Unauthenticated cipher modes: - [`PSA_ALG_CTR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad318309706a769cffdc64e4c7e06b2e9), - [`PSA_ALG_CFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0088c933e01d671f263a9a1f177cb5bc), - [`PSA_ALG_OFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gae96bb421fa634c6fa8f571f0112f1ddb), - [`PSA_ALG_XTS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa722c0e426a797fd6d99623f59748125), - [`PSA_ALG_ECB_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab8f0609cd0f12cccc9c950fd5a81a0e3), - [`PSA_ALG_CBC_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gacb332d72716958880ee7f97d8365ae66), - [`PSA_ALG_CBC_PKCS7`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaef50d2e9716eb6d476046608e4e0c78c), - [`PSA_ALG_CCM_STAR_NO_TAG`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga89627bb27ec3ce642853ab8554a88572). -* Other padding modes, which are obsolete, are not available in the PSA API. If you need them, handle the padding in your application code and use the `NO_PADDING` algorithm. -* AEAD modes: - [`PSA_ALG_CCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2c0e7d21f1b2df5e76bcb4a8f84273c), - [`PSA_ALG_GCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0d7d02b15aaae490d38277d99f1c637c). -* KW/KWP modes are not available in the PSA API at the time of writing. - -For the ChaCha20 unauthenticated cipher, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_STREAM_CIPHER`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad98c105198f7428f7d1dffcb2cd398cd). -For the Chacha20+Poly1305 AEAD, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_CHACHA20_POLY1305`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1fec55093541640a71bdd022d4adfb9c) - -### Cipher mechanism availability - -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. Note that for a mechanism to be supported, both the key type and the algorithm must be supported. - -For example, to test if AES-CBC-PKCS7 is supported, in the legacy API, you could write: -``` -#if defined(MBEDTLS_AES_C) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CBC_PKCS7 -``` - -### Cipher metadata - -Both APIs express key sizes in bits. Note however that in the PSA API, the size of a _buffer_ is always expressed in bytes, even if that buffer contains a key. - -The following table lists corresponding PSA macros for maximum-size macros that take all supported algorithms into account. - -| Legacy macro | PSA macro | -| ------------ | --------- | -| `MBEDTLS_MAX_IV_LENGTH` | [`PSA_CIPHER_IV_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_MAX_SIZE), [`PSA_AEAD_NONCE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ac2a332765ba4ccfc24935d6f7f48fcc7) | -| `MBEDTLS_MAX_BLOCK_LENGTH` | [`PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) | -| `MBEDTLS_MAX_KEY_LENGTH` | no equivalent| - -There is no equivalent to the type `mbedtls_cipher_info_t` and the functions `mbedtls_cipher_info_from_type` and `mbedtls_cipher_info_from_values` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -| Legacy function | PSA macro | -| --------------- | --------- | -| `mbedtls_cipher_info_get_iv_size` | [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH), [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH) | -| `mbedtls_cipher_info_get_block_size` | not available (use specific macros for the IV, nonce or tag length) | - -The following features have no PSA equivalent: - -* `mbedtls_cipher_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. -* `mbedtls_cipher_info_has_variable_key_bitlen`, `mbedtls_cipher_info_has_variable_iv_size`: the PSA API does not currently have such mechanism for high-level metadata information. -* `mbedtls_cipher_info_from_string`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. - -### Cipher key management - -The legacy API and the PSA API have a different organization of operations in several respects: - -* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. -* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. -* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_ENCRYPT) or [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DECRYPT), depending on which direction you want to use the key in. To allow both directions, use the flag mask `PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT`. The same policy flags cover authenticated and non-authenticated encryption/decryption. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### Unauthenticated cipher operations - -Recall the workflow of an unauthenticated cipher operation in the legacy Mbed TLS cipher API: - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. -3. Set the IV with `mbedtls_cipher_set_iv` (except for ECB which does not use an IV). -4. For a one-shot operation, call `mbedtls_cipher_crypt`. To pass the input in multiple parts, call `mbedtls_cipher_update` as many times as necessary followed by `mbedtls_cipher_finish`. -5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent workflow with the PSA API is to call a single function: - -* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -* [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -For a multi-part operation, the equivalent workflow with the PSA API is as follows: - -1. Create an operation object of type [`psa_cipher_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1399de29db657e3737bb09927aae51fa) and zero-initialize it (or use the corresponding `INIT` macro). -2. Select the key and algorithm with [`psa_cipher_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga587374c0eb8137a572f8e2fc409bb2b4) or [`psa_cipher_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaa4ba3a167066eaef2ea49abc5dcd1d4b) depending on the desired direction. -3. When encrypting with a random IV, use [`psa_cipher_generate_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga29fd7d32a5729226a2f73e7b6487bd8a). When encrypting with a chosen IV, or when decrypting, set the IV with [`psa_cipher_set_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga9caddac1a429a5032d6d4a907fb70ba1). Skip this step with ECB since it does not use an IV. -4. Call [`psa_cipher_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gac3ca27ac6682917c48247d01fd96cd0f) as many times as needed. You can use [`PSA_CIPHER_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE) or [`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine a sufficient size for the output buffer. -5. Call [`psa_cipher_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1dcb58b8befe23f8a4d7a1d49c99249b) to obtain the last part of the output. You can use [`PSA_CIPHER_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_SIZE) or [`PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4). - -### Authenticated cipher operations - -Recall the workflow of an authenticated cipher operation in the legacy Mbed TLS cipher API (or similar workflows in the `chachapoly`, `ccm` and `gcm` modules): - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. -3. Set the nonce with `mbedtls_cipher_set_iv` (or the `starts` function for low-level modules). For CCM, which requires direct use of the `ccm` module, also call `mbedtls_ccm_set_lengths` to set the length of the additional data and of the plaintext. -4. Call `mbedtls_cipher_update_ad` to pass the unencrypted additional data. -5. Call `mbedtls_cipher_update` as many times as necessary to pass the input plaintext or ciphertext. -6. Call `mbedtls_cipher_finish` to obtain the last part of the output. Then call `mbedtls_cipher_write_tag` (when encrypting) or `mbedtls_cipher_check_tag` (when decrypting) to process the authentication tag. -7. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -Steps 3–6 can be replaced by a single call to `mbedtls_cipher_auth_encrypt_ext` or `mbedtls_cipher_auth_decrypt_ext` for a one-shot operation (where the whole plaintext or ciphertext is passed as a single input). - -For a one-shot operation, the PSA API allows you to call a single function: - -* [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -* [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -For a multi-part operation, the equivalent workflow with the PSA API is as follows: - -1. Create an operation object of type [`psa_aead_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga14f6a01afbaa8c5b3d8c5d345cbaa3ed) and zero-initialize it (or use the corresponding `INIT` macro). -2. Select the key and algorithm with [`psa_aead_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga2732c40ce8f3619d41359a329e9b46c4) or [`psa_aead_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaaa5c5018e67a7a6514b7e76b9a14de26) depending on the desired direction. -3. When encrypting with a random nonce, use [`psa_aead_generate_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga5799df1c555efd35970b65be51cb07d1). When encrypting with a chosen nonce, or when decrypting, set the nonce with [`psa_aead_set_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga59132751a6f843d038924cb217b5e13b). If the algorithm is CCM, you must also call [`psa_aead_set_lengths`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gad3431e28d05002c2a7b0760610176050) before or after setting the nonce (for other algorithms, this is permitted but not needed). -4. Call [`psa_aead_update_ad`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga6d0eed03f832e5c9c91cb8adf2882569) as many times as needed. -5. Call [`psa_aead_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaf6d49864951ca42136b4a9b71ea26e5c) as many times as needed. You can use [`PSA_AEAD_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_SIZE) or [`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -6. Finally: - * When encrypting, call [`psa_aead_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga759791bbe1763b377c3b5447641f1fc8) to obtain the last part of the ciphertext and the authentication tag. You can use [`PSA_AEAD_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_SIZE) or [`PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - * When decrypting, call [`psa_aead_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae0280e2e61a185b893c36d858453f0d0) to obtain the last part of the plaintext and check the authentication tag. You can use [`PSA_AEAD_VERIFY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_SIZE) or [`PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). - -### Miscellaneous cipher operation management - -The equivalent of `mbedtls_cipher_reset` is to call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4) or [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). Note that you must set the key again with a setup function: the PSA API does not have a special way to reuse an operation object with the same key. - -There is no equivalent for the `mbedtls_cipher_get_xxx` functions to extract information from an ongoing PSA cipher or AEAD operation. Applications that need this information will need to save it from the key and operation parameters. - -## Hashes and MAC - -The PSA API groups functions by purpose rather than by underlying primitive: there is a MAC API (equivalent to `md.h` for HMAC, and `cmac.h` for CMAC) and a hash API (equivalent to `md.h` for hashing). There is no special API for a particular hash algorithm (`md5.h`, `sha1.h`, `sha256.h`, `sha512.h`, `sha3.h`). To migrate code using those low-level modules, please follow the recommendations in the following section, using the same principles as the corresponding `md.h` API. - -The PSA API does not have a direct interface for the AES-CMAC-PRF-128 algorithm from RFC 4615 calculated by `mbedtls_aes_cmac_prf_128` at the time of writing. You can implement it using the MAC interface with an AES key and the CMAC algorithm. - -### Hash mechanism selection - -The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type `psa_algorithm_t` and `PSA_ALG_xxx` constants (the type encompasses all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of algorithms, but note that SHA-1 and SHA-2 are spelled slightly differently. - -| Mbed TLS constant | PSA constant | -| ---------------------- | ------------------- | -| `MBEDTLS_MD_MD5` | `PSA_ALG_MD5` | -| `MBEDTLS_MD_SHA1` | `PSA_ALG_SHA_1` | -| `MBEDTLS_MD_SHA224` | `PSA_ALG_SHA_224` | -| `MBEDTLS_MD_SHA256` | `PSA_ALG_SHA_256` | -| `MBEDTLS_MD_SHA384` | `PSA_ALG_SHA_384` | -| `MBEDTLS_MD_SHA512` | `PSA_ALG_SHA_512` | -| `MBEDTLS_MD_RIPEMD160` | `PSA_ALG_RIPEMD160` | -| `MBEDTLS_MD_SHA3_224` | `PSA_ALG_SHA3_224` | -| `MBEDTLS_MD_SHA3_256` | `PSA_ALG_SHA3_256` | -| `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` | -| `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` | - -The following helper functions can be used to convert between the 2 types: -- `mbedtls_md_psa_alg_from_type()` converts from legacy `mbedtls_md_type_t` to PSA's `psa_algorithm_t`. -- `mbedtls_md_type_from_psa_alg()` converts from PSA's `psa_algorithm_t` to legacy `mbedtls_md_type_t`. - -### MAC mechanism selection - -PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6). - -* For HMAC, the algorithm is [`PSA_ALG_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga70f397425684b3efcde1e0e34c28261f)`(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”), - for example `PSA_ALG_HMAC(PSA_ALG_SHA_256)` for HMAC-SHA-256. - The key type is [`PSA_KEY_TYPE_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_KEY_TYPE_HMAC) regardless of the hash algorithm. -* For CMAC, the algorithm is [`PSA_ALG_CMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_CMAC) regardless of the underlying block cipher. The key type determines the block cipher: - [`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), - [`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), - [`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81) or - [`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). - -### Hash and MAC mechanism availability - -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. For a compound mechanism, all parts must be supported. In particular, for HMAC, all three of `PSA_WANT_KEY_TYPE_HMAC`, `PSA_WANT_ALG_HMAC` and the underlying hash must be enabled. (A configuration with only one of `PSA_WANT_KEY_TYPE_HMAC` and `PSA_WANT_ALG_HMAC` is technically possible but not useful.) - -For example, to test if HMAC-SHA-256 is supported, in the legacy API, you could write: -``` -#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_HMAC && PSA_WANT_ALG_HMAC && PSA_WANT_ALG_SHA_256 -``` - -To test if AES-CMAC is supported, in the legacy API, you could write: -``` -if defined(MBEDTLS_AES_C) && defined(MBEDTLS_CMAC_C) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CMAC -``` - -### Hash algorithm metadata - -There is no equivalent to the type `mbedtls_md_info_t` and the functions `mbedtls_md_info_from_type` and `mbedtls_md_get_type` in the PSA API because it is unnecessary. All macros and functions operate directly on algorithm (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -| Legacy macro | PSA macro | -| ------------ | --------- | -| `MBEDTLS_MD_MAX_SIZE` | [`PSA_HASH_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_MAX_SIZE) | -| `MBEDTLS_MD_MAX_BLOCK_SIZE` | [`PSA_HMAC_MAX_HASH_BLOCK_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HMAC_MAX_HASH_BLOCK_SIZE) | -| `mbedtls_md_get_size` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | -| `mbedtls_md_get_size_from_type` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | - -The following features have no PSA equivalent: - -* `mbedtls_md_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. -* `mbedtls_md_info_from_ctx` -* `mbedtls_cipher_info_from_string`, `mbedtls_md_get_name`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. - -### Hash calculation - -The equivalent of `mbedtls_md` for a one-shot hash calculation is [`psa_hash_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gac69f7f19d96a56c28cf3799d11b12156). In addition, to compare the hash of a message with an expected value, you can call [`psa_hash_compare`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga0c08f4797bec96b886c8c8d7acc2a553) instead of `mbedtls_md` followed by `memcmp` or a constant-time equivalent. - -For a multi-part hash calculation, the legacy process is as follows: - -1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. -2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=0`. Then call `mbedtls_md_starts` to start the hash operation. -3. Call `mbedtls_md_update` as many times as necessary. -4. Call `mbedtls_md_finish`. If verifying the hash against an expected value, compare the result with the expected value. -5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. - -The equivalent process in the PSA API is as follows: - -1. Create an operation object of type [`psa_hash_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga3c4205d2ce66c4095fc5c78c25273fab) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_hash_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga8d72896cf70fc4d514c5c6b978912515) to specify the algorithm. -3. Call [`psa_hash_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga65b16ef97d7f650899b7db4b7d1112ff) as many times as necessary. -4. To obtain the hash, call [`psa_hash_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga4795fd06a0067b0adcd92e9627b8c97e). Alternatively, to verify the hash against an expected value, call [`psa_hash_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga7be923c5700c9c70ef77ee9b76d1a5c0). - -If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928). - -There is no equivalent to `mbedtls_md_file` in the PSA API. Load the file data and calculate its hash. - -### MAC key management - -The legacy API and the PSA API have a different organization of operations in several respects: - -* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. -* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. -* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_SIGN_MESSAGE) to calculate a MAC or [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_VERIFY_MESSAGE) to verify the MAC of a message. To allow both directions, use the flag mask `PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE`. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### MAC calculation - -The process for a HMAC operation in the legacy API is as follows: - -1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. -2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=1`. Then call `mbedtls_md_hmac_starts` to set the key. -3. Call `mbedtls_md_hmac_update` as many times as necessary. -4. Call `mbedtls_md_hmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. -5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. - -The process for a CMAC operation in the legacy API is as follows: - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Call `mbedtls_cipher_setup` to select the block cipher. Then call `mbedtls_md_cmac_starts` to set the key. -3. Call `mbedtls_cipher_cmac_update` as many times as necessary. -4. Call `mbedtls_cipher_cmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. -5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -The process in the PSA API to calculate a MAC is as follows: - -1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_mac_sign_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga03bc3e3c0b7e55b20d2a238e418d46cd) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. -3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. -4. To obtain the MAC, call [`psa_mac_sign_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac22bc0125580c96724a09226cfbc97f2). - -To verify a MAC against an expected value, use the following process instead: - -1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_mac_verify_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga08ae327fcbc5f8e201172fe11e536984) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. -3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. -4. To verify the MAC against an expected value, call [`psa_mac_verify_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac92b2930d6728e1be4d011c05d485822). - -If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). - -The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac` and `mbedtls_md_hmac`: - -* [`psa_mac_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gabf02ebd3595ea15436967092b5d52878) to calculate the MAC of a buffer in memory. -* [`psa_mac_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gaf6988545df5d5e2466c34d753443b15a) to verify the MAC of a buffer in memory against an expected value. - -In both cases, see “[MAC key management](#mac-key-management)” for how to obtain a key identifier. - -### Miscellaneous hash or MAC operation management - -The equivalent of `mbedtls_md_reset`, `mbedtls_md_hmac_reset` or `mbedtls_cmac_reset` is to call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928) or [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). Note that you must call a setup function to specify the algorithm and the key (for MAC) again, and they can be different ones. - -The equivalent of `mbedtls_md_clone` to clone a hash operation is [`psa_hash_clone`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga39673348f3302b4646bd780034a5aeda). A PSA MAC operation cannot be cloned. - -## Key derivation - -### HKDF - -PSA Crypto provides access to HKDF, HKDF-Extract and HKDF-Expand via its [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/). This is a generic interface using an operation object with one function call for each input and one function call for each output. - -1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For HKDF and variants, use one of the macros [`PSA_ALG_HKDF`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF), [`PSA_ALG_HKDF_EXTRACT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXTRACT) or [`PSA_ALG_HKDF_EXPAND`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXPAND) with the [hash algorithm](#hash-mechanism-selection) passed as an argument. For example `PSA_ALG_HKDF(PSA_ALG_SHA_256)` selects HKDF-SHA-256. -3. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: - 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. Omit this step for HKDF-Expand. For HKDF, you may omit this step if the salt is empty. - 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the secret input. - 3. [`PSA_KEY_DERIVATION_INPUT_INFO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gacef8df989e09c769233f4b779acb5b7d) for the info string used during the expansion step. Omit this step for HKDF-Extract. -4. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. -5. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. - -### PKCS#5 module - -Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2. This is a generic interface using an operation object with one function call for each input and one function call for each output. - -1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For PBKDF2-HMAC, select `PSA_ALG_PBKDF2_HMAC(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”). -3. Call `psa_key_derivation_input_cost` with the step `PSA_KEY_DERIVATION_INPUT_COST` to select the iteration count. -4. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: - 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. You may repeat this step to pass the salt in pieces (for example a salt and a pepper). - 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the password. -5. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. - Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. - If you want to verify the output against an expected value (for authentication, rather than to derive key material), call [`psa_key_derivation_verify_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gaf01520beb7ba932143ffe733b0795b08) or [`psa_key_derivation_verify_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac041714e34a94742e8ee006ac7dfea5a) instead of `psa_key_derivation_output_bytes`. (Note that the `verify` functions are not yet present in the 3.5 release of Mbed TLS. They are expected to be released in version 3.6.0.) -6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. - -The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. - -### PKCS#12 module - -The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbe` are only intended as support functions to parse encrypted private keys in the PK module. They have no PSA equivalent. - -## Random generation - -### Random generation interface - -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.h` and `hmac_drbg.h`. See the next sections for remaining use cases for [entropy](#entropy-sources) and [DRBG](#deterministic-pseudorandom-generation). - -The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - -If your application mixes uses of the PSA crypto API and the mbedtls API and you need to pass an RNG argument to a legacy or X.509/TLS function, include the header file `` and use: - -* [`mbedtls_psa_get_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#_CPPv422mbedtls_psa_get_randomPvPh6size_t) as the `f_rng` argument; -* [`MBEDTLS_PSA_RANDOM_STATE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#c.MBEDTLS_PSA_RANDOM_STATE) as the `p_rng` argument. - -You can remove the Mbed TLS RNG boilerplate (`mbedtls_entropy_init`, `mbedtls_ctr_drbg_init`, `mbedtls_ctr_drbg_seed`, `mbedtls_ctr_drbg_random`, `mbedtls_ctr_drbg_free`, `mbedtls_entropy_free` — or `hmac_drbg` equivalents of the `ctr_drbg` functions) once you have finished replacing the references to `mbedtls_ctr_drbg_random` (or `mbedtls_hmac_drbg_random`) by `mbedtls_psa_get_random`. - -### Entropy sources - -Unless explicitly configured otherwise, the PSA random generator uses the default entropy sources configured through the legacy interface (`MBEDTLS_ENTROPY_xxx` symbols). Its set of sources is equivalent to an entropy object configured with `mbedtls_entropy_init`. - -A future version of Mbed TLS will include a PSA interface for configuring entropy sources. This is likely to replace the legacy interface in Mbed TLS 4.0. - -### Deterministic pseudorandom generation - -The PSA API does not have a dedicated interface for pseudorandom generation. The [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) can serve a similar purpose in some applications, but it does not offer CTR\_DRBG or HMAC\_DRBG. If you need these algorithms, keep using `ctr_drbg.h` and `hmac_drbg.h`, but note that they may be removed from the public API in Mbed TLS 4.0. - -## Asymmetric cryptography - -The PSA API supports RSA (see “[RSA mechanism selection](#rsa-mechanism-selection)”), elliptic curve cryptography (see “[ECC mechanism selection](#elliptic-curve-mechanism-selection)” and “[EC-JPAKE](#ec-jpake)”) and finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - -### Key lifecycle for asymmetric cryptography - -In the PSA API, keys are referenced by an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t). -(Some documentation references [`mbedtls_svc_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv420mbedtls_svc_key_id_t); the two types are identical except when the library is configured for use in a multi-client cryptography service.) -The PSA key identifier tends to play the same role as an `mbedtls_pk_context`, `mbedtls_rsa_context` or `mbedtls_ecp_keypair` structure in the legacy API. However, there are major differences in the way the two APIs can be used to create keys or to obtain information about a key. - -Here is an overview of the lifecycle of a PSA key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's conceptual size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the permitted algorithm to the desired `PSA_ALG_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” as well as “[Public-key cryptography policies](#public-key-cryptography-policies)”). - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable the desired usage types (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### Public-key cryptography policies - -A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what operations are permitted (usage flags). - -The following table lists the relevant usage flags for asymmetric cryptography. You can pass those flags (combined with bitwise-or) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de). - -| Usage | Flag | -| ----- | ---- | -| export public key | 0 (always permitted) | -| export private key | [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) | -| Sign a message directly | [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | -| Sign an already-calculated hash | at least one of [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) or [`PSA_KEY_USAGE_SIGN_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | -| Verify a message directly | [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) | -| Verify an already-calculated hash | at least one of [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) or [`PSA_KEY_USAGE_VERIFY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gafadf131ef2182045e3483d03aadaa1bd) | -| Encryption | [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga75153b296d045d529d97203a6a995dad) | -| Decryption | [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gac3f2d2e5983db1edde9f142ca9bf8e6a) | -| Key agreement | [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gaf19022acc5ef23cf12477f632b48a0b2) | - -The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” cover the available algorithm values for each key type. Normally, a key can only be used with a single algorithm, following standard good practice. However, there are two ways to relax this requirement. - -* Many signature algorithms encode a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA_ALG_ANY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_ANY_HASH) instead of a hash algorithm value to allow the key to be used with any hash. For example, `psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH))` allows the key to be used with RSASSA-PSS, with different hash algorithms in each operation. -* In addition to the algorithm (or wildcard) selected with [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98), you can use [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to permit a second algorithm (or wildcard). This is intended for scenarios where a key is normally used with a single algorithm, but needs to be used with a different algorithm for enrollment (such as an ECDH key for which an ECDSA proof-of-possession is also required). - -### Asymmetric cryptographic mechanisms - -#### RSA mechanism selection - -The PK types `MBEDTLS_PK_RSA`, `MBEDTLS_PK_RSASSA_PSS` and `MBEDTLS_PK_RSA_ALT` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. -See “[RSA-ALT interface](#rsa-alt-interface)” for more information about `MBEDTLS_PK_RSA_ALT`. - -The PSA API uses policies and algorithm parameters rather than key types to distinguish between RSA-based mechanisms. The PSA algorithm selection corresponds to the `mbedtls_pk_type_t` value passed to `mbedtls_pk_{sign,verify}_ext`. It also replaces the use of `mbedtls_rsa_set_padding` on an `mbedtls_rsa_context` object. See the list of algorithms below and the signature and encryption sections for more information. - -An RSA public key has the type [`PSA_KEY_TYPE_RSA_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9ba0878f56c8bcd1995ac017a74f513b). - -An RSA key pair has the type [`PSA_KEY_TYPE_RSA_KEY_PAIR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11745b110166e927e2abeabc7d532051). A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). -You can always use a private key for operations on the corresponding public key (as long as the policy permits it). - -The following cryptographic algorithms work with RSA keys: - -* PKCS#1v1.5 RSA signature: [`PSA_ALG_RSA_PKCS1V15_SIGN`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af), [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817). -* PKCS#1v1.5 RSA encryption: [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). -* PKCS#1 RSASSA-PSS signature: [`PSA_ALG_RSA_PSS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d), [`PSA_ALG_RSA_PSS_ANY_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). -* PKCS#1 RSAES-OAEP encryption: [`PSA_ALG_RSA_OAEP`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76). - -#### Elliptic curve mechanism selection - -The PK types `MBEDTLS_PK_ECKEY`, `MBEDTLS_PK_ECKEY_DH` and `MBEDTLS_PK_ECDSA` correspond to elliptic-curve key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. The PSA API uses policies and algorithm parameters rather than key types to distinguish between the PK EC types. - -An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad54c03d3b47020e571a72cd01d978cf2) where `curve` is a curve family identifier. - -An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). -You can always use a private key for operations on the corresponding public key (as long as the policy permits it). - -A curve is fully determined by a curve family identifier and the private key size in bits. You can use the following functions to convert between the PSA and legacy elliptic curve designations: -- [`mbedtls_ecc_group_to_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga9c83c095adfec7da99401cf81e164f99) converts from the legacy curve type identifier to PSA curve family and bit-size. -- [`mbedtls_ecc_group_from_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga6243eb619d5b2f5fe4667811adeb8a12) converts from PSA curve family and bit-size to the legacy identifier. - -The following table gives the correspondence between legacy and PSA elliptic curve designations. - -| Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size | -| -------------------------------- | ---------------- | -------------- | -| `MBEDTLS_ECP_DP_SECP192R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | -| `MBEDTLS_ECP_DP_SECP224R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 224 | -| `MBEDTLS_ECP_DP_SECP256R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | -| `MBEDTLS_ECP_DP_SECP384R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 384 | -| `MBEDTLS_ECP_DP_SECP521R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 521 | -| `MBEDTLS_ECP_DP_BP256R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 256 | -| `MBEDTLS_ECP_DP_BP384R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 384 | -| `MBEDTLS_ECP_DP_BP512R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 512 | -| `MBEDTLS_ECP_DP_CURVE25519` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 255 | -| `MBEDTLS_ECP_DP_SECP192K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | -| `MBEDTLS_ECP_DP_SECP224K1` | not supported | N/A | -| `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | -| `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | - -The following cryptographic algorithms work with ECC keys: - -* ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). -* ECDSA: [`PSA_ALG_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3), [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4), [`PSA_ALG_DETERMINISTIC_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03). -* EC-JPAKE (see “[EC-JPAKE](#ec-jpake)”. - -#### Diffie-Hellman mechanism selection - -A finite-field Diffie-Hellman key pair has the type [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) where `group` is a group family as explained below. - -A finite-field Diffie-Hellman public key has the type [`PSA_KEY_TYPE_DH_PUBLIC_KEY(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa22f0f2ea89b929f2fadc19890cc5d5c) where `group` is a group family as explained below. Due to the design of the API, there is rarely a need to use Diffie-Hellman public key objects. - -The PSA API only supports Diffie-Hellman with predefined groups. A group is fully determined by a group family identifier and the public key size in bits. - -| Mbed TLS DH group P value | PSA DH group family | Bit-size | -| ------------------------- | ------------------- | -------- | -| `MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 2048 | -| `MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 3072 | -| `MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 4096 | -| `MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 6144 | -| `MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 8192 | - -A finite-field Diffie-Hellman key can be used for key agreement with the algorithm [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4). - -### Creating keys for asymmetric cryptography - -The easiest way to create a key pair object is by randomly generating it with [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). Compared with the low-level functions from the legacy API (`mbedtls_rsa_gen_key`, `mbedtls_ecp_gen_privkey`, `mbedtls_ecp_gen_keypair`, `mbedtls_ecp_gen_keypair_base`, `mbedtls_ecdsa_genkey`), this directly creates an object that can be used with high-level APIs, but removes some of the flexibility. Note that if you want to export the generated private key, you must pass the flag [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de); exporting the public key with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) is always permitted. - -For RSA keys, `psa_generate_key` uses 65537 as the public exponent. You can use [`psa_generate_key_custom`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#ga0415617443afe42a712027bbb8ad89f0) to select a different public exponent. As of Mbed TLS 3.6.1, selecting a different public exponent is only supported with the built-in RSA implementation, not with PSA drivers. - -To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). This function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), but only supports a single format that just contains the number(s) that make up the key, with very little metadata. The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details. - -| Key type | PSA import/export format | -| -------- | ------------------------ | -| RSA key pair | PKCS#1 RSAPrivateKey DER encoding (including both private exponent and CRT parameters) | -| RSA public key | PKCS#1 RSAPublicKey DER encoding | -| ECC key pair | Fixed-length private value (not containing the public key) | -| ECC public key (Weierstrass curve) | Fixed-length uncompressed point | -| ECC public key (Montgomery curve) | Fixed-length public value | -| FFDH key pair | Fixed-length private value (not containing the public key) | -| FFDH public key | Fixed-length public value | - -There is no equivalent of `mbedtls_pk_parse_keyfile` and `mbedtls_pk_parse_public_keyfile`. Either call the legacy function or load the file data manually. - -A future extension of the PSA API will support other import formats. Until those are implemented, see the following subsection for how to use the PK module for key parsing and construct a PSA key object from the PK object. - -### Creating a PSA key via PK - -You can use the PK module as an intermediate step to create an RSA or ECC key for use with PSA. This is useful for use cases that the PSA API does not currently cover, such as: - -* Parsing a key in a format with metadata without knowing its type ahead of time. -* Parsing a key in a format that the PK module supports, but `psa_import_key` doesn't. -* Importing a key which you have in the form of a list of numbers, rather than the binary encoding required by `psa_import_key`. -* Importing a key with less information than what the PSA API needs, for example an ECC public key in a compressed format, an RSA private key without the private exponent, or an RSA private key without the CRT parameters. - -For such use cases: - -1. First create a PK object with the desired key material. -2. Call [`mbedtls_pk_get_psa_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a7aa7b33cffb6981d95d1632631de9244) to fill PSA attributes corresponding to the PK key. Pass one of the following values as the `usage` parameter: - * `PSA_KEY_USAGE_SIGN_HASH` or `PSA_KEY_USAGE_SIGN_MESSAGE` for a key pair used for signing. - * `PSA_KEY_USAGE_DECRYPT` for a key pair used for decryption. - * `PSA_KEY_USAGE_DERIVE` for a key pair used for key agreement. - * `PSA_KEY_USAGE_VERIFY_HASH` or `PSA_KEY_USAGE_VERIFY_MESSAGE` for a public key pair used for signature verification. - * `PSA_KEY_USAGE_ENCRYPT` for a key pair used for encryption. -3. Optionally, tweak the attributes (this is rarely necessary). For example: - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de), [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) and/or [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to change the key's policy (by default, it allows what can be done through the PK module). - · Call [`psa_set_key_id`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae48fcfdc72a23e7499957d7f54ff5a64) and perhaps [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to create a PSA persistent key. -4. Call [`mbedtls_pk_import_into_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ad59835d14832daf0f4b4bd0a4555abb9) to import the key into the PSA key store. -5. You can now free the PK object with `mbedtls_pk_free`. - -Here is some sample code illustrating the above process, with error checking omitted. - -``` -mbedtls_pk_context pk; -mbedtls_pk_init(&pk); -mbedtls_pk_parse_key(&pk, key_buffer, key_buffer_length, NULL, 0, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes); -psa_key_id_t key_id; -mbedtls_pk_import_into_psa(&pk, &attributes, &key_id); -mbedtls_pk_free(&pk); -psa_sign_hash(key_id, ...); -``` - -#### Importing an elliptic curve key from ECP - -This section explains how to use the `ecp.h` API to create an elliptic curve key in a format suitable for `psa_import_key`. - -You can use this, for example, to import an ECC key in the form of a compressed point by calling `mbedtls_ecp_point_read_binary` then following the process below. - -The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. (This includes `mbedtls_ecdsa_keypair` objects since that is just a type alias.) Error checks are omitted for simplicity. A future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764). - -``` -mbedtls_ecp_keypair ec; -mbedtls_ecp_keypair_init(&ec); -// Omitted: fill ec with key material -// (the public key will not be used and does not need to be set) -unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; -size_t length; -mbedtls_ecp_write_key_ext(&ec, &length, buf, sizeof(buf)); -psa_ecc_curve_t curve = ...; // need to determine the curve family manually -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); -psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); -psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); -psa_key_id_t key_id = 0; -psa_import_key(&attributes, buf, length, &key_id); -mbedtls_ecp_keypair_free(&ec); -``` -The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. Error checks are omitted for simplicity. - -``` -mbedtls_ecp_group grp; -mbedtls_ecp_group_init(&grp); -mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_...); -mbedtls_ecp_point pt; -mbedtls_ecp_point_init(&pt); -// Omitted: fill pt with key material -unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_PUBLIC_KEY_MAX_SIZE)]; -size_t length; -mbedtls_ecp_point_write_binary(&grp, &pt, &length, buf, sizeof(buf)); -psa_ecc_curve_t curve = ...; // need to determine the curve family manually -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); -psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); -psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); -psa_key_id_t key_id = 0; -psa_import_key(&attributes, buf, length, &key_id); -mbedtls_ecp_point_free(&pt); -mbedtls_ecp_group_free(&grp); -``` - -### Key pair and public key metadata - -There is no equivalent to the type `mbedtls_pk_info_t` and the functions `mbedtls_pk_info_from_type` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -You can call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) to populate a structure with the attributes of a key, then functions such as [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain a key's type (`PSA_KEY_TYPE_xxx` value) and size (nominal size in bits). - -The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as `mbedtls_pk_get_len` or `mbedtls_rsa_get_len` do, you can use the macro `PSA_BITS_TO_BYTES`. However, note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function. - -Most code that calls `mbedtls_pk_get_type` or `mbedtls_pk_can_do` only requires the key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). For code that uses both `mbedtls_pk_context` objects and PSA metadata encoding, [`mbedtls_pk_can_do_ext`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a256d3e8d4323a45aafa7d2b6c59a36f6) checks the compatibility between a key object and a mechanism. If needed, you can also access a key's policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. - -### Exporting a public key or a key pair - -To export a PSA key pair or public key, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If the key is a key pair, its policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). - -To export a PSA public key or to export the public key of a PSA key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). This is always permitted regardless of the key's policy. - -The export format is the same format used for `psa_import_key`, described in “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” above. - -A future extension of the PSA API will support other export formats. Until those are implemented, see “[Exposing a PSA key via PK](#exposing-a-psa-key-via-pk)” for ways to use the PK module to format a PSA key. - -#### Exposing a PSA key via PK - -This section discusses how to use a PSA key in a context that requires a PK object, such as PK formatting functions (`mbedtls_pk_write_key_der`, `mbedtls_pk_write_pubkey_der`, `mbedtls_pk_write_pubkey_pem`, `mbedtls_pk_write_key_pem` or `mbedtls_pk_write_pubkey`), Mbed TLS X.509 functions, Mbed TLS SSL functions, or another API that involves `mbedtls_pk_context` objects. The PSA key must be an RSA or ECC key since the PK module does not support DH keys. Three functions from `pk.h` help with that: - -* [`mbedtls_pk_copy_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ab8e88836fd9ee344ffe630c40447bd08) copies a PSA key into a PK object. The PSA key must be exportable. The PK object remains valid even if the PSA key is destroyed. -* [`mbedtls_pk_copy_public_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a2a50247a528889c12ea0ddddb8b15a4e) copies the public part of a PSA key into a PK object. The PK object remains valid even if the PSA key is destroyed. -* [`mbedtls_pk_setup_opaque`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a4c04ac22ab9c1ae09cc29438c308bf05) sets up a PK object that wraps the PSA key. The PK object has the type `MBEDTLS_PK_OPAQUE` regardless of whether the key is an RSA or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object contains a reference to the PSA key identifier, therefore PSA key must not be destroyed as long as the PK object remains alive. - -Here is some sample code illustrating how to use the PK module to format a PSA public key or the public key of a PSA key pair. -``` -int write_psa_pubkey(psa_key_id_t key_id, - unsigned char *buf, size_t size, size_t *len) { - mbedtls_pk_context pk; - mbedtls_pk_init(&pk); - int ret = mbedtls_pk_copy_public_from_psa(key_id, &pk); - if (ret != 0) goto exit; - ret = mbedtls_pk_write_pubkey_der(&pk, buf, size); - if (ret < 0) goto exit; - *len = ret; - memmove(buf, buf + size - ret, ret); - ret = 0; -exit: - mbedtls_pk_free(&pk); -} -``` - -### Signature operations - -The equivalent of `mbedtls_pk_sign` or `mbedtls_pk_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c). -The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine a sufficient size for the output buffer. -This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext` and `mbedtls_ecdsa_write_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. - -The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5). -The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_verify`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`, `mbedtls_rsa_rsassa_pss_verify`, `mbedtls_rsa_rsassa_pss_verify_ext`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. - -Generally, `psa_sign_hash` and `psa_verify_hash` require the input to have the correct length for the hash (this has historically not always been enforced in the corresponding legacy APIs). - -See also “[Restartable ECDSA signature](#restartable-ecdsa-signature)” for a restartable variant of this API. - -The PSA API also has functions [`psa_sign_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga963ecadae9c38c85826f9a13cf1529b9) and [`psa_verify_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga01c11f480b185a4268bebd013df7c14c). These functions combine the hash calculation with the signature calculation or verification. -For `psa_sign_message`, either the usage flag `PSA_KEY_USAGE_SIGN_MESSAGE` or `PSA_KEY_USAGE_SIGN_HASH` is sufficient. -For `psa_verify_message`, either the usage flag `PSA_KEY_USAGE_VERIFY_MESSAGE` or `PSA_KEY_USAGE_VERIFY_HASH` is sufficient. - -Most signature algorithms involve a hash algorithm. See “[Hash mechanism selection](#hash-mechanism-selection)”. - -The following subsections describe the PSA signature mechanisms that correspond to legacy Mbed TLS mechanisms. - -#### ECDSA signature - -**Note: in the PSA API, the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. To convert between the two formats, use [`mbedtls_ecdsa_raw_to_der`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#group__psa__tls__helpers_1ga9295799b5437bdff8ce8abd524c5ef2e) or [`mbedtls_ecdsa_der_to_raw`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#group__psa__tls__helpers_1ga33b3cf65d5992ccc724b7ee00186ae61). - - - -ECDSA is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, as well as by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`. - -The PSA API offers three algorithm constructors for ECDSA. They differ only for signature, and have exactly the same behavior for verification. - -* [`PSA_ALG_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3) is a randomized ECDSA signature of a hash calculated with the algorithm `hash`. -* [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4) is equivalent to `PSA_ALG_ECDSA`, but does not require specifying a hash as part of the algorithm. It can only be used with `psa_sign_hash` and `psa_verify_hash`, with no constraint on the length of the hash. -* [`PSA_ALG_DETERMINISTIC_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03) is a deterministic ECDSA signature of a hash calculated with the algorithm `hash`. This is the same as the functionality offered by `MBEDTLS_ECDSA_DETERMINISTIC` in the legacy API. - * For `psa_sign_message` with `PSA_ALG_DETERMINISTIC_ECDSA`, the same hash algorithm is used to hash the message and to parametrize the deterministic signature generation. - -Unlike the legacy API, where `mbedtls_pk_sign` and `mbedtls_ecdsa_write_signature` automatically select deterministic ECDSA if both are available, the PSA API requires the application to select the preferred variant. ECDSA verification cannot distinguish between randomized and deterministic ECDSA (except in so far as if the same message is signed twice and the signatures are different, then at least one of the signatures is not the determinstic variant), so in most cases switching between the two is a compatible change. - -#### Restartable ECDSA signature - -The legacy API includes an API for “restartable” ECC operations: the operation returns after doing partial computation, and can be resumed. This is intended for highly constrained devices where long cryptographic calculations need to be broken up to poll some inputs, where interrupt-based scheduling is not desired. The legacy API consists of the functions `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`, `mbedtls_ecdsa_sign_restartable`, `mbedtls_ecdsa_verify_restartable`, `mbedtls_ecdsa_write_signature_restartable`, `mbedtls_ecdsa_read_signature_restartable`, as well as several configuration and data manipulation functions. - -The PSA API offers similar functionality via “interruptible” public-key operations. As of Mbed TLS 3.5, it is only implemented for ECDSA, for the same curves as the legacy API. This will likely be extended to ECDH in the short term. At the time of writing, no extension is planned to other curves or other algorithms. - -The flow of operations for an interruptible signature operation is as follows: - -1. Create an operation object of type [`psa_sign_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6948d4653175b1b530a265540066a7e7) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_sign_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga441988da830205182b3e791352537fac) with the private key object and the hash to verify. -3. Call [`psa_sign_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga79849aaa7004a85d2ffbc4b658a333dd) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. - -The flow of operations for an interruptible signature verification operation is as follows: - -1. Create an operation object of type [`psa_verify_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga537054cf4909ad1426331ae4ce7148bb) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_verify_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga912eb51fb94056858f451f276ee289cb) with the private key object and the hash and signature to verify. -3. Call [`psa_verify_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga67fe82352bc2f8c0343e231a70a5bc7d) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. - -If you need to cancel the operation after calling the start function without waiting for the loop calling the complete function to finish, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88). - -Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. You can retrieve the current value with [`psa_interruptible_get_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga73e66a6d93f2690b626fcea20ada62b2). The value is [`PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible/#group__interruptible_1gad19c1da7f6b7d59d5873d5b68eb943d4) if operations are not restartable, which corresponds to `mbedtls_ecp_restart_is_enabled()` being false. - -#### PKCS#1 v1.5 RSA signature - -This mechanism corresponds to `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` for an RSA key, unless PSS has been selected with `mbedtls_rsa_set_padding` on the underlying RSA key context. This mechanism also corresponds to `mbedtls_rsa_rsassa_pkcs1_v15_sign` and `mbedtls_rsa_rsassa_pkcs1_v15_verify`. - -The PSA API has two algorithm constructors: - -* [`PSA_ALG_RSA_PKCS1V15_SIGN(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af) formats the hash as specified in PKCS#1. The hash algorithm corresponds to the `md_alg` parameter of the legacy functions. -* [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817) uses the “hash” input in lieu of a DigestInfo structure. This is the same as calling the legacy functions with `md_alg=MBEDTLS_MD_NONE`. - -#### PKCS#1 RSASSA-PSS signature - -This mechanism corresponds to `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext` for an RSA key, as well as `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` if PSS has been selected on the underlying RSA context with `mbedlts_rsa_set_padding`. -It also corresponds to `mbedtls_rsa_rsassa_pss_sign` and `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify` and `mbedtls_rsa_rsassa_pss_verify_ext`. - -The PSA API has two algorithm constructors: [`PSA_ALG_RSA_PSS(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d) and [`PSA_ALG_RSA_PSS_ANY_SALT(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). They differ only for verification, and have exactly the same behavior for signature. The hash algorithm `hash` corresponds to the `md_alg` parameter passed to the legacy API. It is used to hash the message, to create the salted hash, and for the mask generation with MGF1. The PSA API does not support using different hash algorithms for these different purposes. - -With respect to the salt length: - -* When signing, the salt is random, and the salt length is the largest possible salt length up to the hash length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. -* When verifying, `PSA_ALG_RSA_PSS` requires the the salt length to the largest possible salt length up to the hash length (i.e. the same that would be used for signing). -* When verifying, `PSA_ALG_RSA_PSS_ANY_SALT` accepts any salt length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. - -### Asymmetric encryption and decryption - -The equivalent of `mbedtls_pk_encrypt`, `mbedtls_rsa_pkcs1_encrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetric key) is [`psa_asymmetric_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gaa17f61e4ddafd1823d2c834b3706c290). -The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use the macro [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a66ba3bd93e5ec52870ccc3848778bad8) or [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. - -The equivalent of `mbedtls_pk_decrypt`, `mbedtls_rsa_pkcs1_decrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetric key) is [`psa_asymmetric_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga4f968756f6b22aab362b598b202d83d7). -The key must be a key pair allowing the usage `PSA_KEY_USAGE_DECRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use the macro [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a61a246f3eac41989821d982e56fea6c1) or [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. - -The following subsections describe the PSA asymmetric encryption mechanisms that correspond to legacy Mbed TLS mechanisms. - -#### RSA PKCS#1v1.5 encryption - -This is the mechanism used by the PK functions and by `mbedtls_rsa_pkcs1_{encrypt,decrypt}` unless `mbedtls_rsa_set_padding` has been called on the underlying RSA key context. -This is also the mechanism used by `mbedtls_rsa_rsaes_pkcs1_v15_{encrypt,decrypt}`. - -The PSA algorithm is [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). - -Beware that PKCS#1v1.5 decryption is subject to padding oracle attacks. Revealing when `psa_asymmetric_decrypt` returns `PSA_ERROR_INVALID_PADDING` may allow an adversary to decrypt arbitrary ciphertexts. - -#### RSA RSAES-OAEP - -This is the mechanism used by `mbedtls_rsa_rsaes_oaep_{encrypt,decrypt}`. - -The PSA algorithm is [`PSA_ALG_RSA_OAEP(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76) where `hash` is a hash algorithm value (`PSA_ALG_xxx`, see “[Hash mechanism selection](#hash-mechanism-selection)”). - -As with the PK API, the mask generation is MGF1, the label is empty, and the same hash algorithm is used for MGF1 and to hash the label. The PSA API does not offer a way to choose a different label or a different hash algorithm for the label. - -### Private-public key consistency - -There is no direct equivalent of the functions `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`. The PSA API performs some basic checks when it imports a key, and may perform additional checks before performing an operation if needed, so it will never perform an operation on a key that does not satisfy these checks, but the details of when the check is performed may change between versions of the library. - -The legacy API provides functions `mbedtls_pk_check_pair`, `mbedtls_rsa_check_pub_priv` and `mbedtls_ecp_check_pub_priv`, which can be used to check the consistency between a private key and a public key. To perform such a check with the PSA API, you can export the public keys; this works because the PSA representation of public keys is canonical. - -* Prepare a key object containing the private key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). -* Prepare a key object containing the public key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). -* Export both public keys with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) (this is possible regardless of the usage policies on the keys) and compare the output. - ``` - // Error checking omitted - unsigned char pub1[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - unsigned char pub2[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - size_t length1, length2; - psa_export_public_key(key1, pub1, sizeof(pub1), &length1); - psa_export_public_key(key2, pub2, sizeof(pub2), &length2); - if (length1 == length2 && !memcmp(pub1, pub2, length1)) - puts("The keys match"); - else - puts("The keys do not match"); - ``` - -### PK functionality with no PSA equivalent - -There is no PSA equivalent of the debug functionality provided by `mbedtls_pk_debug`. Use `psa_export_key` to export the key if desired. - -There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedtls_pk_get_name`. - -### Key agreement - -The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`. - - - -#### Diffie-Hellman key pair management - -The PSA API manipulates keys as such, rather than via an operation context. Thus, to use Diffie-Hellman, you need to create a key object, then perform the key exchange, then destroy the key. There is no equivalent to the types `mbedtls_ecdh_context` and `mbedtls_dhm_context`. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value: - * [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) for finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - * [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) for elliptic-curve Diffie-Hellman (see “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the private key size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to select the appropriate algorithm: - * [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43) or [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4) for a raw key agreement. - * [`PSA_ALG_KEY_AGREEMENT(ka, kdf)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga78bb81cffb87a635c247725eeb2a2682) if the key will be used as part of a key derivation, where: - * `ka` is either `PSA_ALG_ECDH` or `PSA_ALG_FFDH`. - * `kdf` is a key derivation algorithm. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DERIVE). See “[Public-key cryptography policies](#public-key-cryptography-policies)” for more information. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to generate a random key. This is normally the case for a Diffie-Hellman key. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is derived deterministically from other material, use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -#### Performing a key agreement - -Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain the public key that needs to be sent to the other party. -Use the macros [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine a sufficient size for the output buffer. - -Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to calculate the shared secret from your private key and the other party's public key. -Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -Call [`psa_key_derivation_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga2cd5a8ac906747d3204ec442db78745f) instead of `psa_raw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See “[HKDF](#hkdf)” for an example of the key derivation interface. - -#### Translating a legacy key agreement contextless workflow - -A typical workflow for ECDH using the legacy API without a context object is: - -1. Initialize objects: - * `mbedtls_ecp_group grp` for the curve; - * `mbedtls_mpi our_priv` for our private key; - * `mbedtls_ecp_point our_pub` for our public key; - * `mbedtls_ecp_point their_pub` for their public key (this may be the same variable as `our_pub` if the application does not need to hold both at the same time); - * `mbedtls_mpi z` for the shared secret (this may be the same variable as `our_priv` when doing ephemeral ECDH). -2. Call `mbedtls_ecp_group_load` on `grp` to select the curve. -3. Call `mbedtls_ecdh_gen_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retrieve the corresponding public key. -4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. -5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. Use the raw shared secret `z`, typically, to construct a shared key. -6. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. - -The corresponding workflow with the PSA API is as follows: - -1. Initialize objects: - * `psa_key_id_t our_key`: a handle to our key pair; - * `psa_key_attributes_t attributes`: key attributes used in steps 2–3;; - * `our_pub`: a buffer of size [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) (where `key_type` is the value passed to `psa_set_key_size` in step 2) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to hold our key. - * `their_pub`: a buffer of the same size, to hold the peer's key. This can be the same as `our_pub` if the application does not need to hold both at the same time; - * `shared_secret`: a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) (if not using a key derivation operation). -2. Prepare an attribute structure as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`. -3. Call [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on `our_key` and `our_pub` (output) to obtain our public key. -4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. -5. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -6. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) on `key_id`, and free the memory buffers. - -Steps 4–6 are only performed once for a "true" ephemeral Diffie-Hellman. They may be repeated multiple times for a "fake ephemeral" Diffie-Hellman where the same private key is used for multiple key exchanges, but it not saved. - -#### Translating a legacy ephemeral key agreement TLS server workflow - -The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 server. The PSA version of this workflow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. - -1. Setup phase: - 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. - 2. Call `mbedtls_ecdh_setup` or `mbedtls_dhm_set_group` to select the curve or group. - 3. Call `mbedtls_ecdh_make_params` or `mbedtls_dhm_make_params` to generate our key pair and obtain a TLS ServerKeyExchange message encoding the selected curve/group and our public key. -2. Send the ServerKeyExchange message to the peer. -3. Retrieve the peer's public key. -4. Call `mbedtls_ecdh_read_public` or `mbedtls_dhm_read_public` on the peer's public key, then call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. -5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. - -The corresponding workflow with the PSA API is as follows: - -1. Setup phase: - 1. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. - 2. Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. - 3. Format a ServerKeyExchange message containing the curve/group selection and our public key. -2. Send the ServerKeyExchange message to the peer. -3. Retrieve the peer's public key. -4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. - -#### Translating a legacy ephemeral key agreement TLS client workflow - -The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 client. The PSA version of this workflow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. - -1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: - 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. - 2. Call `mbedtls_ecdh_read_params` or `mbedtls_dhm_read_params` to input the data from the ServerKeyExchange message. -2. Call `mbedtls_ecdh_make_public` or `mbedtls_dh_make_public` to generate our private key and export our public key. -3. Send our public key to the peer. -4. Call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. -5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. - -The corresponding workflow with the PSA API is as follows: - -1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: - 1. Decode the selected curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm. -2. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. - Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. -3. Send our public key to the peer. -4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. - -#### ECDH and DHM metadata functions - -You can obtain data and metadata from an ECDH key agreement through the PSA API as follows: - -* With either side, accessing the group: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the key identifier, then [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain metadata about the key. -* Accessing our public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. -* Accessing our private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* Accessing the peer's public key: there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. - -The functions `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len` and `mbedtls_dhm_get_value` allow the caller to obtain metadata about the keys used for the key exchange. The PSA equivalents access the key identifier: - -* `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len`: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the PSA key identifier, then [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06). -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_X` (our private key): call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GX` (our public key): call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GY` (peer's public key): the there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_K` (shared secret): this is the value calculated by `psa_raw_key_agreement` or `psa_key_derivation_key_agreement`. If you need to use it multiple times (for example to derive multiple values independently), call `psa_raw_key_agreement` and make a copy. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_P` or `MBEDTLS_DHM_PARAM_G` (group parameters): [there is no PSA API to retrieve these values](https://github.com/Mbed-TLS/mbedtls/issues/7780). - -The PSA API for finite-field Diffie-Hellman only supports predefined groups. Therefore there is no equivalent to `mbedtls_dhm_parse_dhm`, `mbedtls_dhm_parse_dhmfile`, and the `MBEDTLS_DHM_xxx_BIN` macros. - -#### Restartable key agreement - -Restartable key agreement (enabled by `mbedtls_ecdh_enable_restart`) is not yet available through the PSA API. It will be added under the name “interruptible key agreement” in a future version of the library, with an interface that's similar to the interruptible signature interface described in “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. - -### Additional information about Elliptic-curve cryptography - -#### Information about a curve - -The legacy API identifies a curve by an `MBEDTLS_ECP_DP_xxx` value of type `mbedtls_ecp_group_id`. The PSA API identifies a curve by a `PSA_ECC_FAMILY_xxx` value and the private value's bit-size. See “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” for the correspondence between the two sets of values. - -There is no PSA equivalent of the `mbedtls_ecp_group` data structure (and so no equivalent to `mbedtls_ecp_group_init`, `mbedtls_ecp_group_load`, `mbedtls_ecp_group_copy` and `mbedtls_ecp_group_free`) or of the `mbedtls_ecp_curve_info` data structure (and so no equivalent to `mbedtls_ecp_curve_info_from_grp_id`) because they are not needed. All API elements identify the curve directly by its family and size. - -The bit-size used by the PSA API is the size of the private key. For most curves, the PSA bit-size, the `bit_size` field in `mbedtls_ecp_curve_info`, the `nbits` field in `mbedtls_ecp_group` and the `pbits` field in `mbedtls_ecp_group` are the same. The following table lists curves for which they are different. - -| Curve | `grp->nbits` | `grp->pbits` | `curve_info->bit_size` | PSA bit-size | -| ----- | ------------ | ------------ | ---------------------- | ------------ | -| secp224k1 | 225 | 224 | 224 | not supported | -| Curve25519 | 253 | 255 | 256 | 255 | -| Curve448 | 446 | 448 | 448 | 448 | - -There is no exact PSA equivalent of the type `mbedtls_ecp_curve_type` and the function `mbedtls_ecp_get_type`, but the curve family encodes the same information. `PSA_ECC_FAMILY_MONTGOMERY` is the only Montgomery family. All other families supported in Mbed TLS 3.4.0 are short Weierstrass families. - -There is no PSA equivalent for the following functionality: - -* The `name` field of `mbedtls_ecp_curve_info`, and the function `mbedtls_ecp_curve_info_from_name`. There is no equivalent of Mbed TLS's lookup based on the name used for the curve in TLS specifications. -* The `tls_id` field of `mbedtls_ecp_curve_info`, the constant `MBEDTLS_ECP_TLS_NAMED_CURVE`, and the functions `mbedtls_ecp_curve_info_from_tls_id`, `mbedtls_ecp_tls_read_group`, `mbedtls_ecp_tls_read_group_id` and `mbedtls_ecp_tls_write_group`. The PSA crypto API does not have this dedicated support for the TLS protocol. -* Retrieving the parameters of a curve from the fields of an `mbedtls_ecp_group` structure. - -#### Information about supported curves - -The PSA API does not currently have a discovery mechanism for cryptographic mechanisms (although one may be added in the future). Thus there is no equivalent for `MBEDTLS_ECP_DP_MAX` and the functions `mbedtls_ecp_curve_list` and `mbedtls_ecp_grp_id_list`. - -The API provides macros that give the maximum supported sizes for various kinds of objects. The following table lists equivalents for `MBEDTLS_ECP_MAX_xxx` macros. - -| Legacy macro | PSA equivalent | -| ------------ | -------------- | -| `MBEDTLS_ECP_MAX_BITS` | [`PSA_VENDOR_ECC_MAX_CURVE_BITS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_VENDOR_ECC_MAX_CURVE_BITS) | -| `MBEDTLS_ECP_MAX_BYTES` | `PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)` | -| `MBEDTLS_ECP_MAX_PT_LEN` | [`PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE) | - -#### Restartable ECC - -The PSA API supports the equivalent of restartable operations, but only for signatures at the time of writing. See “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. - -There is no PSA API for elliptic curve arithmetic as such, and therefore no equivalent of `mbedtls_ecp_restart_ctx` and functions that operate on it. - -There is PSA no equivalent of the `MBEDTLS_ECP_OPS_xxx` constants. - -#### ECC functionality with no PSA equivalent - -There is no PSA equivalent of `mbedtls_ecdsa_can_do` and `mbedtls_ecdh_can_do` to query the capabilities of a curve at runtime. Check the documentation of each curve family to see what algorithms it supports. - -There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecdsa_restart_ctx`, and to basic ECDSA context manipulation functions including `mbedtls_ecdsa_from_keypair`, because they are not needed: the PSA API does not have ECDSA-specific context types. - -#### No curve arithmetic - -The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equivalent for the ECC arithmetic functionality exposed by `ecp.h`: - -* Manipulation of point objects and input-output: the type `mbedtls_ecp_point` and functions operating on it (`mbedtls_ecp_point_xxx`, `mbedtls_ecp_copy`, `mbedtls_ecp_{set,is}_zero`, `mbedtls_ecp_tls_{read,write}_point`). Note that the PSA export format for public keys corresponds to the uncompressed point format (`MBEDTLS_ECP_PF_UNCOMPRESSED`), so [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) are equivalent to `mbedtls_ecp_point_read_binary` and `mbedtls_ecp_point_write_binary` for uncompressed points. The PSA API does not currently support compressed points, but it is likely that such support will be added in the future. -* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key_ext`. -* Elliptic curve arithmetic (`mbedtls_ecp_mul`, `mbedtls_ecp_muladd` and their restartable variants). - -### Additional information about RSA - -#### RSA-ALT interface - -Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). - -* If the purpose of the ALT interface is acceleration only: use the accelerator driver interface. This is fully transparent to application code. -* If the purpose of the ALT interface is to isolate the private key in a high-security environment: use the opaque driver interface. This is mostly transparent to user code. Code that uses a key via its key identifier does not need to know whether the key is transparent (equivalent of `MBEDTLS_PK_RSA`) or opaque (equivalent of `MBEDTLS_PK_RSA_ALT`). When creating a key, it will be transparent by default; to create an opaque key, call [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to set the key's location to the chosen location value for the driver, e.g. - ``` - psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_VOLATILE, MY_RSA_DRIVER_LOCATION)); - ``` - -The PSA subsystem uses its internal random generator both for randomized algorithms and to generate blinding values. As a consequence, none of the API functions take an RNG parameter. - -#### RSA functionality with no PSA equivalent - -The PSA API does not provide direct access to the exponentiation primitive as with `mbedtls_rsa_public` and `mbedtls_rsa_private`. If you need an RSA-based mechanism that is not supported by the PSA API, please [submit an issue on GitHub](https://github.com/ARM-software/psa-api/issues) so that we can extend the API to support it. - -The PSA API does not support constructing RSA keys progressively from numbers with `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete`. See “[Importing a PK key by wrapping](#importing-a-pk-key-by-wrapping)”. - -There is no direct equivalent of `mbedtls_rsa_export`, `mbedtls_rsa_export_raw` and `mbedtls_rsa_export_crt` to export some of the numbers in a key. You can export the whole key with `psa_export_key`, or with `psa_export_public_key` to export the public key from a key pair object. See also “[Exporting a public key or a key pair](#exporting-a-public-key-or-a-key-pair)”. - -A PSA key object is immutable, so there is no need for an equivalent of `mbedtls_rsa_copy`. (There is a function `psa_copy_key`, but it is only useful to make a copy of a key with a different policy of ownership; both concepts are out of scope of this document since they have no equivalent in the legacy API.) - -### LMS signatures - -A future version of Mbed TLS will support LMS keys and signatures through the PSA API (`psa_generate_key`, `psa_export_public_key`, `psa_import_key`, `psa_sign_hash`, `psa_verify_hash`, etc.). However, this is likely to happen after Mbed TLS 4.0, therefore the next major version of Mbed TLS will likely keep the existing `lms.h` interface. - -### PK format support interfaces - -The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography. - -In Mbed TLS 4.0, we are planning to keep the ASN.1 interfaces mostly unchanged. The evolution of Base64, OID and PEM as separate interfaces is still undecided at the time of writing. - -## EC-JPAKE - -The PSA API exposes EC-JPAKE via the algorithm [`PSA_ALG_JPAKE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#c.PSA_ALG_JPAKE) and the PAKE API functions. At the time of writing, the PAKE API is still experimental, but it should offer the same functionality as the legacy `ecjpake.h`. Please consult the documentation of your version of Mbed TLS for more information. - -Please note a few differences between the two APIs: the legacy API is geared towards the use of EC-JPAKE in TLS 1.2, whereas the PSA API is protocol-agnostic. - -* The PSA API is finer-grained and offers more flexibility in message ordering. Where the legacy API makes a single function call, the PSA API may require multiple calls. -* The legacy API uses the TLS 1.2 wire format in the input or output format of several functions. In particular, one of the messages embeds the curve identifier in the TLS protocol. The PSA API uses protocol-agnostic formats. -* The legacy API always applies the key derivation specified by TLS 1.2 to the shared secret. With the PSA API, use a key derivation with `PSA_ALG_TLS12_ECJPAKE_TO_PMS` for the same calculation. From cd5abfe7b485b6e81f6115238966657a1ab4eb08 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:43:49 +0200 Subject: [PATCH 0583/1080] Move the X.509 and SSL content from the crypto migration guide Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/rng-removal.md | 119 ++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 docs/4.0-migration-guide/rng-removal.md diff --git a/docs/4.0-migration-guide/rng-removal.md b/docs/4.0-migration-guide/rng-removal.md new file mode 100644 index 0000000000..8ec273b2c3 --- /dev/null +++ b/docs/4.0-migration-guide/rng-removal.md @@ -0,0 +1,119 @@ +## RNG removal + +### Public functions no longer take a RNG callback + +The `f_rng` and `p_rng` arguments have been removed from the X509 and SSL modules. All calls to `f_rng` have then been replaced by a call to `psa_generate_random` and all software utilising these modules will now require a call to `psa_crypto_init` prior to calling them. + +### Changes in x509 + +The following function calls have been changed in x509: + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +```c +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +```c +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +```c +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); +``` + +```c +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); +``` + +### Changes in SSL + +The following function calls have been changed in SSL: + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); +``` + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); +``` + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); +``` + +The following structs have also been changed in SSL + +```c +typedef struct mbedtls_ssl_ticket_context { + mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ + unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ + + uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ + + /** Callback for getting (pseudo-)random numbers */ + int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); + void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ + +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); +#endif +} +mbedtls_ssl_ticket_context; +``` + + +to + +```c +typedef struct mbedtls_ssl_ticket_context { + mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ + unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ + + uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ + +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); +#endif +} +mbedtls_ssl_ticket_context; +``` + +### Removal of `mbedtls_ssl_conf_rng` + +`mbedtls_ssl_conf_rng` has been removed from the library as its sole purpose is to configure RNG for ssl and this is no longer required. From 617ee75e983526657c423adc544db57a73880e57 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:52:01 +0200 Subject: [PATCH 0584/1080] Copyediting and wording improvements Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/rng-removal.md | 33 +++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/docs/4.0-migration-guide/rng-removal.md b/docs/4.0-migration-guide/rng-removal.md index 8ec273b2c3..447a6aefe4 100644 --- a/docs/4.0-migration-guide/rng-removal.md +++ b/docs/4.0-migration-guide/rng-removal.md @@ -2,31 +2,36 @@ ### Public functions no longer take a RNG callback -The `f_rng` and `p_rng` arguments have been removed from the X509 and SSL modules. All calls to `f_rng` have then been replaced by a call to `psa_generate_random` and all software utilising these modules will now require a call to `psa_crypto_init` prior to calling them. +Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. -### Changes in x509 +### Changes in X.509 -The following function calls have been changed in x509: +The following function prototypes have been changed in `mbedtls/x509_crt.h`: ```c int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -``` -```c int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); ``` +to + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); + +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +The following function prototypes have been changed in `mbedtls/x509_csr.h`: ```c int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -``` -```c int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); @@ -34,25 +39,15 @@ int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, si to -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -``` - -```c -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -``` - ```c int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); -``` -```c int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); ``` ### Changes in SSL -The following function calls have been changed in SSL: +The following function prototypes have been changed in `mbedtls/ssl.h`: ```c int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, @@ -116,4 +111,4 @@ mbedtls_ssl_ticket_context; ### Removal of `mbedtls_ssl_conf_rng` -`mbedtls_ssl_conf_rng` has been removed from the library as its sole purpose is to configure RNG for ssl and this is no longer required. +`mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. From 6f035a854b0f6d7a9ef84d421ec7ce0b8af95021 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:56:38 +0200 Subject: [PATCH 0585/1080] Explain why the programs have been removed Also fix the indentation of `*`. Signed-off-by: Gilles Peskine --- ChangeLog.d/9964.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt index ca0cc4b48d..30029f2d3f 100644 --- a/ChangeLog.d/9964.txt +++ b/ChangeLog.d/9964.txt @@ -1,5 +1,5 @@ Removals - * Removal of the following sample programs: + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c From 663b6df5227b1c74ecd73230c3ad5076e578fe5a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:06:28 +0200 Subject: [PATCH 0586/1080] Generalize section to other function prototype changes Signed-off-by: Gilles Peskine --- ...g-removal.md => function-prototype-changes-for-psa.md} | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) rename docs/4.0-migration-guide/{rng-removal.md => function-prototype-changes-for-psa.md} (95%) diff --git a/docs/4.0-migration-guide/rng-removal.md b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md similarity index 95% rename from docs/4.0-migration-guide/rng-removal.md rename to docs/4.0-migration-guide/function-prototype-changes-for-psa.md index 447a6aefe4..1778a582c9 100644 --- a/docs/4.0-migration-guide/rng-removal.md +++ b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md @@ -1,10 +1,12 @@ -## RNG removal +## High-level API tweaks for PSA + +A number of existing functions now take a different list of arguments, to migrate them to the PSA API. ### Public functions no longer take a RNG callback Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. -### Changes in X.509 +### RNG removal in X.509 The following function prototypes have been changed in `mbedtls/x509_crt.h`: @@ -45,7 +47,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); ``` -### Changes in SSL +### RNG removal in SSL The following function prototypes have been changed in `mbedtls/ssl.h`: From 15037deab3f815480d812239dff800e0ed6fe2cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:13:57 +0200 Subject: [PATCH 0587/1080] Consolidate changes to mbedtls_ssl_ticket_setup() Describe the change to the cipher mechanism specification. Consolidate that with the removal of the RNG arguments. Signed-off-by: Gilles Peskine --- .../function-prototype-changes-for-psa.md | 34 ++++++++++++------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md index 1778a582c9..055c9001df 100644 --- a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md +++ b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md @@ -49,13 +49,7 @@ int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, si ### RNG removal in SSL -The following function prototypes have been changed in `mbedtls/ssl.h`: - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); -``` +The following function prototype has been changed in `mbedtls/ssl_cookie.h`: ```c int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, @@ -65,11 +59,6 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, to -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); -``` - ```c int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); ``` @@ -114,3 +103,24 @@ mbedtls_ssl_ticket_context; ### Removal of `mbedtls_ssl_conf_rng` `mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. + +### Changes to mbedtls_ssl_ticket_setup + +In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments. + +The prototype in `mbedtls/ssl_ticket.h` has changed from + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + mbedtls_f_rng_t *f_rng, void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime); +``` + +to + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, + uint32_t lifetime); +``` From a0e06dd6d3731de9b683f0c989f5ea5a143e53bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:14:45 +0200 Subject: [PATCH 0588/1080] Don't mention changes to fields that were already private Signed-off-by: Gilles Peskine --- .../function-prototype-changes-for-psa.md | 37 ------------------- 1 file changed, 37 deletions(-) diff --git a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md index 055c9001df..b5ba1c43d6 100644 --- a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md +++ b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md @@ -63,43 +63,6 @@ to int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); ``` -The following structs have also been changed in SSL - -```c -typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ - unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ - - /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ssl_ticket_context; -``` - - -to - -```c -typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ - unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ssl_ticket_context; -``` - ### Removal of `mbedtls_ssl_conf_rng` `mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. From 826225fe317b43081b046434db9eb22de4b18caa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:19:12 +0200 Subject: [PATCH 0589/1080] Migration guide entries for removed deprecated functions Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/deprecated-removals.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 docs/4.0-migration-guide/deprecated-removals.md diff --git a/docs/4.0-migration-guide/deprecated-removals.md b/docs/4.0-migration-guide/deprecated-removals.md new file mode 100644 index 0000000000..e74b1adc10 --- /dev/null +++ b/docs/4.0-migration-guide/deprecated-removals.md @@ -0,0 +1,14 @@ +## Removal of deprecated functions + +### Removal of deprecated X.509 functions + +The deprecated function `mbedtls_x509write_crt_set_serial()` has been removed. The function was superseded by `mbedtls_x509write_crt_set_serial_raw()`. + +### Removal of deprecated SSL functions + +The deprecated function `mbedtls_ssl_conf_curves()` has been removed. +The function was superseded by `mbedtls_ssl_conf_groups()`. + +### Removal of `compat-2.x.h` + +The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. From f6c03d1b7f27c77aa9aa97881e828097897f0a64 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:19:30 +0200 Subject: [PATCH 0590/1080] typo Signed-off-by: Gilles Peskine --- ChangeLog.d/9892.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt index 01d21b6e5f..cf9f9dc132 100644 --- a/ChangeLog.d/9892.txt +++ b/ChangeLog.d/9892.txt @@ -1,4 +1,4 @@ Removals * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by + already deprecated and superseded by mbedtls_x509write_crt_set_serial_raw(). From 72968cca33b62debe1f1e065f8f8ed4720847dc5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:14:24 +0200 Subject: [PATCH 0591/1080] Generalize the section on function prototype changes Not everything will be about PSA. Signed-off-by: Gilles Peskine --- ...otype-changes-for-psa.md => function-prototype-changes.md} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename docs/4.0-migration-guide/{function-prototype-changes-for-psa.md => function-prototype-changes.md} (97%) diff --git a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md b/docs/4.0-migration-guide/function-prototype-changes.md similarity index 97% rename from docs/4.0-migration-guide/function-prototype-changes-for-psa.md rename to docs/4.0-migration-guide/function-prototype-changes.md index b5ba1c43d6..52e37c7286 100644 --- a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md +++ b/docs/4.0-migration-guide/function-prototype-changes.md @@ -1,6 +1,6 @@ -## High-level API tweaks for PSA +## Function prototype changes -A number of existing functions now take a different list of arguments, to migrate them to the PSA API. +A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. ### Public functions no longer take a RNG callback From fbab8c1df157b866e74357935be2305c745f2507 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:17:07 +0200 Subject: [PATCH 0592/1080] General notes about the transition to PSA Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/psa-only.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 docs/4.0-migration-guide/psa-only.md diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md new file mode 100644 index 0000000000..68b7f1bc5e --- /dev/null +++ b/docs/4.0-migration-guide/psa-only.md @@ -0,0 +1,15 @@ +## PSA as the only cryptography API + +The PSA API is now the only API for cryptographic primitives. + +### Impact on application code + +The X.509, PKCS7 and SSL always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. + +`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. + +A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. + +### Impact on the library configuration + +Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. From 2ee5c55c79bf377d95b6737da5ab889749a8404a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:19:26 +0200 Subject: [PATCH 0593/1080] Fix spelling of psa_generate_random() Signed-off-by: Gilles Peskine --- ChangeLog.d/removal-of-rng.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt index a8a19f4ee3..c7357e67b8 100644 --- a/ChangeLog.d/removal-of-rng.txt +++ b/ChangeLog.d/removal-of-rng.txt @@ -1,5 +1,5 @@ API changes - * All API functions now use the PSA random generator psa_get_random() + * All API functions now use the PSA random generator psa_generate_random() internally. As a consequence, functions no longer take RNG parameters. Please refer to the migration guide at : tf-psa-crypto/docs/4.0-migration-guide.md. From 2649aa283b4fcd63460a6850c3bd5bdeec256316 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:41:23 +0200 Subject: [PATCH 0594/1080] TLS key exchange removals Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/feature-removals.md | 111 +++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 docs/4.0-migration-guide/feature-removals.md diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md new file mode 100644 index 0000000000..d2af880901 --- /dev/null +++ b/docs/4.0-migration-guide/feature-removals.md @@ -0,0 +1,111 @@ +## Removed features + +### Removal of obsolete key exchanges methods in (D)TLS 1.2 + +Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and TLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. + +Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). + +That is, the following key exchange types are no longer supported: + +* RSA-PSK; +* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); +* DHE-PSK (except in TLS 1.3); +* DHE-RSA (except in TLS 1.3). + +The full list of removed cipher suites is: + +``` +TLS-DHE-PSK-WITH-AES-128-CBC-SHA +TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 +TLS-DHE-PSK-WITH-AES-128-CCM +TLS-DHE-PSK-WITH-AES-128-CCM-8 +TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 +TLS-DHE-PSK-WITH-AES-256-CBC-SHA +TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 +TLS-DHE-PSK-WITH-AES-256-CCM +TLS-DHE-PSK-WITH-AES-256-CCM-8 +TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 +TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA +TLS-DHE-PSK-WITH-NULL-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA384 +TLS-DHE-RSA-WITH-AES-128-CBC-SHA +TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-128-CCM +TLS-DHE-RSA-WITH-AES-128-CCM-8 +TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 +TLS-DHE-RSA-WITH-AES-256-CBC-SHA +TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-256-CCM +TLS-DHE-RSA-WITH-AES-256-CCM-8 +TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 +TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +TLS-RSA-PSK-WITH-AES-128-CBC-SHA +TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 +TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 +TLS-RSA-PSK-WITH-AES-256-CBC-SHA +TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 +TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 +TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA +TLS-RSA-PSK-WITH-NULL-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA384 +TLS-RSA-WITH-AES-128-CBC-SHA +TLS-RSA-WITH-AES-128-CBC-SHA256 +TLS-RSA-WITH-AES-128-CCM +TLS-RSA-WITH-AES-128-CCM-8 +TLS-RSA-WITH-AES-128-GCM-SHA256 +TLS-RSA-WITH-AES-256-CBC-SHA +TLS-RSA-WITH-AES-256-CBC-SHA256 +TLS-RSA-WITH-AES-256-CCM +TLS-RSA-WITH-AES-256-CCM-8 +TLS-RSA-WITH-AES-256-GCM-SHA384 +TLS-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-WITH-NULL-MD5 +TLS-RSA-WITH-NULL-SHA +TLS-RSA-WITH-NULL-SHA256 +``` + +As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: + +``` +mbedtls_ssl_conf_dh_param_bin() +mbedtls_ssl_conf_dh_param_ctx() +mbedtls_ssl_conf_dhm_min_bitlen() +``` From 9000633f0eb949751f3f65a976d3f5ae70baa1e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:43:30 +0200 Subject: [PATCH 0595/1080] Move some crypto changelog files to TF-PSA-Crypto These files had gone on the wrong side during the repo split. Signed-off-by: Gilles Peskine --- ChangeLog.d/remove-crypto-alt-interface.txt | 5 ----- ChangeLog.d/remove-via-padlock-support.txt | 3 --- 2 files changed, 8 deletions(-) delete mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt delete mode 100644 ChangeLog.d/remove-via-padlock-support.txt diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt deleted file mode 100644 index f9ab4c221c..0000000000 --- a/ChangeLog.d/remove-crypto-alt-interface.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt deleted file mode 100644 index a3f4b96573..0000000000 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. From d3a6cbb6bb17502d40c0a30d8c8f00edce2df673 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 13:39:37 +0200 Subject: [PATCH 0596/1080] Subsection for the removal of explicit RNG contexts Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/psa-only.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md index 68b7f1bc5e..e4f293dda8 100644 --- a/docs/4.0-migration-guide/psa-only.md +++ b/docs/4.0-migration-guide/psa-only.md @@ -10,6 +10,14 @@ The X.509, PKCS7 and SSL always use PSA for cryptography, with a few exceptions A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. +### No random generator instantiation + +Formerly, applications using TLS, asymmetric cryptography operations involving a private key, or other features needing random numbers, needed to provide a random generator, generally by instantiating an entropy context (`mbedtls_entropy_context`) and a DRBG context (`mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`). This is no longer necessary, or possible. All features that require a random generator (RNG) now use the one provided by the PSA subsystem. + +Instead, applications that use random generators or keys (even public keys) need to call `psa_crypto_init()` before any cryptographic operation or key management operation. + +See also [function prototype changes](#function-prototype-changes), many of which are related to the move from RNG callbacks to a global RNG. + ### Impact on the library configuration Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. From bf92bae959cb4a45eec4c7356c51ac71441f2740 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 14:36:06 +0200 Subject: [PATCH 0597/1080] Copy error-codes.md from tf-psa-crypto Much of it also applies to Mbed TLS. Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/error-codes.md | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 docs/4.0-migration-guide/error-codes.md diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md new file mode 100644 index 0000000000..43b6bd4e0e --- /dev/null +++ b/docs/4.0-migration-guide/error-codes.md @@ -0,0 +1,28 @@ +## Error codes + +### Unified error code space + +The convention still applies that functions return 0 for success and a negative value between -32767 and -1 on error. PSA functions (`psa_xxx()` or `mbedtls_psa_xxx()`) still return a `PSA_ERROR_xxx` error codes. Non-PSA functions (`mbedtls_xxx()` excluding `mbedtls_psa_xxx()`) can return either `PSA_ERROR_xxx` or `MBEDTLS_ERR_xxx` error codes. + +There may be cases where an `MBEDTLS_ERR_xxx` constant has the same numerical value as a `PSA_ERROR_xxx`. In such cases, they have the same meaning: they are different names for the same error condition. + +### Simplified legacy error codes + +All values returned by a function to indicate an error now have a defined constant named `MBEDTLS_ERR_xxx` or `PSA_ERROR_xxx`. Functions no longer return the sum of a “low-level” and a “high-level” error code. + +Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. + +As a consequence, the functions `mbedtls_low_level_sterr()` and `mbedtls_high_level_strerr()` no longer exist. + +### Removed error code names + +Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. + +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0, TF-PSA-Crypto 1.0) | +| ------------------------------ | ---------------------------------------------- | +| `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` | `PSA_ERROR_NOT_SUPPORTED` | +| `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` | `PSA_ERROR_HARDWARE_FAILURE` | +| `MBEDTLS_ERR_ECP_IN_PROGRESS` | `PSA_OPERATION_INCOMPLETE` | +| `MBEDTLS_ERR_RSA_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | From 9b6997258927bcaf071710316f99ad2d6afe004b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 14:38:07 +0200 Subject: [PATCH 0598/1080] Remove crypto error codes, refer to the crypto guide instead Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/error-codes.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 43b6bd4e0e..ca62025132 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,11 +18,11 @@ As a consequence, the functions `mbedtls_low_level_sterr()` and `mbedtls_high_le Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0, TF-PSA-Crypto 1.0) | -| ------------------------------ | ---------------------------------------------- | +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +| ------------------------------ | --------------------------- | | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | | `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` | `PSA_ERROR_NOT_SUPPORTED` | -| `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` | `PSA_ERROR_HARDWARE_FAILURE` | -| `MBEDTLS_ERR_ECP_IN_PROGRESS` | `PSA_OPERATION_INCOMPLETE` | -| `MBEDTLS_ERR_RSA_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | + +See also the corresponding section in the TF-PSA-Crypto migration guide, which lists errors from cryptography modules. From ac18d0c0dbd86d6fa1e53c822321c906c51a29dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 19:02:09 +0200 Subject: [PATCH 0599/1080] Fix spelling of mbedtls_low_level_strerr Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 2 +- docs/4.0-migration-guide/error-codes.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index bcf5ba1f3d..eddd42c9ea 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -7,5 +7,5 @@ API changes between -32767 and -1 as before. Removals - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index ca62025132..8cc7098ad9 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -12,7 +12,7 @@ All values returned by a function to indicate an error now have a defined consta Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. -As a consequence, the functions `mbedtls_low_level_sterr()` and `mbedtls_high_level_strerr()` no longer exist. +As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_level_strerr()` no longer exist. ### Removed error code names From 5acb3a5969b7692d138b8fc709b73bcb0ea5729f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 19:05:55 +0200 Subject: [PATCH 0600/1080] Copyediting Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/error-codes.md | 2 +- docs/4.0-migration-guide/psa-only.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 8cc7098ad9..074acc04bb 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -25,4 +25,4 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally | `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | -See also the corresponding section in the TF-PSA-Crypto migration guide, which lists errors from cryptography modules. +See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md index e4f293dda8..7d7bfee193 100644 --- a/docs/4.0-migration-guide/psa-only.md +++ b/docs/4.0-migration-guide/psa-only.md @@ -4,7 +4,7 @@ The PSA API is now the only API for cryptographic primitives. ### Impact on application code -The X.509, PKCS7 and SSL always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. +The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. `psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. From 0b44f56d8d44f58d397b7806fc64f276bcd58be0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Jun 2025 10:45:39 +0200 Subject: [PATCH 0601/1080] Typos Signed-off-by: Gilles Peskine --- doxygen/input/doc_mainpage.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 597eee9928..4eda5ba2aa 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -25,7 +25,7 @@ * * Some parts of the API are best explored from the “Topics” or * “Group list” section. - * This is notable the case for the PSA Cryptography API. + * This is notably the case for the PSA Cryptography API. * Note that many parts of the API are not classified under a topic and * can only be seen through the file structure. * @@ -47,6 +47,6 @@ * - Any structure or union field whose name starts with `private_`. * - Any preprocessor macro that is just listed with its automatically * rendered parameter list, value and location. Macros are part of - * the API only if their documentation includes have custom text. + * the API only if their documentation has custom text. * */ From 159a652096fcb523504bd4dd289ea12adaa0aa66 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Jun 2025 10:59:59 +0200 Subject: [PATCH 0602/1080] Minor clarifications Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/feature-removals.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md index d2af880901..ae611a112c 100644 --- a/docs/4.0-migration-guide/feature-removals.md +++ b/docs/4.0-migration-guide/feature-removals.md @@ -2,9 +2,9 @@ ### Removal of obsolete key exchanges methods in (D)TLS 1.2 -Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and TLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. +Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. -Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). +Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). That is, the following key exchange types are no longer supported: From 5341e3c3b3e709d091b6cc805e187138aea7e4f0 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Mon, 30 Jun 2025 18:28:04 +0100 Subject: [PATCH 0603/1080] Update tf-psa-crypto submodule to include DES error macro changes Signed-off-by: Ari Weiler-Ofek --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index a07506eab0..3308677734 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit a07506eab0b693152d5a522273b812d222ddd87c +Subproject commit 3308677734bdb15d51abc652c2930b16d218470f From 2795197ba05e1eb5dbeade3a356e3c5da844b7da Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 1 Jul 2025 15:12:35 +0100 Subject: [PATCH 0604/1080] Remove DES handling from error generator Signed-off-by: Ari Weiler-Ofek --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 977047af54..69126793c5 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -36,7 +36,7 @@ my $error_format_file = $data_dir.'/error.fmt'; my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM - CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES + CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 NET PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); From 86422e55093cbe86cc641bbb785f081305714ec7 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Fri, 4 Jul 2025 14:43:30 +0100 Subject: [PATCH 0605/1080] Remove: DES selftest, component_test_psa_crypto_config_accel_des and dead DES mentions prior to TF-PSA-Crypto cleanup Signed-off-by: Ari Weiler-Ofek --- programs/test/selftest.c | 7 +-- scripts/config.py | 2 +- tests/compat.sh | 5 -- .../components-configuration-crypto.sh | 52 +------------------ tests/scripts/components-configuration-tls.sh | 6 +-- 5 files changed, 8 insertions(+), 64 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 8516f3a251..372a84dc79 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -21,7 +21,6 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" #include "mbedtls/sha3.h" -#include "mbedtls/des.h" #include "mbedtls/aes.h" #include "mbedtls/camellia.h" #include "mbedtls/aria.h" @@ -296,9 +295,6 @@ const selftest_t selftests[] = defined(PSA_WANT_ALG_SHA3_512) { "sha3", mbedtls_sha3_self_test }, #endif -#if defined(MBEDTLS_DES_C) - { "des", mbedtls_des_self_test }, -#endif #if defined(MBEDTLS_AES_C) { "aes", mbedtls_aes_self_test }, #endif @@ -448,7 +444,8 @@ int main(int argc, char *argv[]) } \ } else { \ mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \ + " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \ + "\n", \ sizeof(TYPE)); \ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ } \ diff --git a/scripts/config.py b/scripts/config.py index e5182a6a59..a61e9f6d56 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -75,7 +75,7 @@ def realfull_adapter(_name, _value, _active): #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency - 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options diff --git a/tests/compat.sh b/tests/compat.sh index 975d8dc3d9..a11fffda06 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -599,11 +599,6 @@ setup_arguments() *) O_SUPPORT_STATIC_ECDH="NO";; esac - case $($OPENSSL ciphers ALL) in - *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";; - *) O_SUPPORT_SINGLE_DES="NO";; - esac - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL # supports -dtls1_2 from the s_server help. (The s_client # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 9de7597c1c..98204083cd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1734,53 +1734,6 @@ component_test_psa_crypto_config_reference_hmac () { make test } -component_test_psa_crypto_config_accel_des () { - msg "test: accelerated DES" - - # Albeit this components aims at accelerating DES which should only support - # CBC and ECB modes, we need to accelerate more than that otherwise DES_C - # would automatically be re-enabled by "config_adjust_legacy_from_psa.c" - loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \ - ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \ - KEY_TYPE_DES" - - # Note: we cannot accelerate all ciphers' key types otherwise we would also - # have to either disable CCM/GCM or accelerate them, but that's out of scope - # of this component. This limitation will be addressed by #8598. - - # Configure - # --------- - - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR - scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_CMAC_C - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o - - # Run the tests - # ------------- - - msg "test: accelerated DES" - make test -} - component_test_psa_crypto_config_accel_aead () { msg "test: accelerated AEAD" @@ -1841,7 +1794,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \ - KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" + KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" # Configure # --------- @@ -1878,7 +1831,6 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o @@ -2168,7 +2120,7 @@ component_build_aes_variations () { cd "$MBEDTLS_ROOT_DIR" msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES, + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 6b3f9c2a67..ff8315711e 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -63,7 +63,7 @@ component_test_tls1_2_default_stream_cipher_only () { # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) # Note: The unset below is to be removed for 4.0 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -96,7 +96,7 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -129,7 +129,7 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC From f94bc63fdb365ce0c8fda1644e240fba843f46f8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 7 Jul 2025 14:15:34 +0200 Subject: [PATCH 0606/1080] Updated generate_errors.pl to include private directories too: the header is deemed to be private if it is in a private subdirectory Signed-off-by: Anton Matkin --- scripts/generate_errors.pl | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 69126793c5..5e4fe38931 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -52,6 +52,10 @@ my @files = glob qq("$crypto_include_dir/*.h"); push(@files, glob qq("$tls_include_dir/*.h")); + +push(@files, glob qq("$crypto_include_dir/private/*.h")); +push(@files, glob qq("$tls_include_dir/private/*.h")); + my @necessary_include_files; my @matches; foreach my $file (@files) { @@ -85,7 +89,7 @@ $description =~ s/^\s+//; $description =~ s/\n( *\*)? */ /g; $description =~ s/\.?\s+$//; - push @matches, [$name, $value, $description]; + push @matches, [$name, $value, $description, grep(/^.*private\/[^\/]+$/, $file)]; ++$found; } if ($found) { @@ -109,7 +113,7 @@ foreach my $match (@matches) { - my ($error_name, $error_code, $description) = @$match; + my ($error_name, $error_code, $description, $is_private_header) = @$match; die "Duplicated error code: $error_code ($error_name)\n" if( $error_codes_seen{$error_code}++ ); @@ -203,6 +207,11 @@ if ($include_name ne ""); } ${$code_check} .= "\n"; + + if ($is_private_header) { + $include_name = "private/" . $include_name; + } + $headers .= "\n#include \"mbedtls/${include_name}.h\"\n". "#endif\n\n" if ($include_name ne ""); ${$old_define_name} = $define_name; From 471630883561abca899f532953c11c7fde8f21ca Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 4 Jul 2025 16:31:54 +0100 Subject: [PATCH 0607/1080] Bring forward ChangeLog changes. Signed-off-by: Minos Galanakis --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7de639e45a..912a1786b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,7 +21,7 @@ API changes Mbed TLS error codes. This will not affect most applications since the error values are between -32767 and -1 as before. - * All API functions now use the PSA random generator psa_get_random() + * All API functions now use the PSA random generator psa_generate_random() internally. As a consequence, functions no longer take RNG parameters. Please refer to the migration guide at : tf-psa-crypto/docs/4.0-migration-guide.md. @@ -62,7 +62,7 @@ Removals Fixes #8149. * Remove support for the RSA-PSK key exchange in TLS 1.2. * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by + already deprecated and superseded by mbedtls_x509write_crt_set_serial_raw(). * Remove the function mbedtls_ssl_conf_curves() which had been deprecated in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. @@ -74,9 +74,9 @@ Removals - mbedtls_ssl_conf_dh_param_ctx - mbedtls_ssl_conf_dhm_min_bitlen * Remove support for the RSA key exchange in TLS 1.2. - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), since these concepts no longer exists. There is just mbedtls_strerror(). - * Removal of the following sample programs: + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c From 04c4d9cabdcd9ede255c051d6b3827ff1451ed33 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 7 Jul 2025 17:42:52 +0300 Subject: [PATCH 0608/1080] Updated tf-psa-crypto pointer to tf-psa-crypto1.0.0-beta_mergeback Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 0cc63061c6..110b9a44d7 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 0cc63061c6bfc141d64ec8ba562b4c7bca842a6c +Subproject commit 110b9a44d79975c0eab61f46c65837abc5c9309a From 0c10d9b700c8e2d3a9cfee9091a12c76b478d2c2 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Tue, 8 Jul 2025 14:02:15 +0200 Subject: [PATCH 0609/1080] Improved the error generating script, so that it is a little more explicit Signed-off-by: Anton Matkin --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 5e4fe38931..dab3a0c703 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -89,7 +89,7 @@ $description =~ s/^\s+//; $description =~ s/\n( *\*)? */ /g; $description =~ s/\.?\s+$//; - push @matches, [$name, $value, $description, grep(/^.*private\/[^\/]+$/, $file)]; + push @matches, [$name, $value, $description, scalar($file =~ /^.*private\/[^\/]+$/)]; ++$found; } if ($found) { From 08072685bdc9dabf3c5d04106ec59638fa86a4a0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 11 Jun 2025 15:36:29 +0100 Subject: [PATCH 0610/1080] remove hkdf header file from query_config template Signed-off-by: Ben Taylor --- scripts/data_files/query_config.fmt | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 9be9674c1d..12517596d6 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -41,7 +41,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/error.h" #include "mbedtls/gcm.h" -#include "mbedtls/hkdf.h" #include "mbedtls/hmac_drbg.h" #include "mbedtls/md.h" #include "mbedtls/md5.h" From b5e283679f3a1ded3e3918475f6b691dff76961e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 8 Jul 2025 15:09:08 +0100 Subject: [PATCH 0611/1080] Update note about the first 4.x LTS The release date is yet to be determined, to allow time for 4.x to stabilise. Signed-off-by: David Horstmann --- BRANCHES.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index 49f7e289bb..10f5664d1f 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -25,8 +25,9 @@ ABI compatibility within LTS branches; see the next section for details. We will make regular LTS releases on an 18-month cycle, each of which will have a 3 year support lifetime. On this basis, 3.6 LTS (released March 2024) will be -supported until March 2027. The next LTS release will be a 4.x release, which is -planned for September 2025. +supported until March 2027. The next LTS release will be a 4.x release. Due to +the size and scope of the 4.0 release, the release date of the first 4.x LTS is +yet to be determined. ## Backwards Compatibility for application code From c1d9531c561e1cd286eef141ef5450d05f568bb6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 19 Jun 2025 14:16:32 +0200 Subject: [PATCH 0612/1080] Do not link against builtin/everest/p256m libraries anymore Following the move of all crypto code to the tfpsacrypto library, do not link against the driver libraries anymore. Signed-off-by: Ronald Cron --- CMakeLists.txt | 9 ++------- pkgconfig/mbedcrypto.pc.in | 2 +- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a099356389..64a390a307 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -376,15 +376,10 @@ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) endif() set(tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto - ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin - ${TF_PSA_CRYPTO_TARGET_PREFIX}everest - ${TF_PSA_CRYPTO_TARGET_PREFIX}p256m) + ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - list(APPEND tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static - ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin_static) + list(APPEND tf_psa_crypto_library_targets) endif() foreach(target IN LISTS tf_psa_crypto_library_targets) diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in index 28b9716b64..303f8852cd 100644 --- a/pkgconfig/mbedcrypto.pc.in +++ b/pkgconfig/mbedcrypto.pc.in @@ -7,4 +7,4 @@ Description: @PKGCONFIG_PROJECT_DESCRIPTION@ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ Version: @PROJECT_VERSION@ Cflags: -I"${includedir}" -Libs: -L"${libdir}" -ltfpsacrypto -lbuiltin -leverest -lp256m +Libs: -L"${libdir}" -ltfpsacrypto From 5d8d299f430120baef814bd6167142fea4c535ae Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Mon, 7 Jul 2025 23:20:29 +0100 Subject: [PATCH 0613/1080] Disable PSA_WANT_KEY_TYPE_DES to stop DES from being re-enabled Signed-off-by: Ari Weiler-Ofek --- tests/scripts/components-configuration-crypto.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 98204083cd..43c30a2bb7 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1818,6 +1818,10 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { scripts/config.py unset MBEDTLS_CHACHA20_C scripts/config.py unset MBEDTLS_CAMELLIA_C + # Disable DES, if it still exists. + # This can be removed once we remove DES from the library. + scripts/config.py unset PSA_WANT_KEY_TYPE_DES + # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA # does not depend on it. scripts/config.py unset MBEDTLS_CIPHER_C @@ -1856,6 +1860,10 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" common_psa_crypto_config_accel_cipher_aead_cmac + # Disable DES, if it still exists. + # This can be removed once we remove DES from the library. + scripts/config.py unset PSA_WANT_KEY_TYPE_DES + make msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" From aeac0b31accc9b7ece5398ea30eb31668f981e88 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jul 2025 13:00:36 +0200 Subject: [PATCH 0614/1080] Disable new platform-related option Signed-off-by: Gilles Peskine --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index e5182a6a59..8d2ed10e03 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -89,6 +89,7 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum + 'MBEDTLS_PSA_DRIVER_GET_ENTROPY', # incompatible with MBEDTLS_PSA_BUILTIN_GET_ENTROPY 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature 'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', # removes a feature From d5da020a632a953eb33b5079c9e425a5eb04d8e6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 2 Jul 2025 09:12:50 +0200 Subject: [PATCH 0615/1080] depends.py: Do not fail when disabling a non-existing option To ease the removal of legacy crypto options, do not fail in depends.py when disabling a non-existing option. This mimics the behavior of 'config.py unset'. Signed-off-by: Ronald Cron --- tests/scripts/depends.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 0cb55377a7..08829d1936 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -109,6 +109,8 @@ def set_config_option_value(conf, option, colors, value: Union[bool, str]): value can be either True/False (set/unset config option), or a string, which will make a symbol defined with a certain value.""" if not option_exists(conf, option): + if value is False: + return True log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) return False From bd28acf24004e548c9e8c5825f49d1a08b75024e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 09:53:50 +0200 Subject: [PATCH 0616/1080] ssl-opt.sh: Remove dependencies on built-in CBC and AES Remove dependencies on MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C, as these options will no longer be available once they are removed from the configuration. The affected tests rely on the built-in CBC and AES implementations. With the removal of MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C as configuration options, there is no longer a mechanism in ssl-opt.sh to express these dependencies. As a result, filter out these tests at the all.sh component level when the built-in CBC and AES implementations are not available. Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 6 ++++-- tests/ssl-opt.sh | 21 +++++++++++-------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 9de7597c1c..f7eb6d617f 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1894,7 +1894,8 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { make test msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" - tests/ssl-opt.sh + # Exclude password-protected key tests — they require built-in CBC and AES. + tests/ssl-opt.sh -e "TLS: password protected" msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC" tests/compat.sh -V NO -p mbedTLS @@ -1910,7 +1911,8 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { make test msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" - tests/ssl-opt.sh + # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. + tests/ssl-opt.sh -e "TLS: password protected" msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC" tests/compat.sh -V NO -p mbedTLS diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5b2425bf55..5b7bb517c6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2245,9 +2245,10 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C +# module does not support PSA dispatching so we need builtin support. With the +# removal of the legacy cryptography configuration options, there is currently +# no way to express this dependency. This test fails if run in a configuration +# where the built-in implementation of CBC or AES is not present. requires_hash_alg MD5 requires_hash_alg SHA_256 run_test "TLS: password protected client key" \ @@ -2257,9 +2258,10 @@ run_test "TLS: password protected client key" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C +# module does not support PSA dispatching so we need builtin support. With the +# removal of the legacy cryptography configuration options, there is currently +# no way to express this dependency. This test fails if run in a configuration +# where the built-in implementation of CBC or AES is not present. requires_hash_alg MD5 requires_hash_alg SHA_256 run_test "TLS: password protected server key" \ @@ -2270,9 +2272,10 @@ run_test "TLS: password protected server key" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C +# module does not support PSA dispatching so we need builtin support. With the +# removal of the legacy cryptography configuration options, there is currently +# no way to express this dependency. This test fails if run in a configuration +# where the built-in implementation of CBC or AES is not present. requires_hash_alg MD5 requires_hash_alg SHA_256 run_test "TLS: password protected server key, two certificates" \ From 68ba7f7ab7885394cb03d7884d8f71c78d05f715 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 30 Jun 2025 07:45:17 +0200 Subject: [PATCH 0617/1080] ssl-opt.sh: Replace MBEDTLS_RSA_C dependencies In preparation of the removal of MBEDTLS_RSA_C, replace MBEDTLS_RSA_C by its PSA_WANT_ closest equivalent PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC in dependencies. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 134 +++++++++++++++++++++++------------------------ 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5b7bb517c6..d4e23b538a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -559,7 +559,7 @@ detect_required_features() { # we aren't currently running ssl-opt.sh in configurations # where partial RSA support is a problem, so generically, we # just require RSA and it works out for our tests so far. - requires_config_enabled "MBEDTLS_RSA_C" + requires_config_enabled "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" esac unset tmp @@ -2270,7 +2270,7 @@ run_test "TLS: password protected server key" \ 0 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM # module does not support PSA dispatching so we need builtin support. With the # removal of the legacy cryptography configuration options, there is currently @@ -2324,7 +2324,7 @@ run_test "Opaque key for client authentication: ECDHE-ECDSA" \ # Test using a RSA opaque private key for client authentication requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client authentication: ECDHE-RSA" \ @@ -2373,7 +2373,7 @@ run_test "Opaque key for server authentication: ECDH-" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ @@ -2388,7 +2388,7 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke -c "Public key type mismatch" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ @@ -2471,7 +2471,7 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: no suitable algorithm found" \ @@ -2484,7 +2484,7 @@ run_test "TLS 1.3 opaque key: no suitable algorithm found" \ -s "no suitable signature algorithm" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: suitable algorithm found" \ @@ -2497,7 +2497,7 @@ run_test "TLS 1.3 opaque key: suitable algorithm found" \ -S "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ @@ -2511,7 +2511,7 @@ run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ -S "error" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ @@ -2525,7 +2525,7 @@ run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ # Test using a RSA opaque private key for server authentication requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDHE-RSA" \ @@ -2541,7 +2541,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKCS1" \ @@ -2556,7 +2556,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKC -c "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -2576,7 +2576,7 @@ run_test "Opaque keys for server authentication: RSA keys with different algs -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO @@ -2616,7 +2616,7 @@ run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ # Test using a RSA opaque private key for client/server authentication requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque key for client/server authentication: ECDHE-RSA" \ @@ -2751,7 +2751,7 @@ run_test "SHA-256 allowed by default in server certificate" \ 0 requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ @@ -2759,13 +2759,13 @@ run_test "SHA-1 forbidden by default in client certificate" \ -s "The certificate is signed with an unacceptable hash" requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC run_test "SHA-1 explicitly allowed in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ 0 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 run_test "SHA-256 allowed by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ @@ -10190,7 +10190,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ # All those tests assume MAX_CONTENT_LEN is at least 2048 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10211,7 +10211,7 @@ run_test "DTLS fragmenting: none (for reference)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10236,7 +10236,7 @@ run_test "DTLS fragmenting: server only (max_frag_len)" \ # test can't be replicated with an MTU proxy such as the one # `client-initiated, server only (max_frag_len)` below. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10257,7 +10257,7 @@ run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10285,7 +10285,7 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ # The next test checks that no datagrams significantly larger than the # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10307,7 +10307,7 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), pro -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10335,7 +10335,7 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ # The next test checks that no datagrams significantly larger than the # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10357,7 +10357,7 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference) (MTU)" \ @@ -10377,7 +10377,7 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client (MTU)" \ @@ -10397,7 +10397,7 @@ run_test "DTLS fragmenting: client (MTU)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server (MTU)" \ @@ -10417,7 +10417,7 @@ run_test "DTLS fragmenting: server (MTU)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=1024)" \ @@ -10439,7 +10439,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_max_content_len 2048 run_test "DTLS fragmenting: both (MTU=512)" \ @@ -10468,7 +10468,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \ # hence the ratio of 8. not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ -p "$P_PXY mtu=508" \ @@ -10489,7 +10489,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ # Forcing ciphersuite for this test to fit the MTU of 508 with full config. only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ -p "$P_PXY mtu=508" \ @@ -10512,7 +10512,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ # a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ @@ -10539,7 +10539,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ # a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -10562,7 +10562,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ @@ -10586,7 +10586,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -10619,7 +10619,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ # resumed listening, which would result in a spurious autoreduction. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ -p "$P_PXY mtu=1450" \ @@ -10644,7 +10644,7 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10673,7 +10673,7 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10702,7 +10702,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10731,7 +10731,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -10761,7 +10761,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10788,7 +10788,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d" \ @@ -10809,7 +10809,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ @@ -10833,7 +10833,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ # here and below we just want to test that the we fragment in a way that # pleases other implementations, so we don't need the peer to fragment requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ @@ -10854,7 +10854,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ # certificate validation fail, but passing --insecure makes # GnuTLS continue the connection nonetheless. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_not_i686 requires_max_content_len 2048 @@ -10868,7 +10868,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ -s "fragmenting handshake message" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ @@ -10881,7 +10881,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ @@ -10898,7 +10898,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ # pleases other implementations, so we don't need the peer to fragment requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ @@ -10914,7 +10914,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ @@ -10931,7 +10931,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ ## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ @@ -10949,7 +10949,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ ## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ @@ -12469,7 +12469,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12485,7 +12485,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12500,7 +12500,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12516,7 +12516,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12531,7 +12531,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12547,7 +12547,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12562,7 +12562,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 @@ -12579,7 +12579,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ @@ -12710,7 +12710,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12726,7 +12726,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12741,7 +12741,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12757,7 +12757,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12772,7 +12772,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12788,7 +12788,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12803,7 +12803,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 @@ -12820,7 +12820,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ From fbd51579895eceea3447315bbf4e8bbbf7a5a093 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 13:19:31 +0200 Subject: [PATCH 0618/1080] ssl-opt.sh: Replace MBEDTLS_ECP_DP_* dependencies In preparation of the removal of MBEDTLS_ECP_DP_* configuration options, replace them by their PSA_WANT_ECC_* equivalent in dependencies. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 39 ++++++++++++++++++--------------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d4e23b538a..c667cd14bd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2201,8 +2201,7 @@ trap cleanup INT TERM HUP # - the expected parameters are selected requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 requires_hash_alg SHA_512 # "signature_algorithm ext: 6" -requires_any_configs_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED \ - PSA_WANT_ECC_MONTGOMERY_255 +requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255 run_test "Default, TLS 1.2" \ "$P_SRV debug_level=3" \ "$P_CLI force_version=tls12" \ @@ -2685,8 +2684,7 @@ run_test "Unique IV in GCM" \ -U "IV used" # Test for correctness of sent single supported algorithm -requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256 +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2701,8 +2699,7 @@ run_test "Single supported algorithm sending: mbedtls client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256 +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 requires_hash_alg SHA_256 run_test "Single supported algorithm sending: openssl client" \ "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ @@ -9408,7 +9405,7 @@ run_test "Large server packet TLS 1.3 AEAD shorter tag" \ # Force the use of a curve that supports restartable ECC (secp256r1). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, default" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9421,7 +9418,7 @@ run_test "EC restart: TLS, default" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=0" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9434,7 +9431,7 @@ run_test "EC restart: TLS, max_ops=0" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=65535" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9461,7 +9458,7 @@ run_test "EC restart: TLS, max_ops=65535" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ @@ -9477,7 +9474,7 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9492,7 +9489,7 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ # This works the same with & without USE_PSA as we never get to ECDH: # we abort as soon as we determined the cert is bad. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9511,7 +9508,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ @@ -9532,7 +9529,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9551,7 +9548,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ @@ -9572,7 +9569,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9591,7 +9588,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ @@ -9607,7 +9604,7 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9621,7 +9618,7 @@ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ "$P_SRV groups=secp256r1" \ @@ -9637,7 +9634,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9653,7 +9650,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ # This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA, # and all 4 assertions negated. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ From 3f1200644177138feb2efa7f784d9a7415d357c9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 3 Jul 2025 14:45:51 +0200 Subject: [PATCH 0619/1080] build_psa_config_file: Check PSA_WANT_ALG_CMAC instead of MBEDTLS_CMAC_C Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f7eb6d617f..a290c3ed06 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2541,7 +2541,7 @@ component_build_psa_config_file () { echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" # Make sure this feature is enabled. We'll disable it in the next phase. - programs/test/query_compile_time_config MBEDTLS_CMAC_C + programs/test/query_compile_time_config PSA_WANT_ALG_CMAC make clean msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s @@ -2552,7 +2552,7 @@ component_build_psa_config_file () { echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h echo '#undef MBEDTLS_CMAC_C' >> psa_user_config.h make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" - not programs/test/query_compile_time_config MBEDTLS_CMAC_C + not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC rm -f psa_test_config.h psa_user_config.h } From b5c6fcc4c9abd378b17c5eab13c681b461f61bcf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 13:40:00 +0200 Subject: [PATCH 0620/1080] test_psa_crypto_config_accel_cipher_aead_cmac: Disable POLY1305 In preparation of the removal of the configuration option MBEDTLS_POLY1305_C, disable it in test_psa_crypto_config_accel_cipher_aead_cmac as it will be not possible to enable it when CHACHA20_POLY1305 is accelerated. Signed-off-by: Ronald Cron --- tests/scripts/analyze_outcomes.py | 6 +++--- tests/scripts/components-configuration-crypto.sh | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 429a04f7f5..2ea3cd9511 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -292,15 +292,15 @@ class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): IGNORED_SUITES = [ # low-level (block/stream) cipher modules 'aes', 'aria', 'camellia', 'des', 'chacha20', - # AEAD modes and CMAC - 'ccm', 'chachapoly', 'cmac', 'gcm', + # AEAD modes, CMAC and POLY1305 + 'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305', # The Cipher abstraction layer 'cipher', ] IGNORED_TESTS = { 'test_suite_config': [ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'), - re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'), + re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'), re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), re.compile(r'.*\bMBEDTLS_CIPHER_.*'), ], diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a290c3ed06..ffe7248b7a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1864,6 +1864,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { scripts/config.py unset MBEDTLS_ARIA_C scripts/config.py unset MBEDTLS_CHACHA20_C scripts/config.py unset MBEDTLS_CAMELLIA_C + scripts/config.py unset MBEDTLS_POLY1305_C # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA # does not depend on it. @@ -1886,6 +1887,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o + not grep mbedtls_poly1305 ${BUILTIN_SRC_PATH}/poly1305.o # Run the tests # ------------- From f256f8ac3e2fb92c0a796533a1cc9849e09ecf4c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 17:37:18 +0200 Subject: [PATCH 0621/1080] Add test_xts component Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index ffe7248b7a..c966c14b5a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2589,3 +2589,18 @@ component_test_min_mpi_window_size () { msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s make test } + +component_test_xts () { + # Component dedicated to run XTS unit test cases while XTS is not + # supported through the PSA API. + msg "build: Default + MBEDTLS_CIPHER_MODE_XTS" + + echo "#define MBEDTLS_CIPHER_MODE_XTS" > psa_user_config.h + cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h" + make + + msg "test: Default + MBEDTLS_CIPHER_MODE_XTS" + make test + + rm -f psa_user_config.h +} From e0b06eb3a12fe94b9096a7ebe560f647257a040d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Jul 2025 08:58:32 +0200 Subject: [PATCH 0622/1080] test_xts: Remove temporarily file earlier Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c966c14b5a..cdef0d1173 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2599,8 +2599,8 @@ component_test_xts () { cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h" make + rm -f psa_user_config.h + msg "test: Default + MBEDTLS_CIPHER_MODE_XTS" make test - - rm -f psa_user_config.h } From 50f99caf42094f6e43321935452e2e99b2b75d57 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Jul 2025 09:32:03 +0200 Subject: [PATCH 0623/1080] depends.py: Add warning log Add warning log when disabling a configuration option that does not exist. When the removal of the legacy crypto config options is completed, the warning will be reverted to an error. Signed-off-by: Ronald Cron --- tests/scripts/depends.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 08829d1936..7fccb2006f 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -110,6 +110,10 @@ def set_config_option_value(conf, option, colors, value: Union[bool, str]): which will make a symbol defined with a certain value.""" if not option_exists(conf, option): if value is False: + log_line( + f'Warning, disabling {option} that does not exist in {conf.filename}', + color=colors.cyan + ) return True log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) return False From a5f36483ef3bd9296e11b7aee7cdd4a3c51fb8c1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 30 Jun 2025 10:36:25 +0200 Subject: [PATCH 0624/1080] Replace legacy RSA crypto options in check_config.h For the test_psa_crypto_config_accel_rsa_crypto component, ignore test cases that depend on MBEDTLS_GENPRIME being enabled. When all RSA cryptographic operations are provided by drivers, MBEDTLS_GENPRIME will not be enabled, as it will no longer be a configuration option. Signed-off-by: Ronald Cron --- include/mbedtls/check_config.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 22ddaa80fd..5e5a5b31db 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -64,7 +64,7 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" #endif @@ -75,8 +75,8 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) + ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ + !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif @@ -109,7 +109,7 @@ #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) + ( !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || !defined(PSA_WANT_ALG_RSA_OAEP) ) #error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" #endif @@ -130,7 +130,7 @@ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) ) + ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(PSA_WANT_ALG_RSA_OAEP) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif From 4c48114f7dc0573ccde3f24cbc804dc4ec66484b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 11 Jul 2025 17:23:41 +0200 Subject: [PATCH 0625/1080] analyze_outcomes.py: Ignore test cases depending on MBEDTLS_GENPRIME For the component test_psa_crypto_config_accel_rsa_crypto, ignore the test cases depending on MBEDTLS_GENPRIME being enabled. When all RSA crypto is provided by drivers MBEDTLS_GENPRIME will not be enabled when it is not a configuration option anymore. Signed-off-by: Ronald Cron --- tests/scripts/analyze_outcomes.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2ea3cd9511..132d53ec97 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -568,6 +568,10 @@ class DriverVSReference_rsa(outcome_analysis.DriverVSReference): 'pk', 'pkwrite', 'pkparse' ] IGNORED_TESTS = { + 'test_suite_bignum.misc': [ + re.compile(r'.*\bmbedtls_mpi_is_prime.*'), + re.compile(r'.*\bmbedtls_mpi_gen_prime.*'), + ], 'test_suite_config': [ re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'), re.compile(r'.*\bMBEDTLS_GENPRIME\b.*') From 9edf4c54b61c192596caf5a17fe315326fc8489a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Jul 2025 15:40:46 +0200 Subject: [PATCH 0626/1080] test_psa_crypto_config_accel_rsa_crypto: Disable MBEDTLS_GENPRIME Disable MBEDTLS_GENPRIME in the test_psa_crypto_config_accel_rsa_crypto component. This should likely have been the case already, as all RSA crypto in this component is expected to be provided by the test driver. This change is necessary following the previous commit to prevent analyze_outcomes.py from complaining that, as MBEDTLS_GENPRIME tests are passing in both the driver and reference components, they should not be ignored. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cdef0d1173..b2ea2b3039 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1429,6 +1429,7 @@ config_psa_crypto_accel_rsa () { scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_GENPRIME # We need PEM parsing in the test library as well to support the import # of PEM encoded RSA keys. From abcfd4c160d6269a8b84f1d8e5e1c1a95753d238 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 17 Jun 2025 15:18:20 +0100 Subject: [PATCH 0627/1080] Modified dlopen.c and tfpsacrypto_dlopen.c so that they use PSA API-only dynamic loading - Replaced soon-deprecated mbedtls_md_list() in dlopen.c with psa_hash_compute() - Added tfpsacrypto_dlopen.c as a PSA-only shared-library loading test - Enabled -fPIC for tf-psa-crypto builtins to support shared linking - Confirmed clean builds and successful dlopen() test execution. Signed-off-by: Ari Weiler-Ofek --- programs/test/dlopen.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index bb7fba88af..9aba73308c 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -98,16 +98,42 @@ int main(void) * "gcc -std=c99 -pedantic" complains about it, but it is perfectly * fine on platforms that have dlsym(). */ #pragma GCC diagnostic ignored "-Wpedantic" - const int *(*md_list)(void) = - dlsym(crypto_so, "mbedtls_md_list"); + psa_status_t (*dyn_psa_crypto_init)(void) = + dlsym(crypto_so, "psa_crypto_init"); + psa_status_t (*dyn_psa_hash_compute)(psa_algorithm_t, const uint8_t *, size_t, uint8_t *, + size_t, size_t *) = + dlsym(crypto_so, "psa_hash_compute"); + #pragma GCC diagnostic pop - CHECK_DLERROR("dlsym", "mbedtls_md_list"); - const int *mds = md_list(); - for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ - ; + /* Use psa_hash_compute from PSA Crypto API instead of deprecated mbedtls_md_list() + * to demonstrate runtime linking of libmbedcrypto / libtfpsacrypto */ + + CHECK_DLERROR("dlsym", "psa_crypto_init"); + CHECK_DLERROR("dlsym", "psa_hash_compute"); + + psa_status_t status = dyn_psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "psa_crypto_init failed: %d\n", (int) status); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); + } + + const uint8_t input[] = "hello world"; + uint8_t hash[32]; // Buffer to hold the output hash + size_t hash_len = 0; + + status = dyn_psa_hash_compute(PSA_ALG_SHA_256, + input, sizeof(input) - 1, + hash, sizeof(hash), + &hash_len); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "psa_hash_compute failed: %d\n", (int) status); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); } - mbedtls_printf("dlopen(%s): %u hashes\n", - crypto_so_filename, n); + + mbedtls_printf("dlopen(%s): psa_hash_compute succeeded. SHA-256 output length: %zu\n", + crypto_so_filename, hash_len); + + dlclose(crypto_so); CHECK_DLERROR("dlclose", crypto_so_filename); #endif /* MBEDTLS_MD_C */ From c3d54b619e63f7042a1094a5d000d7b0ba3c7c7b Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 15 Jul 2025 14:08:24 +0100 Subject: [PATCH 0628/1080] Fix comment in dlopen.c to remove reference to deprecated API Signed-off-by: Ari Weiler-Ofek --- programs/test/dlopen.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 9aba73308c..58a6af52e7 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -105,8 +105,7 @@ int main(void) dlsym(crypto_so, "psa_hash_compute"); #pragma GCC diagnostic pop - /* Use psa_hash_compute from PSA Crypto API instead of deprecated mbedtls_md_list() - * to demonstrate runtime linking of libmbedcrypto / libtfpsacrypto */ + /* Demonstrate hashing a message with PSA Crypto */ CHECK_DLERROR("dlsym", "psa_crypto_init"); CHECK_DLERROR("dlsym", "psa_hash_compute"); From 30a53fe5a494b68a5517c968de68eed72cb7583c Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 15 Jul 2025 14:16:11 +0100 Subject: [PATCH 0629/1080] Update TF-PSA-Crypto submodule to PSA-only dynamic loading Signed-off-by: Ari Weiler-Ofek --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 110b9a44d7..b1c98ebee8 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 110b9a44d79975c0eab61f46c65837abc5c9309a +Subproject commit b1c98ebee82c1056cec0f64e24f1b780a5889a0d From 606671b6a55c8f4c6b4957f77c2aaacd89a80d5d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jul 2025 13:09:00 +0200 Subject: [PATCH 0630/1080] Explicitly enable built-in entropy in sample and test configs Now that built-in entropy is a positive option `MBEDTLS_PSA_BUILTIN_GET_ENTROPY` instead of a negative option `MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES`, it needs to be enabled explicitly in sample and test configurations. Signed-off-by: Gilles Peskine --- configs/crypto-config-ccm-psk-tls1_2.h | 8 +------- configs/crypto-config-suite-b.h | 7 +------ configs/crypto-config-thread.h | 1 + 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index e4de8b3fb6..163520ed34 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -31,15 +31,9 @@ #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 - #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index dd304c1c5d..0437bda3ce 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -51,6 +51,7 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* For test certificates */ #define MBEDTLS_BASE64_C @@ -69,10 +70,4 @@ /* Significant speed benefit at the expense of some ROM */ #define MBEDTLS_ECP_NIST_OPTIM -/* - * You should adjust this to the exact number of sources you're using: default - * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones. - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 18206e1a9f..5475a0af20 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -60,6 +60,7 @@ #define MBEDTLS_MD_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES From 3c2a1cb1d61363c73fdeebb6125e0e5f85c1ba01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jul 2025 19:09:08 +0200 Subject: [PATCH 0631/1080] Prepare to ignore a new test case Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 429a04f7f5..21845137f8 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -62,6 +62,12 @@ def _has_word_re(words: typing.Iterable[str], # https://github.com/Mbed-TLS/mbedtls/issues/9586 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED', ], + 'test_suite_config.crypto_combinations': [ + # New thing in crypto. Not intended to be tested separately + # in mbedtls. + # https://github.com/Mbed-TLS/mbedtls/issues/10300 + 'Config: entropy: NV seed only', + ], 'test_suite_config.psa_boolean': [ # We don't test with HMAC disabled. # https://github.com/Mbed-TLS/mbedtls/issues/9591 From ce7de61ad4c672a91066e7911de54e8e602e3d21 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 16 Jul 2025 10:23:17 +0200 Subject: [PATCH 0632/1080] cmake: Fix list of TF-PSA-Crypto library targets Signed-off-by: Ronald Cron --- CMakeLists.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 64a390a307..162373182b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -379,7 +379,8 @@ set(tf_psa_crypto_library_targets ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - list(APPEND tf_psa_crypto_library_targets) + list(APPEND tf_psa_crypto_library_targets + ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static) endif() foreach(target IN LISTS tf_psa_crypto_library_targets) From 4561164e7c2fd19bf12bbc44ca3ee93b8775ed2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 16 Jul 2025 13:23:18 +0200 Subject: [PATCH 0633/1080] Freeze cryptography version on the CI at 35.0.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The version was unspecified because of our use of Python 3.5 on the CI, whichi has since been eliminated. Signed-off-by: Bence Szépkúti --- scripts/ci.requirements.txt | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index fc10c63b85..123b5430bf 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -16,12 +16,8 @@ pylint == 2.4.4 mypy == 0.942 # At the time of writing, only needed for tests/scripts/audit-validity-dates.py. -# It needs >=35.0.0 for correct operation, and that requires Python >=3.6, -# but our CI has Python 3.5. So let pip install the newest version that's -# compatible with the running Python: this way we get something good enough -# for mypy and pylint under Python 3.5, and we also get something good enough -# to run audit-validity-dates.py on Python >=3.6. -cryptography # >= 35.0.0 +# It needs >=35.0.0 for correct operation, and that requires Python >=3.6. +cryptography >= 35.0.0 # For building `framework/data_files/server9-bad-saltlen.crt` and check python # files. From 9dda0ca1959db344307fbdb96869ee05f3101fc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 16 Jul 2025 13:33:17 +0200 Subject: [PATCH 0634/1080] Don't install cryptography on the FreeBSD CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recent versions of cryptography require a Rust toolchain to install on FreeBSD, which we do not have set up yet. Signed-off-by: Bence Szépkúti --- scripts/ci.requirements.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 123b5430bf..4bb41e5136 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -17,7 +17,10 @@ mypy == 0.942 # At the time of writing, only needed for tests/scripts/audit-validity-dates.py. # It needs >=35.0.0 for correct operation, and that requires Python >=3.6. -cryptography >= 35.0.0 +# >=35.0.0 also requires Rust to build from source, which we are forced to do on +# FreeBSD, since PyPI doesn't carry binary wheels for the BSDs. +# Disable on FreeBSD until we get a Rust toolchain up and running on the CI. +cryptography >= 35.0.0; platform_system != 'FreeBSD' # For building `framework/data_files/server9-bad-saltlen.crt` and check python # files. From 5956d28c0b045578ac0b8578fc9ea4c34a40651a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 16 Jul 2025 14:18:12 +0200 Subject: [PATCH 0635/1080] Restrict CI-specific python requirements to Linux MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dependencies declared in ci.requirements.txt are only used in scripts that we run on the Linux CI. Signed-off-by: Bence Szépkúti --- scripts/ci.requirements.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 4bb41e5136..2ab7ba98da 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -2,10 +2,12 @@ -r driver.requirements.txt +# The dependencies below are only used in scripts that we run on the Linux CI. + # Use a known version of Pylint, because new versions tend to add warnings # that could start rejecting our code. # 2.4.4 is the version in Ubuntu 20.04. It supports Python >=3.5. -pylint == 2.4.4 +pylint == 2.4.4; platform_system == 'Linux' # Use a version of mypy that is compatible with our code base. # mypy <0.940 is known not to work: see commit @@ -13,15 +15,14 @@ pylint == 2.4.4 # mypy >=0.960 is known not to work: # https://github.com/Mbed-TLS/mbedtls-framework/issues/50 # mypy 0.942 is the version in Ubuntu 22.04. -mypy == 0.942 +mypy == 0.942; platform_system == 'Linux' # At the time of writing, only needed for tests/scripts/audit-validity-dates.py. # It needs >=35.0.0 for correct operation, and that requires Python >=3.6. # >=35.0.0 also requires Rust to build from source, which we are forced to do on # FreeBSD, since PyPI doesn't carry binary wheels for the BSDs. -# Disable on FreeBSD until we get a Rust toolchain up and running on the CI. -cryptography >= 35.0.0; platform_system != 'FreeBSD' +cryptography >= 35.0.0; platform_system == 'Linux' # For building `framework/data_files/server9-bad-saltlen.crt` and check python # files. -asn1crypto +asn1crypto; platform_system == 'Linux' From 901cca7bc3fec0732ce2113bdf7fae0d66763649 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 16 Jul 2025 15:35:00 +0100 Subject: [PATCH 0636/1080] Disambiguate version.h in doxygen comment Specify mbedtls/version.h, since we are about to add include/tf-psa-crypto/version.h. Signed-off-by: David Horstmann --- include/mbedtls/version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 637f9d38bf..718e99eb4a 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -1,5 +1,5 @@ /** - * \file version.h + * \file mbedtls/version.h * * \brief Run-time version information */ From 375fab7c73d7e96f5194ce293e9130b47f0d1153 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 17 Jul 2025 13:48:36 +0200 Subject: [PATCH 0637/1080] Added a fix for the CI failure due to private access error Signed-off-by: Anton Matkin --- tests/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile b/tests/Makefile index 45231cd9a5..3a6f0e62ea 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -370,6 +370,7 @@ libtestdriver1.a: perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a From c801d3293e93a6b988880bf66afd6606aa6acb42 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Jul 2025 15:01:39 +0100 Subject: [PATCH 0638/1080] include private pk.h internally Signed-off-by: Ben Taylor --- programs/pkey/gen_key.c | 3 +++ programs/pkey/pk_sign.c | 3 +++ programs/pkey/pk_verify.c | 3 +++ programs/pkey/rsa_sign_pss.c | 3 +++ programs/pkey/rsa_verify_pss.c | 3 +++ programs/ssl/ssl_server2.c | 3 +++ tests/src/certs.c | 3 +++ tests/suites/test_suite_debug.function | 3 +++ tests/suites/test_suite_ssl.function | 3 +++ tests/suites/test_suite_x509parse.function | 3 +++ tests/suites/test_suite_x509write.function | 3 +++ 11 files changed, 33 insertions(+) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 4d329f2db0..94604ceeb6 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -25,6 +25,9 @@ int main(void) #else #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/ecdsa.h" #include "mbedtls/rsa.h" #include "mbedtls/entropy.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 1598986f6e..551173e496 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -30,6 +30,9 @@ int main(void) #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index d9e3bf1ee3..507812e350 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -26,6 +26,9 @@ int main(void) #else #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 94333ae54c..8f605b56bc 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -31,6 +31,9 @@ int main(void) #include "mbedtls/ctr_drbg.h" #include "mbedtls/rsa.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 19f92affb3..97f9d186e8 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -30,6 +30,9 @@ int main(void) #include "mbedtls/md.h" #include "mbedtls/pem.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 42fa8d6ed4..639fe5616e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -58,6 +58,9 @@ int main(void) #endif #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ diff --git a/tests/src/certs.c b/tests/src/certs.c index d1af5b2aa4..f7a73bf74e 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -12,6 +12,9 @@ #include "mbedtls/build_info.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "test/test_certs.h" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 57b8f4e175..1d37137416 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -2,6 +2,9 @@ #include "debug_internal.h" #include "string.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #if defined(_WIN32) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c47b2165b0..918edd5aca 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3,6 +3,9 @@ #include #include #include +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include #include diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4f0605cd1c..079dca48c9 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -11,6 +11,9 @@ #include "mbedtls/base64.h" #include "mbedtls/error.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "string.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 224768ab4e..49ecc54278 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -10,6 +10,9 @@ #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ From 1030f80a0b9cab71941c83cbd322f3c4a9d52ddb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 15 Jul 2025 14:55:41 +0100 Subject: [PATCH 0639/1080] Add private include to additional files Signed-off-by: Ben Taylor --- library/ssl_ciphersuites_internal.h | 3 +++ library/ssl_misc.h | 3 +++ library/x509_oid.h | 3 +++ 3 files changed, 9 insertions(+) diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index a7981dbdf6..d1db2dba46 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -11,6 +11,9 @@ #define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #if defined(MBEDTLS_PK_C) mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9228a3bc7f..a462a07e70 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -42,6 +42,9 @@ extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #endif #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "ssl_ciphersuites_internal.h" #include "x509_internal.h" #include "pk_internal.h" diff --git a/library/x509_oid.h b/library/x509_oid.h index c2fe8dc403..8d5e1bbff1 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -13,6 +13,9 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/x509.h" #include From 306ffd3a369a33d492543af24fc7da8170dfe0af Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Jul 2025 09:41:34 +0100 Subject: [PATCH 0640/1080] Switch to mbedtls_pk_verify_new Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 3 +-- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b244921554..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,8 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_ext(pk_alg, NULL, - peer_pk, + ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 44525dd153..f5cdc65e55 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_ext(sig_alg, NULL, + if ((ret = mbedtls_pk_verify_new(sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 4ac5d9b7e6..3947eb09aa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2060,7 +2060,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_ext(crl_list->sig_pk, NULL, &ca->pk, + if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2134,7 +2134,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_ext(child->sig_pk, NULL, &parent->pk, + return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } From 0de87611bbbac901376249f44a6ace45be661466 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Jul 2025 08:27:01 +0100 Subject: [PATCH 0641/1080] Remove additional calls to mbedtls_pk_verify_ext Signed-off-by: Ben Taylor --- library/ssl_tls13_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f5cdc65e55..372bf84608 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -306,7 +306,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, p, signature_len)) == 0) { return 0; } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_new", ret); error: /* RFC 8446 section 4.4.3 From 0c787e3de84c77075fbecf006d16e1253bd8be99 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Jul 2025 08:33:24 +0100 Subject: [PATCH 0642/1080] Remove additional calls to mbedtls_pk_verify_ext Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 49ecc54278..b7e531e653 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -41,7 +41,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_ext(csr.sig_pk, NULL, &csr.pk, + if (mbedtls_pk_verify_new(csr.sig_pk, NULL, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 5be8511151e8a982b87165452dca532fc01d3f9f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 10:05:23 +0100 Subject: [PATCH 0643/1080] Fix too many arguments in mbedtls_pk_verify_new Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b7e531e653..db571dab65 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -41,7 +41,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new(csr.sig_pk, NULL, &csr.pk, + if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From ed4a10661c6eff4acfa66419e26abb2c86dada8b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 May 2025 10:22:31 +0200 Subject: [PATCH 0644/1080] cmake: library: Remove unnecessary link_to_source If we do not generate error.c, version_features.c, ... then they are supposed to be in the source tree. The CMake build get them from here and there is no need for a symbolic link or a copy in the build tree. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 451dbfdb7c..b6693d1a19 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -84,10 +84,6 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py ${tls_error_headers} ) -else() - link_to_source(error.c) - link_to_source(version_features.c) - link_to_source(ssl_debug_helpers_generated.c) endif() if(CMAKE_COMPILER_IS_GNUCC) From a2c37b3b2d7c2c9a255637c7f5b6c03830f11c52 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 May 2025 09:41:04 +0200 Subject: [PATCH 0645/1080] cmake: library: Add custom targets for generated files Add a custom target that depends on TLS generated files, and make both the static and shared crypto libraries depend on it. This ensures that when both libraries are built, the files are not generated concurrently by the static and shared library targets. Do the same for the x509 libraries. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b6693d1a19..ee0381c036 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -84,6 +84,17 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py ${tls_error_headers} ) + + add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/error.c + ) + + add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c + ${CMAKE_CURRENT_BINARY_DIR}/version_features.c + ) endif() if(CMAKE_COMPILER_IS_GNUCC) @@ -161,6 +172,13 @@ if(USE_STATIC_MBEDTLS_LIBRARY) target_compile_options(${mbedtls_static_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) + + if(GEN_FILES) + add_dependencies(${mbedx509_static_target} + ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + add_dependencies(${mbedtls_static_target} + ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + endif() endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) @@ -175,6 +193,13 @@ if(USE_SHARED_MBEDTLS_LIBRARY) target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) + + if(GEN_FILES) + add_dependencies(${mbedx509_target} + ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + add_dependencies(${mbedtls_target} + ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + endif() endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) From 37ddcf0ab4d8683eb50fa7f55691068c352bc704 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 May 2025 13:15:36 +0200 Subject: [PATCH 0646/1080] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/fix-dependency-on-generated-files.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-dependency-on-generated-files.txt diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt new file mode 100644 index 0000000000..b3e7e4e16b --- /dev/null +++ b/ChangeLog.d/fix-dependency-on-generated-files.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix potential CMake parallel build failure when building both the static + and shared libraries. From 2fc0475dc9951892a78285bf562f9508b366f741 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 20 Jun 2025 09:19:20 +0200 Subject: [PATCH 0647/1080] cmake_package_install: Fail in case of warnings with GNU GCC Fail the cmake package install demonstration in case of warnings when building the cmake_package_install executable. This would have caught the library installation issue reported in #10022. Signed-off-by: Ronald Cron --- programs/test/cmake_package_install/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index 0d7dbe4dad..60a4481e48 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -37,5 +37,11 @@ find_package(MbedTLS REQUIRED) # add_executable(cmake_package_install cmake_package_install.c) + +string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}") +if(CMAKE_COMPILER_IS_GNU) + target_compile_options(cmake_package_install PRIVATE -Wall -Werror) +endif() + target_link_libraries(cmake_package_install MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) From 27125ceacfd0f97294d34d519ed2fbd945668a71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 18 Jul 2025 19:10:04 +0200 Subject: [PATCH 0648/1080] Update references to tf-psa-crypto/core/common.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit was generated using the following command: sed -i 's/\(^\|[^_]\)common\.h/\1tf_psa_crypto_common.h/g' \ $(git ls-files . \ ':!:programs/fuzz' \ ':!:tests/psa-client-server' \ ':!:tf-psa-crypto' \ ':!:framework') \ $(git grep -l 'tf-psa-crypto/core/common.h') Signed-off-by: Bence Szépkúti --- library/ssl_misc.h | 2 +- library/x509_internal.h | 2 +- scripts/data_files/error.fmt | 2 +- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 4 ++-- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 2 +- tests/src/certs.c | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a462a07e70..a308711754 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H -#include "common.h" +#include "tf_psa_crypto_common.h" #include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index 9360471b96..8160270be1 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_X509_INTERNAL_H #define MBEDTLS_X509_INTERNAL_H -#include "common.h" +#include "tf_psa_crypto_common.h" #include "mbedtls/build_info.h" #include "mbedtls/private_access.h" diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 14522ecd20..69bec9fe40 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "tf_psa_crypto_common.h" #include "mbedtls/error.h" diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 71173d2b52..87ef39a9ed 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -12,13 +12,13 @@ * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include * None of those cover tf-psa-crypto/core, so we rely on the * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative - * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, + * include "../tf-psa-crypto/core/tf_psa_crypto_common.h" in order to pull in tf_psa_crypto_common.h here, * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the * new GCC-15 unterminated-string-initialization warning). * See GitHub issue #10223 for the proper long-term fix. * https://github.com/Mbed-TLS/mbedtls/issues/10223 */ -#include "../tf-psa-crypto/core/common.h" +#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" #include #include #include diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 25c0b8a61e..82bdca54dc 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -4,7 +4,7 @@ */ #include "psa/crypto.h" -#include "../tf-psa-crypto/core/common.h" +#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" #include #include #include diff --git a/tests/src/certs.c b/tests/src/certs.c index f7a73bf74e..c45f0628c0 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "tf_psa_crypto_common.h" #include From e6167e7a51569ae6f67756df9885fe9513fdeadb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 18 Jul 2025 19:06:18 +0200 Subject: [PATCH 0649/1080] Update tf-psa-crypto submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index b1c98ebee8..a0ff5d6483 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit b1c98ebee82c1056cec0f64e24f1b780a5889a0d +Subproject commit a0ff5d64831aad7d19aa7e02eb8af065e07506f2 From 89becc987f6452410a473566920a689c60e28aea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 22 Jul 2025 10:26:44 +0200 Subject: [PATCH 0650/1080] Update framework submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 893ad9e845..df3307f2b4 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 893ad9e8450a8e7459679d952abd5d6df26c41c4 +Subproject commit df3307f2b4fe512def60886024f7be8fd1523ccd From 772a8ad219e38512fe78c638ddc69539c2fb6c7e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 12:36:29 +0200 Subject: [PATCH 0651/1080] all.sh: Remove unset of now removed legacy hash config options Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 22 ++----------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index bb0375add1..61a043d407 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1550,15 +1550,6 @@ component_test_psa_crypto_config_accel_hash () { # Start from default config (no USE_PSA) helper_libtestdriver1_adjust_config "default" - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - scripts/config.py unset MBEDTLS_SHA1_C - scripts/config.py unset MBEDTLS_SHA224_C - scripts/config.py unset MBEDTLS_SHA256_C - scripts/config.py unset MBEDTLS_SHA384_C - scripts/config.py unset MBEDTLS_SHA512_C - # Build # ----- @@ -1588,14 +1579,7 @@ config_psa_crypto_hash_use_psa () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then # disable the built-in implementation of hashes - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - scripts/config.py unset MBEDTLS_SHA1_C - scripts/config.py unset MBEDTLS_SHA224_C - scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA384_C - scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT fi } @@ -1676,11 +1660,9 @@ config_psa_crypto_hmac_use_psa () { # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT # is still enabled though (for ENTROPY_C among others). scripts/config.py unset MBEDTLS_MD_C - # Disable also the builtin hashes since they are supported by the driver - # and MD module is able to perform PSA dispathing. + # Also disable the configuration options that tune the builtin hashes, + # since those hashes are disabled. scripts/config.py unset-all MBEDTLS_SHA - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C fi # Direct dependencies of MD_C. We disable them also in the reference From 8719c2f00bbd0e27e83f83294e5271e48fe1a48c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 22 Jul 2025 11:27:39 +0200 Subject: [PATCH 0652/1080] ssl_misc.h: Update PKCS1 dependencies Signed-off-by: Ronald Cron --- library/ssl_misc.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a308711754..72dc9418f2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2376,7 +2376,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( #endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* PSA_HAVE_ALG_SOME_ECDSA */ -#if defined(MBEDTLS_PKCS1_V21) +#if defined(PSA_WANT_ALG_RSA_PSS) #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: break; @@ -2389,7 +2389,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: break; #endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* PSA_WANT_ALG_RSA_PSS */ default: return 0; } @@ -2401,7 +2401,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( const uint16_t sig_alg) { switch (sig_alg) { -#if defined(MBEDTLS_PKCS1_V15) +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: break; @@ -2414,7 +2414,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: break; #endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V15 */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ default: return mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( sig_alg); @@ -2455,7 +2455,7 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( } switch (sig_alg) { -#if defined(MBEDTLS_PKCS1_V21) +#if defined(PSA_WANT_ALG_RSA_PSS) #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; @@ -2474,7 +2474,7 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* PSA_WANT_ALG_RSA_PSS */ default: return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } From 892bb612946a48c4b9a5f489522347eb590f3f85 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 14:26:27 +0200 Subject: [PATCH 0653/1080] all.sh: Remove unset of now removed legacy RSA config options Signed-off-by: Ronald Cron --- .../scripts/components-configuration-crypto.sh | 17 ++--------------- tests/scripts/components-configuration-tls.sh | 4 ---- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 61a043d407..faca872060 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -138,7 +138,6 @@ component_test_psa_crypto_without_heap() { component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - scripts/config.py unset MBEDTLS_GENPRIME scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make @@ -1148,9 +1147,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # on BIGNUM_C. scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1425,12 +1421,6 @@ config_psa_crypto_accel_rsa () { helper_libtestdriver1_adjust_config "crypto_full" if [ "$driver_only" -eq 1 ]; then - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_GENPRIME - # We need PEM parsing in the test library as well to support the import # of PEM encoded RSA keys. scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C @@ -1494,7 +1484,7 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # This is a temporary test to verify that full RSA support is present even when # only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined. component_test_new_psa_want_key_pair_symbol () { - msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" + msg "Build: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" # Create a temporary output file unless there is already one set if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then @@ -1509,11 +1499,8 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure @@ -1524,7 +1511,7 @@ component_test_new_psa_want_key_pair_symbol () { make - msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" + msg "Test: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" make test # Parse only 1 relevant line from the outcome file, i.e. a test which is diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index ff8315711e..f9678b98f2 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -472,7 +472,6 @@ component_test_tls13_only_psk () { # Note: The four unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -536,7 +535,6 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -566,7 +564,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () { # Note: The three unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -593,7 +590,6 @@ component_test_tls13_only_psk_all () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" From e13c7015ea8309c59c17bf611103b3ac19c8bd9c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 14:22:59 +0200 Subject: [PATCH 0654/1080] all.sh: Remove unset of now removed legacy symmetric crypto options Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 50 ------------------- tests/scripts/components-configuration-tls.sh | 21 +------- 2 files changed, 2 insertions(+), 69 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index faca872060..6cf8cd9155 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -309,7 +309,6 @@ component_test_full_no_cipher () { msg "build: full no CIPHER" scripts/config.py full - scripts/config.py unset MBEDTLS_CIPHER_C # The built-in implementation of the following algs/key-types depends # on CIPHER_C so we disable them. @@ -328,7 +327,6 @@ component_test_full_no_cipher () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C - scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C make @@ -478,7 +476,6 @@ component_test_crypto_for_psa_service () { scripts/config.py unset MBEDTLS_VERSION_FEATURES # Crypto stuff with no PSA interface scripts/config.py unset MBEDTLS_BASE64_C - # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it. scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG. scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1716,11 +1713,6 @@ component_test_psa_crypto_config_accel_aead () { # Start from full config helper_libtestdriver1_adjust_config "full" - # Disable things that are being accelerated - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG @@ -1771,32 +1763,10 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { common_psa_crypto_config_accel_cipher_aead_cmac - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR - scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_AES_C - scripts/config.py unset MBEDTLS_ARIA_C - scripts/config.py unset MBEDTLS_CHACHA20_C - scripts/config.py unset MBEDTLS_CAMELLIA_C - scripts/config.py unset MBEDTLS_POLY1305_C - # Disable DES, if it still exists. # This can be removed once we remove DES from the library. scripts/config.py unset PSA_WANT_KEY_TYPE_DES - # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA - # does not depend on it. - scripts/config.py unset MBEDTLS_CIPHER_C - # Build # ----- @@ -1856,14 +1826,6 @@ common_block_cipher_dispatch () { # Start from the full config helper_libtestdriver1_adjust_config "full" - if [ "$TEST_WITH_DRIVER" -eq 1 ]; then - # Disable key types that are accelerated (there is no legacy equivalent - # symbol for ECB) - scripts/config.py unset MBEDTLS_AES_C - scripts/config.py unset MBEDTLS_ARIA_C - scripts/config.py unset MBEDTLS_CAMELLIA_C - fi - # Disable cipher's modes that, when not accelerated, cause # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". # Keep this also in the reference component in order to skip the same tests @@ -1968,7 +1930,6 @@ component_test_full_block_cipher_legacy_dispatch () { component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full - scripts/config.py unset MBEDTLS_CHACHAPOLY_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -1979,8 +1940,6 @@ component_test_aead_chachapoly_disabled () { component_test_aead_only_ccm () { msg "build: full minus CHACHAPOLY and GCM" scripts/config.py full - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py unset MBEDTLS_GCM_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -2106,16 +2065,12 @@ component_build_aes_variations () { # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_DES_C build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ @@ -2319,7 +2274,6 @@ helper_block_cipher_no_decrypt_build_test () { # This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: config_block_cipher_no_decrypt () { scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_NIST_KW_C # Enable support for cryptographic mechanisms through the PSA API. @@ -2328,9 +2282,6 @@ config_block_cipher_no_decrypt () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_DES_C } component_test_block_cipher_no_decrypt_aesni () { @@ -2482,7 +2433,6 @@ component_build_psa_config_file () { # query_compile_time_config. echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h - echo '#undef MBEDTLS_CMAC_C' >> psa_user_config.h make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index f9678b98f2..450bdebab1 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -54,18 +54,11 @@ component_test_tls1_2_default_stream_cipher_only () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) - # Note: The unset below is to be removed for 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -90,13 +83,9 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) + # Enable CBC-legacy scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -123,13 +112,9 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) + # Enable CBC-legacy scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -399,8 +384,6 @@ component_test_when_no_ciphersuites_have_mac () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CMAC_C make From 0668036ada60730071e21be06dc1587bba6c7ad3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 15:21:22 +0200 Subject: [PATCH 0655/1080] Replace MBEDTLS_AES_C Replace the remaining instances of MBEDTLS_AES_C as a configuration option. Signed-off-by: Ronald Cron --- include/mbedtls/version.h | 2 +- tests/scripts/analyze_outcomes.py | 8 -------- tests/scripts/components-configuration-crypto.sh | 2 +- tests/scripts/test_config_script.py | 2 +- 4 files changed, 3 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 718e99eb4a..837787bc7f 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -60,7 +60,7 @@ void mbedtls_version_get_string_full(char *string); * support", "Mbed TLS modules" and "Mbed TLS feature * support" in mbedtls_config.h * - * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") + * \param feature The string for the define to check (e.g. "MBEDTLS_SSL_SRV_C") * * \return 0 if the feature is present, * -1 if the feature is not present and diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 67a3885677..d1bb553c67 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -327,10 +327,6 @@ class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): 'Low and high error', 'Single low error' ], - # Similar to test_suite_error above. - 'test_suite_version': [ - 'Check for MBEDTLS_AES_C when already present', - ], # The en/decryption part of PKCS#12 is not supported so far. # The rest of PKCS#12 (key derivation) works though. 'test_suite_pkcs12': [ @@ -659,10 +655,6 @@ class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference 'Single low error', 'Low and high error', ], - 'test_suite_version': [ - # Similar to test_suite_error above. - 'Check for MBEDTLS_AES_C when already present', - ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6cf8cd9155..834eb1f3ab 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2091,7 +2091,7 @@ END #define PSA_WANT_ALG_SHA3_256 1 #define PSA_WANT_ALG_SHA3_384 1 #define PSA_WANT_ALG_SHA3_512 1 - #define MBEDTLS_AES_C + #define PSA_WANT_KEY_TYPE_AES 1 #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_CRYPTO_C diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py index e500b3362f..b58a3114cf 100755 --- a/tests/scripts/test_config_script.py +++ b/tests/scripts/test_config_script.py @@ -130,7 +130,7 @@ def run_one(options, args, stem_prefix='', input_file=None): ### config.py stops handling that case correctly. TEST_SYMBOLS = [ 'CUSTOM_SYMBOL', # does not exist - 'MBEDTLS_AES_C', # set, no value + 'PSA_WANT_KEY_TYPE_AES', # set, no value 'MBEDTLS_MPI_MAX_SIZE', # unset, has a value 'MBEDTLS_NO_UDBL_DIVISION', # unset, in "System support" 'MBEDTLS_PLATFORM_ZEROIZE_ALT', # unset, in "Customisation configuration options" From fb03d1391b321914da88ef12c4dba43ddb821317 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Jul 2025 11:54:26 +0200 Subject: [PATCH 0656/1080] depends.py: Remove cipher_padding domain Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 5 ----- tests/scripts/depends.py | 13 ------------- 2 files changed, 18 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 834eb1f3ab..da776e70b8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -515,11 +515,6 @@ component_test_depends_py_cipher_chaining () { tests/scripts/depends.py cipher_chaining } -component_test_depends_py_cipher_padding () { - msg "test/build: depends.py cipher_padding (gcc)" - tests/scripts/depends.py cipher_padding -} - component_test_depends_py_curves () { msg "test/build: depends.py curves (gcc)" tests/scripts/depends.py curves diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 7fccb2006f..265b99fc1e 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -273,13 +273,6 @@ def test(self, options): 'PSA_WANT_ALG_OFB': ['MBEDTLS_CIPHER_MODE_OFB'], 'PSA_WANT_ALG_XTS': ['MBEDTLS_CIPHER_MODE_XTS'], - 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C', - 'MBEDTLS_PKCS12_C', - 'PSA_WANT_ALG_CBC_PKCS7'], - 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], @@ -531,9 +524,6 @@ def __init__(self, options, conf): # Get cipher modes cipher_chaining_symbols = {algs[cipher_alg] for cipher_alg in cipher_algs} - # Find block padding mode enabling macros by name. - cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z') - self.domains = { # Cipher key types 'cipher_id': ExclusiveDomain(cipher_key_types, build_and_test), @@ -544,9 +534,6 @@ def __init__(self, options, conf): build_and_test, exclude=r'PSA_WANT_ALG_XTS'), - 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, - build_and_test), - # Elliptic curves. Run the test suites. 'curves': ExclusiveDomain(curve_symbols, build_and_test), From dfd501d3fb2352a004fd1f6ed702f719025d7e5b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 14:44:12 +0200 Subject: [PATCH 0657/1080] depends.py: Adapt to the removal of legacy crypto config options Adapt to the removal of the legacy hash, cipher, cmac, aead and RSA configuration options. Signed-off-by: Ronald Cron --- tests/scripts/depends.py | 54 +++++++++++----------------------------- 1 file changed, 14 insertions(+), 40 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 265b99fc1e..679f05af1b 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -30,11 +30,11 @@ direct dependencies, but rather non-trivial results of other configs missing. Then look for any unset symbols and handle their reverse dependencies. Examples of EXCLUSIVE_GROUPS usage: - - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C + - PSA_WANT_ALG_SHA_512 job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C requires either SHA256 or SHA384 to work, so it also has to be disabled. - This is not a dependency on SHA512_C, but a result of an exclusive domain + This is not a dependency on SHA512, but a result of an exclusive domain config building method. Relevant field: - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C'], + 'PSA_WANT_ALG_SHA_512': ['-MBEDTLS_SSL_COOKIE_C'], - DualDomain - combination of the two above - both complementary and exclusive domain job generation code will be run. Currently only used for hashes. @@ -251,27 +251,11 @@ def test(self, options): REVERSE_DEPENDENCIES = { 'PSA_WANT_KEY_TYPE_AES': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_NIST_KW_C', - 'MBEDTLS_AES_C'], - 'PSA_WANT_KEY_TYPE_ARIA': ['MBEDTLS_ARIA_C'], - 'PSA_WANT_KEY_TYPE_CAMELLIA': ['MBEDTLS_CAMELLIA_C'], + 'MBEDTLS_NIST_KW_C'], 'PSA_WANT_KEY_TYPE_CHACHA20': ['PSA_WANT_ALG_CHACHA20_POLY1305', - 'PSA_WANT_ALG_STREAM_CIPHER', - 'MBEDTLS_CHACHA20_C', - 'MBEDTLS_CHACHAPOLY_C'], - 'PSA_WANT_KEY_TYPE_DES': ['MBEDTLS_DES_C'], - 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG', - 'MBEDTLS_CCM_C'], - 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', - 'MBEDTLS_CMAC_C'], - 'PSA_WANT_ALG_GCM': ['MBEDTLS_GCM_C'], - - 'PSA_WANT_ALG_CBC_NO_PADDING': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ALG_CBC_PKCS7': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ALG_CFB': ['MBEDTLS_CIPHER_MODE_CFB'], - 'PSA_WANT_ALG_CTR': ['MBEDTLS_CIPHER_MODE_CTR'], - 'PSA_WANT_ALG_OFB': ['MBEDTLS_CIPHER_MODE_OFB'], - 'PSA_WANT_ALG_XTS': ['MBEDTLS_CIPHER_MODE_XTS'], + 'PSA_WANT_ALG_STREAM_CIPHER'], + 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], + 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], @@ -312,11 +296,9 @@ def test(self, options): 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', - 'MBEDTLS_X509_RSASSA_PSS_SUPPORT', - 'MBEDTLS_PKCS1_V21'], + 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_PKCS1_V15'], + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED'], 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', 'PSA_WANT_ALG_RSA_OAEP', @@ -324,29 +306,21 @@ def test(self, options): 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'MBEDTLS_RSA_C'], + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], - 'PSA_WANT_ALG_MD5': ['MBEDTLS_MD5_C'], - 'PSA_WANT_ALG_RIPEMD160': ['MBEDTLS_RIPEMD160_C'], - 'PSA_WANT_ALG_SHA_1': ['MBEDTLS_SHA1_C'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'MBEDTLS_SHA224_C'], + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'], 'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'MBEDTLS_LMS_C', 'MBEDTLS_LMS_PRIVATE', - 'MBEDTLS_SHA256_C', 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], - 'PSA_WANT_ALG_SHA_384': ['MBEDTLS_SHA384_C'], 'PSA_WANT_ALG_SHA_512': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', - 'MBEDTLS_SHA512_C'], + 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'], 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } @@ -626,8 +600,8 @@ def main(): description= "Test Mbed TLS with a subset of algorithms.\n\n" "Example usage:\n" - r"./tests/scripts/depends.py \!MBEDTLS_SHA1_C MBEDTLS_SHA256_C""\n" - "./tests/scripts/depends.py MBEDTLS_AES_C hashes\n" + r"./tests/scripts/depends.py \!PSA_WANT_ALG_SHA_1 PSA_WANT_ALG_SHA_256""\n" + "./tests/scripts/depends.py PSA_WANT_KEY_TYPE_AES hashes\n" "./tests/scripts/depends.py cipher_id cipher_chaining\n") parser.add_argument('--color', metavar='WHEN', help='Colorize the output (always/auto/never)', From 5eb9aba3589aa93320909697b48b582549c084f7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 22 Jul 2025 10:58:44 +0200 Subject: [PATCH 0658/1080] mbedtls_config.h: Update "requires" comments Following the removal of the legacy hash, cipher, CMAC, AEAD, and RSA configuration options in TF-PSA-Crypto, update the "requires" comments that referred to the removed options. Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ddab7d0c32..d18d0fadb8 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -255,7 +255,7 @@ * * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH * MBEDTLS_RSA_C - * MBEDTLS_PKCS1_V15 + * PSA_WANT_ALG_RSA_PKCS1V15_SIGN * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are @@ -331,7 +331,7 @@ * might still happen. For this reason, this is disabled by default. * * Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE - * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver) + * PSA_WANT_ALG_SHA_256 * MBEDTLS_ECP_DP_SECP256R1_ENABLED * * This enables the following ciphersuites (if other requisites are @@ -446,7 +446,7 @@ * saved after the handshake to allow for more efficient serialization, so if * you don't need this feature you'll save RAM by disabling it. * - * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C + * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305 * * Comment to disable the context serialization APIs. */ @@ -824,7 +824,7 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C + * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305 */ #define MBEDTLS_SSL_TICKET_C @@ -859,7 +859,7 @@ * MBEDTLS_X509_CRT_PARSE_C * and at least one of: * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_PKCS1_V21 + * PSA_WANT_ALG_RSA_PSS * * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any @@ -903,7 +903,7 @@ * Caller: library/ssl*_client.c * library/ssl*_server.c * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines * * This module is required for SSL/TLS. @@ -1210,7 +1210,7 @@ * Enable parsing and verification of X.509 certificates, CRLs and CSRS * signed with RSASSA-PSS (aka PKCS#1 v2.1). * - * Requires: MBEDTLS_PKCS1_V21 + * Requires: PSA_WANT_ALG_RSA_PSS * * Comment this macro to disallow using RSASSA-PSS in certificates. */ From c7c480a95fbb771d28b495f0f6af8330e411153d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 08:29:58 +0100 Subject: [PATCH 0659/1080] Revert temporary merge changes Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 5 +- programs/fuzz/common.c | 107 ----------------------------------- programs/fuzz/common.h | 28 --------- programs/fuzz/onefile.c | 70 ----------------------- 4 files changed, 3 insertions(+), 207 deletions(-) delete mode 100644 programs/fuzz/common.c delete mode 100644 programs/fuzz/common.h delete mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 54b07b4ddc..bd9bf91d94 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,18 +31,19 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources onefile.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources common.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c deleted file mode 100644 index 41fa858a41..0000000000 --- a/programs/fuzz/common.c +++ /dev/null @@ -1,107 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "common.h" -#include -#include -#include -#include -#include "mbedtls/ctr_drbg.h" - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -void dummy_init(void) -{ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: fuzzing without constant time\n"); -#endif -} - -int dummy_send(void *ctx, const unsigned char *buf, size_t len) -{ - //silence warning about unused parameter - (void) ctx; - (void) buf; - - //pretends we wrote everything ok - if (len > INT_MAX) { - return -1; - } - return (int) len; -} - -int fuzz_recv(void *ctx, unsigned char *buf, size_t len) -{ - //reads from the buffer from fuzzer - fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; - - if (biomemfuzz->Offset == biomemfuzz->Size) { - //EOF - return 0; - } - if (len > INT_MAX) { - return -1; - } - if (len + biomemfuzz->Offset > biomemfuzz->Size) { - //do not overflow - len = biomemfuzz->Size - biomemfuzz->Offset; - } - memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); - biomemfuzz->Offset += len; - return (int) len; -} - -int dummy_random(void *p_rng, unsigned char *output, size_t output_len) -{ - int ret; - size_t i; - -#if defined(MBEDTLS_CTR_DRBG_C) - //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng - if (p_rng != NULL) { - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); - } else { - //fall through to pseudo-random - ret = 0; - } -#else - (void) p_rng; - ret = 0; -#endif - for (i = 0; i < output_len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} - -int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - (void) data; - - //use mbedtls_entropy_func to find bugs in it - //test performance impact of entropy - //ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return 0; -} - -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - (void) timeout; - - return fuzz_recv(ctx, buf, len); -} diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h deleted file mode 100644 index 88dceacf72..0000000000 --- a/programs/fuzz/common.h +++ /dev/null @@ -1,28 +0,0 @@ -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include -#include - -typedef struct fuzzBufferOffset { - const uint8_t *Data; - size_t Size; - size_t Offset; -} fuzzBufferOffset_t; - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif -void dummy_init(void); - -int dummy_send(void *ctx, const unsigned char *buf, size_t len); -int fuzz_recv(void *ctx, unsigned char *buf, size_t len); -int dummy_random(void *p_rng, unsigned char *output, size_t output_len); -int dummy_entropy(void *data, unsigned char *output, size_t len); -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/* Implemented in the fuzz_*.c sources and required by onefile.c */ -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c deleted file mode 100644 index 6c02a641da..0000000000 --- a/programs/fuzz/onefile.c +++ /dev/null @@ -1,70 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "common.h" - -/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway - * in case it contains platform-specific #defines related to malloc or - * stdio functions. */ -#include "mbedtls/build_info.h" - -int main(int argc, char **argv) -{ - FILE *fp; - uint8_t *Data; - size_t Size; - const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; - - if (argc != 2) { - fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); - return 1; - } - //opens the file, get its size, and reads it into a buffer - fp = fopen(argv[1], "rb"); - if (fp == NULL) { - fprintf(stderr, "%s: Error in fopen\n", argv0); - perror(argv[1]); - return 2; - } - if (fseek(fp, 0L, SEEK_END) != 0) { - fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Size = ftell(fp); - if (Size == (size_t) -1) { - fprintf(stderr, "%s: Error in ftell\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fseek(fp, 0L, SEEK_SET) != 0) { - fprintf(stderr, "%s: Error in fseek(0)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Data = malloc(Size); - if (Data == NULL) { - fprintf(stderr, "%s: Could not allocate memory\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fread(Data, Size, 1, fp) != 1) { - fprintf(stderr, "%s: Error in fread\n", argv0); - perror(argv[1]); - free(Data); - fclose(fp); - return 2; - } - - //launch fuzzer - LLVMFuzzerTestOneInput(Data, Size); - free(Data); - fclose(fp); - return 0; -} From 52510b27fc282660ca5bddf8fee8663437719093 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 09:35:35 +0100 Subject: [PATCH 0660/1080] Update header names Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 6d3b73fa93..440c0245ff 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index efe1362275..7a1da13c38 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 31eb514275..98a70216e1 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 9ec9351794..f236190c2c 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index bb9dd0a58c..05b7480cbc 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 2840fbbb0c..92e0f5d12e 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 29331b94d4..c99ae2e7b1 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index e0aaabc019..4ab071f1ca 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { From 60a5b32198ab28037e22d9aadbbbfa6e8979acde Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 10:45:15 +0100 Subject: [PATCH 0661/1080] Correct onefile name Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index bd9bf91d94..d5995aa194 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,7 +31,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 From 8beeed046258d9308652af846aa2fe6dec8e744d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 13 Jun 2025 11:05:09 +0100 Subject: [PATCH 0662/1080] Add further updates to paths Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 29483eafda..bf66a1dde3 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ DEP=${MBEDLIBS} @@ -15,6 +15,8 @@ LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH) # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) +APPS += $(basename $(PROGRAM_FUZZ_PATH)/fuzz_privkey.c) +APPS += $(basename $(PROGRAM_FUZZ_PATH)/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -32,13 +34,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(DEP) - echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $(DEP) - echo " $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From 4e85cbd2275adfc2db22889a4b6544f76bed3dd2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 13 Jun 2025 11:00:07 +0100 Subject: [PATCH 0663/1080] update submodules to pull in previous PR's Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index a0ff5d6483..5157a286d5 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit a0ff5d64831aad7d19aa7e02eb8af065e07506f2 +Subproject commit 5157a286d52c1e5fe825476bec6a2ee3a4a0c4c5 From 250e8b8b6d3d37083cb1320b1530ee6aefe14839 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 15:15:05 +0100 Subject: [PATCH 0664/1080] Update submodule pointer Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5157a286d5..19edaa785d 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5157a286d52c1e5fe825476bec6a2ee3a4a0c4c5 +Subproject commit 19edaa785dd71ec8f0c9f72235243314c3d895fa From 361ce2b484d42846bcc67c3da89554fe5aaf59a1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 4 Jul 2025 10:36:53 +0100 Subject: [PATCH 0665/1080] Rename mbedtls_pk_setup_opaque to mbedtls_pk_wrap_psa Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_x509write.function | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 6aa60fbfb6..f9a6402525 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -293,7 +293,7 @@ int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algor } mbedtls_pk_free(pk); mbedtls_pk_init(pk); - ret = mbedtls_pk_setup_opaque(pk, *key_id); + ret = mbedtls_pk_wrap_psa(pk, *key_id); if (ret != 0) { return ret; } diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index e6c082eacb..faa79ffd92 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -772,7 +772,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0); mbedtls_pk_free(ep->pkey); mbedtls_pk_init(ep->pkey); - TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0); + TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0); } #else (void) opaque_alg; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index db571dab65..e0aad90a04 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -286,7 +286,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &key_id), 0); mbedtls_pk_free(&key); mbedtls_pk_init(&key); - TEST_EQUAL(mbedtls_pk_setup_opaque(&key, key_id), 0); + TEST_EQUAL(mbedtls_pk_wrap_psa(&key, key_id), 0); mbedtls_x509write_csr_set_md_alg(&req, md_type); mbedtls_x509write_csr_set_key(&req, &key); @@ -417,7 +417,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_EQUAL(mbedtls_pk_import_into_psa(&issuer_key, &key_attr, &key_id), 0); mbedtls_pk_free(&issuer_key); mbedtls_pk_init(&issuer_key); - TEST_EQUAL(mbedtls_pk_setup_opaque(&issuer_key, key_id), 0); + TEST_EQUAL(mbedtls_pk_wrap_psa(&issuer_key, key_id), 0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From 02c76ebb21dc303b07d568e4ef994c534073ecb8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 24 Jul 2025 11:13:23 +0100 Subject: [PATCH 0666/1080] Add minor corrections to the fuzz Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bf66a1dde3..65ac6f8949 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz DEP=${MBEDLIBS} @@ -35,7 +35,7 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE $(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) - echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else $(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $(DEP) From c0a562c8959564e4c34f748b4eea28e2cb77bd07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Jul 2025 17:07:13 +0200 Subject: [PATCH 0667/1080] query_config.fmt: glob headers instead of listing them explicitly This lets us remove or rename crypto headers without hassle, and means we don't risk forgetting to add a new header. Fix #10323 Signed-off-by: Gilles Peskine --- scripts/data_files/query_config.fmt | 69 ++--------------------------- scripts/generate_query_config.pl | 24 ++++++++++ 2 files changed, 27 insertions(+), 66 deletions(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 12517596d6..559734a6af 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -1,4 +1,4 @@ -/* +/* -*-c-*- * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors @@ -10,73 +10,10 @@ #include "query_config.h" #include "mbedtls/platform.h" - -/* - * Include all the headers with public APIs in case they define a macro to its - * default value when that configuration is not set in mbedtls_config.h, or - * for PSA_WANT macros, in case they're auto-defined based on mbedtls_config.h - * rather than defined directly in crypto_config.h. - */ -#include "psa/crypto.h" - -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/camellia.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cipher.h" -#include "mbedtls/cmac.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/debug.h" -#include "mbedtls/des.h" -#include "mbedtls/ecdh.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecjpake.h" -#include "mbedtls/ecp.h" -#include "mbedtls/entropy.h" -#include "mbedtls/error.h" -#include "mbedtls/gcm.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/md.h" -#include "mbedtls/md5.h" -#include "mbedtls/memory_buffer_alloc.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/nist_kw.h" -#include "mbedtls/oid.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#include "mbedtls/pkcs12.h" -#include "mbedtls/pkcs5.h" -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include "mbedtls/platform_util.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_cache.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/ssl_ticket.h" -#include "mbedtls/threading.h" -#include "mbedtls/timing.h" -#include "mbedtls/version.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" - #include +INCLUDE_HEADERS + /* * Helper macros to convert a macro or its expansion into a string * WARNING: This does not work for expanding function-like macros. However, diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 6a2f9cbdfa..61ea9028a4 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -100,6 +100,29 @@ close(CONFIG_FILE); } +# We need to include all the headers with public APIs in case they +# define a macro to its default value when that configuration is not +# set in a header included by build_info.h (crypto_config.h, +# mbedtls_config.h, *adjust*.h). Some module-specific macros are set +# in that module's header. For simplicity, include all headers, with +# some ad hoc knowledge of headers that are included by other headers +# and should not be included directly. We don't include internal headers +# because those should not define configurable macros. +my @header_files = (); +my @header_roots = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + ); +for my $root (@header_roots) { + my @paths = glob "$root/*/*.h $root/*/*/*.h"; + map {s!^\Q$root/!!} @paths; + # Exclude some headers that are included by build_info.h and cannot + # be included directly. + push @header_files, grep {!m!_config\.h|[/_]adjust[/_]!} @paths; +} +my $include_headers = join('', map {"#include <$_>\n"} @header_files); + # Read the full format file into a string local $/; open(FORMAT_FILE, "<", $query_config_format_file) or die "Opening query config format file '$query_config_format_file': $!"; @@ -107,6 +130,7 @@ close(FORMAT_FILE); # Replace the body of the query_config() function with the code we just wrote +$query_config_format =~ s/INCLUDE_HEADERS/$include_headers/g; $query_config_format =~ s/CHECK_CONFIG/$config_check/g; $query_config_format =~ s/LIST_CONFIG/$list_config/g; From 8b006ce95f627be702df7a1c583903847e137a12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Jul 2025 19:51:17 +0200 Subject: [PATCH 0668/1080] Invoke generate_query_config.pl from the root Otherwise it can't find headers to include. Signed-off-by: Gilles Peskine --- programs/test/CMakeLists.txt | 1 + scripts/generate_query_config.pl | 2 ++ 2 files changed, 3 insertions(+) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 949708420c..ca6e8b2070 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -56,6 +56,7 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt ${CMAKE_CURRENT_BINARY_DIR}/query_config.c + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../.. DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 61ea9028a4..e99d633de6 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -49,6 +49,8 @@ or die "No arguments supplied, must be run from project root or a first-level subdirectory\n"; } } +-f 'include/mbedtls/build_info.h' + or die "$0: must be run from project root, or from a first-level subdirectory with no arguments\n"; # Excluded macros from the generated query_config.c. For example, macros that # have commas or function-like macros cannot be transformed into strings easily From 1b4bfdf554e3badaf65c34a20becd00694d8b8cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:00:49 +0200 Subject: [PATCH 0669/1080] Add missing include Fix compilation error when `mbedtls/oid.h` is included without having first included `mbedtls/asn1.h`. Fix #10326 Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 375ea60cb6..d769ff2180 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -11,6 +11,7 @@ #define MBEDTLS_OID_H #include "mbedtls/build_info.h" +#include "mbedtls/asn1.h" /* * Top level OID tuples From 409c688c4b595db2e178e805260fbfbbb9de5fd7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:15:21 +0200 Subject: [PATCH 0670/1080] Include mbedtls/platform_time.h conditionally on MBEDTLS_HAVE_TIME Work around https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/393 Signed-off-by: Gilles Peskine --- scripts/data_files/query_config.fmt | 5 +++++ scripts/generate_query_config.pl | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 559734a6af..c60458b61b 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -12,6 +12,11 @@ #include "mbedtls/platform.h" #include +/* Work around https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/393 */ +#if defined(MBEDTLS_HAVE_TIME) +#include +#endif + INCLUDE_HEADERS /* diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index e99d633de6..49e363de54 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -121,7 +121,11 @@ map {s!^\Q$root/!!} @paths; # Exclude some headers that are included by build_info.h and cannot # be included directly. - push @header_files, grep {!m!_config\.h|[/_]adjust[/_]!} @paths; + push @header_files, grep {!m[ + ^mbedtls/platform_time\.h$ | # errors without time.h + _config\.h | + [/_]adjust[/_] + ]x} @paths; } my $include_headers = join('', map {"#include <$_>\n"} @header_files); From 4995d4435c26fe8bcaa11a7db73669ac153d41a2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:19:32 +0200 Subject: [PATCH 0671/1080] Don't incude auxiliary headers that have alternative versions When compiling with `MBEDTLS_PSA_CRYPTO_PLATFORM_FILE`, we must not include ``. Signed-off-by: Gilles Peskine --- scripts/generate_query_config.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 49e363de54..99128ca7ac 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -122,6 +122,7 @@ # Exclude some headers that are included by build_info.h and cannot # be included directly. push @header_files, grep {!m[ + ^psa/crypto_(platform|struct)\.h$ | # have alt versions, included by psa/crypto.h anyway ^mbedtls/platform_time\.h$ | # errors without time.h _config\.h | [/_]adjust[/_] From bb8bafa5e55952e4eaa2ae61d69aac5c59db872a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:23:05 +0200 Subject: [PATCH 0672/1080] Pacify uncrustify Signed-off-by: Gilles Peskine --- scripts/data_files/query_config.fmt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index c60458b61b..603c7dd200 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -17,7 +17,9 @@ #include #endif +/* *INDENT-OFF* */ INCLUDE_HEADERS +/* *INDENT-ON* */ /* * Helper macros to convert a macro or its expansion into a string From 018e09872d728f291e32f03dd5fbe0a36ae25269 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jul 2025 16:16:45 +0200 Subject: [PATCH 0673/1080] New source file for configuration checks This will be populated in subsequent commits. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/mbedtls_config.c | 9 +++++++++ 3 files changed, 11 insertions(+) create mode 100644 library/mbedtls_config.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 451dbfdb7c..0875bb92d9 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -1,5 +1,6 @@ set(src_x509 error.c + mbedtls_config.c pkcs7.c x509.c x509_create.c diff --git a/library/Makefile b/library/Makefile index a880f26171..f8729344b4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -121,6 +121,7 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) OBJS_X509= \ + mbedtls_config.o \ x509.o \ x509_create.o \ x509_crl.o \ diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c new file mode 100644 index 0000000000..692dce705f --- /dev/null +++ b/library/mbedtls_config.c @@ -0,0 +1,9 @@ +/* + * Mbed TLS configuration checks + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include From ac637ac9f81c4218b8c2dfffec244e85915f9338 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 21:54:31 +0200 Subject: [PATCH 0674/1080] Make check_config.h private `check_config.h` only needs to run once on the configuration. It doesn't need to run every time an application is built. It used to be public up to Mbed TLS 2.x because it was included from `config.h`, and users could substitute that file completely and should still include `check_config.h` from their file. But since Mbed TLS 3.x, including `check_config.h` is a purely internal thing (done in `build_info.h`). So make the file itself purely internal. We don't need to include `check_config.h` when building every library file, just one: `mbedtls_config.c`, that's its job. Give the file a unique name, to avoid any clashes with TF-PSA-Crypto's `check_config.h`. Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 2 -- .../mbedtls/check_config.h => library/mbedtls_check_config.h | 0 library/mbedtls_config.c | 4 ++++ 3 files changed, 4 insertions(+), 2 deletions(-) rename include/mbedtls/check_config.h => library/mbedtls_check_config.h (100%) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 534f01658c..c6e89db677 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -85,6 +85,4 @@ */ #define MBEDTLS_CONFIG_IS_FINALIZED -#include "mbedtls/check_config.h" - #endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/include/mbedtls/check_config.h b/library/mbedtls_check_config.h similarity index 100% rename from include/mbedtls/check_config.h rename to library/mbedtls_check_config.h diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index 692dce705f..679f8e36f9 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -7,3 +7,7 @@ */ #include + +/* Consistency checks in the configuration: check for incompatible options, + * missing options when at least one of a set needs to be enabled, etc. */ +#include "mbedtls_check_config.h" From 1819a915bccedd06783b333311a3fd43c5572b81 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 21:54:50 +0200 Subject: [PATCH 0675/1080] Include limits.h where needed This will be needed when TF-PSA-Crypto's `build_info.h` stops including `limits.h`, which it currently does by accident because it includes `check_config.h` which wants `limits.h` to check `CHAR_BIT`. Signed-off-by: Gilles Peskine --- library/x509.c | 1 + library/x509_create.c | 1 + library/x509_crt.c | 1 + programs/test/udp_proxy.c | 1 + tests/src/test_helpers/ssl_helpers.c | 2 ++ 5 files changed, 6 insertions(+) diff --git a/library/x509.c b/library/x509.c index f315821fdf..03ca1b72e6 100644 --- a/library/x509.c +++ b/library/x509.c @@ -24,6 +24,7 @@ #include "mbedtls/oid.h" #include "x509_oid.h" +#include #include #include diff --git a/library/x509_create.c b/library/x509_create.c index 17fc8fbeb5..09ac69d00b 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -14,6 +14,7 @@ #include "mbedtls/oid.h" #include "x509_oid.h" +#include #include #include "mbedtls/platform.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 3947eb09aa..7b65b698a3 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -27,6 +27,7 @@ #include "x509_oid.h" #include "mbedtls/platform_util.h" +#include #include #if defined(MBEDTLS_PEM_PARSE_C) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 6e9ebf9a28..c80a3f59fc 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -16,6 +16,7 @@ #include "mbedtls/build_info.h" +#include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index faa79ffd92..1eca6e496d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -11,6 +11,8 @@ #include #include "mbedtls/psa_util.h" +#include + #if defined(MBEDTLS_SSL_TLS_C) int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) { From aca3b5ec79d2cea605de2d8c28d0725e6acec6af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 23:40:36 +0200 Subject: [PATCH 0676/1080] Update framework with unittest_config_checks.py Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index df3307f2b4..87dbfb290f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit df3307f2b4fe512def60886024f7be8fd1523ccd +Subproject commit 87dbfb290fa42ca2ccfb403e8c2fa7334fa4f1dd From 01def64425c4a1477a2dcf08c473ca18abb293ce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Apr 2025 18:30:47 +0200 Subject: [PATCH 0677/1080] Unit tests for check_config.h Ensure that `mbedtls_check_config.h` is taken into account. Signed-off-by: Gilles Peskine --- tests/scripts/components-basic-checks.sh | 3 ++ tests/scripts/test_config_checks.py | 63 ++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100755 tests/scripts/test_config_checks.py diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 85731a1710..c7d8161893 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -123,4 +123,7 @@ component_check_test_helpers () { msg "unit test: translate_ciphers.py" python3 -m unittest framework/scripts/translate_ciphers.py 2>&1 + + msg "unit test: generate_config_checks.py" + tests/scripts/test_config_checks.py 2>&1 } diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py new file mode 100755 index 0000000000..540144923e --- /dev/null +++ b/tests/scripts/test_config_checks.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python3 +"""Test the configuration checks generated by generate_config_checks.py. +""" + +## Copyright The Mbed TLS Contributors +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import unittest + +import scripts_path # pylint: disable=unused-import +from mbedtls_framework import unittest_config_checks + + +class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): + """Mbed TLS unit tests for checks generated by config_checks_generator.""" + + #pylint: disable=invalid-name # uppercase letters make sense here + + PROJECT_CONFIG_C = 'library/mbedtls_config.c' + PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [ + 'tf-psa-crypto/include', + 'tf-psa-crypto/drivers/builtin/include', + ] + + @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.") + def test_crypto_no_fs_io(self) -> None: + """A sample error expected from crypto's check_config.h.""" + self.bad_case('#undef MBEDTLS_FS_IO', + None, + error=('MBEDTLS_PSA_ITS_FILE_C')) + + def test_mbedtls_no_session_tickets_for_early_data(self) -> None: + """An error expected from mbedtls_check_config.h based on the TLS configuration.""" + self.bad_case(None, + ''' + #define MBEDTLS_SSL_EARLY_DATA + #undef MBEDTLS_SSL_SESSION_TICKETS + ''', + error=('MBEDTLS_SSL_EARLY_DATA')) + + def test_mbedtls_no_ecdsa(self) -> None: + """An error expected from mbedtls_check_config.h based on crypto+TLS configuration.""" + self.bad_case(''' + #undef PSA_WANT_ALG_ECDSA + #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA + #undef MBEDTLS_ECDSA_C + ''', + ''' + #if defined(PSA_WANT_ALG_ECDSA) + #error PSA_WANT_ALG_ECDSA unexpected + #endif + #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA) + #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected + #endif + #if defined(MBEDTLS_ECDSA_C) + #error MBEDTLS_ECDSA_C unexpected + #endif + ''', + error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) + + +if __name__ == '__main__': + unittest.main() From fff4b323242f0c2cad2be2de8ee23ab71a7bf066 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 23:44:07 +0200 Subject: [PATCH 0678/1080] Announce that no longer exists It was already deprecated since 3.0 (although we forgot to announce it in the changelog back then). Signed-off-by: Gilles Peskine --- ChangeLog.d/check_config.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/check_config.txt diff --git a/ChangeLog.d/check_config.txt b/ChangeLog.d/check_config.txt new file mode 100644 index 0000000000..f9f44a4b85 --- /dev/null +++ b/ChangeLog.d/check_config.txt @@ -0,0 +1,5 @@ +Removals + * The header no longer exists. Including it + from a custom config file was no longer needed since Mbed TLS 3.0, + and could lead to spurious errors. The checks that it performed are + now done automatically when building the library. From bf650eeb88afe1d1a2e59eb02693f2a4e6b8647d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Jul 2025 13:21:38 +0100 Subject: [PATCH 0679/1080] Temporarily disable Werror Signed-off-by: Ben Taylor --- CMakeLists.txt | 9 --------- 1 file changed, 9 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 162373182b..1e3c4910a1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -271,9 +271,6 @@ function(set_gnu_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Os>) target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_gnu_base_compile_options) function(set_clang_base_compile_options target) @@ -296,9 +293,6 @@ function(set_clang_base_compile_options target) set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-Os>) - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_clang_base_compile_options) function(set_iar_base_compile_options target) @@ -306,9 +300,6 @@ function(set_iar_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Ohz>) target_compile_options(${target} PRIVATE $<$:--debug -On>) - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE --warnings_are_errors) - endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_iar_base_compile_options) function(set_msvc_base_compile_options target) From 04b03d7712badeaad673019277615c779b398d20 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Jul 2025 09:46:18 +0100 Subject: [PATCH 0680/1080] Replace Werror removal with pragma Signed-off-by: Ben Taylor --- CMakeLists.txt | 9 +++++++++ library/ssl_tls12_client.c | 1 + library/ssl_tls13_generic.c | 1 + library/x509_crt.c | 2 ++ tests/suites/test_suite_x509write.function | 1 + 5 files changed, 14 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1e3c4910a1..162373182b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -271,6 +271,9 @@ function(set_gnu_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Os>) target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE -Werror) + endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_gnu_base_compile_options) function(set_clang_base_compile_options target) @@ -293,6 +296,9 @@ function(set_clang_base_compile_options target) set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-Os>) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE -Werror) + endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_clang_base_compile_options) function(set_iar_base_compile_options target) @@ -300,6 +306,9 @@ function(set_iar_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Ohz>) target_compile_options(${target} PRIVATE $<$:--debug -On>) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE --warnings_are_errors) + endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_iar_base_compile_options) function(set_msvc_base_compile_options target) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..820cab17a8 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -19,6 +19,7 @@ #include "psa_util_internal.h" #include "psa/crypto.h" +#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 372bf84608..cdf42128f8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -25,6 +25,7 @@ #include "psa/crypto.h" #include "psa_util_internal.h" +#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/x509_crt.c b/library/x509_crt.c index 3947eb09aa..b6d95f534e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -17,6 +17,8 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ +#pragma GCC diagnostic warning "-Wenum-conversion" + #include "x509_internal.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e0aad90a04..5e3d470f5a 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -14,6 +14,7 @@ #include #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" +#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) From 1c1535f153fb46d95137b575fd57c310c7bf4dd7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 09:29:38 +0100 Subject: [PATCH 0681/1080] Make pragmas more specific Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 4 +++- library/x509_crt.c | 2 -- tests/suites/test_suite_x509write.function | 1 - 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 820cab17a8..21541b8fc4 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -19,7 +19,6 @@ #include "psa_util_internal.h" #include "psa/crypto.h" -#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ @@ -2086,6 +2085,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); + #pragma GCC diagnostic pop } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ ret = mbedtls_pk_verify_restartable(peer_pk, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cdf42128f8..cda1f8a426 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -25,7 +25,6 @@ #include "psa/crypto.h" #include "psa_util_internal.h" -#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many @@ -964,9 +963,12 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); + #pragma GCC diagnostic push + #pragma GCC diagnostic warning "-Wenum-conversion" if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, md_alg, verify_hash, verify_hash_len, p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { + #pragma GCC diagnostic pop MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", mbedtls_ssl_sig_alg_to_str(*sig_alg))); MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); diff --git a/library/x509_crt.c b/library/x509_crt.c index b6d95f534e..3947eb09aa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -17,8 +17,6 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ -#pragma GCC diagnostic warning "-Wenum-conversion" - #include "x509_internal.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 5e3d470f5a..e0aad90a04 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -14,7 +14,6 @@ #include #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" -#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) From d3ae1701f36db5c2c6282861ed48ec81cebb7588 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 11:34:24 +0100 Subject: [PATCH 0682/1080] Remove pragmas and use alias Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 21541b8fc4..b882d47a5c 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2083,9 +2083,9 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + peer_pk, md_alg, hash, hashlen, p, sig_len); - #pragma GCC diagnostic pop } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ ret = mbedtls_pk_verify_restartable(peer_pk, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cda1f8a426..372bf84608 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -963,12 +963,9 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - #pragma GCC diagnostic push - #pragma GCC diagnostic warning "-Wenum-conversion" if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, md_alg, verify_hash, verify_hash_len, p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { - #pragma GCC diagnostic pop MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", mbedtls_ssl_sig_alg_to_str(*sig_alg))); MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); From 73b39872911d477187fd2f7145a0b5bbfd07acd1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 14:38:47 +0100 Subject: [PATCH 0683/1080] Correct rebase and add in additional type cast Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 1 - library/ssl_tls13_generic.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b882d47a5c..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2083,7 +2083,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { ret = mbedtls_pk_verify_new(pk_alg, peer_pk, - peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 372bf84608..15731ca150 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -963,7 +963,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_type, own_key, md_alg, verify_hash, verify_hash_len, p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", From 7523b548e8400e37433a0bfada467444210fc8a2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 28 Jul 2025 13:08:34 +0100 Subject: [PATCH 0684/1080] Update tf-psa-crypto submodule Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 19edaa785d..5df033ee3c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 19edaa785dd71ec8f0c9f72235243314c3d895fa +Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 From 532dfeeacb7c6f0de064ab4ec580c1b88c51a5b4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Jul 2025 08:42:27 +0100 Subject: [PATCH 0685/1080] Add copy of header file for libtestdriver1 Signed-off-by: Ben Taylor --- tests/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/Makefile b/tests/Makefile index 3a6f0e62ea..094c039436 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -332,6 +332,7 @@ libtestdriver1.a: mkdir ./libtestdriver1/tf-psa-crypto/drivers mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m +# mkdir -p ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc cp -Rf ../framework/scripts ./libtestdriver1/framework @@ -342,6 +343,8 @@ libtestdriver1.a: cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto + mkdir -p libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ + cp -r libtestdriver1/tf-psa-crypto/include/mbedtls/private/pk_private.h libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/pk_private.h # Set the test driver base (minimal) configuration. cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h From 1787ea43a7f6ab444e84775e23d3c4d005eff457 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 08:49:06 +0100 Subject: [PATCH 0686/1080] Removed debug comment Signed-off-by: Ben Taylor --- tests/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 094c039436..ed53f73518 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -332,7 +332,6 @@ libtestdriver1.a: mkdir ./libtestdriver1/tf-psa-crypto/drivers mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m -# mkdir -p ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc cp -Rf ../framework/scripts ./libtestdriver1/framework From d56079944e9c2447ba71e5a7f1802acb5aa74ef5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 28 Jul 2025 15:09:14 +0100 Subject: [PATCH 0687/1080] Adjust libtestdriver1_rewrite.pl to work on private Signed-off-by: Ben Taylor --- tests/scripts/libtestdriver1_rewrite.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl index 202575d855..f96ff5e05c 100755 --- a/tests/scripts/libtestdriver1_rewrite.pl +++ b/tests/scripts/libtestdriver1_rewrite.pl @@ -15,6 +15,10 @@ my $public_files_regex = join('|', map { quotemeta($_) } @public_files); +my @private_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/private/*.h"); + +my $private_files_regex = join('|', map { quotemeta($_) } @private_files); + while (<>) { s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; @@ -28,6 +32,9 @@ if ( $public_files_regex ) { s!^(\s*#\s*include\s*[\"<])mbedtls/($public_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/${2}!; } + if ( $private_files_regex ) { + s!^(\s*#\s*include\s*[\"<])mbedtls/private/($private_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/private/${2}!; + } s!^(\s*#\s*include\s*[\"<])mbedtls/!${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; s!^(\s*#\s*include\s*[\"<])psa/!${1}libtestdriver1/tf-psa-crypto/include/psa/!; s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; From cd1b7ffa705bbf4600e21205e2991f1655522457 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 29 Jul 2025 10:40:12 +0200 Subject: [PATCH 0688/1080] tests: x509write: replace MBEDTLS_ECDSA_DETERMINISTIC with PSA_WANT one Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509write.data | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 4dcd967226..3860076d2c 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -47,7 +47,7 @@ depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 Certificate Request check Server5 ECDSA, key_usage -depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_256 x509_csr_check:"../framework/data_files/server5.key":"../framework/data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0 Certificate Request check Server1, set_extension @@ -155,11 +155,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial_FF.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server5 ECDSA -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server5 ECDSA, Opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames @@ -337,4 +337,3 @@ oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F" OID from numeric string - OID with overflowing subidentifier oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - From 3f48668e5a3c216039832be276315ed09db025c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 29 Jul 2025 09:24:03 +0200 Subject: [PATCH 0689/1080] Update crypto pointer to development-restricted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 19edaa785d..ae71e1e43f 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 19edaa785dd71ec8f0c9f72235243314c3d895fa +Subproject commit ae71e1e43f0dbb7ff54a6dcdd4ddc89ba4c2b600 From b3a2005141ec9518531c0eb1e414f0af41f4b120 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 15:19:06 +0100 Subject: [PATCH 0690/1080] Remove copy from Makefile Signed-off-by: Ben Taylor --- tests/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index ed53f73518..3a6f0e62ea 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -342,8 +342,6 @@ libtestdriver1.a: cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto - mkdir -p libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ - cp -r libtestdriver1/tf-psa-crypto/include/mbedtls/private/pk_private.h libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/pk_private.h # Set the test driver base (minimal) configuration. cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h From 4bb98be277192dcc43e2f9842d111b083073e912 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 7 May 2025 14:21:20 +0100 Subject: [PATCH 0691/1080] initial remove of MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 4 - programs/fuzz/fuzz_dtlsclient.c | 4 - programs/fuzz/fuzz_dtlsserver.c | 4 - programs/fuzz/fuzz_server.c | 10 +-- programs/fuzz/fuzz_x509crl.c | 10 +-- programs/fuzz/fuzz_x509crt.c | 8 +- programs/fuzz/fuzz_x509csr.c | 10 +-- programs/pkey/gen_key.c | 4 - programs/pkey/pk_sign.c | 4 - programs/pkey/pk_verify.c | 4 - programs/pkey/rsa_sign_pss.c | 4 - programs/pkey/rsa_verify_pss.c | 4 - programs/ssl/ssl_client2.c | 65 ++-------------- programs/ssl/ssl_server2.c | 76 +++---------------- programs/ssl/ssl_test_lib.c | 6 +- programs/ssl/ssl_test_lib.h | 21 +----- programs/x509/cert_app.c | 4 - programs/x509/cert_req.c | 4 - programs/x509/cert_write.c | 4 - programs/x509/crl_app.c | 4 - programs/x509/load_roots.c | 4 - programs/x509/req_app.c | 4 - tests/include/test/ssl_helpers.h | 9 --- tests/src/test_helpers/ssl_helpers.c | 108 --------------------------- 24 files changed, 33 insertions(+), 346 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 440c0245ff..1840570488 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -78,12 +78,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -179,9 +177,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 7a1da13c38..ca7626d5ba 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -61,12 +61,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -124,9 +122,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 98a70216e1..4f159fbefe 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -58,12 +58,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_config_init(&conf); mbedtls_ssl_cookie_init(&cookie_ctx); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -166,9 +164,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 05b7480cbc..40fd9caa0f 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -67,12 +67,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_init(&ticket_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -194,19 +192,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free(&ticket_ctx); -#endif +#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */ mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); -#endif +#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */ mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif -#else +#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ (void) Data; (void) Size; #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 92e0f5d12e..ae0f85282b 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crl_init(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crl_parse(&crl, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } -#else +#else /* MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_crl_free(&crl); -#else +#else /* MBEDTLS_X509_CRL_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CRL_PARSE_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index c99ae2e7b1..709fd200f9 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -12,12 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crt_init(&crt); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crt_parse(&crt, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { @@ -28,15 +26,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_crt_free(&crt); -#else +#else /* MBEDTLS_X509_CRT_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4ab071f1ca..1c26e6f082 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_csr_init(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_csr_parse(&csr, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); } -#else +#else /* !MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_csr_free(&csr); -#else +#else /* MBEDTLS_X509_CSR_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CSR_PARSE_C */ return 0; } diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 94604ceeb6..ba35534388 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -257,14 +257,12 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -473,9 +471,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 551173e496..4ddb473c0f 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -55,14 +55,12 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_sign \n"); @@ -139,9 +137,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 507812e350..27aff441a1 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -47,14 +47,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_verify \n"); @@ -115,9 +113,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 8f605b56bc..d94daf3977 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -57,14 +57,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); mbedtls_ctr_drbg_init(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: rsa_sign_pss \n"); @@ -153,9 +151,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 97f9d186e8..15049203ee 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -51,14 +51,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: rsa_verify_pss \n"); @@ -131,9 +129,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5e7fdf304..b76055ed5b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -9,9 +9,7 @@ #include "ssl_test_lib.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) @@ -145,7 +143,7 @@ int main(void) #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -172,7 +170,6 @@ int main(void) " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -185,7 +182,6 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -309,14 +305,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -488,9 +479,7 @@ struct options { const char *crt_file; /* the file with the client certificate */ const char *key_file; /* the file with the client key */ int key_opaque; /* handle private key as if it were opaque */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -498,9 +487,7 @@ struct options { const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -824,16 +811,12 @@ int main(int argc, char *argv[]) const char *pers = "ssl_client2"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; #endif psa_status_t status; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; -#endif rng_context_t rng; mbedtls_ssl_context ssl; @@ -850,9 +833,7 @@ int main(int argc, char *argv[]) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ char *p, *q; const int *list; @@ -877,10 +858,9 @@ int main(int argc, char *argv[]) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -907,7 +887,6 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -915,7 +894,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -942,17 +920,13 @@ int main(int argc, char *argv[]) opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1127,7 +1101,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1152,11 +1126,9 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1167,11 +1139,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -1500,7 +1470,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (opt.psk == NULL) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -1515,7 +1484,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1550,7 +1518,6 @@ int main(int argc, char *argv[]) } } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1562,7 +1529,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1786,7 +1752,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t usage = 0; @@ -1805,7 +1770,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? @@ -2006,7 +1970,6 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); @@ -2027,7 +1990,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -2098,7 +2060,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2124,7 +2085,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -3206,13 +3166,10 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -3229,11 +3186,9 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -3252,9 +3207,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -3262,14 +3216,11 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); -#endif rng_free(&rng); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 639fe5616e..cb933e7e6d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -53,9 +53,7 @@ int main(void) #include #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif #include "mbedtls/pk.h" #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) @@ -205,7 +203,7 @@ int main(void) #else #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -248,7 +246,6 @@ int main(void) " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -270,7 +267,6 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -419,14 +415,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -641,10 +632,8 @@ struct options { int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ int async_private_error; /* inject error in async private callback */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -652,9 +641,7 @@ struct options { const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ @@ -962,9 +949,7 @@ struct _psk_entry { const char *name; size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t slot; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -976,7 +961,6 @@ static int psk_free(psk_entry *head) psk_entry *next; while (head != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; mbedtls_svc_key_id_t const slot = head->slot; @@ -986,7 +970,6 @@ static int psk_free(psk_entry *head) return status; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ next = head->next; mbedtls_free(head); @@ -1052,11 +1035,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, while (cur != NULL) { if (name_len == strlen(cur->name) && memcmp(name, cur->name, name_len) == 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else -#endif return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); } @@ -1302,7 +1283,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, @@ -1326,7 +1306,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, return PSA_SUCCESS; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, @@ -1543,10 +1522,8 @@ int main(int argc, char *argv[]) io_ctx_t io_ctx; unsigned char *buf = 0; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -1574,10 +1551,8 @@ int main(int argc, char *argv[]) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif int key_cert_init = 0, key_cert_init2 = 0; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1609,10 +1584,9 @@ int main(int argc, char *argv[]) unsigned char *context_buf = NULL; size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; @@ -1621,9 +1595,7 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_status_t status; -#endif unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char *eap_tls_label = "client EAP encryption"; @@ -1684,7 +1656,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -1692,7 +1663,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -1731,19 +1701,15 @@ int main(int argc, char *argv[]) opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; @@ -1924,7 +1890,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1973,13 +1939,11 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1992,11 +1956,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2367,7 +2329,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (strlen(opt.psk) == 0) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -2397,7 +2358,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2427,7 +2387,6 @@ int main(int argc, char *argv[]) opt.min_version = ciphersuite_info->min_tls_version; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2439,7 +2398,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2732,7 +2690,6 @@ int main(int argc, char *argv[]) #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; @@ -2768,7 +2725,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key types: %s, %s)\n", key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", @@ -3182,7 +3138,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* The algorithm has already been determined earlier. */ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); @@ -3199,7 +3154,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -3213,7 +3167,6 @@ int main(int argc, char *argv[]) } if (opt.psk_list != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_list_opaque != 0) { psk_entry *cur_psk; for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { @@ -3227,7 +3180,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); } @@ -3384,7 +3336,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3410,7 +3361,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -4253,11 +4203,9 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert2); mbedtls_pk_free(&pkey2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); psa_destroy_key(key_slot2); #endif -#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { @@ -4269,8 +4217,7 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -4284,11 +4231,9 @@ int main(int argc, char *argv[]) (int) status); } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -4307,9 +4252,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -4317,12 +4261,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ - && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index f9a6402525..ad3feb65b8 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -83,13 +83,11 @@ void rng_init(rng_context_t *rng) int rng_seed(rng_context_t *rng, int reproducible, const char *pers) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (reproducible) { mbedtls_fprintf(stderr, - "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n"); + "reproducible mode is not supported.\n"); return -1; } -#endif #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* The PSA crypto RNG does its own seeding. */ (void) rng; @@ -217,7 +215,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) int key_opaque_set_alg_usage(const char *alg1, const char *alg2, psa_algorithm_t *psa_alg1, psa_algorithm_t *psa_alg2, @@ -301,7 +298,6 @@ int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algor return 0; } #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback(void *data, mbedtls_x509_crt const *child, diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index c001a2afa1..ea5dbecb89 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -14,9 +14,8 @@ #include "mbedtls/md.h" #undef HAVE_RNG -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ + defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) #define HAVE_RNG #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) #define HAVE_RNG @@ -55,10 +54,8 @@ #include "mbedtls/base64.h" #include "test/certs.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" @@ -108,7 +105,7 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. * @@ -121,14 +118,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); * where the test programs use the PSA RNG while the PSA RNG is itself based * on entropy+DRBG, and at least one configuration where the test programs * do not use the PSA RNG even though it's there. - * - * A simple choice that meets the constraints is to use the PSA RNG whenever - * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the - * choice to use the PSA RNG in the test programs and the choice to use - * PSA crypto when TLS code needs crypto have to be tied together, but it - * happens to be a good match. It's also a good match from an application - * perspective: either PSA is preferred for TLS (both for crypto and for - * random generation) or it isn't. */ #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG #endif @@ -213,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len); */ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /** Parse given opaque key algorithms to obtain psa algs and usage * that will be passed to mbedtls_pk_wrap_as_opaque(). * @@ -259,9 +247,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id); #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) /* The test implementation of the PSA external RNG is insecure. When * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto * function that makes use of an RNG, you must call diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index d9d5bb60ac..c747505519 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -152,14 +152,12 @@ int main(int argc, char *argv[]) memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -446,9 +444,7 @@ int main(int argc, char *argv[]) #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index e59772ffda..02fd567841 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -162,14 +162,12 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -502,9 +500,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ cur = opt.san_list; while (cur != NULL) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 3cabff4b5a..fb55c3f291 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -326,14 +326,12 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); memset(serial, 0, sizeof(serial)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -1026,9 +1024,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&loaded_issuer_key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index fee8b693ce..bb518adeef 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -60,14 +60,12 @@ int main(int argc, char *argv[]) */ mbedtls_x509_crl_init(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -124,9 +122,7 @@ int main(int argc, char *argv[]) exit: mbedtls_x509_crl_free(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 2ae7c9b017..34d3508459 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -86,14 +86,12 @@ int main(int argc, char *argv[]) struct mbedtls_timing_hr_time timer; unsigned long ms; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc <= 1) { mbedtls_printf(USAGE); @@ -159,9 +157,7 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 2929d687d4..b960818a09 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -60,14 +60,12 @@ int main(int argc, char *argv[]) */ mbedtls_x509_csr_init(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -124,9 +122,7 @@ int main(int argc, char *argv[]) exit: mbedtls_x509_csr_free(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 5bfdedaaf0..d019c5065e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -31,11 +31,9 @@ #include "mbedtls/ssl_cache.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ psa_generic_status_to_mbedtls) -#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(PSA_WANT_KEY_TYPE_AES) @@ -751,18 +749,11 @@ int mbedtls_test_get_tls13_ticket( #define ECJPAKE_TEST_PWD "bla" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ ret = (use_opaque_arg) ? \ mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ TEST_EQUAL(ret, exp_ret_val) -#else -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ - pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1eca6e496d..83dac17419 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -644,11 +644,9 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) ep->cert = NULL; } if (ep->pkey != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) { psa_destroy_key(ep->pkey->priv_id); } -#endif mbedtls_pk_free(ep->pkey); mbedtls_free(ep->pkey); ep->pkey = NULL; @@ -725,9 +723,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int i = 0; int ret = -1; int ok = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -759,7 +755,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, TEST_EQUAL(load_endpoint_ecc(ep), 0); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opaque_alg != 0) { psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ @@ -776,11 +771,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, mbedtls_pk_init(ep->pkey); TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0); } -#else - (void) opaque_alg; - (void) opaque_alg2; - (void) opaque_usage; -#endif mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); @@ -1212,7 +1202,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, unsigned char *output, size_t *olen) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; size_t part_len; @@ -1246,10 +1235,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, *olen += part_len; return 0; -#else - return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - iv, iv_len, input, ilen, output, olen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING && PSA_WANT_KEY_TYPE_AES */ @@ -1383,14 +1368,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, size_t key_bits = 0; int ret = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - mbedtls_cipher_info_t const *cipher_info; -#endif size_t keylen, maclen, ivlen = 0; unsigned char *key0 = NULL, *key1 = NULL; @@ -1422,58 +1403,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(key0, 0x1, keylen); memset(key1, 0x2, keylen); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); - CHK(cipher_info != NULL); - CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); - CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); - - /* Setup cipher contexts */ - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_mode == MBEDTLS_MODE_CBC) { - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if (cipher_mode == MBEDTLS_MODE_CBC || cipher_mode == MBEDTLS_MODE_STREAM) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); - CHK(md_info != NULL); -#endif maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); CHK(maclen != 0); /* Pick hash keys */ @@ -1482,7 +1415,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(md0, 0x5, maclen); memset(md1, 0x6, maclen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) alg = mbedtls_md_psa_alg_from_type(hash_id); CHK(alg != 0); @@ -1523,21 +1455,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, CHK(psa_import_key(&attributes, md0, maclen, &t_out->psa_mac_dec) == PSA_SUCCESS); -#else - CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); - - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, - md0, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, - md0, maclen) == 0); -#endif } #else ((void) hash_id); @@ -1657,7 +1574,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, t_out->out_cid_len = (uint8_t) cid0_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = mbedtls_ssl_cipher_to_psa(cipher_type, t_in->taglen, &alg, @@ -1720,7 +1636,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, goto cleanup; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ cleanup: @@ -1737,9 +1652,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, mbedtls_ssl_transform *transform_out) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#endif /* Serialized version of record header for MAC purposes */ unsigned char add_data[13]; @@ -1751,7 +1664,6 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, add_data[12] = (record->data_len >> 0) & 0xff; /* MAC with additional data */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t sign_mac_length = 0; TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, transform_out->psa_mac_enc, @@ -1767,26 +1679,13 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, mac, sizeof(mac), &sign_mac_length)); -#else - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[MBEDTLS_MD_MAX_SIZE]; - TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); -#endif memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); record->data_len += transform_out->maclen; return 0; exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_abort(&operation); -#endif return -1; } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ @@ -1840,7 +1739,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, return -1; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; @@ -1851,12 +1749,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, &hash_size); ret = PSA_TO_MBEDTLS_ERR(status); -#else - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - tmp_crt.raw.p, tmp_crt.raw.len, - session->peer_cert_digest); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { return ret; } From 6bcdd67f8321cef2e695220d4902a0ee2e0fbf58 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 2 Jun 2025 15:51:32 +0100 Subject: [PATCH 0692/1080] Update ssl progs to restore build Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 65 ++++++++++++++++++++++++++++---- programs/ssl/ssl_server2.c | 76 +++++++++++++++++++++++++++++++++----- 2 files changed, 124 insertions(+), 17 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b76055ed5b..d5e7fdf304 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -9,7 +9,9 @@ #include "ssl_test_lib.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" +#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) @@ -143,7 +145,7 @@ int main(void) #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -170,6 +172,7 @@ int main(void) " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -182,6 +185,7 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -305,9 +309,14 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#define USAGE_ECJPAKE \ + " ecjpake_pw=%%s default: none (disabled)\n" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -479,7 +488,9 @@ struct options { const char *crt_file; /* the file with the client certificate */ const char *key_file; /* the file with the client key */ int key_opaque; /* handle private key as if it were opaque */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -487,7 +498,9 @@ struct options { const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ +#endif int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -811,12 +824,16 @@ int main(int argc, char *argv[]) const char *pers = "ssl_client2"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; #endif psa_status_t status; +#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) + psa_status_t status; +#endif rng_context_t rng; mbedtls_ssl_context ssl; @@ -833,7 +850,9 @@ int main(int argc, char *argv[]) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ +#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ char *p, *q; const int *list; @@ -858,9 +877,10 @@ int main(int argc, char *argv[]) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -887,6 +907,7 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -894,6 +915,7 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } +#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -920,13 +942,17 @@ int main(int argc, char *argv[]) opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; +#endif opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1101,7 +1127,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1126,9 +1152,11 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1139,9 +1167,11 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } +#endif else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -1470,6 +1500,7 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (opt.psk == NULL) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -1484,6 +1515,7 @@ int main(int argc, char *argv[]) goto usage; } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1518,6 +1550,7 @@ int main(int argc, char *argv[]) } } +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1529,6 +1562,7 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1752,6 +1786,7 @@ int main(int argc, char *argv[]) goto exit; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t usage = 0; @@ -1770,6 +1805,7 @@ int main(int argc, char *argv[]) } } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? @@ -1970,6 +2006,7 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); @@ -1990,6 +2027,7 @@ int main(int argc, char *argv[]) goto exit; } } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -2060,6 +2098,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2085,6 +2124,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -3166,10 +3206,13 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); +#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -3186,9 +3229,11 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -3207,8 +3252,9 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -3216,11 +3262,14 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } +#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ +#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); +#endif rng_free(&rng); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index cb933e7e6d..639fe5616e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -53,7 +53,9 @@ int main(void) #include #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" +#endif #include "mbedtls/pk.h" #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) @@ -203,7 +205,7 @@ int main(void) #else #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -246,6 +248,7 @@ int main(void) " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -267,6 +270,7 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -415,9 +419,14 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#define USAGE_ECJPAKE \ + " ecjpake_pw=%%s default: none (disabled)\n" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -632,8 +641,10 @@ struct options { int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ int async_private_error; /* inject error in async private callback */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -641,7 +652,9 @@ struct options { const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ +#endif int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ @@ -949,7 +962,9 @@ struct _psk_entry { const char *name; size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t slot; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -961,6 +976,7 @@ static int psk_free(psk_entry *head) psk_entry *next; while (head != NULL) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; mbedtls_svc_key_id_t const slot = head->slot; @@ -970,6 +986,7 @@ static int psk_free(psk_entry *head) return status; } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ next = head->next; mbedtls_free(head); @@ -1035,9 +1052,11 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, while (cur != NULL) { if (name_len == strlen(cur->name) && memcmp(name, cur->name, name_len) == 0) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else +#endif return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); } @@ -1283,6 +1302,7 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, @@ -1306,6 +1326,7 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, return PSA_SUCCESS; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, @@ -1522,8 +1543,10 @@ int main(int argc, char *argv[]) io_ctx_t io_ctx; unsigned char *buf = 0; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -1551,8 +1574,10 @@ int main(int argc, char *argv[]) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ +#endif int key_cert_init = 0, key_cert_init2 = 0; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1584,9 +1609,10 @@ int main(int argc, char *argv[]) unsigned char *context_buf = NULL; size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; @@ -1595,7 +1621,9 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_status_t status; +#endif unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char *eap_tls_label = "client EAP encryption"; @@ -1656,6 +1684,7 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -1663,6 +1692,7 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -1701,15 +1731,19 @@ int main(int argc, char *argv[]) opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; opt.psk = DFL_PSK; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; +#endif opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; @@ -1890,7 +1924,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1939,11 +1973,13 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); } +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1956,9 +1992,11 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } +#endif else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2329,6 +2367,7 @@ int main(int argc, char *argv[]) goto exit; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (strlen(opt.psk) == 0) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -2358,6 +2397,7 @@ int main(int argc, char *argv[]) goto usage; } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2387,6 +2427,7 @@ int main(int argc, char *argv[]) opt.min_version = ciphersuite_info->min_tls_version; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2398,6 +2439,7 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2690,6 +2732,7 @@ int main(int argc, char *argv[]) #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ } +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; @@ -2725,6 +2768,7 @@ int main(int argc, char *argv[]) } } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key types: %s, %s)\n", key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", @@ -3138,6 +3182,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* The algorithm has already been determined earlier. */ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); @@ -3154,6 +3199,7 @@ int main(int argc, char *argv[]) goto exit; } } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -3167,6 +3213,7 @@ int main(int argc, char *argv[]) } if (opt.psk_list != NULL) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_list_opaque != 0) { psk_entry *cur_psk; for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { @@ -3180,6 +3227,7 @@ int main(int argc, char *argv[]) } } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); } @@ -3336,6 +3384,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3361,6 +3410,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -4203,9 +4253,11 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert2); mbedtls_pk_free(&pkey2); +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); psa_destroy_key(key_slot2); #endif +#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { @@ -4217,7 +4269,8 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -4231,9 +4284,11 @@ int main(int argc, char *argv[]) (int) status); } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -4252,8 +4307,9 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -4261,10 +4317,12 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } +#endif /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ + && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif From 62278dc93d5845e1e8356edb25281bb78ce195f2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 6 Jun 2025 08:17:22 +0100 Subject: [PATCH 0693/1080] remove MBEDTLS_USE_PSA_CRYPTO from ssl progs Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 68 +++++---------------------------- programs/ssl/ssl_server2.c | 78 +++++--------------------------------- 2 files changed, 18 insertions(+), 128 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5e7fdf304..8c0453d6e3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -9,9 +9,7 @@ #include "ssl_test_lib.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) @@ -145,7 +143,7 @@ int main(void) #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -172,7 +170,6 @@ int main(void) " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -183,9 +180,6 @@ int main(void) " Note: This is to test integration of PSA-based opaque PSKs with\n" \ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ " with prepopulated key slots instead of importing raw key material.\n" -#else -#define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -309,14 +303,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -488,9 +477,7 @@ struct options { const char *crt_file; /* the file with the client certificate */ const char *key_file; /* the file with the client key */ int key_opaque; /* handle private key as if it were opaque */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -498,9 +485,7 @@ struct options { const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -824,16 +809,12 @@ int main(int argc, char *argv[]) const char *pers = "ssl_client2"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; #endif psa_status_t status; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; -#endif rng_context_t rng; mbedtls_ssl_context ssl; @@ -850,9 +831,7 @@ int main(int argc, char *argv[]) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ char *p, *q; const int *list; @@ -877,10 +856,9 @@ int main(int argc, char *argv[]) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -907,7 +885,6 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -915,7 +892,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -942,17 +918,13 @@ int main(int argc, char *argv[]) opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1127,7 +1099,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1152,11 +1124,9 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1167,11 +1137,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -1500,7 +1468,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (opt.psk == NULL) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -1515,7 +1482,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1550,7 +1516,6 @@ int main(int argc, char *argv[]) } } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1562,7 +1527,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1786,7 +1750,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t usage = 0; @@ -1805,7 +1768,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? @@ -2006,7 +1968,6 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); @@ -2027,7 +1988,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -2098,7 +2058,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2124,7 +2083,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -3206,13 +3164,10 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -3229,11 +3184,9 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -3252,9 +3205,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -3262,12 +3214,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ - !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 639fe5616e..e463c63046 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -53,9 +53,7 @@ int main(void) #include #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif #include "mbedtls/pk.h" #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) @@ -205,7 +203,7 @@ int main(void) #else #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -248,7 +246,6 @@ int main(void) " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -268,9 +265,6 @@ int main(void) " Note: This is to test integration of PSA-based opaque PSKs with\n" \ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ " with prepopulated key slots instead of importing raw key material.\n" -#else -#define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -419,14 +413,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -641,10 +630,8 @@ struct options { int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ int async_private_error; /* inject error in async private callback */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -652,9 +639,7 @@ struct options { const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ @@ -962,9 +947,7 @@ struct _psk_entry { const char *name; size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t slot; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -976,7 +959,6 @@ static int psk_free(psk_entry *head) psk_entry *next; while (head != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; mbedtls_svc_key_id_t const slot = head->slot; @@ -986,7 +968,6 @@ static int psk_free(psk_entry *head) return status; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ next = head->next; mbedtls_free(head); @@ -1052,11 +1033,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, while (cur != NULL) { if (name_len == strlen(cur->name) && memcmp(name, cur->name, name_len) == 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else -#endif return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); } @@ -1302,7 +1281,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, @@ -1326,7 +1304,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, return PSA_SUCCESS; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, @@ -1543,10 +1520,8 @@ int main(int argc, char *argv[]) io_ctx_t io_ctx; unsigned char *buf = 0; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -1574,10 +1549,8 @@ int main(int argc, char *argv[]) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif int key_cert_init = 0, key_cert_init2 = 0; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1609,10 +1582,9 @@ int main(int argc, char *argv[]) unsigned char *context_buf = NULL; size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; @@ -1621,9 +1593,7 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_status_t status; -#endif unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char *eap_tls_label = "client EAP encryption"; @@ -1684,7 +1654,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -1692,7 +1661,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -1731,19 +1699,15 @@ int main(int argc, char *argv[]) opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; @@ -1924,7 +1888,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1973,13 +1937,11 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1992,11 +1954,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2367,7 +2327,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (strlen(opt.psk) == 0) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -2397,7 +2356,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2427,7 +2385,6 @@ int main(int argc, char *argv[]) opt.min_version = ciphersuite_info->min_tls_version; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2439,7 +2396,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2732,7 +2688,6 @@ int main(int argc, char *argv[]) #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; @@ -2768,7 +2723,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key types: %s, %s)\n", key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", @@ -3182,7 +3136,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* The algorithm has already been determined earlier. */ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); @@ -3199,7 +3152,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -3213,7 +3165,6 @@ int main(int argc, char *argv[]) } if (opt.psk_list != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_list_opaque != 0) { psk_entry *cur_psk; for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { @@ -3227,7 +3178,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); } @@ -3384,7 +3334,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3410,7 +3359,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -4253,11 +4201,9 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert2); mbedtls_pk_free(&pkey2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); psa_destroy_key(key_slot2); #endif -#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { @@ -4269,8 +4215,7 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -4284,11 +4229,9 @@ int main(int argc, char *argv[]) (int) status); } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -4307,9 +4250,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -4317,12 +4259,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ - && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif From 0f21429af5422e764f5bba3e4e49e3cf5fcf0670 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 6 Jun 2025 08:31:48 +0100 Subject: [PATCH 0694/1080] Correct ifdef logic Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index ea5dbecb89..fbb0efff84 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -14,8 +14,7 @@ #include "mbedtls/md.h" #undef HAVE_RNG -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ - defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #define HAVE_RNG #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) #define HAVE_RNG From 9020426b14ab2a84d5f186d97cdf9ef524bf39e8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 9 Jun 2025 11:51:28 +0100 Subject: [PATCH 0695/1080] remove MBEDTLS_USE_PSA_CRYPTO from tests Signed-off-by: Ben Taylor --- tests/scripts/components-sanitizers.sh | 8 +-- tests/ssl-opt.sh | 9 ---- .../test_suite_constant_time_hmac.function | 51 ------------------- tests/suites/test_suite_ssl.data | 34 ++++++------- tests/suites/test_suite_ssl.function | 12 +---- tests/suites/test_suite_x509parse.data | 2 +- tests/suites/test_suite_x509write.data | 12 ++--- tests/suites/test_suite_x509write.function | 34 ++----------- 8 files changed, 33 insertions(+), 129 deletions(-) diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 45d0960a1d..26b149f69e 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -66,7 +66,7 @@ component_release_test_valgrind_constant_flow_no_asm () { # - or alternatively, build with debug info and manually run the offending # test suite with valgrind --track-origins=yes, then check if the origin # was TEST_CF_SECRET() or something else. - msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing" + msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing" scripts/config.py full scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND scripts/config.py unset MBEDTLS_AESNI_C @@ -77,7 +77,7 @@ component_release_test_valgrind_constant_flow_no_asm () { # this only shows a summary of the results (how many of each type) # details are left in Testing//DynamicAnalysis.xml - msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" + msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" make memcheck } @@ -150,7 +150,7 @@ component_test_memsan () { component_release_test_valgrind () { msg "build: Release (clang)" - # default config, in particular without MBEDTLS_USE_PSA_CRYPTO + # default config CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make @@ -178,7 +178,7 @@ component_release_test_valgrind () { component_release_test_valgrind_psa () { msg "build: Release, full (clang)" - # full config, in particular with MBEDTLS_USE_PSA_CRYPTO + # full config scripts/config.py full CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c667cd14bd..36bde20bfc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,15 +9443,6 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# The following test cases for restartable ECDH come in two variants: -# * The "(USE_PSA)" variant expects the current behavior, which is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests -# the partial implementation where ECDH in TLS is not actually restartable. -# * The "(no USE_PSA)" variant expects the desired behavior. These test -# cases cannot currently pass because the implementation of restartable ECC -# in TLS is partial: ECDH is not actually restartable. This is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. -# # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test # cases. diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 0e870d80fd..057d104d0e 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -16,15 +16,10 @@ void ssl_cf_hmac(int hash) * Test the function mbedtls_ct_hmac() against a reference * implementation. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#else - mbedtls_md_context_t ctx, ref_ctx; - const mbedtls_md_info_t *md_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t out_len, block_size; size_t min_in_len, in_len, max_in_len, i; /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ @@ -36,7 +31,6 @@ void ssl_cf_hmac(int hash) USE_PSA_INIT(); -#if defined(MBEDTLS_USE_PSA_CRYPTO) alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); out_len = PSA_HASH_LENGTH(alg); @@ -47,36 +41,15 @@ void ssl_cf_hmac(int hash) PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); -#else - mbedtls_md_init(&ctx); - mbedtls_md_init(&ref_ctx); - - md_info = mbedtls_md_info_from_type(hash); - TEST_ASSERT(md_info != NULL); - out_len = mbedtls_md_get_size(md_info); - TEST_ASSERT(out_len != 0); - block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use allocated out buffer to catch overwrites */ TEST_CALLOC(out, out_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Set up dummy key */ memset(ref_out, 42, sizeof(ref_out)); TEST_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, ref_out, out_len, &key)); -#else - /* Set up contexts with the given hash and a dummy key */ - TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1)); - TEST_EQUAL(0, mbedtls_md_setup(&ref_ctx, md_info, 1)); - memset(ref_out, 42, sizeof(ref_out)); - TEST_EQUAL(0, mbedtls_md_hmac_starts(&ctx, ref_out, out_len)); - TEST_EQUAL(0, mbedtls_md_hmac_starts(&ref_ctx, ref_out, out_len)); - memset(ref_out, 0, sizeof(ref_out)); -#endif - /* * Test all possible lengths up to a point. The difference between * max_in_len and min_in_len is at most 255, and make sure they both vary @@ -101,22 +74,14 @@ void ssl_cf_hmac(int hash) /* Get the function's result */ TEST_CF_SECRET(&in_len, sizeof(in_len)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) TEST_EQUAL(0, mbedtls_ct_hmac(key, PSA_ALG_HMAC(alg), add_data, sizeof(add_data), data, in_len, min_in_len, max_in_len, out)); -#else - TEST_EQUAL(0, mbedtls_ct_hmac(&ctx, add_data, sizeof(add_data), - data, in_len, - min_in_len, max_in_len, - out)); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ TEST_CF_PUBLIC(&in_len, sizeof(in_len)); TEST_CF_PUBLIC(out, out_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_setup(&operation, key, alg)); TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, @@ -125,17 +90,6 @@ void ssl_cf_hmac(int hash) data, in_len)); TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_finish(&operation, out, out_len)); -#else - /* Compute the reference result */ - TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, add_data, - sizeof(add_data))); - TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, data, in_len)); - TEST_EQUAL(0, mbedtls_md_hmac_finish(&ref_ctx, ref_out)); - TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx)); - - /* Compare */ - TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } mbedtls_free(data); @@ -143,13 +97,8 @@ void ssl_cf_hmac(int hash) } exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_abort(&operation); psa_destroy_key(key); -#else - mbedtls_md_free(&ref_ctx); - mbedtls_md_free(&ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_free(data); mbedtls_free(out); diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 378c5339fe..ec62c2cb2e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -440,23 +440,23 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_R handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque @@ -464,19 +464,19 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque @@ -484,15 +484,15 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDIN handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque @@ -500,19 +500,19 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_P handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation @@ -3236,7 +3236,7 @@ depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ssl_ecjpake_set_password:0 EC-JPAKE set opaque password -depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ssl_ecjpake_set_password:1 Test Elliptic curves' info parsing diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 918edd5aca..c70080317c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3422,7 +3422,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ void test_multiple_psks_opaque(int mode) { /* @@ -3768,7 +3768,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; @@ -3941,11 +3941,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t pwd_slot = MBEDTLS_SVC_KEY_ID_INIT; -#else /* MBEDTLS_USE_PSA_CRYPTO */ - (void) use_opaque_arg; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char pwd_string[sizeof(ECJPAKE_TEST_PWD)] = ""; size_t pwd_len = 0; int ret; @@ -3971,7 +3967,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg) pwd_len = strlen(ECJPAKE_TEST_PWD); memcpy(pwd_string, ECJPAKE_TEST_PWD, pwd_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (use_opaque_arg) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3998,16 +3993,13 @@ void ssl_ecjpake_set_password(int use_opaque_arg) PSA_ASSERT(psa_import_key(&attributes, pwd_string, pwd_len, &pwd_slot)); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* final check which should work without errors */ ECJPAKE_TEST_SET_PASSWORD(0); -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (use_opaque_arg) { psa_destroy_key(pwd_slot); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c2a7f30fd9..14e7afa740 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -900,7 +900,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_ x509_verify:"../framework/data_files/server9-defaults.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #70 (v1 trusted CA) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 3860076d2c..4d57a8fb69 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -123,23 +123,23 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.ca_noauthid.crt":1:1:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":2:1:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Full length serial @@ -159,7 +159,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINIST x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server5 ECDSA, Opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e0aad90a04..f42349cb5b 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -15,8 +15,7 @@ #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) +#if defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) { unsigned char hash[PSA_HASH_MAX_SIZE]; @@ -53,7 +52,7 @@ cleanup: mbedtls_x509_csr_free(&csr); return ret; } -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ +#endif /* MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ #if defined(MBEDTLS_X509_CSR_WRITE_C) @@ -131,11 +130,6 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_x509write_csr req; unsigned char buf[4096]; int ret; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char check_buf[4000]; - FILE *f; - size_t olen = 0; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ size_t pem_len = 0, buf_index; int der_len = -1; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; @@ -215,20 +209,10 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(buf[buf_index] == 0); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used (void) cert_req_check_file; buf[pem_len] = '\0'; TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); -#else - f = fopen(cert_req_check_file, "r"); - TEST_ASSERT(f != NULL); - olen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); @@ -237,14 +221,10 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, result length isn't // deterministic over multiple runs, removing a single byte isn't enough to // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case der_len /= 2; -#else - der_len -= 1; -#endif ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); @@ -256,7 +236,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, int cert_type) { @@ -342,10 +322,8 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, int der_len = -1; FILE *f; mbedtls_test_rnd_pseudo_info rnd_info; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; -#endif mbedtls_pk_type_t issuer_key_type; mbedtls_x509_san_list san_ip; mbedtls_x509_san_list san_dns; @@ -409,7 +387,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, issuer_key_type = mbedtls_pk_get_type(&issuer_key); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Turn the issuer PK context into an opaque one. */ if (pk_wrap == 2) { TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH, @@ -419,7 +396,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, mbedtls_pk_init(&issuer_key); TEST_EQUAL(mbedtls_pk_wrap_psa(&issuer_key, key_id), 0); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (pk_wrap == 2) { TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE); @@ -570,14 +546,12 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(p < end); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, result length isn't // deterministic over multiple runs, removing a single byte isn't enough to // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case if (issuer_key_type != MBEDTLS_PK_RSA) { der_len /= 2; } else -#endif der_len -= 1; ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); @@ -592,9 +566,7 @@ exit: #if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) mbedtls_mpi_free(&serial_mpi); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_id); -#endif MD_OR_USE_PSA_DONE(); } /* END_CASE */ From a4915abc5628bd498dbe64272c9895141b9ef817 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 9 Jun 2025 13:30:39 +0100 Subject: [PATCH 0696/1080] fix code style issues Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 8c0453d6e3..1ce4e46b1c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1123,8 +1123,7 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ else if (strcmp(p, "psk") == 0) { opt.psk = q; - } - else if (strcmp(p, "psk_opaque") == 0) { + } else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -1136,11 +1135,9 @@ int main(int argc, char *argv[]) opt.psk_identity = q; } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; - } - else if (strcmp(p, "ecjpake_pw_opaque") == 0) { + } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); - } - else if (strcmp(p, "ec_max_ops") == 0) { + } else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2082,8 +2079,7 @@ int main(int argc, char *argv[]) goto exit; } mbedtls_printf("using opaque password\n"); - } else - { + } else { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, strlen(opt.ecjpake_pw))) != 0) { From 98ecfdb440aeccb714014a89286401bb08c88ea5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 10 Jun 2025 07:47:13 +0100 Subject: [PATCH 0697/1080] corrected code style Signed-off-by: Ben Taylor --- programs/ssl/ssl_server2.c | 14 ++++++-------- tests/suites/test_suite_x509write.function | 5 +++-- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e463c63046..28623bfc84 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1035,8 +1035,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, memcmp(name, cur->name, name_len) == 0) { if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); - } else - return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); + } else { + return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); + } } cur = cur->next; @@ -1936,8 +1937,7 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ else if (strcmp(p, "psk") == 0) { opt.psk = q; - } - else if (strcmp(p, "psk_opaque") == 0) { + } else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); @@ -1953,8 +1953,7 @@ int main(int argc, char *argv[]) opt.psk_list = q; } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; - } - else if (strcmp(p, "ecjpake_pw_opaque") == 0) { + } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -3358,8 +3357,7 @@ int main(int argc, char *argv[]) goto exit; } mbedtls_printf("using opaque password\n"); - } else - { + } else { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, strlen(opt.ecjpake_pw))) != 0) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f42349cb5b..03746b4047 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -551,8 +551,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case if (issuer_key_type != MBEDTLS_PK_RSA) { der_len /= 2; - } else - der_len -= 1; + } else { + der_len -= 1; + } ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); From cdc191b50052db6d0aaa98e8c823240a7dafe53c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 10 Jun 2025 14:52:38 +0100 Subject: [PATCH 0698/1080] Correct code style Signed-off-by: Ben Taylor --- programs/ssl/ssl_server2.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 28623bfc84..c5f22c4116 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1037,7 +1037,7 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else { return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); - } + } } cur = cur->next; @@ -1955,8 +1955,7 @@ int main(int argc, char *argv[]) opt.ecjpake_pw = q; } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); - } - else if (strcmp(p, "force_ciphersuite") == 0) { + } else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); if (opt.force_ciphersuite[0] == 0) { From 39a68bf3472dce1c101bdd6ec5c9b424ea27a609 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 15 Jul 2025 13:34:55 +0100 Subject: [PATCH 0699/1080] removed additional references to USE_PSA in tests and comments Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 21 ++++---- tests/ssl-opt.sh | 52 +++++++------------ 2 files changed, 30 insertions(+), 43 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index da776e70b8..c78e53244d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -16,7 +16,7 @@ component_test_psa_crypto_key_id_encodes_owner () { CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + msg "test: full config - PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" make test } @@ -188,16 +188,16 @@ component_test_no_ctr_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" + msg "test: Full minus CTR_DRBG- main suites" make test # In this configuration, the TLS test programs use HMAC_DRBG. # The SSL tests are slow, so run a small subset, just enough to get # confidence that the SSL code copes with HMAC_DRBG. - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" + msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" + msg "test: Full minus CTR_DRBG - compat.sh (subset)" tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL } @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" + msg "test: Full minus HMAC_DRBG - main suites" make test # Normally our ECDSA implementation uses deterministic ECDSA. But since @@ -218,12 +218,12 @@ component_test_no_hmac_drbg_use_psa () { # instead. # Test SSL with non-deterministic ECDSA. Only test features that # might be affected by how ECDSA signature is performed. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" + msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private: sign' # To save time, only test one protocol version, since this part of # the protocol is identical in (D)TLS up to 1.2. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" + msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)" tests/compat.sh -m tls12 -t 'ECDSA' } @@ -247,16 +247,16 @@ component_test_psa_external_rng_no_drbg_use_psa () { } component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "build: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_CTR_DRBG_C make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" make test - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" tests/ssl-opt.sh -f 'Default\|opaque' } @@ -342,7 +342,6 @@ component_test_full_no_ccm () { msg "build: full no PSA_WANT_ALG_CCM" # Full config enables: - # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated scripts/config.py full diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 36bde20bfc..201a788385 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,15 +9443,10 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, -# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test -# cases. - -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9462,11 +9457,9 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9477,8 +9470,7 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# This works the same with & without USE_PSA as we never get to ECDH: -# we abort as soon as we determined the cert is bad. +# We abort as soon as we determined the cert is bad. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, badsign" \ @@ -9497,11 +9489,10 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9517,11 +9508,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9537,11 +9528,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9557,11 +9547,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9577,11 +9567,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ +run_test "EC restart: DTLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9592,11 +9581,11 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: DTLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9607,11 +9596,10 @@ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ @@ -9622,11 +9610,11 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ From 07687266b9f33d66b36885784cb9130e0ddb59ab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 08:03:43 +0100 Subject: [PATCH 0700/1080] restoring test comment that refer to USE_PSA Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 21 +++++----- tests/ssl-opt.sh | 42 ++++++++++++------- 2 files changed, 38 insertions(+), 25 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c78e53244d..da776e70b8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -16,7 +16,7 @@ component_test_psa_crypto_key_id_encodes_owner () { CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full config - PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" make test } @@ -188,16 +188,16 @@ component_test_no_ctr_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus CTR_DRBG- main suites" + msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" make test # In this configuration, the TLS test programs use HMAC_DRBG. # The SSL tests are slow, so run a small subset, just enough to get # confidence that the SSL code copes with HMAC_DRBG. - msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)" + msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' - msg "test: Full minus CTR_DRBG - compat.sh (subset)" + msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL } @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus HMAC_DRBG - main suites" + msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" make test # Normally our ECDSA implementation uses deterministic ECDSA. But since @@ -218,12 +218,12 @@ component_test_no_hmac_drbg_use_psa () { # instead. # Test SSL with non-deterministic ECDSA. Only test features that # might be affected by how ECDSA signature is performed. - msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)" + msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private: sign' # To save time, only test one protocol version, since this part of # the protocol is identical in (D)TLS up to 1.2. - msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)" + msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" tests/compat.sh -m tls12 -t 'ECDSA' } @@ -247,16 +247,16 @@ component_test_psa_external_rng_no_drbg_use_psa () { } component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" + msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_CTR_DRBG_C make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" make test - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" tests/ssl-opt.sh -f 'Default\|opaque' } @@ -342,6 +342,7 @@ component_test_full_no_ccm () { msg "build: full no PSA_WANT_ALG_CCM" # Full config enables: + # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated scripts/config.py full diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 201a788385..0cf9e23cc4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,10 +9443,15 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" +# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, +# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test +# cases. + +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000" \ +run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9457,9 +9462,11 @@ run_test "EC restart: TLS, max_ops=1000" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" +# With USE_PSA enabled we expect only partial restartable behaviour: +# everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000" \ +run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9470,7 +9477,8 @@ run_test "EC restart: TLS, max_ops=1000" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# We abort as soon as we determined the cert is bad. +# This works the same with & without USE_PSA as we never get to ECDH: +# we abort as soon as we determined the cert is bad. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, badsign" \ @@ -9489,10 +9497,11 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9508,11 +9517,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9528,10 +9537,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9547,11 +9557,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9567,10 +9577,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: DTLS, max_ops=1000" \ +run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9581,11 +9592,11 @@ run_test "EC restart: DTLS, max_ops=1000" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: DTLS, max_ops=1000" \ +run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9596,10 +9607,11 @@ run_test "EC restart: DTLS, max_ops=1000" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000 no client auth" \ +run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ @@ -9610,11 +9622,11 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000 no client auth" \ +run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ From 6164e92d3b93b3544dd42ecf0dc447c0c268e4af Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 08:06:28 +0100 Subject: [PATCH 0701/1080] Restore comment in ssl-opt.sh as it is still relevent Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0cf9e23cc4..ef78ef0cdc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,6 +9443,15 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" +# The following test cases for restartable ECDH come in two variants: +# * The "(USE_PSA)" variant expects the current behavior, which is the behavior +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests +# the partial implementation where ECDH in TLS is not actually restartable. +# * The "(no USE_PSA)" variant expects the desired behavior. These test +# cases cannot currently pass because the implementation of restartable ECC +# in TLS is partial: ECDH is not actually restartable. This is the behavior +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. +# # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test # cases. From 8519c3e0bae71a7563f963203b5a7bda7aee64aa Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 08:11:37 +0100 Subject: [PATCH 0702/1080] corrected copy paste error for MBEDTLS_USE_PSA_CRYPTO enabled/disabled Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ef78ef0cdc..d38e578de1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9445,12 +9445,12 @@ run_test "EC restart: TLS, max_ops=65535" \ # The following test cases for restartable ECDH come in two variants: # * The "(USE_PSA)" variant expects the current behavior, which is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. This tests # the partial implementation where ECDH in TLS is not actually restartable. # * The "(no USE_PSA)" variant expects the desired behavior. These test # cases cannot currently pass because the implementation of restartable ECC # in TLS is partial: ECDH is not actually restartable. This is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. # # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test From a750e1be5fde58ab6ec0b2ad7b4b1f0933ac8f65 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Jul 2025 14:27:47 +0100 Subject: [PATCH 0703/1080] Minor comment updates Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/ssl/ssl_test_lib.h | 15 --------------- 3 files changed, 2 insertions(+), 17 deletions(-) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 40fd9caa0f..03e33b7080 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -199,7 +199,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); -#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */ +#endif /* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_PEM_PARSE_C */ mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); #else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index ae0f85282b..af50e25f13 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -21,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } -#else /* MBEDTLS_X509_REMOVE_INFO */ +#else /* !MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index fbb0efff84..20dbe61dfe 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -104,22 +104,7 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use - * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. - * - * The constraints are: - * - Without the entropy module, the PSA RNG is the only option. - * - Without at least one of the DRBG modules, the PSA RNG is the only option. - * - The PSA RNG does not support explicit seeding, so it is incompatible with - * the reproducible mode used by test programs. - * - For good overall test coverage, there should be at least one configuration - * where the test programs use the PSA RNG while the PSA RNG is itself based - * on entropy+DRBG, and at least one configuration where the test programs - * do not use the PSA RNG even though it's there. - */ #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG -#endif /** A context for random number generation (RNG). */ From d5b655ab2141e49dfa7bbe9a1d9bffad91420674 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Jul 2025 14:47:28 +0100 Subject: [PATCH 0704/1080] Re-add missing and Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 03e33b7080..9a5b80db77 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -199,7 +199,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); -#endif /* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_PEM_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */ mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); #else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ From 44703e4cc206fae78b92d95742a3ab3e43e1c576 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 09:15:14 +0100 Subject: [PATCH 0705/1080] Update comment format Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 9a5b80db77..3a5e502fe5 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -192,7 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free(&ticket_ctx); -#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); From 1e2e2ea36df143b324d06dd340f7d7c067d327e4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 13:19:27 +0100 Subject: [PATCH 0706/1080] Added back crypto treatment of certs as the keyfile is now passed in and the previous rng issue should no longer be relevent Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 03746b4047..edcc14d3f1 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -130,6 +130,9 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_x509write_csr req; unsigned char buf[4096]; int ret; + unsigned char check_buf[4000]; + FILE *f; + size_t olen = 0; size_t pem_len = 0, buf_index; int der_len = -1; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; @@ -209,10 +212,14 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(buf[buf_index] == 0); } - // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used - (void) cert_req_check_file; - buf[pem_len] = '\0'; - TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); + f = fopen(cert_req_check_file, "r"); //open the file + TEST_ASSERT(f != NULL); //check the file has been opened. + olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file + fclose(f); // close the file + + TEST_ASSERT(olen >= pem_len - 1); + TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); + der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); @@ -221,10 +228,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, goto exit; } - // When using PSA crypto, RNG isn't controllable, result length isn't - // deterministic over multiple runs, removing a single byte isn't enough to - // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case - der_len /= 2; + der_len -= 1; ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); From dbea0a9cc541199bfd6f21cd6ad2d97c1142d959 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 13:27:39 +0100 Subject: [PATCH 0707/1080] Remove additional unused no rng case Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index edcc14d3f1..89de9599ab 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -550,14 +550,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(p < end); } - // When using PSA crypto, RNG isn't controllable, result length isn't - // deterministic over multiple runs, removing a single byte isn't enough to - // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case - if (issuer_key_type != MBEDTLS_PK_RSA) { - der_len /= 2; - } else { - der_len -= 1; - } + der_len -= 1; ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); From 4df61d408d9bc6288e0430f8556e25f27deeefb0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 15:03:55 +0100 Subject: [PATCH 0708/1080] fix style issues Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 89de9599ab..c2ab27b01d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -217,8 +217,8 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file fclose(f); // close the file - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); + TEST_ASSERT(olen >= pem_len - 1); + TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); From c454b5b658092327cb97debd37023f7ea182d300 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 07:54:31 +0100 Subject: [PATCH 0709/1080] Fix rebase failure Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d38e578de1..60b970aefb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9474,7 +9474,7 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9529,7 +9529,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9569,7 +9569,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9604,7 +9604,7 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9634,7 +9634,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ From 72d6030f89a25a66e40313b0a20d2cb3012f59e0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 19 Mar 2025 14:56:57 +0100 Subject: [PATCH 0710/1080] Combine psa_pake_set_password_key and psa_pake_setup into a single function Signed-off-by: Anton Matkin --- library/ssl_tls.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 051fce36e3..dee80292e2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1827,7 +1827,7 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( 256)); psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); - status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite); + status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, pwd, &cipher_suite); if (status != PSA_SUCCESS) { return status; } @@ -1854,11 +1854,6 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( return status; } - status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd); - if (status != PSA_SUCCESS) { - return status; - } - ssl->handshake->psa_pake_ctx_is_ok = 1; return PSA_SUCCESS; From 23189f41cb79f21feb86f3d5a8b5cca5ddbc2cf8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 19 Mar 2025 14:57:27 +0100 Subject: [PATCH 0711/1080] Updated the tf-psa-crypto git link Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5df033ee3c..fc1dca6195 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 +Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 From 4a43804d690979cf34f1289f53ff1098b5c4e6c4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Jul 2025 09:47:39 +0100 Subject: [PATCH 0712/1080] Remove deprecated items Signed-off-by: Ben Taylor --- include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 22 ---------------------- include/mbedtls/ssl.h | 12 ------------ library/mbedtls_check_config.h | 13 ------------- library/ssl_msg.c | 12 ++++-------- library/ssl_tls.c | 12 ------------ tests/configs/tls13-only.h | 1 - 7 files changed, 4 insertions(+), 69 deletions(-) diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 2221e5b2e7..36641e18b6 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -51,7 +51,6 @@ #if !defined(MBEDTLS_SSL_PROTO_DTLS) #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY #undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d18d0fadb8..827b96165f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -533,28 +533,6 @@ */ #define MBEDTLS_SSL_DTLS_CONNECTION_ID -/** - * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - * - * Defines whether RFC 9146 (default) or the legacy version - * (version draft-ietf-tls-dtls-connection-id-05, - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) - * is used. - * - * Set the value to 0 for the standard version, and - * 1 for the legacy draft version. - * - * \deprecated Support for the legacy version of the DTLS - * Connection ID feature is deprecated. Please - * switch to the standardized version defined - * in RFC 9146 enabled by utilizing - * MBEDTLS_SSL_DTLS_CONNECTION_ID without use - * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. - * - * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID - */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 - /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7ea0174612..4bfe4af02c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -470,14 +470,6 @@ /** \} name SECTION: Module settings */ -/* - * Default to standard CID mode - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 -#endif - /* * Length of the verify data for secure renegotiation */ @@ -649,11 +641,7 @@ #define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ -#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 #define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2 CID */ -#else -#define MBEDTLS_TLS_EXT_CID 254 /* Pre-RFC 9146 DTLS 1.2 CID */ -#endif #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 5e5a5b31db..43c2308800 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -238,19 +238,6 @@ #error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" #endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 -#if defined(MBEDTLS_DEPRECATED_REMOVED) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#elif defined(MBEDTLS_DEPRECATED_WARNING) -#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#endif -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) #error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5774bfc865..5eeb154047 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -663,8 +663,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, unsigned char *cur = add_data; size_t ad_len_field = rec->data_len; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; #endif @@ -680,8 +679,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, ((void) tls_version); ((void) taglen); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // seq_num_placeholder memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder)); @@ -711,8 +709,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, memcpy(cur, rec->ver, sizeof(rec->ver)); cur += sizeof(rec->ver); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // CID @@ -727,8 +724,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); cur += 2; } else -#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // epoch + sequence number diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dee80292e2..ecc9187af2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2633,18 +2633,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} - -void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_SSL_SRV_C) void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, char cert_req_ca_list) diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 342bbed91e..8260ef5e12 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -25,4 +25,3 @@ #undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT From 889ac064f460a9f1c8c058caeaf9f63549d5a0ba Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 15:03:31 +0100 Subject: [PATCH 0713/1080] Add ChangeLog for deprecated items Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/remove-deprecated-items.txt diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt new file mode 100644 index 0000000000..b16e7babc5 --- /dev/null +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -0,0 +1,8 @@ +Removals + * Remove mbedtls_asn1_free_named_data, it has now been replaced with + mbedtls_asn1_free_named_data_list or + mbedtls_asn1_free_named_data_list_shallow + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the + standard version is supported. + * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with + mbedtls_ssl_conf_max/min_tls_version() From d2da53fbe67dbd240ecb272d27ddbf6fba593e7d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 15:13:46 +0100 Subject: [PATCH 0714/1080] Remove further deprecated items Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 108 ------------------------------------------ 1 file changed, 108 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4bfe4af02c..aa850aa123 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -284,15 +284,6 @@ * Various constants */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* These are the high and low bytes of ProtocolVersion as defined by: - * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2 - * - RFC 8446: see section 4.2.1 - */ -#define MBEDTLS_SSL_MAJOR_VERSION_3 3 -#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ -#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */ -#endif /* MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ @@ -1495,9 +1486,6 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#endif const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -3721,41 +3709,6 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, const uint16_t *groups); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/** - * \brief Set the allowed hashes for signatures during the handshake. - * - * \note This only affects which hashes are offered and can be used - * for signatures during the handshake. Hashes for message - * authentication and the TLS PRF are controlled by the - * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes - * used for certificate signature are controlled by the - * verification profile, see \c mbedtls_ssl_conf_cert_profile(). - * - * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). - * - * \note This list should be ordered by decreasing preference - * (preferred hash first). - * - * \note By default, all supported hashes whose length is at least - * 256 bits are allowed. This is the same set as the default - * for certificate verification - * (#mbedtls_x509_crt_profile_default). - * The preference order is currently unspecified and may - * change in future versions. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * - * \param conf SSL configuration - * \param hashes Ordered list of allowed signature hashes, - * terminated by \c MBEDTLS_MD_NONE. - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes); -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** * \brief Configure allowed signature algorithms for use in TLS @@ -4102,28 +4055,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl mbedtls_dtls_srtp_info *dtls_srtp_info); #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the maximum supported version sent from the client side - * and/or accepted at the server side. - * - * See also the documentation of mbedtls_ssl_conf_min_version(). - * - * \note This ignores ciphersuites from higher versions. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_max_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the maximum supported version sent from the client side * and/or accepted at the server side. @@ -4142,45 +4073,6 @@ static inline void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the minimum accepted SSL/TLS protocol version - * - * \note By default, all supported versions are accepted. - * Future versions of the library may disable older - * protocol versions by default if they become deprecated. - * - * \note The following versions are supported (if enabled at - * compile time): - * - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_3 - * - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_4 - * - * Note that the numbers in the constant names are the - * TLS internal protocol numbers, and the minor versions - * differ by one from the human-readable versions! - * - * \note Input outside of the SSL_MAX_XXXXX_VERSION and - * SSL_MIN_XXXXX_VERSION range is ignored. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_min_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the minimum supported version sent from the client side * and/or accepted at the server side. From 7aa4c40b84cc629de2781f601ea3f15ab8bd8947 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 15:14:11 +0100 Subject: [PATCH 0715/1080] Update ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index b16e7babc5..61400279f6 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,8 +1,11 @@ Removals - * Remove mbedtls_asn1_free_named_data, it has now been replaced with - mbedtls_asn1_free_named_data_list or - mbedtls_asn1_free_named_data_list_shallow * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the standard version is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with mbedtls_ssl_conf_max/min_tls_version() + * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 + * Remove sig_hashes + * Remove mbedtls_ssl_conf_sig_hashes + * Remove mbedtls_ssl_conf_max_version + * Remove mbedtls_ssl_conf_min_version From b98aa511285486e9ad4166a6211c99aee737228e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 13:26:48 +0100 Subject: [PATCH 0716/1080] correct logic in ssl_msg Signed-off-by: Ben Taylor --- library/ssl_msg.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5eeb154047..731cbc8ece 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -711,21 +711,6 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec->cid_len != 0) { - // CID - memcpy(cur, rec->cid, rec->cid_len); - cur += rec->cid_len; - - // cid_length - *cur = rec->cid_len; - cur++; - - // length of inner plaintext - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } else -#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec->cid_len != 0) { // epoch + sequence number memcpy(cur, rec->ctr, sizeof(rec->ctr)); From 01bf8bafcd12592d609ae361cc76966933c61b92 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 13:58:30 +0100 Subject: [PATCH 0717/1080] removed mbedtls_ssl_conf_sig_hashes and temporarily re-add sig_hashes Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 3 +++ library/ssl_tls.c | 10 ---------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aa850aa123..de8f13bb81 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1486,6 +1486,9 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ +#endif const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ecc9187af2..3794d388de 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2420,16 +2420,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Set allowed/preferred hashes for handshake signatures - */ -void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes) -{ - conf->sig_hashes = hashes; -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /* Configure allowed signature algorithms for handshake */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, From 73de8aa8c621fa3abf6dd14de7f30c2626aca3de Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 10:40:09 +0100 Subject: [PATCH 0718/1080] Removal of sig_hashes in ssl.h Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 --- library/ssl_tls.c | 64 ------------------------------------------- 2 files changed, 68 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index de8f13bb81..9cba94e9b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1485,10 +1485,6 @@ struct mbedtls_ssl_config { #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#endif const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3794d388de..8b5d6a19c9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1069,68 +1069,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* Heap allocate and translate sig_hashes from internal hash identifiers to - signature algorithms IANA identifiers. */ - if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && - ssl->conf->sig_hashes != NULL) { - const int *md; - const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = 0; - uint16_t *p; - - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN - <= (SIZE_MAX - (2 * sizeof(uint16_t))), - "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big"); - - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - sig_algs_len += sizeof(uint16_t); -#endif - -#if defined(MBEDTLS_RSA_C) - sig_algs_len += sizeof(uint16_t); -#endif - if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - } - - if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len + - sizeof(uint16_t)); - if (ssl->handshake->sig_algs == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - p = (uint16_t *) ssl->handshake->sig_algs; - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md); - if (hash == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); - p++; -#endif -#if defined(MBEDTLS_RSA_C) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA); - p++; -#endif - } - *p = MBEDTLS_TLS_SIG_NONE; - ssl->handshake->sig_algs_heap_allocated = 1; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { ssl->handshake->sig_algs_heap_allocated = 0; - } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ return 0; @@ -2425,9 +2364,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs) { -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = NULL; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ conf->sig_algs = sig_algs; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ From dbb15e6d2f0969f2f78e3e566aff431b10e6ff41 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 10:58:33 +0100 Subject: [PATCH 0719/1080] Reword ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 61400279f6..90df78a4c7 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,6 +1,6 @@ Removals - * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the - standard version is supported. + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the + standard version (defined in RFC 9146) of DTLS connection ID is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with mbedtls_ssl_conf_max/min_tls_version() * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, From 9db2e91cfed85f1dce5ad5b99aaeafcf7516e06a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 1 Aug 2025 10:34:42 +0100 Subject: [PATCH 0720/1080] Fix style issues Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8b5d6a19c9..39a97325ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1069,7 +1069,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - ssl->handshake->sig_algs_heap_allocated = 0; + ssl->handshake->sig_algs_heap_allocated = 0; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ return 0; From 4265e91930770933e6338d097ba01a49ef055b45 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 1 Aug 2025 11:03:48 +0100 Subject: [PATCH 0721/1080] Remove test component_test_dtls_cid_legacy as it is no longer required Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 450bdebab1..c8b2287d71 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -342,23 +342,6 @@ component_test_variable_ssl_in_out_buffer_len () { tests/compat.sh } -component_test_dtls_cid_legacy () { - msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)" - scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1 - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)" - make test - - msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/ssl-opt.sh - - msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/compat.sh -} - component_test_ssl_alloc_buffer_and_mfl () { msg "build: default config with memory buffer allocator and MFL extension" scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C From 4e7b2543c7f9656494cf78e8f6457cb715144318 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 4 Aug 2025 08:19:45 +0100 Subject: [PATCH 0722/1080] Remove trailing whitespace Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 90df78a4c7..b0c1cda11d 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,9 +1,9 @@ Removals - * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the standard version (defined in RFC 9146) of DTLS connection ID is supported. - * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with - mbedtls_ssl_conf_max/min_tls_version() - * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, + * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with + mbedtls_ssl_conf_max/min_tls_version() + * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 * Remove sig_hashes * Remove mbedtls_ssl_conf_sig_hashes From 27a4cc9de27642cb6cf0b49a6b42bf4edc0f05e7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 4 Aug 2025 15:13:34 +0100 Subject: [PATCH 0723/1080] Remove mbedtls_ssl_conf_sig_hashes from comments Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 ---- library/ssl_misc.h | 4 ---- programs/fuzz/fuzz_client.c | 2 +- tf-psa-crypto | 2 +- 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9cba94e9b3..5305425e7b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3364,10 +3364,6 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, /** * \brief Set the X.509 security profile used for verification * - * \note The restrictions are enforced for all certificates in the - * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). - * * \param conf SSL configuration * \param profile Profile to use */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 72dc9418f2..f045f8d5a3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2310,11 +2310,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) /* * Return supported signature algorithms. * - * In future, invocations can be changed to ssl->conf->sig_algs when - * mbedtls_ssl_conf_sig_hashes() is deleted. - * * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS - * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has * been more recently invoked. * diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 1840570488..0878480ea7 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -137,7 +137,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif //There may be other options to add : - // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes + // mbedtls_ssl_conf_cert_profile if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/tf-psa-crypto b/tf-psa-crypto index fc1dca6195..5df033ee3c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 +Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 From dc1d098de2f4d634a180a7ed064f65c7f58cb0cc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 07:59:07 +0100 Subject: [PATCH 0724/1080] Remove reference to sig_hashes from the ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index b0c1cda11d..8818acafe6 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -5,7 +5,6 @@ Removals mbedtls_ssl_conf_max/min_tls_version() * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 - * Remove sig_hashes * Remove mbedtls_ssl_conf_sig_hashes * Remove mbedtls_ssl_conf_max_version * Remove mbedtls_ssl_conf_min_version From 75b30e8347b49a9f3dc717bf7210147fd2effc1f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:02:36 +0100 Subject: [PATCH 0725/1080] Combined references to removed constants in ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 8818acafe6..40584c6aeb 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -3,8 +3,7 @@ Removals standard version (defined in RFC 9146) of DTLS connection ID is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with mbedtls_ssl_conf_max/min_tls_version() - * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 + * Removed the constants MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_4, + Remove mbedtls_ssl_conf_max_version and Remove mbedtls_ssl_conf_min_version. * Remove mbedtls_ssl_conf_sig_hashes - * Remove mbedtls_ssl_conf_max_version - * Remove mbedtls_ssl_conf_min_version From 9822bb8d5e387ad98b0e43be304d31834fd1b1ab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:05:14 +0100 Subject: [PATCH 0726/1080] Remove duplicate mbedtls_ssl_conf_*version from ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 40584c6aeb..0d3faa4816 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -2,8 +2,7 @@ Removals * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the standard version (defined in RFC 9146) of DTLS connection ID is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with - mbedtls_ssl_conf_max/min_tls_version() - * Removed the constants MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_4, - Remove mbedtls_ssl_conf_max_version and Remove mbedtls_ssl_conf_min_version. + mbedtls_ssl_conf_max/min_tls_version() and removed the constants + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 + MBEDTLS_SSL_MINOR_VERSION_4. * Remove mbedtls_ssl_conf_sig_hashes From 304839238a074bab7570b35505fbfebed7e83468 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:09:10 +0100 Subject: [PATCH 0727/1080] Updated description in the ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 0d3faa4816..63bc2c151c 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,8 +1,10 @@ Removals * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the standard version (defined in RFC 9146) of DTLS connection ID is supported. - * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with - mbedtls_ssl_conf_max/min_tls_version() and removed the constants - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 - MBEDTLS_SSL_MINOR_VERSION_4. + * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and + the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and + MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and + mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. + Note that the new names of the new constants use the TLS protocol versions, + unlike the old constants whose names are based on internal encodings. * Remove mbedtls_ssl_conf_sig_hashes From 71fcb1c64b55ac8d78bcf0bcc4c39fbd16a7e9a2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:11:12 +0100 Subject: [PATCH 0728/1080] Added more detail to the ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 63bc2c151c..f0d66eb454 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -7,4 +7,5 @@ Removals mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. Note that the new names of the new constants use the TLS protocol versions, unlike the old constants whose names are based on internal encodings. - * Remove mbedtls_ssl_conf_sig_hashes + * Remove mbedtls_ssl_conf_sig_hashes. Use mbedtls_ssl_conf_sig_algs() + instead. From 543caa7ec4f765241ef85b5157fdfa2d6e2825ae Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:16:12 +0100 Subject: [PATCH 0729/1080] Re-add note Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5305425e7b..9cba94e9b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3364,6 +3364,10 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, /** * \brief Set the X.509 security profile used for verification * + * \note The restrictions are enforced for all certificates in the + * chain. However, signatures in the handshake are not covered + * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). + * * \param conf SSL configuration * \param profile Profile to use */ From 9ff2b736365122407cec4953e400f3014b7b0bad Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:17:13 +0100 Subject: [PATCH 0730/1080] Change referenc funtion to include/mbedtls/ssl.h in note Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9cba94e9b3..623ffd1dae 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3366,7 +3366,7 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, * * \note The restrictions are enforced for all certificates in the * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). + * by this setting but by \b mbedtls_ssl_conf_sig_algs(). * * \param conf SSL configuration * \param profile Profile to use From 8b5c5b4daa84f0462dcd4faa30fd184267bb6ccb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:20:32 +0100 Subject: [PATCH 0731/1080] Remove mbedtls_ssl_sig_hash_set_t as it is no longer required Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 623ffd1dae..1a8a4ba8c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -870,7 +870,6 @@ typedef struct mbedtls_ssl_config mbedtls_ssl_config; /* Defined in library/ssl_misc.h */ typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; -typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; #if defined(MBEDTLS_X509_CRT_PARSE_C) typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; #endif From 8b914369032185c92661f6a367e5d73b8282205a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:22:10 +0100 Subject: [PATCH 0732/1080] Remove paragraph in comments as it is no longer required Signed-off-by: Ben Taylor --- library/ssl_misc.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f045f8d5a3..245b1f4af1 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2309,11 +2309,6 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) /* * Return supported signature algorithms. - * - * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS - * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has - * been more recently invoked. - * */ static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl) From 9f54408c318260d5ec580d49cfcddfa71ff1f431 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:28:33 +0100 Subject: [PATCH 0733/1080] Remove sig_algs_heap_allocated=0 as it is always 0 Signed-off-by: Ben Taylor --- library/ssl_tls.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 39a97325ec..5f4d31cabc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1066,12 +1066,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) mbedtls_ssl_set_timer(ssl, 0); } #endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - ssl->handshake->sig_algs_heap_allocated = 0; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ return 0; } From 37e1ca9efa801356b2dbc981b3aad3c26e717724 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:32:12 +0100 Subject: [PATCH 0734/1080] Update tf-psa-crypto submodule pointer Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5df033ee3c..fc1dca6195 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 +Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 From db92768497b09d1216c161f6cb819914e9133f4d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Aug 2025 11:22:13 +0200 Subject: [PATCH 0735/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 87dbfb290f..3f2ef1ecf6 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 87dbfb290fa42ca2ccfb403e8c2fa7334fa4f1dd +Subproject commit 3f2ef1ecf6d70b1e6bb7ad587f9a5bd6eaf65a2a From 70a4a31cb566407a7c308f473472c967c070064a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Aug 2025 11:22:29 +0200 Subject: [PATCH 0736/1080] remove secp224[k|r]1 curves Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 2 -- library/ssl_misc.h | 2 -- library/ssl_tls.c | 5 ----- programs/ssl/ssl_test_lib.c | 5 ----- tests/scripts/depends.py | 5 +---- tests/scripts/set_psa_test_dependencies.py | 2 -- tests/ssl-opt.sh | 2 -- tests/suites/test_suite_ssl.function | 6 ------ 8 files changed, 1 insertion(+), 28 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7ea0174612..aa1590f41d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -231,8 +231,6 @@ #define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 72dc9418f2..66e348c780 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2245,8 +2245,6 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group) /* Below deprecated curves should be removed with notice to users */ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dee80292e2..5709ab7c3c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5893,9 +5893,6 @@ static const struct { #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 }, #endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 }, -#endif #if defined(PSA_WANT_ECC_SECP_R1_192) { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 }, #endif @@ -5966,8 +5963,6 @@ static const struct { { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index ad3feb65b8..d14ff660bd 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -505,11 +505,6 @@ static const struct { #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 }, -#endif #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 }, #else diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 679f05af1b..940c661f12 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -263,7 +263,6 @@ def test(self, options): 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], @@ -482,9 +481,7 @@ def __init__(self, options, conf): if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)} # Find elliptic curve enabling macros by name. - # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves - curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|' - r'MBEDTLS_ECP_DP_SECP224K1_ENABLED') + curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|') # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 2267311e44..411cf0c2a0 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -28,12 +28,10 @@ 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN', 'MBEDTLS_CIPHER_PADDING_ZEROS', #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP224R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP224K1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 60b970aefb..8d26cec242 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2659,8 +2659,6 @@ requires_config_enabled PSA_WANT_ECC_SECP_K1_256 run_test_psa_force_curve "secp256k1" requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 run_test_psa_force_curve "brainpoolP256r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_224 -run_test_psa_force_curve "secp224r1" requires_config_enabled PSA_WANT_ECC_SECP_R1_192 run_test_psa_force_curve "secp192r1" requires_config_enabled PSA_WANT_ECC_SECP_K1_192 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c70080317c..ad274daec3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3538,7 +3538,6 @@ exit: void conf_group() { uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; @@ -4050,11 +4049,6 @@ void elliptic_curve_get_properties() #else TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); #endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); -#else - TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); -#endif #if defined(PSA_WANT_ECC_SECP_R1_192) TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); #else From d0d0791aed6a1aac8ff685fd7916e4133408cda4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Aug 2025 11:29:04 +0200 Subject: [PATCH 0737/1080] remove usage of secp192[k|r]1 curves Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 2 -- library/ssl_misc.h | 2 -- library/ssl_tls.c | 8 -------- programs/ssl/ssl_test_lib.c | 10 ---------- tests/scripts/depends.py | 2 -- tests/scripts/set_psa_test_dependencies.py | 2 -- tests/ssl-opt.sh | 4 ---- tests/suites/test_suite_ssl.function | 13 +------------ 8 files changed, 1 insertion(+), 42 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aa1590f41d..55d832c354 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -229,8 +229,6 @@ /* Elliptic Curve Groups (ECDHE) */ #define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 66e348c780..b635fd9d0c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2243,8 +2243,6 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group) named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 || /* Below deprecated curves should be removed with notice to users */ - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5709ab7c3c..a997e41f32 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5893,12 +5893,6 @@ static const struct { #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 }, #endif -#if defined(PSA_WANT_ECC_SECP_R1_192) - { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 }, -#endif -#if defined(PSA_WANT_ECC_SECP_K1_192) - { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 }, -#endif #if defined(PSA_WANT_ECC_MONTGOMERY_255) { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 }, #endif @@ -5963,8 +5957,6 @@ static const struct { { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, { 0, NULL }, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index d14ff660bd..79d3059306 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -505,16 +505,6 @@ static const struct { #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 }, -#endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, #else diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 940c661f12..b3fbea4b4f 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -262,12 +262,10 @@ def test(self, options): 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], - 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 411cf0c2a0..0be8ac5e4e 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -27,11 +27,9 @@ 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS', 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN', 'MBEDTLS_CIPHER_PADDING_ZEROS', - #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d26cec242..d0278b123c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2659,10 +2659,6 @@ requires_config_enabled PSA_WANT_ECC_SECP_K1_256 run_test_psa_force_curve "secp256k1" requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 run_test_psa_force_curve "brainpoolP256r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_192 -run_test_psa_force_curve "secp192r1" -requires_config_enabled PSA_WANT_ECC_SECP_K1_192 -run_test_psa_force_curve "secp192k1" # Test current time in ServerHello requires_config_enabled MBEDTLS_HAVE_TIME diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ad274daec3..8b192ed97c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3537,8 +3537,7 @@ exit: /* BEGIN_CASE */ void conf_group() { - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; mbedtls_ssl_config conf; @@ -4049,16 +4048,6 @@ void elliptic_curve_get_properties() #else TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); #endif -#if defined(PSA_WANT_ECC_SECP_R1_192) - TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); -#else - TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); -#endif -#if defined(PSA_WANT_ECC_SECP_K1_192) - TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); -#else - TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); -#endif #if defined(PSA_WANT_ECC_MONTGOMERY_255) TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); #else From 60236527113a16cc1197de0f7a57929427043ac9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:28:43 +0100 Subject: [PATCH 0738/1080] Remove additional references to sig_algs_heap_allocated Signed-off-by: Ben Taylor --- library/ssl_tls.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f4d31cabc..f7d7d9d269 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4379,9 +4379,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->sig_algs_heap_allocated) { - mbedtls_free((void *) handshake->sig_algs); - } handshake->sig_algs = NULL; #endif /* MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) From 8bd8e91485ea79c2b0354ce9c5f24325ad73a2ec Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:31:13 +0100 Subject: [PATCH 0739/1080] Improve ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index f0d66eb454..855265788e 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -7,5 +7,5 @@ Removals mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. Note that the new names of the new constants use the TLS protocol versions, unlike the old constants whose names are based on internal encodings. - * Remove mbedtls_ssl_conf_sig_hashes. Use mbedtls_ssl_conf_sig_algs() + * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() instead. From fa648bacb2bd47471ac7988ad522e0d51ba97f16 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Aug 2025 11:02:25 +0200 Subject: [PATCH 0740/1080] depends.py: keep reverse dependencies for p192 and p224 curves These reverse dependencies will be removed once tf-psa-crypto will remove the corresponding build symbols. Signed-off-by: Valerio Setti --- tests/scripts/depends.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index b3fbea4b4f..513c6413a5 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -257,6 +257,8 @@ def test(self, options): 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], + # These reverse dependencies can be removed as part of issue + # tf-psa-crypto#364. 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], @@ -268,6 +270,14 @@ def test(self, options): 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], + # Support for secp224[k|r]1 was removed in tfpsacrypto#408 while + # secp192[k|r]1 were kept only for internal testing (hidden to the end + # user). We need to keep these reverse dependencies here until + # symbols are hidden/removed from crypto_config.h. + 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], + 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', @@ -479,7 +489,7 @@ def __init__(self, options, conf): if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)} # Find elliptic curve enabling macros by name. - curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|') + curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z') # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') From 80a623089d8bbbda72e630c72de47495ffe89188 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Aug 2025 11:38:45 +0200 Subject: [PATCH 0741/1080] tests: ssl: allow more groups in conf_group() Previously 3 different groups were allowed, but since the removal of secp192r1 and secp224r1 only secp256r1 was left. This commit adds other 2 options. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8b192ed97c..3335e5c84e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3538,6 +3538,8 @@ exit: void conf_group() { uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; mbedtls_ssl_config conf; From 2fc59949b2bd40a0f50a9b11063a2a77cdf3c5ed Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 9 Jul 2025 18:20:48 +0300 Subject: [PATCH 0742/1080] Added MBEDTLS_PSA_CRYPTO_RNG_STRENGTH to tests. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index da776e70b8..af1b91440e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2139,6 +2139,7 @@ component_build_aes_aesce_armcc () { component_test_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 make CFLAGS='-O2 -Werror -Wall -Wextra' @@ -2149,6 +2150,7 @@ component_test_aes_only_128_bit_keys () { component_test_no_ctr_drbg_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py unset MBEDTLS_CTR_DRBG_C make CC=clang CFLAGS='-Werror -Wall -Wextra' @@ -2160,6 +2162,7 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { component_test_aes_only_128_bit_keys_have_builtins () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C From 8a43e7cfeadf43e1abb18bb1b66aeb913b30d409 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 31 Jul 2025 11:12:28 +0300 Subject: [PATCH 0743/1080] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index fc1dca6195..71adc72ae3 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 +Subproject commit 71adc72ae31bd6096741955be12422d41355c5fb From a2a1c084ef867a9d122b529d7c5d59f9fc0dad6f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Aug 2025 14:02:47 +0200 Subject: [PATCH 0744/1080] mbedtls_check_config: remove reference to MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 Signed-off-by: Valerio Setti --- library/mbedtls_check_config.h | 1 - 1 file changed, 1 deletion(-) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 5e5a5b31db..cf5e981da0 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -45,7 +45,6 @@ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) From d95ea27e8c41d2741b6c4d4b48fbfabdb37c87f0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Jul 2025 13:21:38 +0100 Subject: [PATCH 0745/1080] Create new enum mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..e2134c594b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 15731ca150..3ee157a8e8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new(sig_alg, + if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 7b65b698a3..1b05e017ef 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c2ab27b01d..74cca8c5ae 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From adf5d537b29c5594467a6871108bbc4b73ba13dc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 4 Jul 2025 08:50:40 +0100 Subject: [PATCH 0746/1080] Fix code style Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 5 +++-- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index e2134c594b..5488eb04ce 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)pk_alg, peer_pk, + ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3ee157a8e8..7e2daefa74 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)sig_alg, + if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { @@ -1144,7 +1144,8 @@ static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl) ssl->handshake->state_local.finished_out.digest, sizeof(ssl->handshake->state_local.finished_out. digest), - &ssl->handshake->state_local.finished_out.digest_len, + &ssl->handshake->state_local.finished_out. + digest_len, ssl->conf->endpoint); if (ret != 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 1b05e017ef..c2d86176ed 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 74cca8c5ae..087088ead9 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 500e497c059f6949acb992b1788177f6881b326d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Jul 2025 07:56:50 +0100 Subject: [PATCH 0747/1080] Fix code style issues Signed-off-by: Ben Taylor --- library/x509_crt.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c2d86176ed..ac36a0f1e7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1663,25 +1663,25 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) + do { \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + sep = ", "; \ + } while (0) #define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (ns_cert_type & (type)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) #define KEY_USAGE(code, name) \ - do { \ - if (key_usage & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (key_usage & (code)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage) From b2eecc621d31b066ac08e92dfaaa094483bfba3a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Jul 2025 14:18:37 +0100 Subject: [PATCH 0748/1080] switch to mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- include/mbedtls/x509_crl.h | 2 +- include/mbedtls/x509_crt.h | 2 +- include/mbedtls/x509_csr.h | 2 +- library/x509.c | 10 +++++----- library/x509_create.c | 4 ++-- library/x509_crt.c | 8 ++++---- library/x509_internal.h | 6 +++--- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index e59d16502d..095cb5d9a5 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -82,7 +82,7 @@ typedef struct mbedtls_x509_crl { mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ /** Next element in the linked list of CRL. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index a3f07892f6..bf418a6851 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -81,7 +81,7 @@ typedef struct mbedtls_x509_crt { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ /** Next certificate in the linked list that constitutes the CA chain. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index bed1c953e5..b11539440c 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -55,7 +55,7 @@ typedef struct mbedtls_x509_csr { mbedtls_x509_buf sig_oid; mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ } mbedtls_x509_csr; diff --git a/library/x509.c b/library/x509.c index 03ca1b72e6..14f9ba59b3 100644 --- a/library/x509.c +++ b/library/x509.c @@ -717,16 +717,16 @@ int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x5 * Get signature algorithm from alg OID and optional parameters */ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg) + mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t*)pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (*pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { mbedtls_md_type_t mgf1_hash_id; int expected_salt_len; @@ -1039,7 +1039,7 @@ int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *ser * Helper for writing signature algorithms */ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg) + mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; char *p = buf; @@ -1055,7 +1055,7 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si MBEDTLS_X509_SAFE_SNPRINTF; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { const char *name = md_type_to_string(md_alg); if (name != NULL) { ret = mbedtls_snprintf(p, n, " (%s)", name); diff --git a/library/x509_create.c b/library/x509_create.c index 09ac69d00b..370eb9b2e1 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -646,7 +646,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size, - mbedtls_pk_type_t pk_alg) + mbedtls_pk_sigalg_t pk_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int write_null_par; @@ -672,7 +672,7 @@ int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, // Write OID // - if (pk_alg == MBEDTLS_PK_ECDSA) { + if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) { /* * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and diff --git a/library/x509_crt.c b/library/x509_crt.c index ac36a0f1e7..ded1317b0e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -188,9 +188,9 @@ static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, * Return 0 if pk_alg is acceptable for this profile, -1 otherwise */ static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, - mbedtls_pk_type_t pk_alg) + mbedtls_pk_sigalg_t pk_alg) { - if (pk_alg == MBEDTLS_PK_NONE) { + if (pk_alg == MBEDTLS_PK_SIGALG_NONE) { return -1; } @@ -2121,7 +2121,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, } /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { + if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { return -1; } @@ -3057,7 +3057,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, /* Check the type and size of the key */ pk_type = mbedtls_pk_get_type(&crt->pk); - if (x509_profile_check_pk_alg(profile, pk_type) != 0) { + if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t)pk_type) != 0) { ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; } diff --git a/library/x509_internal.h b/library/x509_internal.h index 8160270be1..b44b957f9b 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -35,7 +35,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, #endif int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); + mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg); int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t); int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, @@ -44,7 +44,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag); #if !defined(MBEDTLS_X509_REMOVE_INFO) int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg); + mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg); #endif int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, @@ -57,7 +57,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size, - mbedtls_pk_type_t pk_alg); + mbedtls_pk_sigalg_t pk_alg); int mbedtls_x509_get_ns_cert_type(unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 09c2328b1a..93cdd2c151 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -587,7 +587,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, sig_oid, sig_oid_len, - sig, sig_len, pk_alg)); + sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); /* * Memory layout after this step: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 88adf794f7..9040d63ed4 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, pk_alg)); + sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); /* * Compact the space between the CSR data and signature by moving the From 1c118a564dce57e63e43feee688ecd1e5ea62120 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 10:40:08 +0100 Subject: [PATCH 0749/1080] reverted enum in pk_verify_new Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 5488eb04ce..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7e2daefa74..e88c00a564 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, + if ((ret = mbedtls_pk_verify_new(sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index ded1317b0e..ed85d06636 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new((mbedtls_pk_type_t) crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new((mbedtls_pk_type_t) child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 087088ead9..cb372014cd 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new((mbedtls_pk_type_t) csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 8e832b6594e9985a559cec9e2babe977f3bfaf89 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 13:30:05 +0100 Subject: [PATCH 0750/1080] Add sigalg types to x509_crt.c Signed-off-by: Ben Taylor --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index ed85d06636..dca46792a0 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2126,7 +2126,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, } #if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { + if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) { return mbedtls_pk_verify_restartable(&parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len, &rs_ctx->pk); From 7573321f61ff6e6b29f6b9907473406a19104919 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 14:14:18 +0100 Subject: [PATCH 0751/1080] Fix style issues Signed-off-by: Ben Taylor --- library/x509.c | 2 +- library/x509_crt.c | 32 ++++++++++++++++---------------- library/x509write_crt.c | 3 ++- library/x509write_csr.c | 2 +- 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/library/x509.c b/library/x509.c index 14f9ba59b3..b8f2847437 100644 --- a/library/x509.c +++ b/library/x509.c @@ -721,7 +721,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509 { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t*)pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t *) pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } diff --git a/library/x509_crt.c b/library/x509_crt.c index dca46792a0..dde6513927 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1663,25 +1663,25 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) + do { \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + sep = ", "; \ + } while (0) #define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (ns_cert_type & (type)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) #define KEY_USAGE(code, name) \ - do { \ - if (key_usage & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (key_usage & (code)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage) @@ -3057,7 +3057,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, /* Check the type and size of the key */ pk_type = mbedtls_pk_get_type(&crt->pk); - if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t)pk_type) != 0) { + if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t) pk_type) != 0) { ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 93cdd2c151..e1d5758f7c 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -587,7 +587,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, sig_oid, sig_oid_len, - sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); + sig, sig_len, + (mbedtls_pk_sigalg_t) pk_alg)); /* * Memory layout after this step: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 9040d63ed4..5b2a17b0bc 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); + sig, sig_len, (mbedtls_pk_sigalg_t) pk_alg)); /* * Compact the space between the CSR data and signature by moving the From df6a6eacedcc9f6af094a4a1e5eeb22e379e97b2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:08:10 +0100 Subject: [PATCH 0752/1080] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove_mbedtls_pk_type.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/remove_mbedtls_pk_type.txt diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt new file mode 100644 index 0000000000..0ad38e0a50 --- /dev/null +++ b/ChangeLog.d/remove_mbedtls_pk_type.txt @@ -0,0 +1,4 @@ + +Removals + * Remove mbedtls_pk_type_t from the public interface and replace it with + mbedtls_pk_sigalg_t. From 563d360a9bcdac46d2e2f7b5fe4786ad87eaacd9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:22:25 +0100 Subject: [PATCH 0753/1080] Fix ChangeLog format Signed-off-by: Ben Taylor --- ChangeLog.d/remove_mbedtls_pk_type.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt index 0ad38e0a50..4b33d1e110 100644 --- a/ChangeLog.d/remove_mbedtls_pk_type.txt +++ b/ChangeLog.d/remove_mbedtls_pk_type.txt @@ -1,4 +1,3 @@ - Removals * Remove mbedtls_pk_type_t from the public interface and replace it with mbedtls_pk_sigalg_t. From 6816fd781e89e3fa83a7d5ba363edb74d9fb4de8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 13:50:24 +0100 Subject: [PATCH 0754/1080] Adjust for change in mbedtls_pk_verify_new function prototype Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..5488eb04ce 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e88c00a564..7e2daefa74 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new(sig_alg, + if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index dde6513927..9ac9658009 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new((mbedtls_pk_type_t) crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new((mbedtls_pk_type_t) child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index cb372014cd..c2ab27b01d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new((mbedtls_pk_type_t) csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 8b3b7e5cacdde75f9a650d2739d7183f6cd4526f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 15:23:33 +0100 Subject: [PATCH 0755/1080] Update further type mismatches Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 5488eb04ce..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7e2daefa74..e88c00a564 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, + if ((ret = mbedtls_pk_verify_new(sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 9ac9658009..e6b9252859 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_ext(crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, + return mbedtls_pk_verify_ext(child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c2ab27b01d..000c09a950 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_ext(csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 8dfed9fc15527c44f4dc22988300565dcf626ada Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 15:46:21 +0100 Subject: [PATCH 0756/1080] Remove pointer cast in mbedtls_x509_oid_get_sig_alg Signed-off-by: Ben Taylor --- library/x509.c | 2 +- library/x509_oid.c | 34 +++++++++++++++++----------------- library/x509_oid.h | 4 ++-- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/library/x509.c b/library/x509.c index b8f2847437..1adff8fafc 100644 --- a/library/x509.c +++ b/library/x509.c @@ -721,7 +721,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509 { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t *) pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } diff --git a/library/x509_oid.c b/library/x509_oid.c index d69fd513ba..cc0063bcd3 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -381,7 +381,7 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; } oid_sig_alg_t; static const oid_sig_alg_t oid_sig_alg[] = @@ -390,47 +390,47 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(PSA_WANT_ALG_MD5) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), - MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, + MBEDTLS_MD_MD5, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_MD5 */ #if defined(PSA_WANT_ALG_SHA_1) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_1 */ #if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224"), - MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_224 */ #if defined(PSA_WANT_ALG_SHA_256) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", "RSA with SHA-256"), - MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_256 */ #if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384"), - MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_384 */ #if defined(PSA_WANT_ALG_SHA_512) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", "RSA with SHA-512"), - MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_512 */ #if defined(PSA_WANT_ALG_SHA_1) { OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_1 */ #endif /* MBEDTLS_RSA_C */ @@ -438,43 +438,43 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(PSA_WANT_ALG_SHA_1) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_1 */ #if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), - MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_ECDSA, }, #endif #if defined(PSA_WANT_ALG_SHA_256) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), - MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_256 */ #if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), - MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_384 */ #if defined(PSA_WANT_ALG_SHA_512) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), - MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_512 */ #endif /* PSA_HAVE_ALG_SOME_ECDSA */ #if defined(MBEDTLS_RSA_C) { OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), - MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, + MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS, }, #endif /* MBEDTLS_RSA_C */ { NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, + MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE, }, }; @@ -494,14 +494,14 @@ FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, sig_alg, mbedtls_md_type_t, md_alg, - mbedtls_pk_type_t, + mbedtls_pk_sigalg_t, pk_alg) #endif /* MBEDTLS_X509_USE_C */ #if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, - mbedtls_pk_type_t, + mbedtls_pk_sigalg_t, pk_alg, mbedtls_md_type_t, md_alg) diff --git a/library/x509_oid.h b/library/x509_oid.h index 8d5e1bbff1..0752953aac 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -80,7 +80,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); + mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg); #if !defined(MBEDTLS_X509_REMOVE_INFO) /** @@ -106,7 +106,7 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** * * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ -int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, +int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); #endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e1d5758f7c..1f8a006de6 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -416,7 +416,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 5b2a17b0bc..8e37278f95 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -230,7 +230,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; } From 602fa5dd99435a637b162fbe598eab958e7f02b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 7 Aug 2025 10:18:40 +0200 Subject: [PATCH 0757/1080] changelog: add note about EC curves support removal in TLS Signed-off-by: Valerio Setti --- ChangeLog.d/secp256k1-removal.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/secp256k1-removal.txt diff --git a/ChangeLog.d/secp256k1-removal.txt b/ChangeLog.d/secp256k1-removal.txt new file mode 100644 index 0000000000..9933b8e7a9 --- /dev/null +++ b/ChangeLog.d/secp256k1-removal.txt @@ -0,0 +1,3 @@ +Removals + * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is + removed from TLS. From ed0db45b635d30eb6c122e25213b093658567fbd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 7 Aug 2025 09:40:42 +0100 Subject: [PATCH 0758/1080] Completely remove sig_algs_heap_allocated Signed-off-by: Ben Taylor --- library/ssl_misc.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 245b1f4af1..ed0f7ab2c5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -714,7 +714,6 @@ struct mbedtls_ssl_handshake_params { #if !defined(MBEDTLS_DEPRECATED_REMOVED) unsigned char group_list_heap_allocated; - unsigned char sig_algs_heap_allocated; #endif #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -2317,7 +2316,6 @@ static inline const void *mbedtls_ssl_get_sig_algs( #if !defined(MBEDTLS_DEPRECATED_REMOVED) if (ssl->handshake != NULL && - ssl->handshake->sig_algs_heap_allocated == 1 && ssl->handshake->sig_algs != NULL) { return ssl->handshake->sig_algs; } From 5a27010faba8c2c4f9d56a6c86444746314c2c87 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 8 Aug 2025 08:33:03 +0100 Subject: [PATCH 0759/1080] Remove group_list_heap_allocated Signed-off-by: Ben Taylor --- library/ssl_misc.h | 4 ---- library/ssl_tls.c | 9 --------- 2 files changed, 13 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ed0f7ab2c5..e3ec3686e5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -712,10 +712,6 @@ struct mbedtls_ssl_handshake_params { unsigned char retransmit_state; /*!< Retransmission state */ #endif -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - unsigned char group_list_heap_allocated; -#endif - #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) uint8_t ecrs_enabled; /*!< Handshake supports EC restart? */ enum { /* this complements ssl->state with info on intra-state operations */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7d7d9d269..a957482ce5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4368,15 +4368,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) return; } -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->group_list_heap_allocated) { - mbedtls_free((void *) handshake->group_list); - } - handshake->group_list = NULL; -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) handshake->sig_algs = NULL; From 6569cc63dedbd634506dc8aae97bc02f2426cf5e Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 11 Aug 2025 09:12:37 +0100 Subject: [PATCH 0760/1080] Update framework pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index ae71e1e43f..52691f95e9 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ae71e1e43f0dbb7ff54a6dcdd4ddc89ba4c2b600 +Subproject commit 52691f95e9235dff461836a2c440e70d44661a7f From 37a4281710919381289fa2b432c46c2e99937765 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 11 Aug 2025 12:52:49 +0200 Subject: [PATCH 0761/1080] tests: configuration_crypto: fix selection of EC/DH group to accelerate Some EC/DH group might be disabled in default configuration in "crypto_config.h" so before running "helper_get_psa_key_type_list" and/or "helper_get_psa_curve_list" it's better to set/unset what's required for that test component and only then parse the enabled groups. Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 138 +++++++++--------- 1 file changed, 71 insertions(+), 67 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index af1b91440e..8e9df371cf 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -553,17 +553,17 @@ component_test_psa_crypto_config_ffdh_2048_only () { component_test_psa_crypto_config_accel_ecdsa () { msg "build: accelerated ECDSA" - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- # Start from default config + TLS 1.3 helper_libtestdriver1_adjust_config "default" + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDSA_C @@ -595,17 +595,17 @@ component_test_psa_crypto_config_accel_ecdsa () { component_test_psa_crypto_config_accel_ecdh () { msg "build: accelerated ECDH" - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDH \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- # Start from default config (no USE_PSA) helper_libtestdriver1_adjust_config "default" + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDH \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDH_C @@ -636,17 +636,17 @@ component_test_psa_crypto_config_accel_ecdh () { component_test_psa_crypto_config_accel_ffdh () { msg "build: full with accelerated FFDH" - # Algorithms and key types to accelerate - loc_accel_list="ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - # Configure # --------- # start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" + # Algorithms and key types to accelerate + loc_accel_list="ALG_FFDH \ + $(helper_get_psa_key_type_list "DH") \ + $(helper_get_psa_dh_group_list)" + # Build # ----- @@ -685,15 +685,15 @@ component_test_psa_crypto_config_reference_ffdh () { component_test_psa_crypto_config_accel_pake () { msg "build: full with accelerated PAKE" - loc_accel_list="ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- helper_libtestdriver1_adjust_config "full" + loc_accel_list="ALG_JPAKE \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Make built-in fallback not available scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -718,6 +718,12 @@ component_test_psa_crypto_config_accel_pake () { component_test_psa_crypto_config_accel_ecc_some_key_types () { msg "build: full with accelerated EC algs and some key types" + # Configure + # --------- + + # start with config full for maximum coverage (also enables USE_PSA) + helper_libtestdriver1_adjust_config "full" + # Algorithms and key types to accelerate # For key types, use an explicitly list to omit GENERATE (and DERIVE) loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -729,12 +735,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { KEY_TYPE_ECC_KEY_PAIR_EXPORT \ $(helper_get_psa_curve_list)" - # Configure - # --------- - - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDH_C @@ -789,7 +789,26 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { msg "build: crypto_full minus PK with accelerated EC algs and $desc curves" - # Note: Curves are handled in a special way by the libtestdriver machinery, + # Configure + # --------- + + # Start with config crypto_full and remove PK_C: + # that's what's supported now, see docs/driver-only-builds.md. + helper_libtestdriver1_adjust_config "crypto_full" + scripts/config.py unset MBEDTLS_PK_C + scripts/config.py unset MBEDTLS_PK_PARSE_C + scripts/config.py unset MBEDTLS_PK_WRITE_C + + # Disable modules that are accelerated - some will be re-enabled + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py unset MBEDTLS_ECP_C + + # Disable all curves - those that aren't accelerated should be re-enabled + helper_disable_builtin_curves + + # Note: Curves are handled in a special way by the libtestdriver machinery, # so we only want to include them in the accel list when building the main # libraries, hence the use of a separate variable. # Note: the following loop is a modified version of @@ -819,25 +838,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { $(helper_get_psa_key_type_list "ECC") \ $loc_curve_list" - # Configure - # --------- - - # Start with config crypto_full and remove PK_C: - # that's what's supported now, see docs/driver-only-builds.md. - helper_libtestdriver1_adjust_config "crypto_full" - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_ECP_C - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues # 6061, 6332 and following ones) @@ -884,7 +884,11 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # ------------- msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - make test + # make test + ( + cd tf-psa-crypto/tests + ./test_suite_psa_crypto_driver_wrappers + ) } component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { @@ -928,6 +932,12 @@ config_psa_crypto_config_ecp_light_only () { component_test_psa_crypto_config_accel_ecc_ecp_light_only () { msg "build: full with accelerated EC algs" + # Configure + # --------- + + # Use the same config as reference, only without built-in EC algs + config_psa_crypto_config_ecp_light_only 1 + # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ @@ -935,12 +945,6 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { $(helper_get_psa_key_type_list "ECC") \ $(helper_get_psa_curve_list)" - # Configure - # --------- - - # Use the same config as reference, only without built-in EC algs - config_psa_crypto_config_ecp_light_only 1 - # Do not disable builtin curves because that support is required for: # - MBEDTLS_PK_PARSE_EC_EXTENDED # - MBEDTLS_PK_PARSE_EC_COMPRESSED @@ -1032,13 +1036,6 @@ config_psa_crypto_no_ecp_at_all () { component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { msg "build: full + accelerated EC algs - ECP" - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- @@ -1047,6 +1044,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # Disable all the builtin curves. All the required algs are accelerated. helper_disable_builtin_curves + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ + ALG_ECDH \ + ALG_JPAKE \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Build # ----- @@ -1183,6 +1187,14 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" + # Configure + # --------- + + # Set common configurations between library's and driver's builds + config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" + # Disable all the builtin curves. All the required algs are accelerated. + helper_disable_builtin_curves + # By default we accelerate all EC keys/algs loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ @@ -1197,14 +1209,6 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { $(helper_get_psa_dh_group_list)" fi - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - # Build # ----- From 981a0c46b2cb2487f90d90b65269e519474b5f86 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Aug 2025 11:31:11 +0200 Subject: [PATCH 0762/1080] tests: remove leftover from debug session and extra spaces Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8e9df371cf..cd8bd24563 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -808,7 +808,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # Disable all curves - those that aren't accelerated should be re-enabled helper_disable_builtin_curves - # Note: Curves are handled in a special way by the libtestdriver machinery, + # Note: Curves are handled in a special way by the libtestdriver machinery, # so we only want to include them in the accel list when building the main # libraries, hence the use of a separate variable. # Note: the following loop is a modified version of @@ -884,11 +884,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # ------------- msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - # make test - ( - cd tf-psa-crypto/tests - ./test_suite_psa_crypto_driver_wrappers - ) + make test } component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { From 1b70084bd9ef584a8facfb4d4eb061b20d38938e Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 10 Mar 2025 18:51:20 +0100 Subject: [PATCH 0763/1080] TF-PSA-Crypto submodule link fixup Signed-off-by: Anton Matkin --- library/ssl_tls.c | 5 ++--- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- tests/suites/test_suite_ssl.function | 2 +- tf-psa-crypto | 2 +- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8cf23f2d3b..76430b593b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1753,12 +1753,11 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( size_t user_len = 0; const uint8_t *peer = NULL; size_t peer_len = 0; - psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_pake_cs_set_primitive(&cipher_suite, PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256)); - psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, pwd, &cipher_suite); if (status != PSA_SUCCESS) { @@ -1809,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, pw, pw_len, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1ce4e46b1c..ae77a173fb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2059,7 +2059,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c5f22c4116..3b07c8d368 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3336,7 +3336,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3335e5c84e..3fbeac2479 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3973,7 +3973,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) /* First try with an invalid usage */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); PSA_ASSERT(psa_import_key(&attributes, pwd_string, diff --git a/tf-psa-crypto b/tf-psa-crypto index 71adc72ae3..bd17dc8bcc 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 71adc72ae31bd6096741955be12422d41355c5fb +Subproject commit bd17dc8bcc4cbb00c7bd3481a107a2b0e940d277 From e8073180ac995f4c4dc3efe8f70a955ea01f33f8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 15:10:52 +0100 Subject: [PATCH 0764/1080] Create a changelog entry Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/9321.txt diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt new file mode 100644 index 0000000000..b6c90e6a0e --- /dev/null +++ b/ChangeLog.d/9321.txt @@ -0,0 +1,3 @@ +Changes + * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros, + which do not conform to the standard PAKE interface \ No newline at end of file From e2c5ca332ff66e655664774799186a46b9a8c74f Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 3 Apr 2025 13:38:43 +0200 Subject: [PATCH 0765/1080] Fixed the changelog entry, missing trailing newline Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt index b6c90e6a0e..816817dce8 100644 --- a/ChangeLog.d/9321.txt +++ b/ChangeLog.d/9321.txt @@ -1,3 +1,3 @@ Changes * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros, - which do not conform to the standard PAKE interface \ No newline at end of file + which do not conform to the standard PAKE interface From e8be4ee08ca729348cf031c0de3fdfa701e3ab11 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 7 Apr 2025 16:26:06 +0200 Subject: [PATCH 0766/1080] Fixed the changelog entry wording Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt index 816817dce8..672d6e4304 100644 --- a/ChangeLog.d/9321.txt +++ b/ChangeLog.d/9321.txt @@ -1,3 +1,3 @@ Changes - * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros, - which do not conform to the standard PAKE interface + * Use the new `PSA_ALG_XXX` related macros for JPAKE to be conformant to + the PSA API 1.2 PAKE extension \ No newline at end of file From 143d5d8a3a50642bef0af85ed89c50139e1d72e0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 9 Apr 2025 12:24:40 +0200 Subject: [PATCH 0767/1080] Deleted the changelog entry as requested Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 ChangeLog.d/9321.txt diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt deleted file mode 100644 index 672d6e4304..0000000000 --- a/ChangeLog.d/9321.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Use the new `PSA_ALG_XXX` related macros for JPAKE to be conformant to - the PSA API 1.2 PAKE extension \ No newline at end of file From 6eb5335ef0caa8bb77d5ec1b94a1736677acac0a Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 28 May 2025 20:02:35 +0200 Subject: [PATCH 0768/1080] Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash) Signed-off-by: Anton Matkin --- library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- tests/suites/test_suite_ssl.function | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 76430b593b..9144f9222b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1808,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, pw, pw_len, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ae77a173fb..40304dd381 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2059,7 +2059,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3b07c8d368..64fd45952f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3336,7 +3336,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3fbeac2479..5b6500898e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3973,7 +3973,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) /* First try with an invalid usage */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); PSA_ASSERT(psa_import_key(&attributes, pwd_string, From eca92dcdeb1aee4f1a73f2cd5bf2ee462525475f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Aug 2025 09:50:12 +0200 Subject: [PATCH 0769/1080] Update tf-psa-crypto to current development MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index bd17dc8bcc..f0b51e354b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit bd17dc8bcc4cbb00c7bd3481a107a2b0e940d277 +Subproject commit f0b51e354bb69071d3fab28650894287fac2348e From a785eea41f6c906db69796babd03b7f0064cf27a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Aug 2025 10:57:46 +0200 Subject: [PATCH 0770/1080] tests: configuration-crypto: enable p192 curves in test_psa_crypto_without_heap Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. This is required to get the proper test coverage otherwise there are tests in 'test_suite_psa_crypto_op_fail' that would never be executed. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cd8bd24563..f7647415c5 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -95,6 +95,11 @@ component_test_psa_crypto_without_heap() { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. + # This is required to get the proper test coverage otherwise there are + # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. + scripts/config.py set PSA_WANT_ECC_SECP_K1_192 + scripts/config.py set PSA_WANT_ECC_SECP_R1_192 # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) From 73728d56cf69fb0d0564a9ae1cc5b903dd590f92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 14 Aug 2025 09:30:52 +0200 Subject: [PATCH 0771/1080] Make test more robust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will be needed when we change how many times some functions are callled in ecp.c, making them more susceptible to inlining. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/components-configuration-crypto.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index da776e70b8..5a13d5102a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -854,7 +854,8 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list" + # For grep to work below we need less inlining in ecp.c + ASAN_CFLAGS="$ASAN_CFLAGS -O0" helper_libtestdriver1_make_main "$loc_accel_list" # We expect ECDH to be re-enabled for the missing curves grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o From b2ba9fa68b64afeed108dd41f94060edb614f3f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 18 Aug 2025 11:35:47 +0200 Subject: [PATCH 0772/1080] Simplify runtime version info string methods MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return a const char* instead of taking a char* as an argument. This aligns us with the interface used in TF PSA Crypto. Signed-off-by: Bence Szépkúti --- ChangeLog.d/runtime-version-interface.txt | 9 +++++++++ include/mbedtls/version.h | 17 ++++------------- library/version.c | 10 ++++------ tests/suites/test_suite_version.function | 10 ++++------ 4 files changed, 21 insertions(+), 25 deletions(-) create mode 100644 ChangeLog.d/runtime-version-interface.txt diff --git a/ChangeLog.d/runtime-version-interface.txt b/ChangeLog.d/runtime-version-interface.txt new file mode 100644 index 0000000000..1cf42665ca --- /dev/null +++ b/ChangeLog.d/runtime-version-interface.txt @@ -0,0 +1,9 @@ +API changes + * Change the signature of the runtime version information methods that took + a char* as an argument to take zero arguments and return a const char* + instead. This aligns us with the interface used in TF PSA Crypto 1.0. + If you need to support linking against both Mbed TLS 3.x and 4.x, please + use the build-time version macros or mbedtls_version_get_number() to + determine the correct signature for mbedtls_version_get_string() and + mbedtls_version_get_string_full() before calling them. + Fixes issue #10308. diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 837787bc7f..4a0b216e3b 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -32,23 +32,14 @@ extern "C" { unsigned int mbedtls_version_get_number(void); /** - * Get the version string ("x.y.z"). - * - * \param string The string that will receive the value. - * (Should be at least 9 bytes in size) + * Get a pointer to the version string ("x.y.z"). */ -void mbedtls_version_get_string(char *string); +const char *mbedtls_version_get_string(void); /** - * Get the full version string ("Mbed TLS x.y.z"). - * - * \param string The string that will receive the value. The Mbed TLS version - * string will use 18 bytes AT MOST including a terminating - * null byte. - * (So the buffer should be at least 18 bytes to receive this - * version string). + * Get a pointer to the full version string ("Mbed TLS x.y.z"). */ -void mbedtls_version_get_string_full(char *string); +const char *mbedtls_version_get_string_full(void); /** * \brief Check if support for a feature was compiled into this diff --git a/library/version.c b/library/version.c index 2cd947da72..e828673c0d 100644 --- a/library/version.c +++ b/library/version.c @@ -17,16 +17,14 @@ unsigned int mbedtls_version_get_number(void) return MBEDTLS_VERSION_NUMBER; } -void mbedtls_version_get_string(char *string) +const char *mbedtls_version_get_string(void) { - memcpy(string, MBEDTLS_VERSION_STRING, - sizeof(MBEDTLS_VERSION_STRING)); + return MBEDTLS_VERSION_STRING; } -void mbedtls_version_get_string_full(char *string) +const char *mbedtls_version_get_string_full(void) { - memcpy(string, MBEDTLS_VERSION_STRING_FULL, - sizeof(MBEDTLS_VERSION_STRING_FULL)); + return MBEDTLS_VERSION_STRING_FULL; } #endif /* MBEDTLS_VERSION_C */ diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function index eeae512626..af0eb86d23 100644 --- a/tests/suites/test_suite_version.function +++ b/tests/suites/test_suite_version.function @@ -38,19 +38,17 @@ void check_compiletime_version(char *version_str) void check_runtime_version(char *version_str) { char build_str[100]; - char get_str[100]; + const char *get_str; char build_str_full[100]; - char get_str_full[100]; + const char *get_str_full; unsigned int get_int; memset(build_str, 0, 100); - memset(get_str, 0, 100); memset(build_str_full, 0, 100); - memset(get_str_full, 0, 100); get_int = mbedtls_version_get_number(); - mbedtls_version_get_string(get_str); - mbedtls_version_get_string_full(get_str_full); + get_str = mbedtls_version_get_string(); + get_str_full = mbedtls_version_get_string_full(); mbedtls_snprintf(build_str, 100, "%u.%u.%u", (get_int >> 24) & 0xFF, From 8616ee762d77123b5dc30500d040920991242e94 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 18 Aug 2025 11:32:58 +0100 Subject: [PATCH 0773/1080] Change values for error tests Previously these tests used values that will become PSA aliases, and so the tests will fail once they're changed. Signed-off-by: Felix Conway --- tests/suites/test_suite_error.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data index dec5639ee0..e496841cf0 100644 --- a/tests/suites/test_suite_error.data +++ b/tests/suites/test_suite_error.data @@ -4,11 +4,11 @@ error_strerror:-0x0020:"AES - Invalid key length" Single high error depends_on:MBEDTLS_RSA_C -error_strerror:-0x4080:"RSA - Bad input parameters to function" +error_strerror:-0x4200:"RSA - Key failed to pass the validity check of the library" Low and high error depends_on:MBEDTLS_AES_C:MBEDTLS_RSA_C -error_strerror:-0x40A0:"RSA - Bad input parameters to function \: AES - Invalid key length" +error_strerror:-0x4220:"RSA - Key failed to pass the validity check of the library \: AES - Invalid key length" Non existing high error error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)" From 783d8adb15a8559c02ef99029775fa0096778b7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 18 Aug 2025 14:31:34 +0200 Subject: [PATCH 0774/1080] Update CMake linkage tests to new call signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- programs/test/cmake_package/cmake_package.c | 5 +---- programs/test/cmake_package_install/cmake_package_install.c | 5 +---- programs/test/cmake_subproject/cmake_subproject.c | 5 +---- 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index f7d5230f46..cd050e97bc 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -18,10 +18,7 @@ * linkage works, but that is all. */ int main() { - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); + const char *version = mbedtls_version_get_string_full(); mbedtls_printf("Built against %s\n", version); diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index fb68883fee..a63f7dbb0f 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -19,10 +19,7 @@ * linkage works, but that is all. */ int main() { - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); + const char *version = mbedtls_version_get_string_full(); mbedtls_printf("Built against %s\n", version); diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index efab789553..69b5d0b819 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -19,10 +19,7 @@ * linkage works, but that is all. */ int main() { - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); + const char *version = mbedtls_version_get_string_full(); mbedtls_printf("Built against %s\n", version); From 0e5fe877cc880e19a892c807170edd7af08d0913 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 18 Aug 2025 14:38:01 +0200 Subject: [PATCH 0775/1080] Update PSASim tests to new call signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/psa-client-server/psasim/src/psa_sim_crypto_client.c | 4 ++-- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 4 ++-- tests/psa-client-server/psasim/src/server.c | 3 +-- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 635a70545a..9051f20535 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -73,12 +73,12 @@ int psa_crypto_call(int function, psa_status_t psa_crypto_init(void) { - char mbedtls_version[18]; + const char *mbedtls_version; uint8_t *result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_version_get_string_full(mbedtls_version); + mbedtls_version = mbedtls_version_get_string_full(); CLIENT_PRINT("%s", mbedtls_version); CLIENT_PRINT("My PID: %d", getpid()); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 3eec226e16..0f4c86f817 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -390,12 +390,12 @@ sub client_calls_header psa_status_t psa_crypto_init(void) { - char mbedtls_version[18]; + const char *mbedtls_version; uint8_t *result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_version_get_string_full(mbedtls_version); + mbedtls_version = mbedtls_version_get_string_full(); CLIENT_PRINT("%s", mbedtls_version); CLIENT_PRINT("My PID: %d", getpid()); diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c index 44939f1c2a..aa0c75a488 100644 --- a/tests/psa-client-server/psasim/src/server.c +++ b/tests/psa-client-server/psasim/src/server.c @@ -56,8 +56,7 @@ int psa_server_main(int argc, char *argv[]) extern psa_status_t psa_crypto_close(void); #if defined(MBEDTLS_VERSION_C) - char mbedtls_version[18]; - mbedtls_version_get_string_full(mbedtls_version); + const char *mbedtls_version = mbedtls_version_get_string_full(); SERVER_PRINT("%s", mbedtls_version); #endif From 3f523748e097ff530b1886321be560e54473972b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 13:47:50 +0100 Subject: [PATCH 0776/1080] Add const to serial argument in mbedtls_x509write_crt_set_serial_raw Signed-off-by: Ben Taylor --- include/mbedtls/x509_crt.h | 2 +- library/x509write_crt.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bf418a6851..bbe5fc45cf 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -956,7 +956,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version) * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) */ int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - unsigned char *serial, size_t serial_len); + const unsigned char *serial, size_t serial_len); /** * \brief Set the validity period for a Certificate diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 1f8a006de6..663b308d62 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -94,7 +94,7 @@ int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, } int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - unsigned char *serial, size_t serial_len) + const unsigned char *serial, size_t serial_len) { if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) { return MBEDTLS_ERR_X509_BAD_INPUT_DATA; From 37ede2c3b4b96987b525e22878564b0d489da84a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 18 Aug 2025 14:46:39 +0100 Subject: [PATCH 0777/1080] Unify generic errors to PSA errors Signed-off-by: Felix Conway --- include/mbedtls/net_sockets.h | 12 +++---- include/mbedtls/pkcs7.h | 8 ++--- include/mbedtls/ssl.h | 66 +++++++++++++++++------------------ include/mbedtls/x509.h | 10 +++--- include/mbedtls/x509_crt.h | 28 +++++++-------- include/mbedtls/x509_csr.h | 8 ++--- 6 files changed, 66 insertions(+), 66 deletions(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 8e69bc0fb3..f4eb683d3a 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -53,7 +53,7 @@ /** Failed to get an IP address for the given hostname. */ #define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /** Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 +#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /** The context is invalid, eg because it was free()ed. */ #define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /** Polling the net context failed. */ @@ -147,11 +147,11 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char * * can be NULL if client_ip is null * * \return 0 if successful, or - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, - * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to + * #MBEDTLS_ERR_NET_SOCKET_FAILED, + * #MBEDTLS_ERR_NET_BIND_FAILED, + * #MBEDTLS_ERR_NET_ACCEPT_FAILED, or + * #PSA_ERROR_BUFFER_TOO_SMALL if buf_size is too small, + * #MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to * non-blocking and accept() would block. */ int mbedtls_net_accept(mbedtls_net_context *bind_ctx, diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index e9b482208e..cf9e4407ce 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -53,11 +53,11 @@ #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /**< Error parsing the signature */ #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ -#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ -#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ +#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /**< Input invalid. */ +#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL PSA_ERROR_INVALID_SIGNATURE /**< Verification Failed */ #define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS #7 date issued/expired dates are invalid */ /* \} name */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 628d5c7e71..ab3f256913 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -44,7 +44,7 @@ /** The requested feature is not available. */ #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /** Bad input parameters to function. */ -#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 +#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /** Verification of the message MAC failed. */ #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /** An invalid SSL record was received. */ @@ -105,7 +105,7 @@ /** Cache entry not found */ #define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80 /** Memory allocation failed */ -#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 +#define MBEDTLS_ERR_SSL_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Hardware acceleration function returned with error */ #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /** Hardware acceleration function skipped / left alone data */ @@ -129,7 +129,7 @@ /** DTLS client must retry for hello verification */ #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /** A buffer is too small to receive or write a message */ -#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 +#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /* Error space gap */ /** No data of requested type currently available on underlying transport. */ #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 @@ -1912,7 +1912,7 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl); * \param ssl SSL context * \param conf SSL configuration to use * - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY if * memory allocation failed */ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, @@ -1924,7 +1924,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, * pointers and data. * * \param ssl SSL context - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY or MBEDTLS_ERR_SSL_HW_ACCEL_FAILED */ int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl); @@ -2579,14 +2579,14 @@ void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, * milliseconds. * * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid. + * #PSA_ERROR_INVALID_ARGUMENT if an input is not valid. */ static inline int mbedtls_ssl_session_get_ticket_creation_time( mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time) { if (session == NULL || ticket_creation_time == NULL || session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time); @@ -2937,8 +2937,8 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, * \note An internal copy is made, so the info buffer can be reused. * * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, - * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. + * #PSA_ERROR_INVALID_ARGUMENT if used on client, + * #PSA_ERROR_INSUFFICIENT_MEMORY if out of memory. */ int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, const unsigned char *info, @@ -3175,8 +3175,8 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session * \param len The size of the serialized data in bytes. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data * was generated in a different version or configuration of * Mbed TLS. @@ -3215,7 +3215,7 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session, * tickets. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. + * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled * and the session is a TLS 1.3 session. @@ -3348,7 +3348,7 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, * record headers. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len + * \return #PSA_ERROR_INVALID_ARGUMENT if \p len * is too large. */ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, @@ -3495,7 +3495,7 @@ void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, * \param own_cert own public certificate chain * \param pk_key own private key * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED + * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, @@ -3744,8 +3744,8 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME * for more details. * - * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, #PSA_ERROR_INSUFFICIENT_MEMORY on + * allocation failure, #PSA_ERROR_INVALID_ARGUMENT on * too long input hostname. * * Hostname set to the one provided on success (cleared @@ -3805,7 +3805,7 @@ const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl, * \param own_cert own public certificate chain * \param pk_key own private key * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED + * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, @@ -3934,7 +3934,7 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, * the lifetime of the table must be at least as long as the * lifetime of the SSL configuration structure. * - * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. + * \return 0 on success, or #PSA_ERROR_INVALID_ARGUMENT. */ int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char *const *protos); @@ -4001,7 +4001,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of + * \return #PSA_ERROR_INVALID_ARGUMENT when the list of * protection profiles is incorrect. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles @@ -4021,7 +4021,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles * is ignored. * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return #PSA_ERROR_INVALID_ARGUMENT * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE */ int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, @@ -4166,7 +4166,7 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) * - * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return 0 if successful or #PSA_ERROR_INVALID_ARGUMENT */ int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -4892,7 +4892,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * fragment length (either the built-in limit or the one set * or negotiated with the peer), then: * - with TLS, less bytes than requested are written. - * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. + * - with DTLS, #PSA_ERROR_INVALID_ARGUMENT is returned. * \c mbedtls_ssl_get_max_out_record_payload() may be used to * query the active maximum fragment length. * @@ -4976,7 +4976,7 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); * \param len maximum number of bytes to read * * \return The (positive) number of bytes read if successful. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. * \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not * possible to read early data for the SSL context \p ssl. Note * that this function is intended to be called for an SSL @@ -5082,10 +5082,10 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, * * \param ssl The SSL context to query * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called * from the server-side. * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called * prior to completion of the handshake. * * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client @@ -5134,7 +5134,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * * \note This feature is currently only available under certain * conditions, see the documentation of the return value - * #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details. + * #PSA_ERROR_INVALID_ARGUMENT for details. * * \note When this function succeeds, it calls * mbedtls_ssl_session_reset() on \p ssl which as a result is @@ -5159,15 +5159,15 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * to determine the necessary size by calling this function * with \p buf set to \c NULL and \p buf_len to \c 0. However, * the value of \p olen is only guaranteed to be correct when - * the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or + * the function returns #PSA_ERROR_BUFFER_TOO_SMALL or * \c 0. If the return value is different, then the value of * \p olen is undefined. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed + * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed * while resetting the context. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in + * \return #PSA_ERROR_INVALID_ARGUMENT if a handshake is in * progress, or there is pending data for reading or sending, * or the connection does not use DTLS 1.2 with an AEAD * ciphersuite, or renegotiation is enabled. @@ -5240,10 +5240,10 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, * \param len The size of the serialized data in bytes. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data * comes from a different Mbed TLS version or build. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. */ int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -5352,7 +5352,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * context_len are ignored and a 0-length context is used. * * \return 0 on success. - * \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed. + * \return #PSA_ERROR_INVALID_ARGUMENT if the handshake is not yet completed. * \return An SSL-specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b1a80e3011..a021a7d996 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -58,7 +58,7 @@ /** The date tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 /** The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 +#define MBEDTLS_ERR_X509_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /** The extension tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 /** CRT/CRL/CSR has an unsupported version number. */ @@ -68,17 +68,17 @@ /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 +#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED PSA_ERROR_INVALID_SIGNATURE /** Format not recognized as DER or PEM. */ #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /** Input invalid. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 +#define MBEDTLS_ERR_X509_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /** Allocation of memory failed. */ -#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 +#define MBEDTLS_ERR_X509_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Read/write of file failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /** Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 +#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /** \} name X509 Error codes */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bf418a6851..6b81652bb0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -234,7 +234,7 @@ mbedtls_x509write_cert; * \param ctx Certificate context to use * \param san_list List of SAN values * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note "dnsName", "uniformResourceIdentifier", "IP address", * "otherName", and "DirectoryName", as defined in RFC 5280, @@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * other than fatal error, as a non-zero return code * immediately aborts the verification process. For fatal * errors, a specific error code should be used (different - * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not + * from #PSA_ERROR_INVALID_SIGNATURE which should not * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR * can be used if no better code is available. * @@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * \return #PSA_ERROR_INVALID_SIGNATURE in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * \return #PSA_ERROR_INVALID_SIGNATURE in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, * that bit MAY be set. * * \return 0 is these uses of the certificate are allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension + * #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension * is present but does not match the usage argument. * * \note You should only call this function on leaf certificates, on @@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). * * \return 0 if this use of the certificate is allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. + * #PSA_ERROR_INVALID_ARGUMENT if not. * * \note Usually only makes sense on leaf certificates. */ @@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version) * input buffer * * \return 0 if successful, or - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer + * #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) */ int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, @@ -1041,7 +1041,7 @@ void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_ty * \param val value of the extension OCTET STRING * \param val_len length of the value data * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, @@ -1057,7 +1057,7 @@ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, * certificate (only for CA certificates, -1 is * unlimited) * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen); @@ -1070,7 +1070,7 @@ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, * * \param ctx CRT context to use * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); @@ -1081,7 +1081,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx * * \param ctx CRT context to use * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); #endif /* PSA_WANT_ALG_SHA_1 */ @@ -1093,7 +1093,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *c * \param ctx CRT context to use * \param key_usage key usage flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage); @@ -1106,7 +1106,7 @@ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, * \param exts extended key usage extensions to set, a sequence of * MBEDTLS_ASN1_OID objects * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, const mbedtls_asn1_sequence *exts); @@ -1118,7 +1118,7 @@ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, * \param ctx CRT context to use * \param ns_cert_type Netscape Cert Type flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type); diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index b11539440c..60a553f55d 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -263,7 +263,7 @@ void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_typ * \param ctx CSR context to use * \param key_usage key usage flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note The decipherOnly flag from the Key Usage * extension is represented by bit 8 (i.e. @@ -281,7 +281,7 @@ int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned cha * \param ctx CSR context to use * \param san_list List of SAN values * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note Only "dnsName", "uniformResourceIdentifier" and "otherName", * as defined in RFC 5280, are supported. @@ -296,7 +296,7 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct * \param ctx CSR context to use * \param ns_cert_type Netscape Cert Type flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, unsigned char ns_cert_type); @@ -312,7 +312,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, * \param val value of the extension OCTET STRING * \param val_len length of the value data * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or a #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, const char *oid, size_t oid_len, From f5b48c3d9c741d3b8e0519eb3a77ae0a5f7ee9ee Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 18 Aug 2025 14:52:41 +0100 Subject: [PATCH 0778/1080] Add Changelog and documentation Signed-off-by: Felix Conway --- ChangeLog.d/unify-errors.txt | 8 ++++++++ docs/4.0-migration-guide/error-codes.md | 14 ++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 ChangeLog.d/unify-errors.txt diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt new file mode 100644 index 0000000000..3dad7f3b67 --- /dev/null +++ b/ChangeLog.d/unify-errors.txt @@ -0,0 +1,8 @@ +API changes + * Make the following error codes aliases of their PSA equivalents, where + xxx is a module, e.g. X509 or SSL. + MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT + MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY + MBEDTLS_ERR_xxx_VERIFY_FAILED -> PSA_ERROR_INVALID_SIGNATURE + MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE + MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 074acc04bb..3bcdb8c580 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,6 +18,8 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. +#### Specific error codes + | Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | | ------------------------------ | --------------------------- | | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | @@ -25,4 +27,16 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally | `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | +#### General Replacements + +The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code. + +| Legacy constant (Mbed TLS 3.6) | PSA constant (TF-PSA-Crypto 1.0) | +|---------------------------------| ---------------------------------------------- | +| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_xxx_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | + See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. From f8b4aa135b565c65db8f8336782f7edf9eb5f8e6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 19 Aug 2025 07:52:48 +0100 Subject: [PATCH 0779/1080] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/509write_crt_set_serial_raw-alignment.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/509write_crt_set_serial_raw-alignment.txt diff --git a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt new file mode 100644 index 0000000000..1fc938bdcb --- /dev/null +++ b/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt @@ -0,0 +1,3 @@ +API changes + * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw + function so a const to align with the restof the API. From e984d35590a1fc8351a9b01096fa193cf9c76cb6 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 19 Aug 2025 10:06:27 +0100 Subject: [PATCH 0780/1080] Fix ssl tests expecting old X509 error output Signed-off-by: Felix Conway --- tests/ssl-opt.sh | 98 ++++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d0278b123c..35afb8fcf9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5839,7 +5839,7 @@ run_test "Authentication: server badcert, client required" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA # We don't check that the server receives the alert because it might # detect that its write end of the connection is closed and abort @@ -5854,7 +5854,7 @@ run_test "Authentication: server badcert, client required (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA run_test "Authentication: server badcert, client optional" \ @@ -5866,7 +5866,7 @@ run_test "Authentication: server badcert, client optional" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server badcert, client optional (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5877,7 +5877,7 @@ run_test "Authentication: server badcert, client optional (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5888,7 +5888,7 @@ run_test "Authentication: server badcert, client none" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server badcert, client none (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5899,7 +5899,7 @@ run_test "Authentication: server badcert, client none (1.2)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ @@ -5930,7 +5930,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5942,7 +5942,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA (1. -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" run_test "Authentication: server goodcert, client none, no trusted CA" \ @@ -5953,7 +5953,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5965,7 +5965,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" # The next few tests check what happens if the server has a valid certificate @@ -5980,7 +5980,7 @@ run_test "Authentication: hostname match, client required" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname match, client required, CA callback" \ "$P_SRV" \ @@ -5992,7 +5992,7 @@ run_test "Authentication: hostname match, client required, CA callback" \ -c "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (wrong), client required" \ "$P_SRV" \ @@ -6001,7 +6001,7 @@ run_test "Authentication: hostname mismatch (wrong), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (empty), client required" \ "$P_SRV" \ @@ -6010,7 +6010,7 @@ run_test "Authentication: hostname mismatch (empty), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (truncated), client required" \ "$P_SRV" \ @@ -6019,7 +6019,7 @@ run_test "Authentication: hostname mismatch (truncated), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (last char), client required" \ "$P_SRV" \ @@ -6028,7 +6028,7 @@ run_test "Authentication: hostname mismatch (last char), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (trailing), client required" \ "$P_SRV" \ @@ -6037,7 +6037,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch, client optional" \ "$P_SRV" \ @@ -6045,7 +6045,7 @@ run_test "Authentication: hostname mismatch, client optional" \ 0 \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ @@ -6055,7 +6055,7 @@ run_test "Authentication: hostname mismatch, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname null, client required" \ "$P_SRV" \ @@ -6066,7 +6066,7 @@ run_test "Authentication: hostname null, client required" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname null, client optional" \ "$P_SRV" \ @@ -6076,7 +6076,7 @@ run_test "Authentication: hostname null, client optional" \ -C "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname null, client none" \ "$P_SRV" \ @@ -6086,7 +6086,7 @@ run_test "Authentication: hostname null, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ @@ -6098,7 +6098,7 @@ run_test "Authentication: hostname unset, client required" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client required, CA callback" \ "$P_SRV" \ @@ -6111,7 +6111,7 @@ run_test "Authentication: hostname unset, client required, CA callback" \ -C "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ @@ -6121,7 +6121,7 @@ run_test "Authentication: hostname unset, client optional" \ -c "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ @@ -6131,7 +6131,7 @@ run_test "Authentication: hostname unset, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -6142,7 +6142,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.2 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ @@ -6154,7 +6154,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.3 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ @@ -6164,7 +6164,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ @@ -6175,7 +6175,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6252,7 +6252,7 @@ run_test "Authentication: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6270,7 +6270,7 @@ run_test "Authentication: client cert self-signed and trusted, server require -S "skip parse certificate verify" \ -S "x509_verify_cert() returned" \ -S "! The certificate is not correctly signed" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ @@ -6286,7 +6286,7 @@ run_test "Authentication: client cert not trusted, server required" \ -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6303,7 +6303,7 @@ run_test "Authentication: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" run_test "Authentication: client badcert, server none" \ "$P_SRV debug_level=3 auth_mode=none" \ @@ -6320,7 +6320,7 @@ run_test "Authentication: client badcert, server none" \ -S "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6336,7 +6336,7 @@ run_test "Authentication: client no cert, server optional" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" requires_openssl_tls1_3_with_compatible_ephemeral run_test "Authentication: openssl client no cert, server optional" \ @@ -6347,7 +6347,7 @@ run_test "Authentication: openssl client no cert, server optional" \ -s "skip parse certificate verify" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server optional" \ @@ -6483,7 +6483,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest" \ @@ -6530,7 +6530,7 @@ run_test "Authentication, CA callback: server badcert, client required" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6541,7 +6541,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication, CA callback: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6552,7 +6552,7 @@ run_test "Authentication, CA callback: server badcert, client none" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6619,7 +6619,7 @@ run_test "Authentication, CA callback: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6639,7 +6639,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ @@ -6657,7 +6657,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer @@ -9498,7 +9498,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9518,7 +9518,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9538,7 +9538,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9558,7 +9558,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9578,7 +9578,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE From 1a1ff64f42de8858680b2262e7bbbd2550d3eebf Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 19 Aug 2025 11:11:58 +0100 Subject: [PATCH 0781/1080] Remove tf-psa-crypto/include/mbedtls/private from Doxygen Signed-off-by: Felix Conway --- doxygen/mbedtls.doxyfile | 1 + 1 file changed, 1 insertion(+) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 04a4f170d0..00e64d05c9 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -8,6 +8,7 @@ EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO INPUT = ../include input ../tf-psa-crypto/include ../tests/include/alt-dummy FILE_PATTERNS = *.h +EXCLUDE = ../tf-psa-crypto/include/mbedtls/private RECURSIVE = YES EXCLUDE_SYMLINKS = YES SOURCE_BROWSER = YES From 24e3388cf3bb50c1d4b762aed63b63de036ffd96 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 19 Aug 2025 16:56:25 +0100 Subject: [PATCH 0782/1080] Clarify use of CC and friends for file generation Add more detail around how generation of configuration-independent files chooses a C compiler. Mention that setting HOSTCC or CC is recommended where there are multiple toolchains. Mention that the fallback location is the cc executable, which may help users troubleshooting when the file generation picks up the wrong toolchain (as in Mbed-TLS/mbedtls#10360). Signed-off-by: David Horstmann --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fc1536e23c..7981a0236d 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,13 @@ The following tools are required: Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option. * A C compiler for the host platform, for some test data. -If you are cross-compiling, you must set the `CC` environment variable to a C compiler for the host platform when generating the configuration-independent files. +The scripts that generate the configuration-independent files will look for a host C compiler in the following places (in order of preference): + +1. The `HOSTCC` environment variable. This can be used if `CC` is pointing to a cross-compiler. +2. The `CC` environment variable. +3. An executable called `cc` in the current path. + +Note: If you have multiple toolchains installed, it is recommended to set `CC` or `HOSTCC` to the intended host compiler before generating the files. Any of the following methods are available to generate the configuration-independent files: From f3486e198b94aa9ffe52e3db303ec19fbcbc985c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 18 Aug 2025 14:09:26 +0100 Subject: [PATCH 0783/1080] components-configuration-crypto.sh: Added setters for MBEDTLS_PSA_CRYPTO_RNG_HASH Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f7647415c5..4714194565 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2354,14 +2354,15 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { } component_test_ctr_drbg_aes_256_sha_256 () { - msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" make test } @@ -2378,15 +2379,16 @@ component_test_ctr_drbg_aes_128_sha_512 () { } component_test_ctr_drbg_aes_128_sha_256 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" make test } From 3492807e0b337925011e16d7d79b25e20709d59d Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 20 Aug 2025 10:26:11 +0100 Subject: [PATCH 0784/1080] Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC Remove all references to MBEDTLS_ECDSA_DETERMINISTIC from components-configuration-crypto.sh. Replace them with PSA_WANT_ALG_DETERMINISTIC_ECDSA. This is safe because: * MBEDTLS_ECDSA_DETERMINISTIC is only ever unset in components in order to avoid errors from disabling its dependency MBEDTLS_HMAC_DRBG_C. * MBEDTLS_ECDSA_DETERMINISTIC is only ever defined in config_adjust_legacy_from_psa.h, and only if PSA_WANT_ALG_DETERMINISTIC_ECDSA is defined. Therefore PSA_WANT_ALG_DETERMINISTIC_ECDSA's dependencies are a superset of MBEDTLS_ECDSA_DETERMINISTIC's dependencies and must include MBEDTLS_HMAC_DRBG_C, so disabling PSA_WANT_ALG_DETERMINISTIC_ECDSA is a sufficient substitute for disabling MBEDTLS_ECDSA_DETERMINISTIC. Signed-off-by: David Horstmann --- tests/scripts/components-configuration-crypto.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f7647415c5..4d7fceffe3 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" @@ -293,7 +293,6 @@ component_test_crypto_full_md_light_only () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS7_C # Disable indirect dependencies of MD_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -1656,7 +1655,6 @@ config_psa_crypto_hmac_use_psa () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HKDF_C # Dependencies of HMAC_DRBG - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA } From ed7058730a60d473fa8ae5b86393ec34bec79681 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 10:51:23 +0100 Subject: [PATCH 0785/1080] Removed the directory with the programs, and its inclusion in the parent directory CMakeLists.txt file Signed-off-by: Felix Conway --- programs/CMakeLists.txt | 2 +- programs/pkey/CMakeLists.txt | 19 -- programs/pkey/dh_prime.txt | 2 - programs/pkey/gen_key.c | 478 --------------------------------- programs/pkey/pk_sign.c | 154 ----------- programs/pkey/pk_verify.c | 129 --------- programs/pkey/rsa_priv.txt | 8 - programs/pkey/rsa_pub.txt | 2 - programs/pkey/rsa_sign_pss.c | 160 ----------- programs/pkey/rsa_verify_pss.c | 137 ---------- 10 files changed, 1 insertion(+), 1090 deletions(-) delete mode 100644 programs/pkey/CMakeLists.txt delete mode 100644 programs/pkey/dh_prime.txt delete mode 100644 programs/pkey/gen_key.c delete mode 100644 programs/pkey/pk_sign.c delete mode 100644 programs/pkey/pk_verify.c delete mode 100644 programs/pkey/rsa_priv.txt delete mode 100644 programs/pkey/rsa_pub.txt delete mode 100644 programs/pkey/rsa_sign_pss.c delete mode 100644 programs/pkey/rsa_verify_pss.c diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 1e5b2a4b67..1aba21b756 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -4,7 +4,7 @@ add_custom_target(${programs_target}) if (NOT WIN32) add_subdirectory(fuzz) endif() -add_subdirectory(pkey) + add_subdirectory(ssl) add_subdirectory(test) add_subdirectory(util) diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt deleted file mode 100644 index a2b1836d58..0000000000 --- a/programs/pkey/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ -set(executables_mbedcrypto - gen_key - pk_sign - pk_verify - rsa_sign_pss - rsa_verify_pss -) -add_dependencies(${programs_target} ${executables_mbedcrypto}) - -foreach(exe IN LISTS executables_mbedcrypto) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables_mbedcrypto} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt deleted file mode 100644 index de0c281483..0000000000 --- a/programs/pkey/dh_prime.txt +++ /dev/null @@ -1,2 +0,0 @@ -P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF -G = 02 diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c deleted file mode 100644 index ba35534388..0000000000 --- a/programs/pkey/gen_key.c +++ /dev/null @@ -1,478 +0,0 @@ -/* - * Key generation application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include "mbedtls/ecdsa.h" -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#include - -#if !defined(_WIN32) -#include - -#define DEV_RANDOM_THRESHOLD 32 - -static int dev_random_entropy_poll(void *data, unsigned char *output, - size_t len, size_t *olen) -{ - FILE *file; - size_t ret, left = len; - unsigned char *p = output; - ((void) data); - - *olen = 0; - - file = fopen("/dev/random", "rb"); - if (file == NULL) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - while (left > 0) { - /* /dev/random can return much less than requested. If so, try again */ - ret = fread(p, 1, left, file); - if (ret == 0 && ferror(file)) { - fclose(file); - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - p += ret; - left -= ret; - sleep(1); - } - fclose(file); - *olen = len; - - return 0; -} -#endif /* !_WIN32 */ - -#if defined(MBEDTLS_ECP_C) -#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id -#else -#define DFL_EC_CURVE 0 -#endif - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) -#define USAGE_DEV_RANDOM \ - " use_dev_random=0|1 default: 0\n" -#else -#define USAGE_DEV_RANDOM "" -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - -#define FORMAT_PEM 0 -#define FORMAT_DER 1 - -#define DFL_TYPE MBEDTLS_PK_RSA -#define DFL_RSA_KEYSIZE 4096 -#define DFL_FILENAME "keyfile.key" -#define DFL_FORMAT FORMAT_PEM -#define DFL_USE_DEV_RANDOM 0 - -#define USAGE \ - "\n usage: gen_key param=<>...\n" \ - "\n acceptable parameters:\n" \ - " type=rsa|ec default: rsa\n" \ - " rsa_keysize=%%d default: 4096\n" \ - " ec_curve=%%s see below\n" \ - " filename=%%s default: keyfile.key\n" \ - " format=pem|der default: pem\n" \ - USAGE_DEV_RANDOM \ - "\n" - - -/* - * global options - */ -struct options { - int type; /* the type of key to generate */ - int rsa_keysize; /* length of key in bits */ - int ec_curve; /* curve identifier for EC keys */ - const char *filename; /* filename of the key file */ - int format; /* the output format to use */ - int use_dev_random; /* use /dev/random as entropy source */ -} opt; - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - if (opt.format == FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "wb")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context key; - char buf[1024]; - int i; - char *p, *q; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "gen_key"; -#if defined(MBEDTLS_ECP_C) - const mbedtls_ecp_curve_info *curve_info; -#endif - - /* - * Set to sane values - */ -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); -#if defined(MBEDTLS_ECP_C) - mbedtls_printf(" available ec_curve values:\n"); - curve_info = mbedtls_ecp_curve_list(); - mbedtls_printf(" %s (default)\n", curve_info->name); - while ((++curve_info)->name != NULL) { - mbedtls_printf(" %s\n", curve_info->name); - } -#endif /* MBEDTLS_ECP_C */ - goto exit; - } - - opt.type = DFL_TYPE; - opt.rsa_keysize = DFL_RSA_KEYSIZE; - opt.ec_curve = DFL_EC_CURVE; - opt.filename = DFL_FILENAME; - opt.format = DFL_FORMAT; - opt.use_dev_random = DFL_USE_DEV_RANDOM; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "type") == 0) { - if (strcmp(q, "rsa") == 0) { - opt.type = MBEDTLS_PK_RSA; - } else if (strcmp(q, "ec") == 0) { - opt.type = MBEDTLS_PK_ECKEY; - } else { - goto usage; - } - } else if (strcmp(p, "format") == 0) { - if (strcmp(q, "pem") == 0) { - opt.format = FORMAT_PEM; - } else if (strcmp(q, "der") == 0) { - opt.format = FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "rsa_keysize") == 0) { - opt.rsa_keysize = atoi(q); - if (opt.rsa_keysize < 1024 || - opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } -#if defined(MBEDTLS_ECP_C) - else if (strcmp(p, "ec_curve") == 0) { - if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) { - goto usage; - } - opt.ec_curve = curve_info->grp_id; - } -#endif - else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "use_dev_random") == 0) { - opt.use_dev_random = atoi(q); - if (opt.use_dev_random < 0 || opt.use_dev_random > 1) { - goto usage; - } - } else { - goto usage; - } - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) - if (opt.use_dev_random) { - if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll, - NULL, DEV_RANDOM_THRESHOLD, - MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n Using /dev/random, so can take a long time! "); - fflush(stdout); - } -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * 1.1. Generate the key - */ - mbedtls_printf("\n . Generating the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_pk_setup(&key, - mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (opt.type == MBEDTLS_PK_RSA) { - ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg, - opt.rsa_keysize, 65537); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) - if (opt.type == MBEDTLS_PK_ECKEY) { - ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve, - mbedtls_pk_ec(key), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_ECP_C */ - { - mbedtls_printf(" failed\n ! key type not supported\n"); - goto exit; - } - - /* - * 1.2 Print the key - */ - mbedtls_printf(" ok\n . Key information:\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf(" ! key type not supported\n"); - - /* - * 1.3 Export key - */ - mbedtls_printf(" . Writing key to file..."); - - if ((ret = write_private_key(&key, opt.filename)) != 0) { - mbedtls_printf(" failed\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c deleted file mode 100644 index 4ddb473c0f..0000000000 --- a/programs/pkey/pk_sign.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Public key-based signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - const char *pers = "mbedtls_pk_sign"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the signature of the hash. - */ - mbedtls_printf("\n . Generating the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c deleted file mode 100644 index 27aff441a1..0000000000 --- a/programs/pkey/pk_verify.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Public key-based signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the signature from the file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, sizeof(buf), f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_psa_crypto_free(); - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt deleted file mode 100644 index 254fcf8522..0000000000 --- a/programs/pkey/rsa_priv.txt +++ /dev/null @@ -1,8 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 -D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 -P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 -Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 -DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 -DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 -QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt deleted file mode 100644 index 1e7ae0c9c9..0000000000 --- a/programs/pkey/rsa_pub.txt +++ /dev/null @@ -1,2 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c deleted file mode 100644 index d94daf3977..0000000000 --- a/programs/pkey/rsa_sign_pss.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - const char *pers = "rsa_sign_pss"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: rsa_sign_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Padding not supported\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c deleted file mode 100644 index 15049203ee..0000000000 --- a/programs/pkey/rsa_verify_pss.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/md.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: rsa_verify_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Invalid padding\n"); - goto exit; - } - - /* - * Extract the RSA signature from the file - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ From 87ae4e6a14c4db5301c78ddb480783ac148d802e Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 30 Jul 2025 05:46:28 +0200 Subject: [PATCH 0786/1080] Added a changelog entry for the removal Signed-off-by: Anton Matkin --- ChangeLog.d/10285.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/10285.txt diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt new file mode 100644 index 0000000000..dae7e330cd --- /dev/null +++ b/ChangeLog.d/10285.txt @@ -0,0 +1,3 @@ +Removals + * Removed the programs/pkey directory. These will be moved to the + TF-PSA-Crypto repository later. \ No newline at end of file From 5b49f31956c89d7253563fb2237d710b86bc04e8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 30 Jul 2025 12:14:30 +0200 Subject: [PATCH 0787/1080] Adjusted the Makefile in the programs directory - removed the pkey programs Signed-off-by: Anton Matkin --- programs/Makefile | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index a043fe1912..f99021aa69 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -36,11 +36,6 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - pkey/gen_key \ - pkey/pk_sign \ - pkey/pk_verify \ - pkey/rsa_sign_pss \ - pkey/rsa_verify_pss \ ../tf-psa-crypto/programs/psa/aead_demo \ ../tf-psa-crypto/programs/psa/crypto_examples \ ../tf-psa-crypto/programs/psa/hmac_demo \ @@ -136,26 +131,6 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) - echo " CC pkey/gen_key.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) - echo " CC pkey/pk_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP) - echo " CC pkey/pk_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) - echo " CC pkey/rsa_sign_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) - echo " CC pkey/rsa_verify_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) echo " CC psa/aead_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 3962284de6e0bf6fe52666a4030db74145822af3 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 11:00:01 +0100 Subject: [PATCH 0788/1080] Update & fix changelog Signed-off-by: Felix Conway --- ChangeLog.d/10285.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt index dae7e330cd..2ac05ab90f 100644 --- a/ChangeLog.d/10285.txt +++ b/ChangeLog.d/10285.txt @@ -1,3 +1,3 @@ Removals - * Removed the programs/pkey directory. These will be moved to the - TF-PSA-Crypto repository later. \ No newline at end of file + * Removed all public key sample programs from the programs/pkey + directory. From 1cf9a1590bf51790af0c30c97d5807e995962221 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 11:00:59 +0100 Subject: [PATCH 0789/1080] Remove programs from gitignore and documentation Signed-off-by: Felix Conway --- programs/.gitignore | 5 ----- programs/README.md | 10 ---------- 2 files changed, 15 deletions(-) diff --git a/programs/.gitignore b/programs/.gitignore index 7eaf38d85b..004dcf22f7 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -8,11 +8,6 @@ hash/md5sum hash/sha1sum hash/sha2sum -pkey/gen_key -pkey/pk_sign -pkey/pk_verify -pkey/rsa_sign_pss -pkey/rsa_verify_pss ssl/dtls_client ssl/dtls_server ssl/mini_client diff --git a/programs/README.md b/programs/README.md index 9239e8a603..b9260bffe9 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,16 +3,6 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -### Generic public-key cryptography (`pk`) examples - -* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. - -* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. - -### ECDSA and RSA signature examples - -* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. - ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. From 32e100a573d347147df6596f80b78189c0ee4556 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 21 Aug 2025 08:00:07 +0100 Subject: [PATCH 0790/1080] Renamed and corrected ChangeLog Signed-off-by: Ben Taylor --- ...alignment.txt => x509write_crt_set_serial_raw-alignment.txt} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename ChangeLog.d/{509write_crt_set_serial_raw-alignment.txt => x509write_crt_set_serial_raw-alignment.txt} (59%) diff --git a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt similarity index 59% rename from ChangeLog.d/509write_crt_set_serial_raw-alignment.txt rename to ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt index 1fc938bdcb..e04f45a488 100644 --- a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt +++ b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt @@ -1,3 +1,3 @@ API changes * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw - function so a const to align with the restof the API. + function to a const to align with the rest of the API. From 5dbc24a25546e5484d21fdf3bb1864098f512aab Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 14 Aug 2025 14:38:15 +0100 Subject: [PATCH 0791/1080] components-configuration-crypto: Removed legacy options. Removed setters for `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY` and `MBEDTLS_ENTROPY_FORCE_SHA256` Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 4714194565..dd8b49dcfa 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2357,7 +2357,6 @@ component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -2367,28 +2366,27 @@ component_test_ctr_drbg_aes_256_sha_256 () { } component_test_ctr_drbg_aes_128_sha_512 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)" make test } component_test_ctr_drbg_aes_128_sha_256 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" + msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" + msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" make test } From 906950d8dc353351759f12dc88d6a6add273dcc8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 14 Aug 2025 15:59:53 +0100 Subject: [PATCH 0792/1080] config/depends.py: Removed legacy options. Signed-off-by: Minos Galanakis --- scripts/config.py | 2 -- tests/scripts/depends.py | 2 -- 2 files changed, 4 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 750ff88c72..20555db846 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -76,12 +76,10 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW - 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental - 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 513c6413a5..ae88abf1e2 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -316,11 +316,9 @@ def test(self, options): 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'], 'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'MBEDTLS_LMS_C', From a1e867981b0263d02876808160a2f1dd64b998f6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 18 Aug 2025 10:31:31 +0100 Subject: [PATCH 0793/1080] ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d0278b123c..220e897f6f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -484,7 +484,7 @@ detect_required_features() { *"programs/ssl/dtls_client "*|\ *"programs/ssl/ssl_client1 "*) requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_ENTROPY_C + requires_config_enabled MBEDTLS_PSA_CRYPTO_C requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_certificate_authentication @@ -494,7 +494,7 @@ detect_required_features() { *"programs/ssl/ssl_pthread_server "*|\ *"programs/ssl/ssl_server "*) requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_ENTROPY_C + requires_config_enabled MBEDTLS_PSA_CRYPTO_C requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_certificate_authentication From 1eda7487ae08a3a32a1e9f554071c6fbc74195ac Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 21 Aug 2025 15:57:15 +0100 Subject: [PATCH 0794/1080] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f0b51e354b..86060cd714 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f0b51e354bb69071d3fab28650894287fac2348e +Subproject commit 86060cd714013678ac6483b95c6b9585570b9273 From 8fc000ec2c1e3134293fbaa95cfa4ec003e872aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 Aug 2025 15:19:59 +0200 Subject: [PATCH 0795/1080] ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency adjustment Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 220e897f6f..140409c9cc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -485,6 +485,7 @@ detect_required_features() { *"programs/ssl/ssl_client1 "*) requires_config_enabled MBEDTLS_CTR_DRBG_C requires_config_enabled MBEDTLS_PSA_CRYPTO_C + requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_certificate_authentication @@ -495,6 +496,7 @@ detect_required_features() { *"programs/ssl/ssl_server "*) requires_config_enabled MBEDTLS_CTR_DRBG_C requires_config_enabled MBEDTLS_PSA_CRYPTO_C + requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_certificate_authentication From aad5f1bedd09e29e45438135d57026bb3a78d2a5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 Aug 2025 15:32:48 +0200 Subject: [PATCH 0796/1080] tests: Prepare to switch to SHA-256 as the default CTR_DRBG hash Ensure that when we switch from SHA-512 to SHA-256 as the default CTR_DRBG hash, we still properly test CTR_DRBG with SHA-512. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index dd8b49dcfa..17c235bb17 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2353,6 +2353,18 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o } +component_test_ctr_drbg_aes_256_sha_512 () { + msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)" + scripts/config.py full + scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)" + make test +} + component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full @@ -2370,6 +2382,7 @@ component_test_ctr_drbg_aes_128_sha_512 () { scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make From a0b1c8c7fb46dc35a328eedf4a8fad823a16e00a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 26 Aug 2025 09:15:18 +0200 Subject: [PATCH 0797/1080] build: Remove CTR_DRBG 128 bits key warnings Signed-off-by: Ronald Cron --- CMakeLists.txt | 21 --------------------- Makefile | 19 ------------------- 2 files changed, 40 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 162373182b..12ddc2738d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -100,17 +100,6 @@ option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF) option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF) option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF) -# Warning string - created as a list for compatibility with CMake 2.8 -set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n") -set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n") -set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n") - -set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" - "${CTR_DRBG_128_BIT_KEY_WARN_L1}" - "${CTR_DRBG_128_BIT_KEY_WARN_L2}" - "${CTR_DRBG_128_BIT_KEY_WARN_L3}" - "${WARNING_BORDER}") - # Python 3 is only needed here to check for configuration warnings. if(NOT CMAKE_VERSION VERSION_LESS 3.15.0) set(Python3_FIND_STRATEGY LOCATION) @@ -124,16 +113,6 @@ else() set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE}) endif() endif() -if(MBEDTLS_PYTHON_EXECUTABLE) - - # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - RESULT_VARIABLE result) - if(${result} EQUAL 0) - message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) - endif() - -endif() # We now potentially need to link all executables against PThreads, if available set(CMAKE_THREAD_PREFER_PTHREAD TRUE) diff --git a/Makefile b/Makefile index a580736602..6706143a24 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,6 @@ endif .PHONY: all no_test programs lib tests install uninstall clean test check lcov apidoc apidoc_clean all: programs tests - $(MAKE) post_build no_test: programs @@ -146,24 +145,6 @@ uninstall: done endif - -WARNING_BORDER_LONG =**********************************************************************************\n -CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n -CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n -CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n - -CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG) - -# Post build steps -post_build: -ifndef WINDOWS - - # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - -scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ - echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' - -endif - clean: clean_more_on_top $(MAKE) -C library clean $(MAKE) -C programs clean From 7cbeedc6074b2c2a3e1818185a86c324d68cef30 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 26 Aug 2025 17:26:45 +0100 Subject: [PATCH 0798/1080] Remove uses of the -c $CRYPTO_CONFIG_H idiom This is no longer needed as config.py knows where the crypto config file is these days. Signed-off-by: David Horstmann --- .../components-configuration-crypto.sh | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 4d7fceffe3..d422bf8edb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -82,19 +82,19 @@ component_test_psa_crypto_without_heap() { msg "crypto without heap: build libtestdriver1" # Disable PSA features that cannot be accelerated and whose builtin support # requires calloc/free. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_" + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset-all "^PSA_WANT_ALG_HKDF" + scripts/config.py unset-all "^PSA_WANT_ALG_PBKDF2_" + scripts/config.py unset-all "^PSA_WANT_ALG_TLS12_" # RSA key support requires ASN1 parse/write support for testing, but ASN1 # is disabled below. - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_" + scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" + scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" # DES requires built-in support for key generation (parity check) so it # cannot be accelerated - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. # This is required to get the proper test coverage otherwise there are # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. @@ -102,7 +102,7 @@ component_test_psa_crypto_without_heap() { scripts/config.py set PSA_WANT_ECC_SECP_R1_192 # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). - PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) + PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT) loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') helper_libtestdriver1_adjust_config crypto @@ -143,7 +143,7 @@ component_test_psa_crypto_without_heap() { component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" @@ -293,7 +293,7 @@ component_test_crypto_full_md_light_only () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS7_C # Disable indirect dependencies of MD_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -318,17 +318,17 @@ component_test_full_no_cipher () { # on CIPHER_C so we disable them. # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 # so we keep them enabled. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -433,18 +433,18 @@ component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Disable all curves scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -2065,10 +2065,10 @@ component_build_aes_variations () { scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_KEY_TYPE_DES build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ From c50ce1b02b2c7e1cdc0132447ecf477d2942e70b Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 27 Aug 2025 10:15:54 +0200 Subject: [PATCH 0799/1080] Update crypto submodule link Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 86060cd714..3fd4e754b2 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 86060cd714013678ac6483b95c6b9585570b9273 +Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961 From a15729d38e8469e3ccb4238052e22ad41e743dd1 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 19 Aug 2025 13:35:19 +0100 Subject: [PATCH 0800/1080] Fix libtestdriver1 rewrite in include/mbedtls/private Signed-off-by: Felix Conway --- tests/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile b/tests/Makefile index 3a6f0e62ea..a52bc32f57 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -369,6 +369,7 @@ libtestdriver1.a: perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] From b907dbc4d3c3bc813d3da3baa96f8217e87480a2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 27 Aug 2025 15:19:40 +0100 Subject: [PATCH 0801/1080] Remove other cases of explicit crypto config file Remove unnecessary passing of the crypto config filename either with the '-f' or '-c' switch, throughout all of the all.sh component files. Signed-off-by: David Horstmann --- .../components-configuration-crypto.sh | 88 +++++++-------- tests/scripts/components-configuration-tls.sh | 100 +++++++++--------- tests/scripts/components-psasim.sh | 2 +- 3 files changed, 95 insertions(+), 95 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index d422bf8edb..24b7d6cbfb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -356,7 +356,7 @@ component_test_full_no_ccm () { # # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause # PSA_WANT_ALG_CCM to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM make @@ -377,17 +377,17 @@ component_test_full_no_ccm_star_no_tag () { # # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING # NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will # mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_NIST_KW_C - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 make @@ -540,10 +540,10 @@ component_test_psa_crypto_config_ffdh_2048_only () { scripts/config.py full # Disable all DH groups other than 2048. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192 + scripts/config.py unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py unset PSA_WANT_DH_RFC7919_8192 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" @@ -754,7 +754,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Build # ----- @@ -848,7 +848,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Build # ----- @@ -1020,7 +1020,7 @@ config_psa_crypto_no_ecp_at_all () { # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues @@ -1137,12 +1137,12 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # RSA support is intentionally disabled on this test because RSA_C depends # on BIGNUM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1151,9 +1151,9 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and # PSA sides. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" + scripts/config.py unset PSA_WANT_ALG_FFDH + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*" fi # Restartable feature is not yet supported by PSA. Once it will in @@ -1390,7 +1390,7 @@ build_and_test_psa_want_key_pair_partial () { # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # crypto_config.h so we just disable the one we don't want. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" + scripts/config.py unset "$disabled_psa_want" make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -1501,9 +1501,9 @@ component_test_new_psa_want_key_pair_symbol () { # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure # that proper translations is done in crypto_legacy.h. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make @@ -1655,7 +1655,7 @@ config_psa_crypto_hmac_use_psa () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HKDF_C # Dependencies of HMAC_DRBG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA } component_test_psa_crypto_config_accel_hmac () { @@ -1712,7 +1712,7 @@ component_test_psa_crypto_config_accel_aead () { helper_libtestdriver1_adjust_config "full" # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG # Build # ----- @@ -1828,14 +1828,14 @@ common_block_cipher_dispatch () { # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". # Keep this also in the reference component in order to skip the same tests # that were skipped in the accelerated one. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 # Disable direct dependency on AES_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1928,7 +1928,7 @@ component_test_full_block_cipher_legacy_dispatch () { component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" @@ -1938,8 +1938,8 @@ component_test_aead_chachapoly_disabled () { component_test_aead_only_ccm () { msg "build: full minus CHACHAPOLY and GCM" scripts/config.py full - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_GCM make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" @@ -2279,10 +2279,10 @@ config_block_cipher_no_decrypt () { # Enable support for cryptographic mechanisms through the PSA API. # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_KEY_TYPE_DES } component_test_block_cipher_no_decrypt_aesni () { diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index c8b2287d71..b74b30477c 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -50,15 +50,15 @@ component_test_tls1_2_default_stream_cipher_only () { msg "build: default with only stream cipher use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -79,14 +79,14 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { msg "build: default with only CBC-legacy cipher use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -108,14 +108,14 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -361,10 +361,10 @@ component_test_ssl_alloc_buffer_and_mfl () { component_test_when_no_ciphersuites_have_mac () { msg "build: when no ciphersuites have MAC" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER @@ -419,22 +419,22 @@ component_test_tls13_only_psk () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192 + scripts/config.py unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_FFDH + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_DH_RFC7919_2048 + scripts/config.py unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py unset PSA_WANT_DH_RFC7919_8192 # Note: The four unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C @@ -471,7 +471,7 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py unset MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDH # Note: The unset below is to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C @@ -495,10 +495,10 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C @@ -522,11 +522,11 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The three unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C @@ -550,10 +550,10 @@ component_test_tls13_only_psk_all () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh index ba8ab331d2..a20f917ddb 100644 --- a/tests/scripts/components-psasim.sh +++ b/tests/scripts/components-psasim.sh @@ -78,7 +78,7 @@ component_test_suite_with_psasim() msg "build client library" helper_psasim_config client # PAKE functions are still unsupported from PSASIM - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED helper_psasim_build client From 07eb02889efd9d3d72ab1dad7f4dab0a96731c46 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 28 Aug 2025 11:54:46 +0100 Subject: [PATCH 0802/1080] Remove a redundant error test case and improve another Signed-off-by: Felix Conway --- tests/suites/test_suite_error.data | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data index e496841cf0..8565098286 100644 --- a/tests/suites/test_suite_error.data +++ b/tests/suites/test_suite_error.data @@ -3,12 +3,8 @@ depends_on:MBEDTLS_AES_C error_strerror:-0x0020:"AES - Invalid key length" Single high error -depends_on:MBEDTLS_RSA_C -error_strerror:-0x4200:"RSA - Key failed to pass the validity check of the library" - -Low and high error -depends_on:MBEDTLS_AES_C:MBEDTLS_RSA_C -error_strerror:-0x4220:"RSA - Key failed to pass the validity check of the library \: AES - Invalid key length" +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_X509_CRT_PARSE_C +error_strerror:-0x2280:"X509 - The serial tag or value is invalid" Non existing high error error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)" From a01ddf65b7f58dc145ac3be10d1eac7365a74b7a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 28 Aug 2025 14:18:43 +0100 Subject: [PATCH 0803/1080] Revert unification for some error codes Signed-off-by: Felix Conway --- ChangeLog.d/unify-errors.txt | 1 - include/mbedtls/pkcs7.h | 2 +- include/mbedtls/x509.h | 6 +-- include/mbedtls/x509_crt.h | 12 ++--- tests/ssl-opt.sh | 98 ++++++++++++++++++------------------ 5 files changed, 59 insertions(+), 60 deletions(-) diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt index 3dad7f3b67..0ed56ba305 100644 --- a/ChangeLog.d/unify-errors.txt +++ b/ChangeLog.d/unify-errors.txt @@ -4,5 +4,4 @@ API changes MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY MBEDTLS_ERR_xxx_VERIFY_FAILED -> PSA_ERROR_INVALID_SIGNATURE - MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index cf9e4407ce..957ca53d71 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -53,7 +53,7 @@ #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /**< Error parsing the signature */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ #define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /**< Input invalid. */ #define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /**< Allocation of memory failed. */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index a021a7d996..3cced52f47 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -58,7 +58,7 @@ /** The date tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 /** The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE +#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 /** The extension tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 /** CRT/CRL/CSR has an unsupported version number. */ @@ -68,11 +68,11 @@ /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED PSA_ERROR_INVALID_SIGNATURE +#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 /** Format not recognized as DER or PEM. */ #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /** Input invalid. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT +#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 /** Allocation of memory failed. */ #define MBEDTLS_ERR_X509_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Read/write of file failed. */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 6b81652bb0..61986483bb 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * other than fatal error, as a non-zero return code * immediately aborts the verification process. For fatal * errors, a specific error code should be used (different - * from #PSA_ERROR_INVALID_SIGNATURE which should not + * from #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR * can be used if no better code is available. * @@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #PSA_ERROR_INVALID_SIGNATURE in case the + * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #PSA_ERROR_INVALID_SIGNATURE in case the + * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, * that bit MAY be set. * * \return 0 is these uses of the certificate are allowed, - * #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension + * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension * is present but does not match the usage argument. * * \note You should only call this function on leaf certificates, on @@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). * * \return 0 if this use of the certificate is allowed, - * #PSA_ERROR_INVALID_ARGUMENT if not. + * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. * * \note Usually only makes sense on leaf certificates. */ @@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version) * input buffer * * \return 0 if successful, or - * #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer + * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) */ int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 35afb8fcf9..d0278b123c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5839,7 +5839,7 @@ run_test "Authentication: server badcert, client required" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA # We don't check that the server receives the alert because it might # detect that its write end of the connection is closed and abort @@ -5854,7 +5854,7 @@ run_test "Authentication: server badcert, client required (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA run_test "Authentication: server badcert, client optional" \ @@ -5866,7 +5866,7 @@ run_test "Authentication: server badcert, client optional" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server badcert, client optional (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5877,7 +5877,7 @@ run_test "Authentication: server badcert, client optional (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5888,7 +5888,7 @@ run_test "Authentication: server badcert, client none" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server badcert, client none (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5899,7 +5899,7 @@ run_test "Authentication: server badcert, client none (1.2)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ @@ -5930,7 +5930,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5942,7 +5942,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA (1. -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" run_test "Authentication: server goodcert, client none, no trusted CA" \ @@ -5953,7 +5953,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5965,7 +5965,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" # The next few tests check what happens if the server has a valid certificate @@ -5980,7 +5980,7 @@ run_test "Authentication: hostname match, client required" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname match, client required, CA callback" \ "$P_SRV" \ @@ -5992,7 +5992,7 @@ run_test "Authentication: hostname match, client required, CA callback" \ -c "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (wrong), client required" \ "$P_SRV" \ @@ -6001,7 +6001,7 @@ run_test "Authentication: hostname mismatch (wrong), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (empty), client required" \ "$P_SRV" \ @@ -6010,7 +6010,7 @@ run_test "Authentication: hostname mismatch (empty), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (truncated), client required" \ "$P_SRV" \ @@ -6019,7 +6019,7 @@ run_test "Authentication: hostname mismatch (truncated), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (last char), client required" \ "$P_SRV" \ @@ -6028,7 +6028,7 @@ run_test "Authentication: hostname mismatch (last char), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (trailing), client required" \ "$P_SRV" \ @@ -6037,7 +6037,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch, client optional" \ "$P_SRV" \ @@ -6045,7 +6045,7 @@ run_test "Authentication: hostname mismatch, client optional" \ 0 \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ @@ -6055,7 +6055,7 @@ run_test "Authentication: hostname mismatch, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client required" \ "$P_SRV" \ @@ -6066,7 +6066,7 @@ run_test "Authentication: hostname null, client required" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client optional" \ "$P_SRV" \ @@ -6076,7 +6076,7 @@ run_test "Authentication: hostname null, client optional" \ -C "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client none" \ "$P_SRV" \ @@ -6086,7 +6086,7 @@ run_test "Authentication: hostname null, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ @@ -6098,7 +6098,7 @@ run_test "Authentication: hostname unset, client required" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client required, CA callback" \ "$P_SRV" \ @@ -6111,7 +6111,7 @@ run_test "Authentication: hostname unset, client required, CA callback" \ -C "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ @@ -6121,7 +6121,7 @@ run_test "Authentication: hostname unset, client optional" \ -c "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ @@ -6131,7 +6131,7 @@ run_test "Authentication: hostname unset, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -6142,7 +6142,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.2 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ @@ -6154,7 +6154,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.3 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ @@ -6164,7 +6164,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ @@ -6175,7 +6175,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6252,7 +6252,7 @@ run_test "Authentication: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6270,7 +6270,7 @@ run_test "Authentication: client cert self-signed and trusted, server require -S "skip parse certificate verify" \ -S "x509_verify_cert() returned" \ -S "! The certificate is not correctly signed" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ @@ -6286,7 +6286,7 @@ run_test "Authentication: client cert not trusted, server required" \ -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6303,7 +6303,7 @@ run_test "Authentication: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" run_test "Authentication: client badcert, server none" \ "$P_SRV debug_level=3 auth_mode=none" \ @@ -6320,7 +6320,7 @@ run_test "Authentication: client badcert, server none" \ -S "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6336,7 +6336,7 @@ run_test "Authentication: client no cert, server optional" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" requires_openssl_tls1_3_with_compatible_ephemeral run_test "Authentication: openssl client no cert, server optional" \ @@ -6347,7 +6347,7 @@ run_test "Authentication: openssl client no cert, server optional" \ -s "skip parse certificate verify" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server optional" \ @@ -6483,7 +6483,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest" \ @@ -6530,7 +6530,7 @@ run_test "Authentication, CA callback: server badcert, client required" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6541,7 +6541,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication, CA callback: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6552,7 +6552,7 @@ run_test "Authentication, CA callback: server badcert, client none" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6619,7 +6619,7 @@ run_test "Authentication, CA callback: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6639,7 +6639,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ @@ -6657,7 +6657,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer @@ -9498,7 +9498,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9518,7 +9518,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9538,7 +9538,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9558,7 +9558,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9578,7 +9578,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE From 6361e54b221b7f8a065bd6a6bef502f5109a4851 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 28 Aug 2025 14:30:04 +0100 Subject: [PATCH 0804/1080] Add each whole unified error code to the migration guide Signed-off-by: Felix Conway --- docs/4.0-migration-guide/error-codes.md | 33 +++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 3bcdb8c580..ffb1e0e3bb 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,25 +18,20 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. -#### Specific error codes - -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | -| ------------------------------ | --------------------------- | +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +|-----------------------------------------| --------------------------- | | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | -| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` -| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | - -#### General Replacements - -The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code. - -| Legacy constant (Mbed TLS 3.6) | PSA constant (TF-PSA-Crypto 1.0) | -|---------------------------------| ---------------------------------------------- | -| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_xxx_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | -| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` | -| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`| +| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_PKCS7_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. From bc48725b64c6ebec8dbdf1b1c4142c824a37a607 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 13:37:03 +0200 Subject: [PATCH 0805/1080] Include fixups (headers moves to private directory) Signed-off-by: Anton Matkin --- include/mbedtls/debug.h | 2 +- include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 6 +-- include/mbedtls/ssl_ciphersuites.h | 2 +- include/mbedtls/x509.h | 2 +- include/mbedtls/x509_crt.h | 2 +- library/pkcs7.c | 2 +- library/ssl_misc.h | 10 ++-- library/ssl_msg.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crl.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_internal.h | 2 +- library/x509_oid.c | 2 +- library/x509write.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- programs/fuzz/fuzz_client.c | 4 +- programs/fuzz/fuzz_dtlsclient.c | 4 +- programs/fuzz/fuzz_dtlsserver.c | 4 +- programs/fuzz/fuzz_server.c | 4 +- programs/ssl/dtls_client.c | 4 +- programs/ssl/dtls_server.c | 4 +- programs/ssl/mini_client.c | 4 +- programs/ssl/ssl_client1.c | 4 +- programs/ssl/ssl_fork_server.c | 4 +- programs/ssl/ssl_mail_client.c | 4 +- programs/ssl/ssl_pthread_server.c | 4 +- programs/ssl/ssl_server.c | 4 +- programs/ssl/ssl_test_lib.h | 6 +-- programs/test/selftest.c | 46 +++++++++---------- programs/x509/cert_app.c | 4 +- programs/x509/cert_req.c | 4 +- programs/x509/cert_write.c | 6 +-- .../psasim/src/aut_psa_random.c | 2 +- tests/suites/test_suite_pkcs7.function | 6 +-- tests/suites/test_suite_x509parse.function | 4 +- tests/suites/test_suite_x509write.function | 6 +-- tf-psa-crypto | 2 +- 45 files changed, 96 insertions(+), 96 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index b6d4e27052..c293e87315 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -15,7 +15,7 @@ #include "mbedtls/ssl.h" #if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" +#include "mbedtls/private/ecp.h" #endif #if defined(MBEDTLS_DEBUG_C) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 7abb00fd03..ee3d093c93 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -11,7 +11,7 @@ #define MBEDTLS_ERROR_H #include "mbedtls/build_info.h" -#include "mbedtls/error_common.h" +#include "mbedtls/private/error_common.h" #include diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 628d5c7e71..36132c34e3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -14,8 +14,8 @@ #include "mbedtls/build_info.h" -#include "mbedtls/bignum.h" -#include "mbedtls/ecp.h" +#include "mbedtls/private/bignum.h" +#include "mbedtls/private/ecp.h" #include "mbedtls/ssl_ciphersuites.h" @@ -27,7 +27,7 @@ #include "mbedtls/md.h" #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) -#include "mbedtls/ecdh.h" +#include "mbedtls/private/ecdh.h" #endif #if defined(MBEDTLS_HAVE_TIME) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index b03123107c..c97f6abeee 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -14,7 +14,7 @@ #include "mbedtls/build_info.h" #include "mbedtls/pk.h" -#include "mbedtls/cipher.h" +#include "mbedtls/private/cipher.h" #include "mbedtls/md.h" #ifdef __cplusplus diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b1a80e3011..f0742a8a87 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -17,7 +17,7 @@ #include "mbedtls/pk.h" #if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #endif /** diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bbe5fc45cf..a7bf0291aa 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -15,7 +15,7 @@ #include "mbedtls/x509.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" /** * \addtogroup x509_module diff --git a/library/pkcs7.c b/library/pkcs7.c index 3481cbdb1b..57b4e96bdf 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 981ac0ecf1..ed3c4a776f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -19,26 +19,26 @@ #include "mbedtls/debug.h" #include "debug_internal.h" -#include "mbedtls/cipher.h" +#include "mbedtls/private/cipher.h" #include "psa/crypto.h" #include "psa_util_internal.h" extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #if defined(PSA_WANT_ALG_MD5) -#include "mbedtls/md5.h" +#include "mbedtls/private/md5.h" #endif #if defined(PSA_WANT_ALG_SHA_1) -#include "mbedtls/sha1.h" +#include "mbedtls/private/sha1.h" #endif #if defined(PSA_WANT_ALG_SHA_256) -#include "mbedtls/sha256.h" +#include "mbedtls/private/sha256.h" #endif #if defined(PSA_WANT_ALG_SHA_512) -#include "mbedtls/sha512.h" +#include "mbedtls/private/sha512.h" #endif #include "mbedtls/pk.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 731cbc8ece..fd7e16cb97 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -30,7 +30,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #endif /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9144f9222b..c575a428e8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -34,7 +34,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #endif /* Define local translating functions to save code size by not using too many diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b2b5e33c0b..181c6de3a0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -34,7 +34,7 @@ static int local_err_translation(psa_status_t status) #endif #if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" +#include "mbedtls/private/ecp.h" #endif #if defined(MBEDTLS_HAVE_TIME) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e88c00a564..756d5290b4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "debug_internal.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc50bee868..2a4744572b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/psa_util.h" #include "ssl_tls13_keys.h" diff --git a/library/x509.c b/library/x509.c index 1adff8fafc..9d7b4b7e23 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 370eb9b2e1..341d74189e 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crl.c b/library/x509_crl.c index 0b98ba4664..e8aca5bb80 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index e6b9252859..df1dbf6179 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index 32a3bb2e78..e78b5d7e60 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index b44b957f9b..5505b9778c 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -19,7 +19,7 @@ #include "pk_internal.h" #if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #endif int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, diff --git a/library/x509_oid.c b/library/x509_oid.c index cc0063bcd3..8963529853 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -14,7 +14,7 @@ * disabled. */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509write.c b/library/x509write.c index 0906a5a9d1..1d4d556291 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -11,7 +11,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 663b308d62..ccf5a92281 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8e37278f95..88e5e5ae81 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 0878480ea7..70eb656487 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,8 +1,8 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "fuzz_common.h" #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index ca7626d5ba..c83f314138 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -6,8 +6,8 @@ #include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "test/certs.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 4f159fbefe..dd2a8b644b 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -7,8 +7,8 @@ #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "mbedtls/ssl_cookie.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 3a5e502fe5..3b1054e16a 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,8 +1,8 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" #include "fuzz_common.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 26eb20d49f..bb1d5af2e3 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,8 +31,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "mbedtls/timing.h" #include "test/certs.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 0e155fd0d2..479b5430f9 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -45,8 +45,8 @@ int main(void) #include #include -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_cookie.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index e3adb3cf8a..96d41b35ba 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -43,8 +43,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include #include diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index dba8aab658..c56ff0702f 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -27,8 +27,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/certs.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index f8752bb604..ff1c877ee2 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -31,8 +31,8 @@ int main(void) } #else -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 521bc5418a..0c2822cb30 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -38,8 +38,8 @@ int main(void) #include "mbedtls/error.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 5701a7b838..867926d98c 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -38,8 +38,8 @@ int main(void) #include #endif -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 2f26ca4801..fd9da18490 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -31,8 +31,8 @@ int main(void) #include #endif -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 20dbe61dfe..1dda8d62ac 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -43,9 +43,9 @@ #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" +#include "mbedtls/private/hmac_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 372a84dc79..2c2b48ed82 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -9,31 +9,31 @@ #include "mbedtls/build_info.h" -#include "mbedtls/entropy.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/cmac.h" -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" -#include "mbedtls/aes.h" -#include "mbedtls/camellia.h" -#include "mbedtls/aria.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/chachapoly.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/hmac_drbg.h" +#include "mbedtls/private/ctr_drbg.h" +#include "mbedtls/private/gcm.h" +#include "mbedtls/private/ccm.h" +#include "mbedtls/private/cmac.h" +#include "mbedtls/private/md5.h" +#include "mbedtls/private/ripemd160.h" +#include "mbedtls/private/sha1.h" +#include "mbedtls/private/sha256.h" +#include "mbedtls/private/sha512.h" +#include "mbedtls/private/sha3.h" +#include "mbedtls/private/aes.h" +#include "mbedtls/private/camellia.h" +#include "mbedtls/private/aria.h" +#include "mbedtls/private/chacha20.h" +#include "mbedtls/private/poly1305.h" +#include "mbedtls/private/chachapoly.h" #include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/bignum.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/x509.h" -#include "mbedtls/pkcs5.h" -#include "mbedtls/ecp.h" -#include "mbedtls/ecjpake.h" +#include "mbedtls/private/pkcs5.h" +#include "mbedtls/private/ecp.h" +#include "mbedtls/private/ecjpake.h" #include "mbedtls/timing.h" #include "mbedtls/nist_kw.h" #include "mbedtls/debug.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index c747505519..2f31a8e3ae 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -27,8 +27,8 @@ int main(void) } #else -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 02fd567841..c20f08d569 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -29,8 +29,8 @@ int main(void) #else #include "mbedtls/x509_csr.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index fb55c3f291..be3223088e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -30,9 +30,9 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/oid.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/oid.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/helpers.h" diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c index 5880c4deb9..203f4d44ba 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_random.c +++ b/tests/psa-client-server/psasim/src/aut_psa_random.c @@ -10,7 +10,7 @@ #include #include -#include "mbedtls/entropy.h" +#include "mbedtls/private/entropy.h" #define BUFFER_SIZE 100 diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 0c4a00b9e3..335bec5a88 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -1,14 +1,14 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/pkcs7.h" #include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "x509_internal.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "sys/types.h" #include "sys/stat.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/error.h" /* END_HEADER */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 079dca48c9..4ce66e9074 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1,12 +1,12 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 000c09a950..0c0e7993e2 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -1,12 +1,12 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" diff --git a/tf-psa-crypto b/tf-psa-crypto index 3fd4e754b2..20524a8972 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961 +Subproject commit 20524a89722972a7dbf06a32ab7bb225053713f6 From 5fe229da406288db00f566ab42721311b8997222 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 15:06:22 +0200 Subject: [PATCH 0806/1080] Update framework submodule git link: Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 3f2ef1ecf6..f6e287cd79 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 3f2ef1ecf6d70b1e6bb7ad587f9a5bd6eaf65a2a +Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e From 7a65ce6737ff83b1f22081ecfdddb0510c8739ef Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 23:23:36 +0200 Subject: [PATCH 0807/1080] Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include Signed-off-by: Anton Matkin --- library/pkcs7.c | 2 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crl.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_oid.c | 2 +- library/x509write.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- programs/x509/cert_write.c | 2 +- tests/suites/test_suite_pkcs7.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 57b4e96bdf..3481cbdb1b 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fd7e16cb97..731cbc8ece 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -30,7 +30,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #endif /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c575a428e8..9144f9222b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -34,7 +34,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #endif /* Define local translating functions to save code size by not using too many diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 756d5290b4..e88c00a564 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "debug_internal.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2a4744572b..dc50bee868 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/psa_util.h" #include "ssl_tls13_keys.h" diff --git a/library/x509.c b/library/x509.c index 9d7b4b7e23..1adff8fafc 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 341d74189e..370eb9b2e1 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crl.c b/library/x509_crl.c index e8aca5bb80..0b98ba4664 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index df1dbf6179..e6b9252859 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index e78b5d7e60..32a3bb2e78 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_oid.c b/library/x509_oid.c index 8963529853..cc0063bcd3 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -14,7 +14,7 @@ * disabled. */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509write.c b/library/x509write.c index 1d4d556291..0906a5a9d1 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -11,7 +11,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ccf5a92281..663b308d62 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 88e5e5ae81..8e37278f95 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index be3223088e..2ed63f08de 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -30,7 +30,7 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/private/entropy.h" #include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 335bec5a88..91e0e46ae3 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -5,7 +5,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "x509_internal.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "sys/types.h" #include "sys/stat.h" #include "mbedtls/private/rsa.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4ce66e9074..f813cc1ac3 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -6,7 +6,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 0c0e7993e2..40677f2338 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -4,7 +4,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/private/rsa.h" #include "mbedtls/asn1.h" From 4e091786cab3fda62331e8597a69bad29c19c751 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 4 Jul 2025 15:07:15 +0200 Subject: [PATCH 0808/1080] Moved the MbedTLS config adjust headers to a private subdirectory Signed-off-by: Anton Matkin --- include/mbedtls/build_info.h | 4 ++-- include/mbedtls/{ => private}/config_adjust_ssl.h | 2 +- include/mbedtls/{ => private}/config_adjust_x509.h | 2 +- tests/scripts/libtestdriver1_rewrite.pl | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) rename include/mbedtls/{ => private}/config_adjust_ssl.h (98%) rename include/mbedtls/{ => private}/config_adjust_x509.h (96%) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index c6e89db677..b46db36d1f 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -74,9 +74,9 @@ */ #define MBEDTLS_CONFIG_FILES_READ -#include "mbedtls/config_adjust_x509.h" +#include "mbedtls/private/config_adjust_x509.h" -#include "mbedtls/config_adjust_ssl.h" +#include "mbedtls/private/config_adjust_ssl.h" /* Indicate that all configuration symbols are set, * even the ones that are calculated programmatically. diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h similarity index 98% rename from include/mbedtls/config_adjust_ssl.h rename to include/mbedtls/private/config_adjust_ssl.h index 36641e18b6..4e006f86da 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -1,5 +1,5 @@ /** - * \file mbedtls/config_adjust_ssl.h + * \file mbedtls/private/config_adjust_ssl.h * \brief Adjust TLS configuration * * This is an internal header. Do not include it directly. diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/private/config_adjust_x509.h similarity index 96% rename from include/mbedtls/config_adjust_x509.h rename to include/mbedtls/private/config_adjust_x509.h index cfb2d88916..4af976666b 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/private/config_adjust_x509.h @@ -1,5 +1,5 @@ /** - * \file mbedtls/config_adjust_x509.h + * \file mbedtls/private/config_adjust_x509.h * \brief Adjust X.509 configuration * * This is an internal header. Do not include it directly. diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl index f96ff5e05c..36143b0caf 100755 --- a/tests/scripts/libtestdriver1_rewrite.pl +++ b/tests/scripts/libtestdriver1_rewrite.pl @@ -22,8 +22,8 @@ while (<>) { s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_x509.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_ssl.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!${1}libtestdriver1/include/mbedtls/check_config.h!; # Files in include/mbedtls and drivers/builtin/include/mbedtls are both # included in files via #include mbedtls/.h, so when expanding to the From 34b3bb3a3ff1bfa38db3354c80647d6d3bfffc7f Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 07:18:06 +0200 Subject: [PATCH 0809/1080] Updated the framework pointer Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index f6e287cd79..a85d4bfa3b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e +Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439 From bb7b2b765fb4178e756b5087bc4195b07f43dd11 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 08:04:35 +0200 Subject: [PATCH 0810/1080] Fixed the mbedtls installation cmake: now private headers, which are used in the installation, are included in it too Signed-off-by: Anton Matkin --- include/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 755efedd1c..9ea17af8b8 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -7,6 +7,12 @@ if(INSTALL_MBEDTLS_HEADERS) install(FILES ${headers} DESTINATION include/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + + file(GLOB private_headers "mbedtls/private/*.h") + + install(FILES ${private_headers} + DESTINATION include/mbedtls/private + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endif(INSTALL_MBEDTLS_HEADERS) # Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it. From 55862e126fc724bf147840ba086dc9b17dae8704 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 09:39:34 +0200 Subject: [PATCH 0811/1080] Updated the framework pointer Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index a85d4bfa3b..6cb0bcb7d8 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439 +Subproject commit 6cb0bcb7d8dad05e29f611117b69accc4626a62f From 0f7cf1942b8da5a437b25a8b136cb9abb3883da7 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Fri, 29 Aug 2025 09:41:59 +0100 Subject: [PATCH 0812/1080] Small documentation fixes Signed-off-by: Felix Conway --- ChangeLog.d/unify-errors.txt | 2 +- docs/4.0-migration-guide/error-codes.md | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt index 0ed56ba305..f229f1bc4d 100644 --- a/ChangeLog.d/unify-errors.txt +++ b/ChangeLog.d/unify-errors.txt @@ -3,5 +3,5 @@ API changes xxx is a module, e.g. X509 or SSL. MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY - MBEDTLS_ERR_xxx_VERIFY_FAILED -> PSA_ERROR_INVALID_SIGNATURE MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL + MBEDTLS_ERR_PKCS7_VERIFY_FAIL -> PSA_ERROR_INVALID_SIGNATURE diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index ffb1e0e3bb..a2744679e0 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,20 +18,20 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | -|-----------------------------------------| --------------------------- | +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +|-----------------------------------------|---------------------------------| | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | -| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | -| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`| -| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | | `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL` | `PSA_ERROR_INVALID_SIGNATURE` | | `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | | `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_PKCS7_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. From 8e4d8c92277aab24568da37a816badf5ddaaf2b0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 13:38:30 +0100 Subject: [PATCH 0813/1080] Update ssl_tls.c to use psa_pake_get_shared_key Signed-off-by: Anton Matkin --- library/ssl_tls.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9144f9222b..b75c6d4c11 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6385,13 +6385,29 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx, - &derivation); + mbedtls_svc_key_id_t shared_key_id = MBEDTLS_SVC_KEY_ID_INIT; + + psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&shared_key_attributes, alg); + psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD); + + status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id); + + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } + + status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id); + if (status != PSA_SUCCESS) { psa_key_derivation_abort(&derivation); return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } + psa_destroy_key(shared_key_id); + status = psa_key_derivation_output_bytes(&derivation, handshake->premaster, handshake->pmslen); From ce42312229a05d7f925d4f0a31a0bcaaee8fcfee Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 13:39:16 +0100 Subject: [PATCH 0814/1080] Finished updating the tests Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 20524a8972..59cba29b14 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 20524a89722972a7dbf06a32ab7bb225053713f6 +Subproject commit 59cba29b14bbfd76e7ae8618b3cc1c96e542b3b7 From 5663c2379997cc4bc72d291d955af54951b12093 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 15:01:48 +0100 Subject: [PATCH 0815/1080] Create a changelog entry Signed-off-by: Anton Matkin --- ChangeLog.d/9322.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/9322.txt diff --git a/ChangeLog.d/9322.txt b/ChangeLog.d/9322.txt new file mode 100644 index 0000000000..582e47f66b --- /dev/null +++ b/ChangeLog.d/9322.txt @@ -0,0 +1,3 @@ +Changes + * Use the new `psa_pake_get_shared_key()` function implemented in + tf-psa-crypto instead of the removed `psa_pake_get_implicit_key()` From 8135b84ed2f5a2c2ab032098b0816f1bf1e4f405 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 3 Apr 2025 16:36:24 +0200 Subject: [PATCH 0816/1080] Fixed incorrect usage of key derivation procedures Signed-off-by: Anton Matkin --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b75c6d4c11..12af239374 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6390,7 +6390,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&shared_key_attributes, alg); - psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD); + psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE); status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id); @@ -6401,13 +6401,13 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id); + psa_destroy_key(shared_key_id); + if (status != PSA_SUCCESS) { psa_key_derivation_abort(&derivation); return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - psa_destroy_key(shared_key_id); - status = psa_key_derivation_output_bytes(&derivation, handshake->premaster, handshake->pmslen); From 92129adcf2e5cc3f656412a0aa9a454761c1a7c0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 7 Apr 2025 16:10:42 +0200 Subject: [PATCH 0817/1080] Removed the whitespace which is causing CI to fail Signed-off-by: Anton Matkin --- library/ssl_tls.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 12af239374..78bcb92f4c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6392,14 +6392,18 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, psa_set_key_algorithm(&shared_key_attributes, alg); psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE); - status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id); + status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, + &shared_key_attributes, + &shared_key_id); if (status != PSA_SUCCESS) { psa_key_derivation_abort(&derivation); return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id); + status = psa_key_derivation_input_key(&derivation, + PSA_KEY_DERIVATION_INPUT_SECRET, + shared_key_id); psa_destroy_key(shared_key_id); From ab4716619aa31b67be0cd84bdf33dd04e947c7ea Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 28 Aug 2025 04:21:29 +0200 Subject: [PATCH 0818/1080] Removed the unnecessary changelog entry Signed-off-by: Anton Matkin --- ChangeLog.d/9322.txt | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 ChangeLog.d/9322.txt diff --git a/ChangeLog.d/9322.txt b/ChangeLog.d/9322.txt deleted file mode 100644 index 582e47f66b..0000000000 --- a/ChangeLog.d/9322.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Use the new `psa_pake_get_shared_key()` function implemented in - tf-psa-crypto instead of the removed `psa_pake_get_implicit_key()` From 68f658c95ed1de59c94c0ba84e1b6d5ec8fe6f71 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 16:07:44 +0200 Subject: [PATCH 0819/1080] Updated tf-psa-crypto pointer Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 59cba29b14..197f8859a7 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 59cba29b14bbfd76e7ae8618b3cc1c96e542b3b7 +Subproject commit 197f8859a7111deb66578e401c320d08bf534e62 From f19a900ed5099c8f65cdb40c8dc51b554b1479f0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 8 Aug 2025 08:53:31 +0100 Subject: [PATCH 0820/1080] Temporarily include private symbols in sample programs Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 3 +++ programs/ssl/ssl_test_lib.h | 3 +++ 2 files changed, 6 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 40304dd381..b31dc92694 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -6,6 +6,9 @@ */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include "mbedtls/private/pk_private.h" #include "ssl_test_lib.h" diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 1dda8d62ac..5cfa7d2327 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -7,6 +7,9 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include "mbedtls/private/pk_private.h" #include "mbedtls/build_info.h" From 69aa8d08e0158a84c498eddb817339b11d559b50 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 09:42:50 +0100 Subject: [PATCH 0821/1080] Remove MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS from ssl_clinet.c as it it not required Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b31dc92694..b099fded5a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -6,7 +6,6 @@ */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/private/pk_private.h" From a8a9beccc25e6394e8150c96b08850d10e780415 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 09:48:06 +0100 Subject: [PATCH 0822/1080] Remove MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS from ssl_test_lib.h as it is not required Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.h | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 5cfa7d2327..6602b1ae21 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -7,7 +7,6 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/private/pk_private.h" From dfdac46163b222817f3cdfef496606efa58bf65d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 1 Sep 2025 14:32:39 +0100 Subject: [PATCH 0823/1080] Update header guard use in p256m test Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 17c235bb17..00a13b29af 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () { # Disable P256M driver, which is on by default, so that analyze_outcomes # can compare this test with test_tfm_config_p256m_driver_accel_ec - sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" + sed -i '/PSA_CRYPTO_CONFIGS_EXT_CRYPTO_CONFIG_PROFILE_MEDIUM_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" msg "build: TF-M config without p256m" make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests From ecde0aaa41b2ac20867c2fbea709ea3a089b03e0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 11:12:39 +0100 Subject: [PATCH 0824/1080] replace undef with deletion in p256m test Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 00a13b29af..0df6455cec 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () { # Disable P256M driver, which is on by default, so that analyze_outcomes # can compare this test with test_tfm_config_p256m_driver_accel_ec - sed -i '/PSA_CRYPTO_CONFIGS_EXT_CRYPTO_CONFIG_PROFILE_MEDIUM_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" + sed -i '/MBEDTLS_PSA_P256M_DRIVER_ENABLED/d' "$CRYPTO_CONFIG_H" msg "build: TF-M config without p256m" make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests From a2aa7daacae757dac9cc02fa1250778b92f79ffe Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 11:22:52 +0100 Subject: [PATCH 0825/1080] Change unset of MBEDTLS config to more standard method Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0df6455cec..e5d8905fa1 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () { # Disable P256M driver, which is on by default, so that analyze_outcomes # can compare this test with test_tfm_config_p256m_driver_accel_ec - sed -i '/MBEDTLS_PSA_P256M_DRIVER_ENABLED/d' "$CRYPTO_CONFIG_H" + scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_PSA_P256M_DRIVER_ENABLED msg "build: TF-M config without p256m" make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests From 6c30c0040e6d884ac0afaf42f29a887f51c09bf2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 5 Sep 2025 09:34:15 +0100 Subject: [PATCH 0826/1080] Upgrade packages in requirements.txt Signed-off-by: David Horstmann --- docs/requirements.txt | 75 +++++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 2287b2a72b..38499f768c 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,84 +1,83 @@ # -# This file is autogenerated by pip-compile with Python 3.8 +# This file is autogenerated by pip-compile with Python 3.9 # by the following command: # -# pip-compile requirements.in +# pip-compile docs/requirements.in # -alabaster==0.7.13 +alabaster==0.7.16 # via sphinx -babel==2.15.0 +babel==2.17.0 # via sphinx -breathe==4.35.0 - # via -r requirements.in -certifi==2024.7.4 +breathe==4.36.0 + # via -r docs/requirements.in +certifi==2025.8.3 # via requests -charset-normalizer==3.3.2 +charset-normalizer==3.4.3 # via requests -click==8.1.7 +click==8.1.8 # via readthedocs-cli -docutils==0.20.1 +docutils==0.21.2 # via - # breathe # sphinx # sphinx-rtd-theme -idna==3.7 +idna==3.10 # via requests imagesize==1.4.1 # via sphinx -importlib-metadata==8.0.0 +importlib-metadata==8.7.0 # via sphinx -jinja2==3.1.4 +jinja2==3.1.6 # via sphinx markdown-it-py==3.0.0 # via rich -markupsafe==2.1.5 +markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -packaging==24.1 +packaging==25.0 # via sphinx -pygments==2.18.0 +pygments==2.19.2 # via # rich # sphinx -pytz==2024.1 - # via babel -pyyaml==6.0.1 +pyyaml==6.0.2 # via readthedocs-cli -readthedocs-cli==4 - # via -r requirements.in -requests==2.32.3 +readthedocs-cli==5 + # via -r docs/requirements.in +requests==2.32.5 # via # readthedocs-cli # sphinx -rich==13.7.1 +rich==14.1.0 # via readthedocs-cli -snowballstemmer==2.2.0 +snowballstemmer==3.0.1 # via sphinx -sphinx==7.1.2 +sphinx==7.4.7 # via # breathe # sphinx-rtd-theme # sphinxcontrib-jquery -sphinx-rtd-theme==2.0.0 - # via -r requirements.in -sphinxcontrib-applehelp==1.0.4 +sphinx-rtd-theme==3.0.2 + # via -r docs/requirements.in +sphinxcontrib-applehelp==2.0.0 # via sphinx -sphinxcontrib-devhelp==1.0.2 +sphinxcontrib-devhelp==2.0.0 # via sphinx -sphinxcontrib-htmlhelp==2.0.1 +sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jquery==4.1 # via sphinx-rtd-theme sphinxcontrib-jsmath==1.0.1 # via sphinx -sphinxcontrib-qthelp==1.0.3 +sphinxcontrib-qthelp==2.0.0 # via sphinx -sphinxcontrib-serializinghtml==1.1.5 +sphinxcontrib-serializinghtml==2.0.0 # via sphinx -typing-extensions==4.12.2 - # via rich -urllib3==2.2.2 - # via requests -zipp==3.19.2 +tomli==2.2.1 + # via sphinx +urllib3==2.5.0 + # via + # readthedocs-cli + # requests +zipp==3.23.0 # via importlib-metadata From f0b8364cff2d4a30d2064641b31bf9ae554f09f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 6 Sep 2025 16:25:30 +0200 Subject: [PATCH 0827/1080] Allow metatest.c to use crypto internal headers Signed-off-by: Gilles Peskine --- programs/Makefile | 2 +- programs/test/CMakeLists.txt | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/programs/Makefile b/programs/Makefile index f99021aa69..6c9d4d7342 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -233,7 +233,7 @@ endif test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) echo " CC $(FRAMEWORK)/tests/programs/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/include -I../tf-psa-crypto/drivers/builtin/src $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC test/query_config.c" diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index ca6e8b2070..8a5d6ba822 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -102,6 +102,10 @@ foreach(exe IN LISTS executables) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) endforeach() +target_include_directories(metatest + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src) + install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From a450affbcaca5480fa97b6aca36e1e7b9e06e3d2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 24 Jul 2025 21:59:52 +0200 Subject: [PATCH 0828/1080] Fix MBEDTLS_SSL_TLS1_2_SOME_ECC definition Signed-off-by: Ronald Cron --- include/mbedtls/private/config_adjust_ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h index 4e006f86da..040216a04e 100644 --- a/include/mbedtls/private/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -78,7 +78,7 @@ #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ + (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_ECDSA) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) #define MBEDTLS_SSL_TLS1_2_SOME_ECC #endif From 5df9d9d53e13fbec12ef47cb43104bd8b5f62f72 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Aug 2025 15:04:22 +0200 Subject: [PATCH 0829/1080] ssl-opt.sh: Fix dependency on ECDSA Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 140409c9cc..a90d5afa9f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2373,7 +2373,7 @@ run_test "Opaque key for server authentication: ECDH-" \ -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled PSA_WANT_ALG_ECDSA requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 From 1ce0ad089dc7f8fdc3e30ebc7ffe1cbae3b8443c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Sep 2025 10:07:38 +0200 Subject: [PATCH 0830/1080] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 197f8859a7..06bae1e110 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 197f8859a7111deb66578e401c320d08bf534e62 +Subproject commit 06bae1e110ce71b44c3f4d17974d24feea4d2a92 From 82bf414d25c1d70f6f6fb34b481de03a52e23a50 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Sep 2025 10:54:37 +0200 Subject: [PATCH 0831/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 6cb0bcb7d8..d0d817541a 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 6cb0bcb7d8dad05e29f611117b69accc4626a62f +Subproject commit d0d817541ae3f449b8cd51afc165668179659699 From efcec8cecd5afabdfd43d930cccf6c22a6438407 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 17:22:35 +0200 Subject: [PATCH 0832/1080] Cleanup following the removal of MBEDTLS_ENTROPY_C option Signed-off-by: Ronald Cron --- configs/crypto-config-ccm-psk-tls1_2.h | 1 - configs/crypto-config-suite-b.h | 1 - configs/crypto-config-thread.h | 1 - tests/scripts/components-configuration-crypto.sh | 2 -- tests/scripts/depends.py | 4 ++-- 5 files changed, 2 insertions(+), 7 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index 163520ed34..c2dabc28e8 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -30,7 +30,6 @@ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 0437bda3ce..4bae5a45c6 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -48,7 +48,6 @@ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 5475a0af20..1b2621cf58 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -55,7 +55,6 @@ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #define MBEDTLS_PK_C diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6ed656bff9..d5efbffde8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -236,7 +236,6 @@ component_test_psa_external_rng_no_drbg_use_psa () { msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_CTR_DRBG_C @@ -2091,7 +2090,6 @@ END #define PSA_WANT_ALG_SHA3_512 1 #define PSA_WANT_KEY_TYPE_AES 1 #define MBEDTLS_CTR_DRBG_C - #define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_SELF_TEST END diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index ae88abf1e2..cd91b78479 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -515,10 +515,10 @@ def __init__(self, options, conf): 'curves': ExclusiveDomain(curve_symbols, build_and_test), # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, SHA3*, - # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used + # SHA224 and SHA384 because the built-in entropy module is extensively used # across various modules, but it depends on either SHA256 or SHA512. # As a consequence an "exclusive" test of anything other than SHA256 - # or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible. + # or SHA512 with the built-in entropy module enabled is not possible. 'hashes': DualDomain(hash_symbols, build_and_test, exclude=r'PSA_WANT_ALG_(?!SHA_(256|512))'), From 3b30643143553d7e02cca6655fb9487c5b587e4f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 18:30:08 +0200 Subject: [PATCH 0833/1080] Adapt configurations to stricter compile-time checks Adapt configurations to stricter compile-time checks for entropy enablement and MBEDTLS_ENTROPY_NV_SEED option. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index d5efbffde8..be2b040c29 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -251,16 +251,18 @@ component_test_psa_external_rng_no_drbg_use_psa () { } component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_CTR_DRBG_C + scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" make test - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" tests/ssl-opt.sh -f 'Default\|opaque' } @@ -2089,8 +2091,9 @@ END #define PSA_WANT_ALG_SHA3_384 1 #define PSA_WANT_ALG_SHA3_512 1 #define PSA_WANT_KEY_TYPE_AES 1 - #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_PSA_CRYPTO_C + #define MBEDTLS_CTR_DRBG_C + #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY #define MBEDTLS_SELF_TEST END From eb16a9d9ea780bccf86ec6e769894034c40e99b4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Sep 2025 09:57:29 +0200 Subject: [PATCH 0834/1080] Prepare for the removal of MBEDTLS_PLATFORM_GET_ENTROPY_ALT We cannot remove it completely yet. It must remain in config.py so that it is not included in the full configuration. A temporary exception is required for it in analyze_outcomes.py. Signed-off-by: Ronald Cron --- programs/test/selftest.c | 4 ++-- scripts/config.py | 4 +++- scripts/footprint.sh | 3 ++- tests/scripts/analyze_outcomes.py | 2 ++ tests/scripts/components-configuration-platform.sh | 12 +++++++----- tests/scripts/components-configuration.sh | 3 ++- 6 files changed, 18 insertions(+), 10 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 2c2b48ed82..0e906ab4a3 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -210,7 +210,7 @@ static int run_test_snprintf(void) * back. */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) static void dummy_entropy(unsigned char *output, size_t output_size) { srand(1); @@ -239,7 +239,7 @@ static void create_entropy_seed_file(void) static int mbedtls_entropy_self_test_wrapper(int verbose) { -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) create_entropy_seed_file(); #endif return mbedtls_entropy_self_test(verbose); diff --git a/scripts/config.py b/scripts/config.py index 20555db846..8493ee655f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -180,8 +180,10 @@ def baremetal_adapter(name, value, active): """Config adapter for "baremetal".""" if not is_boolean_setting(name, value): return active - if name == 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT': + if name == 'MBEDTLS_PSA_BUILTIN_GET_ENTROPY': # No OS-provided entropy source + return False + if name == 'MBEDTLS_PSA_DRIVER_GET_ENTROPY': return True return include_in_full(name) and keep_in_baremetal(name) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index e45a9265ac..e7078cff16 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -64,7 +64,8 @@ doit() scripts/config.py unset MBEDTLS_NET_C || true scripts/config.py unset MBEDTLS_TIMING_C || true scripts/config.py unset MBEDTLS_FS_IO || true - scripts/config.py --force set MBEDTLS_PLATFORM_GET_ENTROPY_ALT || true + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY || true + scripts/config.py --force set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true } >/dev/null 2>&1 make clean >/dev/null diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d1bb553c67..a6f03a83c9 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -128,6 +128,8 @@ def _has_word_re(words: typing.Iterable[str], # PSA entropy drivers. # https://github.com/Mbed-TLS/mbedtls/issues/8150 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', + # Obsolete config option that we are about to remove + 'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index ade207a650..b408bec618 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -20,17 +20,18 @@ component_build_no_std_function () { make } -component_test_platform_get_entropy_alt() +component_test_psa_driver_get_entropy() { - msg "build: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + msg "build: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" # Use hardware polling as the only source for entropy - scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY make # Run all the tests - msg "test: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + msg "test: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" make test } @@ -40,7 +41,8 @@ component_build_no_sockets () { msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. - scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # prevent syscall() on GNU/Linux + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY # prevent syscall() on GNU/Linux + scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib } diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 5fd9ede124..a35704f299 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -284,7 +284,8 @@ component_test_no_platform () { # Use the test alternative implementation of mbedtls_platform_get_entropy() # which is provided in "framework/tests/src/fake_external_rng_for_test.c" # since the default one is excluded in this scenario. - scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY + scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs From ab7610c318a2d81f65daaa441461ea8b9b85fcba Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Sep 2025 10:02:03 +0200 Subject: [PATCH 0835/1080] Cleanup following the removal of entropy options Cleanup following the removal in TF-PSA-Crypto of: - MBEDTLS_NO_PLATFORM_ENTROPY - MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - MBEDTLS_ENTROPY_HARDWARE_ALT - MBEDTLS_ENTROPY_MIN_HARDWARE Only MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES was still present in Mbed TLS. Signed-off-by: Ronald Cron --- scripts/config.py | 1 - tests/scripts/analyze_outcomes.py | 4 ---- 2 files changed, 5 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 8493ee655f..e60d1606f1 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -85,7 +85,6 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum - 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PSA_DRIVER_GET_ENTROPY', # incompatible with MBEDTLS_PSA_BUILTIN_GET_ENTROPY 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index a6f03a83c9..8660e68942 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -124,10 +124,6 @@ def _has_word_re(words: typing.Iterable[str], # Untested platform-specific optimizations. # https://github.com/Mbed-TLS/mbedtls/issues/9588 'Config: MBEDTLS_HAVE_SSE2', - # Obsolete configuration options, to be replaced by - # PSA entropy drivers. - # https://github.com/Mbed-TLS/mbedtls/issues/8150 - 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # Obsolete config option that we are about to remove 'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT', # Untested aspect of the platform interface. From b01be14907e669bcf9676e86a5cf73352209a96a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Sep 2025 12:01:52 +0200 Subject: [PATCH 0836/1080] Fix footprint.sh Signed-off-by: Ronald Cron --- scripts/footprint.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index e7078cff16..c228a26c04 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -19,6 +19,7 @@ set -eu CONFIG_H='include/mbedtls/mbedtls_config.h' +CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h' if [ -r $CONFIG_H ]; then :; else echo "$CONFIG_H not found" >&2 @@ -27,6 +28,13 @@ if [ -r $CONFIG_H ]; then :; else exit 1 fi +if [ -r $CRYPTO_CONFIG_H ]; then :; else + echo "$CRYPTO_CONFIG_H not found" >&2 + echo "This script needs to be run from the root of" >&2 + echo "a git checkout or uncompressed tarball" >&2 + exit 1 +fi + if grep -i cmake Makefile >/dev/null; then echo "Not compatible with CMake" >&2 exit 1 @@ -56,16 +64,25 @@ doit() log "$NAME ($FILE):" cp $CONFIG_H ${CONFIG_H}.bak + cp $CRYPTO_CONFIG_H ${CRYPTO_CONFIG_H}.bak if [ "$FILE" != $CONFIG_H ]; then + CRYPTO_FILE="${FILE%/*}/crypto-${FILE##*/}" cp "$FILE" $CONFIG_H + cp "$CRYPTO_FILE" $CRYPTO_CONFIG_H fi { + scripts/config.py unset MBEDTLS_HAVE_TIME || true + scripts/config.py unset MBEDTLS_HAVE_TIME_DATE || true scripts/config.py unset MBEDTLS_NET_C || true scripts/config.py unset MBEDTLS_TIMING_C || true scripts/config.py unset MBEDTLS_FS_IO || true + scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C || true + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C || true scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY || true - scripts/config.py --force set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true + # Force the definition of MBEDTLS_PSA_DRIVER_GET_ENTROPY as it may + # not exist in custom configurations. + scripts/config.py --force -f ${CRYPTO_CONFIG_H} set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true } >/dev/null 2>&1 make clean >/dev/null @@ -77,7 +94,8 @@ doit() log "$( head -n1 "$OUT" )" log "$( tail -n1 "$OUT" )" - cp ${CONFIG_H}.bak $CONFIG_H + mv ${CONFIG_H}.bak $CONFIG_H + mv ${CRYPTO_CONFIG_H}.bak $CRYPTO_CONFIG_H } # truncate the file just this time From 9a10e398faac5441ed61075ca74ddc867dda1165 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Sep 2025 17:08:12 +0200 Subject: [PATCH 0837/1080] Simplify footprint.sh Signed-off-by: Ronald Cron --- scripts/footprint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index c228a26c04..1f2945159e 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -21,14 +21,14 @@ set -eu CONFIG_H='include/mbedtls/mbedtls_config.h' CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h' -if [ -r $CONFIG_H ]; then :; else +if [ ! -r $CONFIG_H ]; then echo "$CONFIG_H not found" >&2 echo "This script needs to be run from the root of" >&2 echo "a git checkout or uncompressed tarball" >&2 exit 1 fi -if [ -r $CRYPTO_CONFIG_H ]; then :; else +if [ ! -r $CRYPTO_CONFIG_H ]; then echo "$CRYPTO_CONFIG_H not found" >&2 echo "This script needs to be run from the root of" >&2 echo "a git checkout or uncompressed tarball" >&2 From 15f1d7f812520c76a7b4ed59b6557a51377b351f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 10 Jul 2025 09:41:09 +0100 Subject: [PATCH 0838/1080] Remove support for static ECDH cipher suites Signed-off-by: Ben Taylor --- docs/architecture/tls13-support.md | 2 - docs/proposed/config-split.md | 2 - include/mbedtls/mbedtls_config.h | 48 ---- include/mbedtls/private/config_adjust_ssl.h | 2 - include/mbedtls/ssl.h | 4 +- include/mbedtls/ssl_ciphersuites.h | 12 +- library/mbedtls_check_config.h | 15 - library/ssl_ciphersuites.c | 264 ------------------ library/ssl_ciphersuites_internal.h | 10 +- library/ssl_tls.c | 5 - library/ssl_tls12_client.c | 99 +------ library/ssl_tls12_server.c | 106 +------ .../components-configuration-crypto.sh | 8 +- tests/scripts/depends.py | 4 +- tests/ssl-opt.sh | 7 +- tests/suites/test_suite_ssl.data | 44 --- 16 files changed, 14 insertions(+), 618 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index f49e9194ba..c7b11fd1dd 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -118,8 +118,6 @@ Support description | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a | | | | | MBEDTLS_PSA_CRYPTO_C | no (1) | diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..aa1090328f 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -392,8 +392,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 827b96165f..f11bcb3fb0 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -273,54 +273,6 @@ */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_RSA_C - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED * diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h index 040216a04e..ee35a67c9f 100644 --- a/include/mbedtls/private/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -64,8 +64,6 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #endif diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 44d28a2d81..02e527cdf5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -659,9 +659,7 @@ union mbedtls_ssl_premaster_secret { unsigned char dummy; /* Make the union non-empty even with SSL disabled */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index c97f6abeee..d6c0667aa6 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -163,16 +163,12 @@ typedef enum { MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_KEY_EXCHANGE_ECJPAKE, } mbedtls_key_exchange_type_t; /* Key exchanges using a certificate */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED #endif @@ -220,12 +216,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif -/* Key exchanges using ECDH */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED -#endif - /* Key exchanges that don't involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 82fef7481d..3107c11077 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -55,19 +55,6 @@ #endif /* not all curves accelerated */ #endif /* some curve accelerated */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || \ - !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ !defined(MBEDTLS_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" @@ -150,8 +137,6 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index b979cad94f..961a4205e7 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -467,186 +467,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_GCM) @@ -898,41 +718,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) @@ -1024,41 +809,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #endif /* PSA_WANT_KEY_TYPE_ARIA */ @@ -1203,10 +953,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return MBEDTLS_PK_ECDSA; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return MBEDTLS_PK_ECKEY; - default: return MBEDTLS_PK_NONE; } @@ -1222,10 +968,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_ALG_ECDH; - default: return PSA_ALG_NONE; } @@ -1238,10 +980,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_KEY_USAGE_SIGN_HASH; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_KEY_USAGE_DERIVE; - default: return 0; } @@ -1272,8 +1010,6 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: return 1; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index d1db2dba46..54199dba8a 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -45,8 +45,6 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_PSK: return 1; @@ -60,9 +58,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return 1; + return 1; default: return 0; @@ -73,9 +69,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return 1; @@ -87,9 +81,7 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return 1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 78bcb92f4c..38db9cd103 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8623,11 +8623,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; break; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - usage = MBEDTLS_X509_KU_KEY_AGREEMENT; - break; - /* Don't use default: we want warnings when adding new values */ case MBEDTLS_KEY_EXCHANGE_NONE: case MBEDTLS_KEY_EXCHANGE_PSK: diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..7675f95e37 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1732,71 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *peer_pk; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* This is a public key, so it can't be opaque, so can_do() is a good - * enough check to ensure pk_ec() is safe to use below. */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - uint16_t tls_id = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); - - if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not supported", - grp_id)); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* If the above conversion to TLS ID was fine, then also this one will be, - so there is no need to check the return value here */ - mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_psa_bits); - - ssl->handshake->xxdh_psa_type = key_type; - - /* Store peer's public key in psa format. */ - memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); - ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; - ret = 0; -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it, - * so that more RAM is available for upcoming expensive - * operations like ECDHE. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) { @@ -1807,28 +1742,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { - if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - ((void) p); - ((void) end); -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ssl->handshake->ecrs_enabled && ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { @@ -2380,13 +2293,9 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; @@ -2460,9 +2369,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 181c6de3a0..96598cc427 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2513,100 +2513,6 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *pk; - mbedtls_pk_type_t pk_type; - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; - size_t key_len; - - pk = mbedtls_ssl_own_key(ssl); - - if (pk == NULL) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - pk_type = mbedtls_pk_get_type(pk); - - switch (pk_type) { - case MBEDTLS_PK_OPAQUE: - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - /* Get the attributes of the key previously parsed by PK module in - * order to extract its type and length (in bits). */ - status = psa_get_key_attributes(pk->priv_id, &key_attributes); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); - ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - - if (pk_type != MBEDTLS_PK_OPAQUE) { - /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK - * module and only have ECDSA capabilities. Since we need - * them for ECDH later, we export and then re-import them with - * proper flags and algorithm. Of course We also set key's type - * and bits that we just got above. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - - status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - /* Set this key as owned by the TLS library: it will be its duty - * to clear it exit. */ - ssl->handshake->xxdh_psa_privkey_is_external = 0; - - ret = 0; - break; - } - - /* Opaque key is created by the user (externally from Mbed TLS) - * so we assume it already has the right algorithm and flags - * set. Just copy its ID as reference. */ - ssl->handshake->xxdh_psa_privkey = pk->priv_id; - ssl->handshake->xxdh_psa_privkey_is_external = 1; - ret = 0; - break; - - default: - ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - -exit: - psa_reset_key_attributes(&key_attributes); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) MBEDTLS_CHECK_RETURN_CRITICAL @@ -3210,13 +3116,9 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { size_t data_len = (size_t) (*p++); size_t buf_len = (size_t) (end - p); psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -3279,9 +3181,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index be2b040c29..38a5d85e7d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -437,7 +437,6 @@ component_test_everest_curve25519_only () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_ECDSA scripts/config.py set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset PSA_WANT_ALG_JPAKE @@ -574,7 +573,6 @@ component_test_psa_crypto_config_accel_ecdsa () { # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED # Build # ----- @@ -615,8 +613,6 @@ component_test_psa_crypto_config_accel_ecdh () { scripts/config.py unset MBEDTLS_ECDH_C # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -1147,7 +1143,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and @@ -1496,7 +1491,8 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index cd91b78479..34ecf4cdbc 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -280,7 +280,6 @@ def test(self, options): 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', 'MBEDTLS_ECDSA_C'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', @@ -294,7 +293,6 @@ def test(self, options): 'MBEDTLS_ECP_RESTARTABLE', 'MBEDTLS_PK_PARSE_EC_EXTENDED', 'MBEDTLS_PK_PARSE_EC_COMPRESSED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', @@ -313,7 +311,7 @@ def test(self, options): 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], + 'MBEDTLS_RSA_C'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a90d5afa9f..a13afd6206 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -312,12 +312,9 @@ requires_any_configs_disabled() { } TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" +TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ec62c2cb2e..6c5e718c60 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -380,10 +380,6 @@ Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 -Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 - Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 @@ -408,10 +404,6 @@ DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 -DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 - DTLS Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 @@ -479,42 +471,6 @@ Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - Sending app data via TLS, MFL=512 without fragmentation depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 From 558766d814c42d49c7a3548bbfcb97bb078c8b01 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Jul 2025 08:37:22 +0100 Subject: [PATCH 0839/1080] Remove additional ifdef's Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 6 ++---- library/ssl_ciphersuites_internal.h | 12 ------------ library/ssl_tls12_server.c | 15 +-------------- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index d6c0667aa6..11eaf6ba14 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -217,8 +217,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif @@ -244,8 +243,7 @@ typedef enum { #endif /* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 54199dba8a..2e9f077571 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -54,18 +54,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 96598cc427..755b837bca 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -22,8 +22,7 @@ /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, @@ -2914,18 +2913,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { - /* For suites involving ECDH, extract DH parameters - * from certificate at this point. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) { - ret = ssl_get_ecdh_params_from_cert(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - return ret; - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); From 50b45a98ce54b977eaf66f932ba2d571c0365692 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 10:43:05 +0100 Subject: [PATCH 0840/1080] Reverted changes to config-split Signed-off-by: Ben Taylor --- docs/proposed/config-split.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index aa1090328f..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -392,6 +392,8 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED From 4d7f715c0775144bb8be651ee8157e7ba78d6577 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 09:56:11 +0100 Subject: [PATCH 0841/1080] Remove further symbols that are not required Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 29 --------------------- library/ssl_ciphersuites.c | 42 ------------------------------ 2 files changed, 71 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 11eaf6ba14..5ef0786eb5 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -38,38 +38,25 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A -#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F - #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 @@ -81,20 +68,12 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ @@ -104,21 +83,13 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 961a4205e7..39826eee66 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -109,46 +109,6 @@ static const int ciphersuite_preference[] = /* The ECJPAKE suite */ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, - /* All AES-256 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - - /* All CAMELLIA-256 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - - /* All ARIA-256 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - - /* All AES-128 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - - /* All CAMELLIA-128 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - - /* All ARIA-128 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, @@ -178,8 +138,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, MBEDTLS_TLS_PSK_WITH_NULL_SHA384, MBEDTLS_TLS_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_PSK_WITH_NULL_SHA, From 3116f2febeab278b9be662ac236c0297e67229f6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 10:48:45 +0100 Subject: [PATCH 0842/1080] Remove further symbols Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5ef0786eb5..17666b2de2 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -37,8 +37,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ - #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A From 39280a411055cf3318bc6f5f1db137d06be41b8f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 13:43:21 +0100 Subject: [PATCH 0843/1080] Remove ECDH from ssl-opt Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 63 ++++++------------------------------------------ 1 file changed, 7 insertions(+), 56 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a13afd6206..9a6b5bfd92 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -433,14 +433,12 @@ requires_cipher_enabled() { # - $1 = command line (call to a TLS client or server program) # - $2 = client/server # - $3 = TLS version (TLS12 or TLS13) -# - $4 = Use an external tool without ECDH support -# - $5 = run test options +# - $4 = run test options detect_required_features() { CMD_LINE=$1 ROLE=$2 TLS_VERSION=$3 - EXT_WO_ECDH=$4 - TEST_OPTIONS=${5:-} + TEST_OPTIONS=${4:-} case "$CMD_LINE" in *\ force_version=*) @@ -522,24 +520,9 @@ detect_required_features() { else # For TLS12 requirements are different between server and client if [ "$ROLE" = "server" ]; then - # If the server uses "server5*" certificates, then an ECDSA based - # key exchange is required. However gnutls also does not - # support ECDH, so this limit the choice to ECDHE-ECDSA - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT - fi + requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED elif [ "$ROLE" = "client" ]; then - # On the client side it is enough to have any certificate - # based authentication together with support for ECDSA. - # Of course the GnuTLS limitation mentioned above applies - # also here. - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - fi + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH requires_pk_alg "ECDSA" fi fi @@ -801,10 +784,6 @@ requires_openssl_tls1_3_with_ffdh() { # skip next test if openssl cannot handle ephemeral key exchange requires_openssl_tls1_3_with_compatible_ephemeral() { requires_openssl_next - - if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then - requires_openssl_tls1_3_with_ffdh - fi } # skip next test if tls1_3 is not available @@ -1302,28 +1281,6 @@ is_gnutls() { esac } -# Some external tools (gnutls or openssl) might not have support for static ECDH -# and this limit the tests that can be run with them. This function checks server -# and client command lines, given as input, to verify if the current test -# is using one of these tools. -use_ext_tool_without_ecdh_support() { - case "$1" in - *$GNUTLS_SERV*|\ - *${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - case "$2" in - *$GNUTLS_CLI*|\ - *${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - echo "no" -} - # Generate random psk_list argument for ssl_server2 get_srv_psk_list () { @@ -1810,26 +1767,20 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi - # Check if we are trying to use an external tool which does not support ECDH - EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") # Guess the TLS version which is going to be used. # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - if [ "$EXT_WO_ECDH" = "no" ]; then - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") - else - TLS_VERSION="TLS12" - fi + TLS_VERSION="TLS12" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" # If the client or server requires certain features that can be detected # from their command-line arguments, check whether they're enabled. - detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" - detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" + detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@" + detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then From dbf397710743ff01e403217de81fcc2d97c64d70 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 11 Aug 2025 11:22:50 +0100 Subject: [PATCH 0844/1080] Remove tests from ssl-opt.sh that are depedendent the removed ECDH algorithm's Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a6b5bfd92..b67a371134 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2627,30 +2627,6 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" -# Test for correctness of sent single supported algorithm -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: mbedtls client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ - 0 \ - -c "Supported Signature Algorithm found: 04 03" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: openssl client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ - -key $DATA_FILES_PATH/server6.key" \ - 0 - # Tests for certificate verification callback run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ From 0a7c5588db6f793cca03ba43226d7b411440dae6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 11 Aug 2025 14:43:32 +0100 Subject: [PATCH 0845/1080] Remove further ECDH tests Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 77 +----------------------------------------------- 1 file changed, 1 insertion(+), 76 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b67a371134..401ca85d4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2306,22 +2306,7 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDH-" \ - "$P_SRV auth_mode=required key_opaque=1\ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDH-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_ALG_ECDSA +requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 @@ -6103,31 +6088,6 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client SHA256, server required" \ "$P_SRV auth_mode=required" \ @@ -6480,33 +6440,6 @@ run_test "Authentication, CA callback: server badcert, client none" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)" \ - -c "! Certificate verification flags" \ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ @@ -7911,14 +7844,6 @@ run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \ 0 \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" - -run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-ECDH-" - run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ From 5802394451911448c020daa791f0b1a07f6f1b66 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 08:20:07 +0100 Subject: [PATCH 0846/1080] Remove further ECDH testd from ssl-opt.sh Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 401ca85d4c..0b182c93d0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2305,37 +2305,6 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ From fbd806ae95a656f1c474a3435ab17ceffc235491 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 11:41:20 +0100 Subject: [PATCH 0847/1080] Remove everest ECDH test as it is no longer required Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 38a5d85e7d..c103a6420e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -430,28 +430,6 @@ component_test_everest () { tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } -component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset PSA_WANT_ALG_JPAKE - - # Disable all curves - scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 - - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: Everest ECDH context, only Curve25519" # ~ 50s - make test -} - component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full From a1914ef45371d0491e35cf460bf9e12c7c29f029 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 11:56:04 +0100 Subject: [PATCH 0848/1080] further removals of ssh tests from ssl-opt Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b182c93d0..29d0b3f53f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2337,24 +2337,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ - key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ - key_opaque_algs2=ecdh,none debug_level=3" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDH-ECDSA" \ - -S "error" \ - -C "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO From 1d651cc8a17d11380c5584cd0dcd6c52264b8cfa Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 14:24:49 +0100 Subject: [PATCH 0849/1080] Remove additional occurances of static ECDH symbols Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 1 - tests/compat.sh | 15 --------------- 2 files changed, 16 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 17666b2de2..48e77d1026 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -47,7 +47,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ diff --git a/tests/compat.sh b/tests/compat.sh index a11fffda06..2b6f454127 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -359,13 +359,6 @@ add_openssl_ciphersuites() "ECDSA") CIPHERS="$CIPHERS \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_NULL_SHA \ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ @@ -468,14 +461,6 @@ add_mbedtls_ciphersuites() "ECDSA") M_CIPHERS="$M_CIPHERS \ - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \ " From 013f8aee4ef26fea69dfbb25e887ab7504e09abe Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:03:57 +0100 Subject: [PATCH 0850/1080] Replace MBEDTLS_KEY_EXCHANGE_PSK_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48e77d1026..05cd666ffc 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -185,7 +185,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif From b2f6a69d852a3cb621be9fde4427766e79d4bd0c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:08:00 +0100 Subject: [PATCH 0851/1080] Replace MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 05cd666ffc..80d5c7efd6 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -210,8 +210,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +/* TLS 1.2 key exchanges using ECDHE*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif From 844a264317b573c88c4658be83ae56e809b641de Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:10:55 +0100 Subject: [PATCH 0852/1080] Remove stray MBEDTLS_PKCS1_V15 and MBEDTLS_PKCS1_V21 Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c103a6420e..fcca5ffa0a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1469,8 +1469,6 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From 0fe02bb1bfa8c070e518756634ce78716ae9b721 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:20:03 +0100 Subject: [PATCH 0853/1080] Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is no longer used Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 29d0b3f53f..7976eec6a7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -314,8 +314,6 @@ requires_any_configs_disabled() { TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" From e16798ec67befca59c1858ee07a12087cf850bb7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:25:11 +0100 Subject: [PATCH 0854/1080] Re-add reference to PSA_WANT_ALG_ECDH as this will be mantained Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7976eec6a7..8633953f90 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -782,6 +782,11 @@ requires_openssl_tls1_3_with_ffdh() { # skip next test if openssl cannot handle ephemeral key exchange requires_openssl_tls1_3_with_compatible_ephemeral() { requires_openssl_next + + if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then + requires_openssl_tls1_3_with_ffdh + fi + } # skip next test if tls1_3 is not available From b191c02f6bf582aa0961f943ff207d49b28dab15 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:28:42 +0100 Subject: [PATCH 0855/1080] Correct style issues Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8633953f90..4a22686757 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -786,7 +786,6 @@ requires_openssl_tls1_3_with_compatible_ephemeral() { if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then requires_openssl_tls1_3_with_ffdh fi - } # skip next test if tls1_3 is not available From 6f0eb791110b1d929df6002ba2a8a0c7b0ab6dfb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:37:23 +0100 Subject: [PATCH 0856/1080] Use get_tls_version to determine TLS_VERSION instead of statically assigning it Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4a22686757..2978a0e401 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION="TLS12" + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD"); # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From 59213b66df2286039904f68c43d3318deab4182f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 10:01:06 +0100 Subject: [PATCH 0857/1080] Re-add everest test, as it was mislabelled Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index fcca5ffa0a..05c480675c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -430,6 +430,29 @@ component_test_everest () { tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } +component_test_everest_curve25519_only () { + msg "build: Everest ECDH context, only Curve25519" # ~ 6 min + scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + + # Disable all curves + scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" + scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + msg "test: Everest ECDH context, only Curve25519" # ~ 50s + make test +} + component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full From 677994af64b1e577c7aba3231efab75cbe95566a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 08:22:04 +0100 Subject: [PATCH 0858/1080] Change ecdh to ecdhe on everest test Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 05c480675c..b153fc043d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -431,7 +431,7 @@ component_test_everest () { } component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min + msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From a7b3f26864bd413a5de083778f9be4c5f37d6b40 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 09:31:17 +0100 Subject: [PATCH 0859/1080] reverted change to MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED, as it appears it could be causing issues Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 80d5c7efd6..cc9f8d819d 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -185,7 +185,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif From 7b14d8228e0103d42cb91567d1ad5b4f4b552607 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 10:45:00 +0100 Subject: [PATCH 0860/1080] Reverting TLS_VERSION derivation improvement, as it appear to be causing issues Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2978a0e401..4a22686757 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD"); + TLS_VERSION="TLS12" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From c8823a262d4985757f03e2b4cc7eca4ac7932bb3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 14:17:19 +0100 Subject: [PATCH 0861/1080] Remove MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED as it appears to be causing issues Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index cc9f8d819d..48e77d1026 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -210,8 +210,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) +/* TLS 1.2 key exchanges using ECDH or ECDHE*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif From 4766a23f9cf4fbd1f87ac6cc7cd403fd0e252ea5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 08:26:07 +0100 Subject: [PATCH 0862/1080] change MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED to MBEDTLS_KEY_EXCHANGE_PSK_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48e77d1026..d3519f1969 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -198,7 +198,7 @@ typedef enum { #endif /* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif From f57293654e7ab62960400dc425441d3faef0a1a4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 13:10:52 +0100 Subject: [PATCH 0863/1080] Revert change to Everest test message back to ECDH Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index b153fc043d..05c480675c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -431,7 +431,7 @@ component_test_everest () { } component_test_everest_curve25519_only () { - msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min + msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From 837167404876a715b659c34ceed82cdea9dd57dc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 3 Sep 2025 08:16:52 +0100 Subject: [PATCH 0864/1080] re-add TLS_VERSION derivation Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4a22686757..1a30d0e2af 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION="TLS12" + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From 120bd868b6d85254eec5eeadd989deb19645497a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 3 Sep 2025 15:33:46 +0100 Subject: [PATCH 0865/1080] add filter to component_full_without_ecdhe_ecdsa Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index b74b30477c..28f4f79515 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -235,6 +235,7 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { # - test only TLS (i.e. test_suite_tls and ssl-opt) build_full_minus_something_and_test_tls () { symbols_to_disable="$1" + filter="${2-.}" msg "build: full minus something, test TLS" @@ -250,11 +251,12 @@ build_full_minus_something_and_test_tls () { ( cd tests; ./test_suite_ssl ) msg "ssl-opt: full minus something, test TLS" - tests/ssl-opt.sh + tests/ssl-opt.sh -f "$filter" } +#TODO raise a issue to explain this. component_full_without_ecdhe_ecdsa () { - build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" + build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3' } component_full_without_ecdhe_ecdsa_and_tls13 () { From 1a4f4b32a4059b5e0dc7c33a7d2a3999402c3b3b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 10:13:09 +0100 Subject: [PATCH 0866/1080] Add filter to test_tls13_only_ephemeral_ffdh to remove ffdh tests Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 28f4f79515..abee9f61b0 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -483,7 +483,7 @@ component_test_tls13_only_ephemeral_ffdh () { cd tests; ./test_suite_ssl; cd .. msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode" - tests/ssl-opt.sh + tests/ssl-opt.sh -f "ffdh" } component_test_tls13_only_psk_ephemeral () { From a47fd0faf4b9fa78afc4c63358498b7440a694c3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 10:34:24 +0100 Subject: [PATCH 0867/1080] Add bug link to test modifications Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index abee9f61b0..e9f2666d3f 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -254,7 +254,7 @@ build_full_minus_something_and_test_tls () { tests/ssl-opt.sh -f "$filter" } -#TODO raise a issue to explain this. +#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. component_full_without_ecdhe_ecdsa () { build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3' } @@ -466,6 +466,7 @@ component_test_tls13_only_ephemeral () { tests/ssl-opt.sh } +#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. component_test_tls13_only_ephemeral_ffdh () { msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED From 9e360b8f33410343d1d54d92197119ea7c2ad13d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 5 Sep 2025 09:09:28 +0100 Subject: [PATCH 0868/1080] Remove MBEDTLS_RSA_C from depends.py Signed-off-by: Ben Taylor --- tests/scripts/depends.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 34ecf4cdbc..ad78c26e1c 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -310,8 +310,7 @@ def test(self, options): 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_RSA_C'], + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', From 5cdbe308043883679b88b844a071e36c4f95f094 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 8 Sep 2025 13:12:43 +0100 Subject: [PATCH 0869/1080] replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED After the ECDH keyexchange removal the two became synonyms so the former can be removed. Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 7 +------ library/ssl_ciphersuites_internal.h | 4 ++-- library/ssl_tls12_server.c | 8 ++++---- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index d3519f1969..dfd369416b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -184,11 +184,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif -/* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED -#endif - /* Key exchanges that involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ @@ -198,7 +193,7 @@ typedef enum { #endif /* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 2e9f077571..524e419f47 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -41,7 +41,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_ } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { @@ -52,7 +52,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t return 0; } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 755b837bca..1f498e0109 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2902,14 +2902,14 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t signature_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { @@ -2919,7 +2919,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) From df3e595536080189989bad945cf3787cdc57a63c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:30:12 +0100 Subject: [PATCH 0870/1080] Re-instate test for correctness of sent single supported algorithm Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a30d0e2af..22377b8d04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2565,6 +2565,30 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" +# Test for correctness of sent single supported algorithm +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" +requires_hash_alg SHA_256 +run_test "Single supported algorithm sending: mbedtls client" \ + "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ + "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ + 0 \ + -c "Supported Signature Algorithm found: 04 03" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 +requires_hash_alg SHA_256 +run_test "Single supported algorithm sending: openssl client" \ + "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ + "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ + -key $DATA_FILES_PATH/server6.key" \ + 0 + # Tests for certificate verification callback run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ From 337161eb41f9b4829450921f3db559cd378c16f9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:39:41 +0100 Subject: [PATCH 0871/1080] Remove comment referencing ECDH Signed-off-by: Ben Taylor --- library/ssl_tls12_server.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 1f498e0109..256f1b1583 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2910,8 +2910,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - /* Extract static ECDH parameters and abort if ServerKeyExchange - * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ From 59474406a6c5bc53293dc8a727ef68e3b40fa0bf Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:47:12 +0100 Subject: [PATCH 0872/1080] Re-instate MBEDTLS_PKCS1_V15 unset Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 05c480675c..f0c217ba4f 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1492,6 +1492,7 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies + scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From 2f3523313bdcb5f4ff9202e5115de277546fd4b9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 09:08:50 +0100 Subject: [PATCH 0873/1080] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/static-ecdh-removal.txt diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt new file mode 100644 index 0000000000..d73add317f --- /dev/null +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for static ECDH suites. From 26cdf6ee2b0ac1595034ae510bfd290564302c0e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 07:52:53 +0100 Subject: [PATCH 0874/1080] Re-adding tests for ECDH Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 22377b8d04..2b10cde5a1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2357,6 +2357,52 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -S "error" \ -C "error" +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: ECDH-" \ + "$P_SRV auth_mode=required key_opaque=1\ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ + "$P_CLI force_version=tls12" \ + 0 \ + -c "Verifying peer X.509 certificate... ok" \ + -c "Ciphersuite is TLS-ECDH-" \ + -s "key types: Opaque, none" \ + -s "Ciphersuite is TLS-ECDH-" \ + -S "error" \ + -C "error" + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled PSA_WANT_ALG_ECDSA +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ + debug_level=1" \ + "$P_CLI force_version=tls12" \ + 1 \ + -s "key types: Opaque, none" \ + -s "error" \ + -c "error" \ + -c "Public key type mismatch" + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ + debug_level=1" \ + "$P_CLI force_version=tls12" \ + 1 \ + -s "key types: Opaque, none" \ + -s "got ciphersuites in common, but none of them usable" \ + -s "error" \ + -c "error" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C From 485d4c1343bae888e39dde8068be2d0ba593262d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 13:14:10 +0100 Subject: [PATCH 0875/1080] reverting last commit as the tests cause failures Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2b10cde5a1..22377b8d04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2357,52 +2357,6 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDH-" \ - "$P_SRV auth_mode=required key_opaque=1\ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDH-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_ALG_ECDSA -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C From 486ec6e9b62a39dec39ccc2ab643e5df5a523fab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 13:21:52 +0100 Subject: [PATCH 0876/1080] Improved the text in the Changelog Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt index d73add317f..b67ee288d7 100644 --- a/ChangeLog.d/static-ecdh-removal.txt +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -1,2 +1,3 @@ Removals - * Remove support for static ECDH suites. + * Removed support for TLS 1.2 static ECDH key + exchanges (ECDH-ECDSA and ECDH-RSA). From c1e76e04fed2ff722ae162228ba0537a0aa16498 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 12 Sep 2025 08:33:38 +0100 Subject: [PATCH 0877/1080] correct whitespace style issue Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt index b67ee288d7..94512a21f9 100644 --- a/ChangeLog.d/static-ecdh-removal.txt +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -1,3 +1,3 @@ Removals - * Removed support for TLS 1.2 static ECDH key + * Removed support for TLS 1.2 static ECDH key exchanges (ECDH-ECDSA and ECDH-RSA). From bb877a8cbff16ccee27b34f9765488724a6676ea Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 21 Aug 2025 14:27:49 +0100 Subject: [PATCH 0878/1080] remove further references to MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY Signed-off-by: Ben Taylor --- scripts/config.py | 3 --- tests/scripts/analyze_outcomes.py | 2 -- tests/scripts/components-platform.sh | 18 ------------------ 3 files changed, 23 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index e60d1606f1..1f4d73b57f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -94,10 +94,8 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS - 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature @@ -164,7 +162,6 @@ def full_adapter(name, value, active): 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread 'MBEDTLS_TIMING_C', # requires a clock - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection ]) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 8660e68942..4d51c4e4a5 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -134,8 +134,6 @@ def _has_word_re(words: typing.Iterable[str], # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. 'Config: MBEDTLS_PSA_CRYPTO_SPM', # We don't test on armv8 yet. - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # We don't run test_suite_config when we test this. diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 25cfd4163d..2b6eec5853 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -299,12 +299,6 @@ component_build_sha_armce () { # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, test T32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" @@ -313,18 +307,6 @@ component_build_sha_armce () { grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99" - - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, test T32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - # examine the disassembly for absence of SHA instructions msg "clang, test A32 crypto instructions not built" make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" From 5496f9025cecb945f1ae8280086cc25869db6abb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 8 Sep 2025 08:25:35 +0100 Subject: [PATCH 0879/1080] Temporarily revert changes to config.py Signed-off-by: Ben Taylor --- scripts/config.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/config.py b/scripts/config.py index 1f4d73b57f..e60d1606f1 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -94,8 +94,10 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS + 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT + 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature @@ -162,6 +164,7 @@ def full_adapter(name, value, active): 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread 'MBEDTLS_TIMING_C', # requires a clock + 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection ]) From 5a7a72ee411275ed13e4ecffa8575988089eb01e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Sep 2025 07:54:47 +0100 Subject: [PATCH 0880/1080] testing with analyze_outcomes changes reverted for merge Signed-off-by: Ben Taylor --- tests/scripts/analyze_outcomes.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 4d51c4e4a5..8660e68942 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -134,6 +134,8 @@ def _has_word_re(words: typing.Iterable[str], # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. 'Config: MBEDTLS_PSA_CRYPTO_SPM', # We don't test on armv8 yet. + 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', + 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # We don't run test_suite_config when we test this. From 14e1932935e35af6ab112233376e48072e1d9c52 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 12 Sep 2025 10:52:10 +0100 Subject: [PATCH 0881/1080] Remove stray comment int components-platform.sh Signed-off-by: Ben Taylor --- tests/scripts/components-platform.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 2b6eec5853..4c297483f6 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -297,9 +297,6 @@ component_build_sha_armce () { grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY - - # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" From 9c2727f9f228a1d972d4ce652776a6cc9a8147fd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 14:43:01 +0200 Subject: [PATCH 0882/1080] Update framework Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d0d817541a..820a16cca7 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d0d817541ae3f449b8cd51afc165668179659699 +Subproject commit 820a16cca705c6842a5a79332c6d40644008c814 From 2ba5d6afccde6d15bfaad1c5e0dae85197702211 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Sep 2025 11:18:04 +0200 Subject: [PATCH 0883/1080] Update tf-psa-crypto Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 06bae1e110..4cc5bb4295 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 06bae1e110ce71b44c3f4d17974d24feea4d2a92 +Subproject commit 4cc5bb429554ba14e36163ff3a82bf53766f7e24 From e5eb2639b2c72145011c8679bc7c20dc0f5561dd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Sep 2025 15:19:48 +0200 Subject: [PATCH 0884/1080] readthedocs: Install cmake to build the documentation Signed-off-by: Ronald Cron --- .readthedocs.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 96d651abc5..3cc34740bd 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -13,6 +13,8 @@ submodules: # Set the version of Python and other tools you might need build: os: ubuntu-20.04 + apt_packages: + - cmake tools: python: "3.9" jobs: From 0dd31fe523f4031ace63e4d847bb896dc06db6fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Sep 2025 09:37:46 +0200 Subject: [PATCH 0885/1080] Introduce MBEDTLS_SSL_NULL_CIPHERSUITES The support for TLS ciphersuites without encryption does not rely anymore on the MBEDTLS_CIPHER_NULL_CIPHER feature of the cipher module. Introduce a specific config option to enable these ciphersuites and use it instead of MBEDTLS_CIPHER_NULL_CIPHER. Signed-off-by: Ronald Cron --- ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt | 4 +++ include/mbedtls/mbedtls_config.h | 12 +++++++ library/ssl_ciphersuites.c | 12 +++---- library/ssl_misc.h | 2 +- tests/scripts/components-configuration-tls.sh | 14 ++++---- tests/suites/test_suite_ssl.data | 32 +++++++++---------- tests/suites/test_suite_ssl_decrypt.function | 2 +- 7 files changed, 47 insertions(+), 31 deletions(-) create mode 100644 ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt diff --git a/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt b/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt new file mode 100644 index 0000000000..a1312d0cb4 --- /dev/null +++ b/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt @@ -0,0 +1,4 @@ +API changes + * Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables + TLS 1.2 ciphersuites without encryption and is disabled by default. + This new option replaces MBEDTLS_CIPHER_NULL_CIPHER. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f11bcb3fb0..e79911428a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -191,6 +191,18 @@ * \{ */ +/** + * \def MBEDTLS_SSL_NULL_CIPHERSUITES + * + * Enable ciphersuites without encryption. + * + * Warning: Only do so when you know what you are doing. This allows for + * channels without any encryption. All data are transmitted in clear. + * + * Uncomment this macro to enable the NULL ciphersuites + */ +//#define MBEDTLS_SSL_NULL_CIPHERSUITES + /** * \def MBEDTLS_DEBUG_C * diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 39826eee66..6027b7f3c4 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -325,14 +325,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_GCM */ #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) @@ -415,14 +415,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_GCM */ #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) @@ -591,7 +591,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_KEY_TYPE_AES */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", @@ -637,7 +637,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ #if defined(PSA_WANT_KEY_TYPE_ARIA) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ed3c4a776f..9f7ab7f7e4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -279,7 +279,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); /* This macro determines whether a ciphersuite using a * stream cipher can be used. */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #define MBEDTLS_SSL_SOME_SUITES_USE_STREAM #endif diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index e9f2666d3f..9efc7b2af6 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -61,8 +61,8 @@ component_test_tls1_2_default_stream_cipher_only () { scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER + # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) + scripts/config.py set MBEDTLS_SSL_NULL_CIPHERSUITES # Modules that depend on AEAD scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C @@ -89,8 +89,8 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) + scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES # Modules that depend on AEAD scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C @@ -118,8 +118,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) + scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES # Modules that depend on AEAD scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C @@ -368,7 +368,7 @@ component_test_when_no_ciphersuites_have_mac () { scripts/config.py unset PSA_WANT_ALG_CMAC scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES make diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6c5e718c60..897f90d787 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -1693,35 +1693,35 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ChachaPoly @@ -2565,35 +2565,35 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 SSL TLS 1.3 Key schedule: Secret evolution #1 diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 37265def88..7a22939eb4 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -13,7 +13,7 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_NULL_CIPHER */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_NULL_CIPHERSUITES */ void ssl_decrypt_null(int hash_id) { mbedtls_ssl_transform transform_in, transform_out; From 2b7f59535ff319a61a82acdf80806ac9c9018f6c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 14:03:35 +0200 Subject: [PATCH 0886/1080] Remove completely MBEDTLS_PLATFORM_GET_ENTROPY_ALT Signed-off-by: Ronald Cron --- scripts/config.py | 1 - tests/scripts/analyze_outcomes.py | 2 -- 2 files changed, 3 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index e60d1606f1..6c4cc151d6 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -120,7 +120,6 @@ def is_seamless_alt(name): an implementation of the relevant functions and an xxx_alt.h header. """ if name in ( - 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT', 'MBEDTLS_PLATFORM_GMTIME_R_ALT', 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT', diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 8660e68942..88c450fc86 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -124,8 +124,6 @@ def _has_word_re(words: typing.Iterable[str], # Untested platform-specific optimizations. # https://github.com/Mbed-TLS/mbedtls/issues/9588 'Config: MBEDTLS_HAVE_SSE2', - # Obsolete config option that we are about to remove - 'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', From 919a1e4e223a45b10971d8c49b2815a57cadf084 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 14:39:26 +0200 Subject: [PATCH 0887/1080] Cleanup following the removal of RSA legacy options Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 1 - scripts/config.py | 2 +- tests/scripts/components-configuration-crypto.sh | 3 +-- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e79911428a..2bfe4d66d0 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -266,7 +266,6 @@ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_RSA_C * PSA_WANT_ALG_RSA_PKCS1V15_SIGN * MBEDTLS_X509_CRT_PARSE_C * diff --git a/scripts/config.py b/scripts/config.py index 6c4cc151d6..175b73cf7f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -4,7 +4,7 @@ Basic usage, to read the Mbed TLS configuration: config = CombinedConfigFile() - if 'MBEDTLS_RSA_C' in config: print('RSA is enabled') + if 'MBEDTLS_SSL_TLS_C' in config: print('TLS is enabled') """ ## Copyright The Mbed TLS Contributors diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 29e86c34d6..6dab8b6a78 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1491,8 +1491,7 @@ component_test_new_psa_want_key_pair_symbol () { # Start from crypto configuration scripts/config.py crypto - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 + # Remove RSA dependencies scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From a19ee2819ec8c88ed86d65a737ff9a8488b3e30c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:25:06 +0200 Subject: [PATCH 0888/1080] Cleanup following the removal of MBEDTLS_ECDH_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 6 +++--- tests/scripts/components-configuration-crypto.sh | 8 -------- tests/scripts/components-configuration-tls.sh | 4 ---- tests/scripts/depends.py | 2 +- 4 files changed, 4 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2bfe4d66d0..118a9631c4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -223,7 +223,7 @@ * * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH + * Requires: PSA_WANT_ALG_ECDH * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA * MBEDTLS_X509_CRT_PARSE_C * @@ -247,7 +247,7 @@ * * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH + * Requires: PSA_WANT_ALG_ECDH * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -265,7 +265,7 @@ * * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH + * Requires: PSA_WANT_ALG_ECDH * PSA_WANT_ALG_RSA_PKCS1V15_SIGN * MBEDTLS_X509_CRT_PARSE_C * diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6dab8b6a78..8ed678bc40 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -610,9 +610,6 @@ component_test_psa_crypto_config_accel_ecdh () { $(helper_get_psa_key_type_list "ECC") \ $(helper_get_psa_curve_list)" - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDH_C - # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -739,7 +736,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -803,7 +799,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -915,7 +910,6 @@ config_psa_crypto_config_ecp_light_only () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C fi @@ -1009,7 +1003,6 @@ config_psa_crypto_no_ecp_at_all () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C @@ -1124,7 +1117,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 9efc7b2af6..323f98ec1c 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -438,7 +438,6 @@ component_test_tls13_only_psk () { scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 # Note: The four unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -475,8 +474,6 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py unset PSA_WANT_ALG_ECDH - # Note: The unset below is to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -531,7 +528,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index ad78c26e1c..755585d83e 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -283,7 +283,7 @@ def test(self, options): 'MBEDTLS_ECDSA_C'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', - 'PSA_WANT_ALG_ECDH', 'MBEDTLS_ECDH_C', + 'PSA_WANT_ALG_ECDH', 'PSA_WANT_ALG_JPAKE', 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', From 3c6bbddfd4daf349c360827d215ca78714a5625d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:28:06 +0200 Subject: [PATCH 0889/1080] Cleanup following the removal of MBEDTLS_ECDSA_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 4 ++-- tests/scripts/components-configuration-crypto.sh | 9 --------- tests/scripts/components-configuration-tls.sh | 8 -------- tests/scripts/depends.py | 3 +-- tests/scripts/test_config_checks.py | 4 ---- tests/suites/test_suite_x509parse.function | 2 +- 6 files changed, 4 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 118a9631c4..96521224d5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -224,7 +224,7 @@ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * * Requires: PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA + * PSA_WANT_ALG_ECDSA * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are @@ -799,7 +799,7 @@ * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH * MBEDTLS_X509_CRT_PARSE_C * and at least one of: - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA + * PSA_WANT_ALG_ECDSA * PSA_WANT_ALG_RSA_PSS * * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8ed678bc40..51f813d16e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -433,7 +433,6 @@ component_test_everest () { component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH @@ -569,9 +568,6 @@ component_test_psa_crypto_config_accel_ecdsa () { $(helper_get_psa_key_type_list "ECC") \ $(helper_get_psa_curve_list)" - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDSA_C - # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -735,7 +731,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { $(helper_get_psa_curve_list)" # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -798,7 +793,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_WRITE_C # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -909,7 +903,6 @@ config_psa_crypto_config_ecp_light_only () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C fi @@ -1002,7 +995,6 @@ config_psa_crypto_no_ecp_at_all () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C @@ -1116,7 +1108,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 323f98ec1c..d69b5853c7 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -437,8 +437,6 @@ component_test_tls13_only_psk () { scripts/config.py unset PSA_WANT_DH_RFC7919_4096 scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - # Note: The four unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -499,8 +497,6 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -527,8 +523,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -553,8 +547,6 @@ component_test_tls13_only_psk_all () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 755585d83e..347634cdff 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -279,8 +279,7 @@ def test(self, options): 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_ECDSA_C'], + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', 'PSA_WANT_ALG_ECDH', diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 540144923e..7403f7ebdb 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -43,7 +43,6 @@ def test_mbedtls_no_ecdsa(self) -> None: self.bad_case(''' #undef PSA_WANT_ALG_ECDSA #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA - #undef MBEDTLS_ECDSA_C ''', ''' #if defined(PSA_WANT_ALG_ECDSA) @@ -52,9 +51,6 @@ def test_mbedtls_no_ecdsa(self) -> None: #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA) #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected #endif - #if defined(MBEDTLS_ECDSA_C) - #error MBEDTLS_ECDSA_C unexpected - #endif ''', error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f813cc1ac3..ccd85378b8 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -655,7 +655,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:PSA_WANT_ALG_ECDSA */ void x509_verify_restart(char *crt_file, char *ca_file, int result, int flags_result, int max_ops, int min_restart, int max_restart) From 2ad1e5c1a2f9e755c1c6199d51a00c96b64760d9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:30:07 +0200 Subject: [PATCH 0890/1080] Cleanup following the removal of MBEDTLS_ECJPAKE_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 2 +- tests/scripts/components-configuration-crypto.sh | 9 --------- tests/scripts/depends.py | 3 +-- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 96521224d5..828c0f38dc 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -293,7 +293,7 @@ * Thread v1.0.0 specification; incompatible changes to the specification * might still happen. For this reason, this is disabled by default. * - * Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE + * Requires: PSA_WANT_ALG_JPAKE * PSA_WANT_ALG_SHA_256 * MBEDTLS_ECP_DP_SECP256R1_ENABLED * diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 51f813d16e..3e066d4dc7 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -438,7 +438,6 @@ component_test_everest_curve25519_only () { scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE # Disable all curves @@ -690,7 +689,6 @@ component_test_psa_crypto_config_accel_pake () { $(helper_get_psa_curve_list)" # Make built-in fallback not available - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED # Build @@ -731,7 +729,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { $(helper_get_psa_curve_list)" # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C # Disable all curves - those that aren't accelerated should be re-enabled @@ -793,7 +790,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_WRITE_C # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C # Disable all curves - those that aren't accelerated should be re-enabled @@ -903,7 +899,6 @@ config_psa_crypto_config_ecp_light_only () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C fi @@ -994,8 +989,6 @@ config_psa_crypto_no_ecp_at_all () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C fi @@ -1107,8 +1100,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C # Also disable bignum diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 347634cdff..5d2efc724d 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -297,8 +297,7 @@ def test(self, options): 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', 'MBEDTLS_ECP_C'], - 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_ECJPAKE_C', - 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN', From 6cfab2880a59f435214761fa2510d9226a6915c4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:32:29 +0200 Subject: [PATCH 0891/1080] Cleanup following the removal of MBEDTLS_ECP_C option Signed-off-by: Ronald Cron --- .../scripts/components-configuration-crypto.sh | 17 ----------------- tests/scripts/depends.py | 3 +-- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 3e066d4dc7..860371d6fb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -728,9 +728,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { KEY_TYPE_ECC_KEY_PAIR_EXPORT \ $(helper_get_psa_curve_list)" - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECP_C - # Disable all curves - those that aren't accelerated should be re-enabled helper_disable_builtin_curves @@ -789,9 +786,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECP_C - # Disable all curves - those that aren't accelerated should be re-enabled helper_disable_builtin_curves @@ -897,10 +891,6 @@ config_psa_crypto_config_ecp_light_only () { driver_only="$1" # start with config full for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECP_C - fi # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues @@ -988,11 +978,6 @@ config_psa_crypto_no_ecp_at_all () { # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # Disable ECP module (entirely) - scripts/config.py unset MBEDTLS_ECP_C - fi - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED @@ -1100,8 +1085,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then - # Disable ECP module (entirely) - scripts/config.py unset MBEDTLS_ECP_C # Also disable bignum scripts/config.py unset MBEDTLS_BIGNUM_C fi diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5d2efc724d..7a7c75483a 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -295,8 +295,7 @@ def test(self, options): 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', - 'MBEDTLS_ECP_C'], + 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED'], 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], From feb5e26619d0adac15e30e77aed57c7e23f3ebb0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:36:39 +0200 Subject: [PATCH 0892/1080] Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 2 +- library/ssl_misc.h | 6 +++--- programs/ssl/ssl_test_lib.c | 18 ++++++++-------- .../components-configuration-crypto.sh | 13 ++++++------ tests/scripts/depends.py | 21 +------------------ 5 files changed, 20 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 828c0f38dc..b7a869ad72 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -295,7 +295,7 @@ * * Requires: PSA_WANT_ALG_JPAKE * PSA_WANT_ALG_SHA_256 - * MBEDTLS_ECP_DP_SECP256R1_ENABLED + * PSA_WANT_ECC_SECP_R1_256 * * This enables the following ciphersuites (if other requisites are * enabled as well): diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9f7ab7f7e4..5b852bdd19 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2346,15 +2346,15 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( #if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: break; -#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ECC_SECP_R1_256 */ #if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: break; -#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ECC_SECP_R1_384 */ #if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: break; -#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#endif /* PSA_WANT_ALG_SHA_512 && PSA_WANT_ECC_SECP_R1_521 */ #endif /* PSA_HAVE_ALG_SOME_ECDSA */ #if defined(PSA_WANT_ALG_RSA_PSS) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 79d3059306..fcbc090500 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -470,47 +470,47 @@ static const struct { uint8_t is_supported; } tls_id_group_name_table[] = { -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) +#if defined(PSA_WANT_ECC_SECP_R1_521) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) +#if defined(PSA_WANT_ECC_SECP_R1_384) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) +#if defined(PSA_WANT_ECC_SECP_R1_256) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) +#if defined(PSA_WANT_ECC_SECP_K1_256) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) +#if defined(PSA_WANT_ECC_MONTGOMERY_255) { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) +#if defined(PSA_WANT_ECC_MONTGOMERY_448) { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 }, diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 860371d6fb..ccb4a0bae3 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -433,17 +433,16 @@ component_test_everest () { component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Disable all curves - scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 7a7c75483a..11ee5a0680 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -257,26 +257,7 @@ def test(self, options): 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], - # These reverse dependencies can be removed as part of issue - # tf-psa-crypto#364. - 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], - 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], - 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], - 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], - 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', - 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], - 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], - - # Support for secp224[k|r]1 was removed in tfpsacrypto#408 while - # secp192[k|r]1 were kept only for internal testing (hidden to the end - # user). We need to keep these reverse dependencies here until - # symbols are hidden/removed from crypto_config.h. - 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], - 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE'], 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], From 4fe3760a27a376eada15b6fa489e4aba7afd2771 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:45:46 +0200 Subject: [PATCH 0893/1080] Cleanup following the removal of MBEDTLS_BIGNUM_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 6 +++--- tests/scripts/components-configuration-crypto.sh | 5 ----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b7a869ad72..b1e30ab2d2 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1043,7 +1043,7 @@ * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C, * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, - * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C + * MBEDTLS_MD_C * * This module is required for the PKCS #7 parsing modules. */ @@ -1056,7 +1056,7 @@ * * Module: library/x509_create.c * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_PK_PARSE_C * * \warning You must call psa_crypto_init() before doing any X.509 operation. * @@ -1188,7 +1188,7 @@ * library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C * * \warning You must call psa_crypto_init() before doing any X.509 operation. * diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index ccb4a0bae3..28fc189d0a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1083,11 +1083,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # Also disable bignum - scripts/config.py unset MBEDTLS_BIGNUM_C - fi - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED From 0009b042ac876e05092643125fec0189d6d66e1f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 30 Jul 2025 22:51:53 +0200 Subject: [PATCH 0894/1080] library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa Signed-off-by: Valerio Setti --- library/ssl_tls.c | 4 ++-- library/ssl_tls12_server.c | 6 +++--- library/ssl_tls13_server.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38db9cd103..c6a119fcd2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8147,14 +8147,14 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( mbedtls_md_psa_alg_from_type(md_alg); if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, + !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, PSA_ALG_ECDSA(psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { continue; } if (sig_alg_received == MBEDTLS_SSL_SIG_RSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, + !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, PSA_ALG_RSA_PKCS1V15_SIGN( psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 256f1b1583..b8ee41a423 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -693,11 +693,11 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, int key_type_matches = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) && + mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage)); #else key_type_matches = ( - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if (!key_type_matches) { MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc50bee868..2ca42f2444 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1160,7 +1160,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk) && psa_alg != PSA_ALG_NONE && - mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg, + mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg, PSA_KEY_USAGE_SIGN_HASH) == 1 ) { ssl->handshake->key_cert = key_cert; From 7b2d72aaf078810436be7617817e87cadc36ce87 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:36:08 +0200 Subject: [PATCH 0895/1080] ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA When the key is parsed from PK it is assigned the pseudo-alg MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded deterministc/randomized ECDSA can make the function to fail if the proper variant is not the one also used by PK. This commit fixes this problem. Signed-off-by: Valerio Setti --- library/ssl_ciphersuites.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls13_server.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 39826eee66..f7aaac29ee 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -924,7 +924,7 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); + return MBEDTLS_PK_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); default: return PSA_ALG_NONE; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c6a119fcd2..37e4259e55 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8148,7 +8148,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, - PSA_ALG_ECDSA(psa_hash_alg), + MBEDTLS_PK_ALG_ECDSA(psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { continue; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2ca42f2444..8b60a7b30e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1076,11 +1076,11 @@ static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) { switch (sig_alg) { case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - return PSA_ALG_ECDSA(PSA_ALG_SHA_256); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256); case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - return PSA_ALG_ECDSA(PSA_ALG_SHA_384); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_384); case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - return PSA_ALG_ECDSA(PSA_ALG_SHA_512); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_512); case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256); case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: From bc611fe44c8fd262359220ad8d838b57c05327fc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:41:58 +0200 Subject: [PATCH 0896/1080] [tls12|tls13]_server: fix usage being checked on the certificate key Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 3 ++- library/ssl_tls13_server.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b8ee41a423..07641cb3e8 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -694,7 +694,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, + PSA_KEY_USAGE_VERIFY_HASH)); #else key_type_matches = ( mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8b60a7b30e..982e6f8c3b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1161,7 +1161,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) *sig_alg, &key_cert->cert->pk) && psa_alg != PSA_ALG_NONE && mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg, - PSA_KEY_USAGE_SIGN_HASH) == 1 + PSA_KEY_USAGE_VERIFY_HASH) == 1 ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_MSG(3, From 91c0945def55514d6930bd4d255405796c2134e6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:45:28 +0200 Subject: [PATCH 0897/1080] tests: fix alg and usage for some ECDHE-ECDSA opaque key tests Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 4 ++-- tests/suites/test_suite_ssl.data | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 79d3059306..a84bf24dc1 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -242,7 +242,7 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); *usage |= PSA_KEY_USAGE_SIGN_HASH; } else if (strcmp(algs[i], "ecdsa-sign") == 0) { - *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); + *psa_algs[i] = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); *usage |= PSA_KEY_USAGE_SIGN_HASH; } else if (strcmp(algs[i], "ecdh") == 0) { *psa_algs[i] = PSA_ALG_ECDH; @@ -253,7 +253,7 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, } } else { if (key_type == MBEDTLS_PK_ECKEY) { - *psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); + *psa_alg1 = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); *psa_alg2 = PSA_ALG_ECDH; *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; } else if (key_type == MBEDTLS_PK_RSA) { diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6c5e718c60..41416a67c4 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -457,11 +457,11 @@ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From e2aed3a6dfec889fcdf708c08e69a88e68e7c1dc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Sep 2025 10:27:03 +0200 Subject: [PATCH 0898/1080] tests: revert changes to test_suite_ssl.data Revert changes previously done at following test cases: - Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH - Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 41416a67c4..4254208946 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -457,11 +457,11 @@ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From 710869bd340178f3e9ec805310f88a4bb6ff4b69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Sep 2025 16:24:17 +0200 Subject: [PATCH 0899/1080] Update framework to the merge of main and main-restricted Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d0d817541a..82a7962c5f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d0d817541ae3f449b8cd51afc165668179659699 +Subproject commit 82a7962c5f7cbe6e8a60c239cbb477ee06f94182 From 3091e40774837dfc25d475dce7a281296535d51e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Sep 2025 16:02:09 +0200 Subject: [PATCH 0900/1080] Remove usage of old crypto options in public headers The remaining occurences were related to dead code. Signed-off-by: Ronald Cron --- include/mbedtls/debug.h | 10 ---------- include/mbedtls/x509.h | 4 ---- library/debug_internal.h | 4 +--- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index c293e87315..bdfc597e0c 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -14,10 +14,6 @@ #include "mbedtls/ssl.h" -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/private/ecp.h" -#endif - #if defined(MBEDTLS_DEBUG_C) #define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ @@ -32,11 +28,6 @@ #define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \ mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) -#if defined(MBEDTLS_BIGNUM_C) -#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \ - mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X) -#endif - #if defined(MBEDTLS_X509_CRT_PARSE_C) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ @@ -51,7 +42,6 @@ #define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0) #define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0) #define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0) -#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index f76928aa10..8b6a1daee5 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -16,10 +16,6 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/private/rsa.h" -#endif - /** * \addtogroup x509_module * \{ diff --git a/library/debug_internal.h b/library/debug_internal.h index 3ffcee12bc..79a4c4540c 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -73,9 +73,7 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_BIGNUM_C) /** - * \brief Print a MPI variable to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the - * ssl context, file and line number parameters. + * \brief Print a MPI variable to the debug output. * * \param ssl SSL context * \param level error level of the debug message From 2fe29ab54155b370db0fcb88660c223d9b3b0ce1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Sep 2025 18:37:54 +0200 Subject: [PATCH 0901/1080] Update submodules to the merge of the merge PR Signed-off-by: Gilles Peskine --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 82a7962c5f..4f962bfcb3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 82a7962c5f7cbe6e8a60c239cbb477ee06f94182 +Subproject commit 4f962bfcb30f565e7c995366b13fc8ec6194a0d2 diff --git a/tf-psa-crypto b/tf-psa-crypto index ed6f6b5b0b..a0cb5a0ffa 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ed6f6b5b0bc72eb789ee62cd7ac87bbf953e0685 +Subproject commit a0cb5a0ffa4cf506f01a797ffce555c5c2e49500 From ff5d117df8a93b0204b4a5b22e85d12c3da31ace Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Sep 2025 21:18:39 +0200 Subject: [PATCH 0902/1080] Increment config version for the new product major version Since we're making incompatible changes to the configuration, we really should advance the configuration version. Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 2 +- include/mbedtls/mbedtls_config.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index b46db36d1f..e40482a99a 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -54,7 +54,7 @@ #endif #if defined(MBEDTLS_CONFIG_VERSION) && ( \ - MBEDTLS_CONFIG_VERSION < 0x03000000 || \ + MBEDTLS_CONFIG_VERSION < 0x04000000 || \ MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER) #error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f11bcb3fb0..35a3511ffe 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -19,7 +19,7 @@ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that * introduced the config format we want to be compatible with. */ -//#define MBEDTLS_CONFIG_VERSION 0x03000000 +//#define MBEDTLS_CONFIG_VERSION 0x04000000 /** * \name SECTION: Platform abstraction layer From 67f54d2213171db8028136a8d13d6b4d72bc3370 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Sep 2025 10:52:35 +0200 Subject: [PATCH 0903/1080] Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default Checking through the history in https://github.com/Mbed-TLS/mbedtls/pull/4589, this seems to have been what we intended from the start. But we couldn't do it yet because the library version was still 2.x while the config version was already 3.0, so we temporarily commented out the definition in 1cafe5ce20c54e68a4de0f85bd4bc844e3798198. But then we forgot to uncomment it during the release since it wasn't part of any process. Thinking about it independently of the history, I think it makes more sense to have it uncommented by default. That way, if someone copies the config from a given version and then keeps it around, they'll get the compatibility mode for that version. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index bffae6da50..ad843c70c3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -19,7 +19,7 @@ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that * introduced the config format we want to be compatible with. */ -//#define MBEDTLS_CONFIG_VERSION 0x04000000 +#define MBEDTLS_CONFIG_VERSION 0x04000000 /** * \name SECTION: Platform abstraction layer From ff6306655b3e3cc1f1b5cd7bed102e5dd6cc10b1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:53:41 +0200 Subject: [PATCH 0904/1080] Update submodules with config_checks_generator.py * Update framework with `config_checks_generator.py`. * Update crypto with the files generated by `generate_config_checks.py`. Signed-off-by: Gilles Peskine --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 820a16cca7..92f5d45b22 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 820a16cca705c6842a5a79332c6d40644008c814 +Subproject commit 92f5d45b2293363952bdbe28a7b2fcfe4a0d163a diff --git a/tf-psa-crypto b/tf-psa-crypto index 4cc5bb4295..9a43f3fe86 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4cc5bb429554ba14e36163ff3a82bf53766f7e24 +Subproject commit 9a43f3fe868ef6da5a312a3da076b9595e02a75e From 3374f6e90bec9d060f038208e04f2ffabe215993 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:09:39 +0200 Subject: [PATCH 0905/1080] Generate checks for bad options in the config file Just a proof-of-concept for now. Interesting checks will come later. Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100755 scripts/generate_config_checks.py diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py new file mode 100755 index 0000000000..b0dc26b191 --- /dev/null +++ b/scripts/generate_config_checks.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python3 + +"""Generate C preprocessor code to check for bad configurations. +""" + +import framework_scripts_path # pylint: disable=unused-import +from mbedtls_framework.config_checks_generator import * \ + #pylint: disable=wildcard-import,unused-wildcard-import + +MBEDTLS_CHECKS = BranchData( + header_directory='library', + header_prefix='mbedtls_', + project_cpp_prefix='MBEDTLS', + checkers=[ + Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), + Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), + ], +) + +if __name__ == '__main__': + main(MBEDTLS_CHECKS) From b53b443f8ec1a391039109fddc8d3e0d34f07a0b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:50:35 +0200 Subject: [PATCH 0906/1080] Register generate_config_files.py outputs as generated files Signed-off-by: Gilles Peskine --- library/.gitignore | 3 +++ library/CMakeLists.txt | 34 ++++++++++++++++++++++++++++++++++ library/Makefile | 13 +++++++++++++ 3 files changed, 50 insertions(+) diff --git a/library/.gitignore b/library/.gitignore index 9794129d94..92a33de2bc 100644 --- a/library/.gitignore +++ b/library/.gitignore @@ -4,6 +4,9 @@ libmbed* ###START_GENERATED_FILES### /error.c +/mbedtls_config_check_before.h +/mbedtls_config_check_final.h +/mbedtls_config_check_user.h /version_features.c /ssl_debug_helpers_generated.c ###END_GENERATED_FILES### diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5b8dc80b53..b31d2ea70e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -73,6 +73,39 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt ) + execute_process( + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${MBEDTLS_DIR}/scripts/generate_config_checks.py + --list "" + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + OUTPUT_VARIABLE + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS) + # Turn newline-terminated non-empty list into semicolon-separated list. + string(REPLACE "\n" ";" + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + string(REGEX REPLACE ";\$" "" + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + # Prepend the binary dir to all element of MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS, + # using features that exist in CMake 3.5.1. + string(REPLACE ";" ";${CMAKE_CURRENT_BINARY_DIR}/" + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS + "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + set(MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS + "${CMAKE_CURRENT_BINARY_DIR}/${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + + add_custom_command( + OUTPUT ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${MBEDTLS_DIR}/scripts/generate_config_checks.py + ${CMAKE_CURRENT_BINARY_DIR} + DEPENDS + ${MBEDTLS_DIR}/scripts/generate_config_checks.py + ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/config_checks_generator.py + ) + add_custom_command( OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c @@ -89,6 +122,7 @@ if(GEN_FILES) add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/error.c + ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} ) add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target diff --git a/library/Makefile b/library/Makefile index f8729344b4..f3667ba307 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,7 +5,12 @@ endif TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src +# List the generated files without running a script, so that this +# works with no tooling dependencies when GEN_FILES is disabled. GENERATED_FILES := \ + mbedtls_config_check_before.h \ + mbedtls_config_check_final.h \ + mbedtls_config_check_user.h \ error.c \ version_features.c \ ssl_debug_helpers_generated.c \ @@ -326,6 +331,14 @@ $(GENERATED_WRAPPER_FILES): $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h +GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .) +$(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + ../framework/scripts/mbedtls_framework/config_checks_generator.py +$(GENERATED_CONFIG_CHECK_FILES): + echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" + $(PYTHON) ../scripts/generate_config_checks.py + clean: ifndef WINDOWS rm -f *.o *.s libmbed* From 67b115cfda5fe3e2e221c58d86ed40623f6634f9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:50:45 +0200 Subject: [PATCH 0907/1080] Register crypto's generate_config_files.py outputs as generated files Mbed TLS needs to know the generated files of TF-PSA-Crypto. There's no mechanism for TF-PSA-Crypto to declare them. Signed-off-by: Gilles Peskine --- library/Makefile | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/library/Makefile b/library/Makefile index f3667ba307..21f85b67d9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -13,9 +13,16 @@ GENERATED_FILES := \ mbedtls_config_check_user.h \ error.c \ version_features.c \ - ssl_debug_helpers_generated.c \ + ssl_debug_helpers_generated.c + +# Also list the generated files from crypto that are needed in the build, +# because we don't have the list in a consumable form. +GENERATED_FILES += \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) @@ -339,6 +346,16 @@ $(GENERATED_CONFIG_CHECK_FILES): echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" $(PYTHON) ../scripts/generate_config_checks.py +TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + --list $(TF_PSA_CRYPTO_CORE_PATH)) +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ + ../scripts/generate_config_checks.py \ + ../framework/scripts/mbedtls_framework/config_checks_generator.py +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): + echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" + $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py + clean: ifndef WINDOWS rm -f *.o *.s libmbed* From 6712f1b6af19da1b0c39f59aed772c50cfb80b50 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Sep 2025 20:09:37 +0200 Subject: [PATCH 0908/1080] Use --list-for-cmake with generate_config_checks.py Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b31d2ea70e..063703bfe8 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -77,23 +77,11 @@ if(GEN_FILES) COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${MBEDTLS_DIR}/scripts/generate_config_checks.py - --list "" + --list-for-cmake "${CMAKE_CURRENT_BINARY_DIR}" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/.. OUTPUT_VARIABLE MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS) - # Turn newline-terminated non-empty list into semicolon-separated list. - string(REPLACE "\n" ";" - MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") - string(REGEX REPLACE ";\$" "" - MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") - # Prepend the binary dir to all element of MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS, - # using features that exist in CMake 3.5.1. - string(REPLACE ";" ";${CMAKE_CURRENT_BINARY_DIR}/" - MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS - "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") - set(MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS - "${CMAKE_CURRENT_BINARY_DIR}/${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") add_custom_command( OUTPUT ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} From 62491a93273b1ba0379e3aba4840fe7f94d0d512 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 8 Sep 2025 11:38:30 +0100 Subject: [PATCH 0909/1080] Revert changes to config.py after dependencies have been merged Signed-off-by: Ben Taylor --- scripts/config.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 175b73cf7f..45561df78c 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -94,10 +94,8 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS - 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature @@ -163,7 +161,6 @@ def full_adapter(name, value, active): 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread 'MBEDTLS_TIMING_C', # requires a clock - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection ]) From fec1c002d525f5e1cce1ff25245d55ab5f46663b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Sep 2025 08:17:59 +0100 Subject: [PATCH 0910/1080] Revert changes to analyze outcomes after dependencies have been merged Signed-off-by: Ben Taylor --- tests/scripts/analyze_outcomes.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 88c450fc86..d5843f867e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -132,8 +132,6 @@ def _has_word_re(words: typing.Iterable[str], # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. 'Config: MBEDTLS_PSA_CRYPTO_SPM', # We don't test on armv8 yet. - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # We don't run test_suite_config when we test this. From 8df65636fd47d0748faa2fdc41e9e7412067abaa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 11:44:00 +0200 Subject: [PATCH 0911/1080] Clarify target name for library generated files The target mbedtls_generated_files_target could be misinterpreted as the target covering all project generated files, but it does not. It is specifically the target for files generated to build the mbedtls library. Rename it to libmbedtls_generated_files_target and align x509. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 063703bfe8..4f9da39f54 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -107,13 +107,13 @@ if(GEN_FILES) ${tls_error_headers} ) - add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target + add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/error.c ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} ) - add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target + add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c ${CMAKE_CURRENT_BINARY_DIR}/version_features.c @@ -198,9 +198,9 @@ if(USE_STATIC_MBEDTLS_LIBRARY) if(GEN_FILES) add_dependencies(${mbedx509_static_target} - ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) add_dependencies(${mbedtls_static_target} - ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) endif() endif(USE_STATIC_MBEDTLS_LIBRARY) @@ -219,9 +219,9 @@ if(USE_SHARED_MBEDTLS_LIBRARY) if(GEN_FILES) add_dependencies(${mbedx509_target} - ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) add_dependencies(${mbedtls_target} - ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) endif() endif(USE_SHARED_MBEDTLS_LIBRARY) From 879cba1a67d01317422870ff736057ca2d23247f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 18 Sep 2025 16:55:11 +0200 Subject: [PATCH 0912/1080] cmake: Introduce version and soversion variables Signed-off-by: Ronald Cron --- CMakeLists.txt | 9 +++++++-- library/CMakeLists.txt | 4 ++-- scripts/bump_version.sh | 24 ++++++++++-------------- 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 12ddc2738d..659fd50885 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -37,15 +37,20 @@ cmake_policy(SET CMP0011 NEW) # is deprecated and will be removed in future versions. cmake_policy(SET CMP0012 NEW) +set(MBEDTLS_VERSION 4.0.0) +set(MBEDTLS_CRYPTO_SOVERSION 17) +set(MBEDTLS_X509_SOVERSION 8) +set(MBEDTLS_TLS_SOVERSION 22) + if(TEST_CPP) project("Mbed TLS" LANGUAGES C CXX - VERSION 4.0.0 + VERSION ${MBEDTLS_VERSION} ) else() project("Mbed TLS" LANGUAGES C - VERSION 4.0.0 + VERSION ${MBEDTLS_VERSION} ) endif() diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 4f9da39f54..59e175bb0a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -208,13 +208,13 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedx509_target} SHARED ${src_x509}) set_base_compile_options(${mbedx509_target}) target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 8) + set_target_properties(${mbedx509_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_X509_SOVERSION}) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) set_base_compile_options(${mbedtls_target}) target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) + set_target_properties(${mbedtls_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_TLS_SOVERSION}) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) if(GEN_FILES) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 86ed74eada..a15bb9649b 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -70,18 +70,14 @@ then fi [ $VERBOSE ] && echo "Bumping VERSION in CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < CMakeLists.txt > tmp +sed -e "s/(MBEDTLS_VERSION [0-9.]\{1,\})/(MBEDTLS_VERSION $VERSION)/g" < CMakeLists.txt > tmp mv tmp CMakeLists.txt -[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp -mv tmp library/CMakeLists.txt - if [ "X" != "X$SO_CRYPTO" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/CMakeLists.txt" - sed -e "/mbedcrypto/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_CRYPTO/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in CMakeLists.txt" + sed -e "s/(MBEDTLS_CRYPTO_SOVERSION [0-9]\{1,\})/(MBEDTLS_CRYPTO_SOVERSION $SO_CRYPTO)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/Makefile" sed -e "s/SOEXT_CRYPTO?=so.[0-9]\{1,\}/SOEXT_CRYPTO?=so.$SO_CRYPTO/g" < library/Makefile > tmp @@ -90,9 +86,9 @@ fi if [ "X" != "X$SO_X509" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/CMakeLists.txt" - sed -e "/mbedx509/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_X509/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in CMakeLists.txt" + sed -e "s/(MBEDTLS_X509_SOVERSION [0-9]\{1,\})/(MBEDTLS_X509_SOVERSION $SO_X509)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/Makefile" sed -e "s/SOEXT_X509?=so.[0-9]\{1,\}/SOEXT_X509?=so.$SO_X509/g" < library/Makefile > tmp @@ -101,9 +97,9 @@ fi if [ "X" != "X$SO_TLS" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/CMakeLists.txt" - sed -e "/mbedtls/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_TLS/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in CMakeLists.txt" + sed -e "s/(MBEDTLS_TLS_SOVERSION [0-9]\{1,\})/(MBEDTLS_TLS_SOVERSION $SO_TLS)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/Makefile" sed -e "s/SOEXT_TLS?=so.[0-9]\{1,\}/SOEXT_TLS?=so.$SO_TLS/g" < library/Makefile > tmp From c09a84e2852ab7343df79de054f5b4c3f5dd3481 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 14:34:56 +0200 Subject: [PATCH 0913/1080] cmake: library: Rework and improve the copy of the crypto libraries Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 57 +++++++++++++++++++++++++++++++----------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 59e175bb0a..231e74e018 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -259,22 +259,49 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) get_target_property(target_type ${target} TYPE) if (target_type STREQUAL STATIC_LIBRARY) add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ ${CMAKE_BINARY_DIR}/library) + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) else() + # Copy the crypto shared library from tf-psa-crypto: + # - ".so." on Unix + # - ".dylib" on macOS + # - ".dll" on Windows + # The full path to the file is given by $. + # + # On systems that use .so versioning, also create the symbolic links + # ".so." and ".so", which correspond to + # $ and $, + # respectively. + # + # On Windows, also copy the ".lib" file, whose full path is + # $. + add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) - add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) + if(WIN32 AND NOT CYGWIN) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) + else() + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + $ + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + $ + ) + endif() endif() endforeach(target) From 466a1a29d9934a55fd293b05ac8bc0040c44a5aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 15:27:41 +0200 Subject: [PATCH 0914/1080] cmake: Provide the crypto libs under their historical name Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 231e74e018..45e6f64ab2 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -263,6 +263,9 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + "libmbedcrypto.a" ) else() # Copy the crypto shared library from tf-psa-crypto: @@ -278,20 +281,38 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) # # On Windows, also copy the ".lib" file, whose full path is # $. - + # + # Provide also the crypto libraries under their historical names: + # "libmbedcrypto.*" add_custom_command( TARGET ${mbedtls_target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ ) - if(WIN32 AND NOT CYGWIN) + if(APPLE) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + libmbedcrypto.dylib + ) + elseif(WIN32 AND NOT CYGWIN) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + libmbedcrypto.dll + ) add_custom_command( TARGET ${mbedtls_target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ - ) + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + libmbedcrypto.lib + ) else() add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -301,7 +322,16 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E create_symlink $ $ - ) + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + libmbedcrypto.so.${MBEDTLS_VERSION} + COMMAND ${CMAKE_COMMAND} -E create_symlink + libmbedcrypto.so.${MBEDTLS_VERSION} + libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} + COMMAND ${CMAKE_COMMAND} -E create_symlink + libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} + libmbedcrypto.so + ) endif() endif() endforeach(target) From a33b371f36f9e271ff40f272a0a2346a5add8ee5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 22 Sep 2025 14:21:16 +0200 Subject: [PATCH 0915/1080] programs/tests/dlopen.c: Prioritize libtfpsacrypto.so Prioritize libtfpsacrypto.so over libmbedcrypto.so as the crypto library to load to be sure we test the loading of libtfpsacrypto.so. Signed-off-by: Ronald Cron --- programs/test/dlopen.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 58a6af52e7..2a67635f0d 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -84,13 +84,13 @@ int main(void) #if defined(MBEDTLS_MD_C) const char *crypto_so_filename = NULL; - void *crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); + void *crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); if (dlerror() == NULL) { - crypto_so_filename = MBEDCRYPTO_SO_FILENAME; - } else { - crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME); crypto_so_filename = TFPSACRYPTO_SO_FILENAME; + } else { + crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); + CHECK_DLERROR("dlopen", MBEDCRYPTO_SO_FILENAME); + crypto_so_filename = MBEDCRYPTO_SO_FILENAME; } #pragma GCC diagnostic push /* dlsym() returns an object pointer which is meant to be used as a From 35d59c6cb62c665a87f99138f318961fb1d7a38f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 17:16:01 +0200 Subject: [PATCH 0916/1080] cmake: Install libmbedcrypto.* libraries Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 32 ++++++++++++++++++- .../test/cmake_package_install/CMakeLists.txt | 1 + tests/scripts/components-build-system.sh | 10 ++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 45e6f64ab2..0cc654d35e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -267,6 +267,10 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) $ "libmbedcrypto.a" ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.a" + ) else() # Copy the crypto shared library from tf-psa-crypto: # - ".so." on Unix @@ -296,7 +300,11 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E create_symlink $ libmbedcrypto.dylib - ) + ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.dylib" + ) elseif(WIN32 AND NOT CYGWIN) add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -313,6 +321,14 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) $ libmbedcrypto.lib ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_BINDIR} + RENAME "libmbedcrypto.dll" + ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.lib" + ) else() add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -332,6 +348,20 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} libmbedcrypto.so ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.so.${MBEDTLS_VERSION}" + ) + install(CODE " + set(_libdir \"\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}\") + + execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink + \"libmbedcrypto.so.${MBEDTLS_VERSION}\" + \${_libdir}/libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}) + execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink + \"libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}\" + \${_libdir}/libmbedcrypto.so) + ") endif() endif() endforeach(target) diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index 60a4481e48..723538f7f7 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -17,6 +17,7 @@ execute_process( "-DENABLE_TESTING=NO" # Turn on generated files explicitly in case this is a release "-DGEN_FILES=ON" + "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}") execute_process( diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index e533cdf0f9..9a277e3c56 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -138,6 +138,16 @@ component_test_cmake_as_package_install () { cd programs/test/cmake_package_install cmake . make + + if ! cmp -s "mbedtls/lib/libtfpsacrypto.a" "mbedtls/lib/libmbedcrypto.a"; then + echo "Error: Crypto static libraries are different or one of them is missing/unreadable." >&2 + exit 1 + fi + if ! cmp -s "mbedtls/lib/libtfpsacrypto.so" "mbedtls/lib/libmbedcrypto.so"; then + echo "Error: Crypto shared libraries are different or one of them is missing/unreadable." >&2 + exit 1 + fi + ./cmake_package_install } From d57a0985ab762846b024814a0f43eebab678798e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Sep 2025 15:51:35 +0200 Subject: [PATCH 0917/1080] Add dependency of tf_psa_crypto_config on generated config check headers Fix the build of libtfpsacrypto when generated files are not already present. Signed-off-by: Gilles Peskine --- library/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/Makefile b/library/Makefile index 21f85b67d9..a0b6d6eb1d 100644 --- a/library/Makefile +++ b/library/Makefile @@ -356,6 +356,8 @@ $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py +$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) + clean: ifndef WINDOWS rm -f *.o *.s libmbed* From 9da0dce84557c2464ece6a3f452658b41c80b0eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Sep 2025 15:55:10 +0200 Subject: [PATCH 0918/1080] Bypass config checks when setting a low-level option directly Signed-off-by: Gilles Peskine --- tests/scripts/components-configuration-crypto.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 28fc189d0a..0aeaa673df 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2436,7 +2436,10 @@ component_test_xts () { # supported through the PSA API. msg "build: Default + MBEDTLS_CIPHER_MODE_XTS" - echo "#define MBEDTLS_CIPHER_MODE_XTS" > psa_user_config.h + cat <<'EOF' >psa_user_config.h +#define MBEDTLS_CIPHER_MODE_XTS +#define TF_PSA_CRYPTO_CONFIG_CHECK_BYPASS +EOF cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h" make From 9a05bb901adf62280194bd82922d2cda9d00fa9d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 14:43:01 +0200 Subject: [PATCH 0919/1080] Update framework Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 92f5d45b22..59d77ef052 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 92f5d45b2293363952bdbe28a7b2fcfe4a0d163a +Subproject commit 59d77ef0528f368b7c8cc39870fef6adab5241db From bb02ec121ea97b6cd71599021cc712b10deb500f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 28 Aug 2025 14:43:59 +0200 Subject: [PATCH 0920/1080] Prepare abi_check.py to scripts/legacy.make Signed-off-by: Ronald Cron --- scripts/abi_check.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 542136305b..243e6fc482 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -233,8 +233,14 @@ def _build_shared_libraries(self, git_worktree_path, version): my_environment["SHARED"] = "1" if os.path.exists(os.path.join(git_worktree_path, "crypto")): my_environment["USE_CRYPTO_SUBMODULE"] = "1" + + if os.path.exists(os.path.join(git_worktree_path, "scripts", "legacy.make")): + command = [self.make_command, "-f", "scripts/legacy.make", "lib"] + else: + command = [self.make_command, "lib"] + make_output = subprocess.check_output( - [self.make_command, "lib"], + command, env=my_environment, cwd=git_worktree_path, stderr=subprocess.STDOUT From 401f20fb352a1d04edd2e9cdd48659e1d774afd1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 14:50:10 +0200 Subject: [PATCH 0921/1080] Prepare test components to scripts/legacy.make Signed-off-by: Ronald Cron --- tests/scripts/components-basic-checks.sh | 6 +- tests/scripts/components-build-system.sh | 10 +- tests/scripts/components-compiler.sh | 32 +-- .../components-configuration-crypto.sh | 202 +++++++++--------- .../components-configuration-platform.sh | 26 +-- tests/scripts/components-configuration-tls.sh | 40 ++-- .../scripts/components-configuration-x509.sh | 8 +- tests/scripts/components-configuration.sh | 48 ++--- tests/scripts/components-platform.sh | 122 +++++------ tests/scripts/components-psasim.sh | 4 +- 10 files changed, 249 insertions(+), 249 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index c7d8161893..74b3ab3055 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -18,14 +18,14 @@ component_check_recursion () { component_check_generated_files () { msg "Check make_generated_files.py consistency" - make neat + $MAKE_COMMAND neat $FRAMEWORK/scripts/make_generated_files.py $FRAMEWORK/scripts/make_generated_files.py --check - make neat + $MAKE_COMMAND neat msg "Check files generated with make" MBEDTLS_ROOT_DIR="$PWD" - make generated_files + $MAKE_COMMAND generated_files $FRAMEWORK/scripts/make_generated_files.py --check cd $TF_PSA_CRYPTO_ROOT_DIR diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index e533cdf0f9..8a84911b41 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -11,7 +11,7 @@ component_test_make_shared () { msg "build/test: make shared" # ~ 40s - make SHARED=1 TEST_CPP=1 all check + $MAKE_COMMAND SHARED=1 TEST_CPP=1 all check ldd programs/util/strerror | grep libmbedcrypto $FRAMEWORK/tests/programs/dlopen_demo.sh } @@ -58,7 +58,7 @@ support_test_cmake_out_of_source () { component_test_cmake_out_of_source () { # Remove existing generated files so that we use the ones cmake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'out-of-source' build" MBEDTLS_ROOT_DIR="$PWD" @@ -90,7 +90,7 @@ component_test_cmake_out_of_source () { component_test_cmake_as_subdirectory () { # Remove existing generated files so that we use the ones CMake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'as-subdirectory' build" cd programs/test/cmake_subproject @@ -107,7 +107,7 @@ support_test_cmake_as_subdirectory () { component_test_cmake_as_package () { # Remove existing generated files so that we use the ones CMake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'as-package' build" root_dir="$(pwd)" @@ -132,7 +132,7 @@ support_test_cmake_as_package () { component_test_cmake_as_package_install () { # Remove existing generated files so that we use the ones CMake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'as-installed-package' build" cd programs/test/cmake_package_install diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 9e74572c13..6ccb57d700 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -27,13 +27,13 @@ test_build_opt () { $cc --version for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" + $MAKE_COMMAND CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 # skip inline assembly. - make test # ~30s - make clean + $MAKE_COMMAND test # ~30s + $MAKE_COMMAND clean done } @@ -94,10 +94,10 @@ component_test_gcc15_drivers_opt () { loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: GCC 15: full + test drivers dispatching to builtins" - make test + $MAKE_COMMAND test } component_test_gcc_earliest_opt () { @@ -111,21 +111,21 @@ support_test_gcc_earliest_opt () { component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs # note Make tests only builds the tests, but doesn't run them - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests - make WINDOWS_BUILD=1 clean + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests + $MAKE_COMMAND WINDOWS_BUILD=1 clean msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests - make WINDOWS_BUILD=1 clean + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests + $MAKE_COMMAND WINDOWS_BUILD=1 clean msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s ./scripts/config.py unset MBEDTLS_AESNI_C # - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib - make WINDOWS_BUILD=1 clean + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib + $MAKE_COMMAND WINDOWS_BUILD=1 clean } support_build_mingw () { @@ -141,7 +141,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + $MAKE_COMMAND CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } component_test_zeroize () { @@ -162,12 +162,12 @@ component_test_zeroize () { for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + $MAKE_COMMAND programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log grep "The buffer was correctly zeroized" test_zeroize.log not grep -i "error" test_zeroize.log rm -f test_zeroize.log - make clean + $MAKE_COMMAND clean done done } diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 28fc189d0a..434fa07462 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -47,7 +47,7 @@ component_test_crypto_with_static_key_slots() { scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test + $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test } # check_renamed_symbols HEADER LIB @@ -67,7 +67,7 @@ component_build_psa_crypto_spm () { # We can only compile, not link, since our test and sample programs # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM # is active. - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib # Check that if a symbol is renamed by crypto_spe.h, the non-renamed # version is not present. @@ -138,16 +138,16 @@ component_test_psa_crypto_without_heap() { helper_libtestdriver1_make_main "$loc_accel_list" tests msg "crypto without heap: test" - make test + $MAKE_COMMAND test } component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - make + $MAKE_COMMAND msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - make test + $MAKE_COMMAND test } component_test_no_pem_no_fs () { @@ -241,10 +241,10 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" - make test + $MAKE_COMMAND test msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|opaque' @@ -257,10 +257,10 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - make test + $MAKE_COMMAND test msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" tests/ssl-opt.sh -f 'Default\|opaque' @@ -273,14 +273,14 @@ component_full_no_pkparse_pkwrite () { scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o msg "test: full without pkparse and pkwrite" - make test + $MAKE_COMMAND test } component_test_crypto_full_md_light_only () { @@ -300,14 +300,14 @@ component_test_crypto_full_md_light_only () { # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o msg "test: crypto_full with only the light subset of MD" - make test + $MAKE_COMMAND test } component_test_full_no_cipher () { @@ -334,13 +334,13 @@ component_test_full_no_cipher () { # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C - make + $MAKE_COMMAND # Ensure that CIPHER_C was not re-enabled not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o msg "test: full no CIPHER" - make test + $MAKE_COMMAND test } component_test_full_no_ccm () { @@ -359,10 +359,10 @@ component_test_full_no_ccm () { # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py unset PSA_WANT_ALG_CCM - make + $MAKE_COMMAND msg "test: full no PSA_WANT_ALG_CCM" - make test + $MAKE_COMMAND test } component_test_full_no_ccm_star_no_tag () { @@ -390,13 +390,13 @@ component_test_full_no_ccm_star_no_tag () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - make + $MAKE_COMMAND # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - make test + $MAKE_COMMAND test } component_test_config_symmetric_only () { @@ -444,10 +444,10 @@ component_test_everest_curve25519_only () { scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: Everest ECDH context, only Curve25519" # ~ 50s - make test + $MAKE_COMMAND test } component_test_psa_collect_statuses () { @@ -491,14 +491,14 @@ component_test_crypto_for_psa_service () { scripts/config.py unset MBEDTLS_PK_C scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - make CFLAGS='-O1 -Werror' all test + $MAKE_COMMAND CFLAGS='-O1 -Werror' all test are_empty_libraries library/libmbedx509.* library/libmbedtls.* } component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal - make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" + $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -543,10 +543,10 @@ component_test_psa_crypto_config_ffdh_2048_only () { scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" msg "test: full config - only DH 2048" - make test + $MAKE_COMMAND test msg "ssl-opt: full config - only DH 2048" tests/ssl-opt.sh -f "ffdh" @@ -587,7 +587,7 @@ component_test_psa_crypto_config_accel_ecdsa () { # ------------- msg "test: accelerated ECDSA" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ecdh () { @@ -623,7 +623,7 @@ component_test_psa_crypto_config_accel_ecdh () { # ------------- msg "test: accelerated ECDH" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ffdh () { @@ -654,7 +654,7 @@ component_test_psa_crypto_config_accel_ffdh () { # ------------- msg "test: full with accelerated FFDH" - make test + $MAKE_COMMAND test msg "ssl-opt: full with accelerated FFDH alg" tests/ssl-opt.sh -f "ffdh" @@ -666,10 +666,10 @@ component_test_psa_crypto_config_reference_ffdh () { # Start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" - make + $MAKE_COMMAND msg "test suites: full with non-accelerated FFDH alg" - make test + $MAKE_COMMAND test msg "ssl-opt: full with non-accelerated FFDH alg" tests/ssl-opt.sh -f "ffdh" @@ -704,7 +704,7 @@ component_test_psa_crypto_config_accel_pake () { # ------------- msg "test: full with accelerated PAKE" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ecc_some_key_types () { @@ -758,7 +758,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # ------------- msg "test suites: full with accelerated EC algs and some key types" - make test + $MAKE_COMMAND test } # Run tests with only (non-)Weierstrass accelerated @@ -864,7 +864,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # ------------- msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { @@ -938,7 +938,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # ------------- msg "test suites: full with accelerated EC algs" - make test + $MAKE_COMMAND test msg "ssl-opt: full with accelerated EC algs" tests/ssl-opt.sh @@ -950,10 +950,10 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { config_psa_crypto_config_ecp_light_only 0 - make + $MAKE_COMMAND msg "test suites: full with non-accelerated EC algs" - make test + $MAKE_COMMAND test msg "ssl-opt: full with non-accelerated EC algs" tests/ssl-opt.sh @@ -1034,7 +1034,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # ------------- msg "test: full + accelerated EC algs - ECP" - make test + $MAKE_COMMAND test msg "ssl-opt: full + accelerated EC algs - ECP" tests/ssl-opt.sh @@ -1048,10 +1048,10 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all 0 - make + $MAKE_COMMAND msg "test: full + non accelerated EC algs" - make test + $MAKE_COMMAND test msg "ssl-opt: full + non accelerated EC algs" tests/ssl-opt.sh @@ -1183,7 +1183,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - make test + $MAKE_COMMAND test msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" tests/ssl-opt.sh @@ -1214,10 +1214,10 @@ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - make + $MAKE_COMMAND msg "test suites: full + non accelerated EC algs + USE_PSA" - make test + $MAKE_COMMAND test msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" tests/ssl-opt.sh @@ -1273,7 +1273,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config # Build crypto library - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o @@ -1292,7 +1292,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - make test + $MAKE_COMMAND test } # Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as @@ -1306,7 +1306,7 @@ component_test_tfm_config_no_p256m () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_PSA_P256M_DRIVER_ENABLED msg "build: TF-M config without p256m" - make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests + $MAKE_COMMAND CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests # Check that p256m was not built not grep p256_ecdsa_ library/libmbedcrypto.a @@ -1316,7 +1316,7 @@ component_test_tfm_config_no_p256m () { not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o msg "test: TF-M config without p256m" - make test + $MAKE_COMMAND test } # This is an helper used by: @@ -1340,10 +1340,10 @@ build_and_test_psa_want_key_pair_partial () { # crypto_config.h so we just disable the one we don't want. scripts/config.py unset "$disabled_psa_want" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: $base_config - ${disabled_psa_want}" - make test + $MAKE_COMMAND test } component_test_psa_ecc_key_pair_no_derive () { @@ -1405,7 +1405,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () { # ------------- msg "test: crypto_full with accelerated RSA" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_reference_rsa_crypto () { @@ -1417,12 +1417,12 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # Build # ----- - make + $MAKE_COMMAND # Run the tests # ------------- msg "test: crypto_full with non-accelerated RSA" - make test + $MAKE_COMMAND test } # This is a temporary test to verify that full RSA support is present even when @@ -1452,10 +1452,10 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - make + $MAKE_COMMAND msg "Test: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - make test + $MAKE_COMMAND test # Parse only 1 relevant line from the outcome file, i.e. a test which is # performing RSA signature. @@ -1499,7 +1499,7 @@ component_test_psa_crypto_config_accel_hash () { # ------------- msg "test: accelerated hash" - make test + $MAKE_COMMAND test } # Auxiliary function to build config for hashes with and without drivers @@ -1548,7 +1548,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () { # ------------- msg "test: full with accelerated hashes" - make test + $MAKE_COMMAND test # This is mostly useful so that we can later compare outcome files with # the reference config in analyze_outcomes.py, to check that the @@ -1571,10 +1571,10 @@ component_test_psa_crypto_config_reference_hash_use_psa () { config_psa_crypto_hash_use_psa 0 - make + $MAKE_COMMAND msg "test: full without accelerated hashes" - make test + $MAKE_COMMAND test msg "test: ssl-opt.sh, full without accelerated hashes" tests/ssl-opt.sh @@ -1632,7 +1632,7 @@ component_test_psa_crypto_config_accel_hmac () { # ------------- msg "test: full with accelerated hmac" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_reference_hmac () { @@ -1640,10 +1640,10 @@ component_test_psa_crypto_config_reference_hmac () { config_psa_crypto_hmac_use_psa 0 - make + $MAKE_COMMAND msg "test: full without accelerated hmac" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_aead () { @@ -1677,7 +1677,7 @@ component_test_psa_crypto_config_accel_aead () { # ------------- msg "test: accelerated AEAD" - make test + $MAKE_COMMAND test } # This is a common configuration function used in: @@ -1734,7 +1734,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { # ------------- msg "test: full config with accelerated cipher inc. AEAD and CMAC" - make test + $MAKE_COMMAND test msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" # Exclude password-protected key tests — they require built-in CBC and AES. @@ -1752,10 +1752,10 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { # This can be removed once we remove DES from the library. scripts/config.py unset PSA_WANT_KEY_TYPE_DES - make + $MAKE_COMMAND msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" - make test + $MAKE_COMMAND test msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. @@ -1826,7 +1826,7 @@ component_test_full_block_cipher_psa_dispatch_static_keystore () { # ------------- msg "test: full + PSA dispatch in block_cipher with static keystore" - make test + $MAKE_COMMAND test } component_test_full_block_cipher_psa_dispatch () { @@ -1857,7 +1857,7 @@ component_test_full_block_cipher_psa_dispatch () { # ------------- msg "test: full + PSA dispatch in block_cipher" - make test + $MAKE_COMMAND test } # This is the reference component of component_test_full_block_cipher_psa_dispatch @@ -1866,20 +1866,20 @@ component_test_full_block_cipher_legacy_dispatch () { common_block_cipher_dispatch 0 - make + $MAKE_COMMAND msg "test: full + legacy dispatch in block_cipher" - make test + $MAKE_COMMAND test } component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" - make test + $MAKE_COMMAND test } component_test_aead_only_ccm () { @@ -1887,10 +1887,10 @@ component_test_aead_only_ccm () { scripts/config.py full scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py unset PSA_WANT_ALG_GCM - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" - make test + $MAKE_COMMAND test } component_test_ccm_aes_sha256 () { @@ -1900,9 +1900,9 @@ component_test_ccm_aes_sha256 () { echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H" cp tf-psa-crypto/configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" - make + $MAKE_COMMAND msg "test: CCM + AES + SHA256 configuration" - make test + $MAKE_COMMAND test } # Test that the given .o file builds with all (valid) combinations of the given options. @@ -2044,12 +2044,12 @@ END END msg "all loops unrolled" - make clean + $MAKE_COMMAND clean make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" ./tf-psa-crypto/tests/test_suite_shax msg "all loops rolled up" - make clean + $MAKE_COMMAND clean make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0" ./tf-psa-crypto/tests/test_suite_shax } @@ -2091,10 +2091,10 @@ component_test_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" - make test + $MAKE_COMMAND test } component_test_no_ctr_drbg_aes_only_128_bit_keys () { @@ -2103,10 +2103,10 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CC=clang CFLAGS='-Werror -Wall -Wextra' + $MAKE_COMMAND CC=clang CFLAGS='-Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - make test + $MAKE_COMMAND test } component_test_aes_only_128_bit_keys_have_builtins () { @@ -2116,10 +2116,10 @@ component_test_aes_only_128_bit_keys_have_builtins () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - make test + $MAKE_COMMAND test msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" programs/test/selftest @@ -2131,38 +2131,38 @@ component_test_gcm_largetable () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C" - make test + $MAKE_COMMAND test } component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES" - make test + $MAKE_COMMAND test } component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_ROM_TABLES" - make test + $MAKE_COMMAND test } component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" - make test + $MAKE_COMMAND test } # helper for component_test_block_cipher_no_decrypt_aesni() which: @@ -2200,8 +2200,8 @@ helper_block_cipher_no_decrypt_build_test () { [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - make clean - make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" + $MAKE_COMMAND clean + $MAKE_COMMAND CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o @@ -2213,7 +2213,7 @@ helper_block_cipher_no_decrypt_build_test () { not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - make test + $MAKE_COMMAND test msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" programs/test/selftest @@ -2352,10 +2352,10 @@ component_test_full_static_keystore () { msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - make test + $MAKE_COMMAND test } component_test_psa_crypto_drivers () { @@ -2373,20 +2373,20 @@ component_test_psa_crypto_drivers () { loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include" - make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: full + test drivers dispatching to builtins" - make test + $MAKE_COMMAND test } component_build_psa_config_file () { msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE" # ~40s cp "$CRYPTO_CONFIG_H" psa_test_config.h echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" - make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" # Make sure this feature is enabled. We'll disable it in the next phase. programs/test/query_compile_time_config PSA_WANT_ALG_CMAC - make clean + $MAKE_COMMAND clean msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s # In the user config, disable one feature and its dependencies, which will @@ -2394,7 +2394,7 @@ component_build_psa_config_file () { # query_compile_time_config. echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h - make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC rm -f psa_test_config.h psa_user_config.h @@ -2410,7 +2410,7 @@ component_build_psa_alt_headers () { # Build the library and some programs. # Don't build the fuzzers to avoid having to go through hoops to set # a correct include path for programs/fuzz/Makefile. - make CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib + $MAKE_COMMAND CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" # Check that we're getting the alternative include guards and not the diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index b408bec618..11885f8840 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -28,11 +28,11 @@ component_test_psa_driver_get_entropy() scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY - make + $MAKE_COMMAND # Run all the tests msg "test: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" - make test + $MAKE_COMMAND test } component_build_no_sockets () { @@ -43,7 +43,7 @@ component_build_no_sockets () { scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY # prevent syscall() on GNU/Linux scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib } component_test_no_date_time () { @@ -73,10 +73,10 @@ component_test_have_int32 () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' msg "test: gcc, force 32-bit bignum limbs" - make test + $MAKE_COMMAND test } component_test_have_int64 () { @@ -84,10 +84,10 @@ component_test_have_int64 () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' msg "test: gcc, force 64-bit bignum limbs" - make test + $MAKE_COMMAND test } component_test_have_int32_cmake_new_bignum () { @@ -97,28 +97,28 @@ component_test_have_int32_cmake_new_bignum () { scripts/config.py unset MBEDTLS_AESCE_C scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" - make test + $MAKE_COMMAND test } component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CFLAGS='-Werror -O1' + $MAKE_COMMAND CFLAGS='-Werror -O1' msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - make test + $MAKE_COMMAND test } component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CFLAGS='-Werror -O1' + $MAKE_COMMAND CFLAGS='-Werror -O1' msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - make test + $MAKE_COMMAND test } diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index d69b5853c7..5a77c4defc 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -67,10 +67,10 @@ component_test_tls1_2_default_stream_cipher_only () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C - make + $MAKE_COMMAND msg "test: default with only stream cipher use psa" - make test + $MAKE_COMMAND test # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. } @@ -95,10 +95,10 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C - make + $MAKE_COMMAND msg "test: default with only CBC-legacy cipher use psa" - make test + $MAKE_COMMAND test msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" tests/ssl-opt.sh -f "TLS 1.2" @@ -124,10 +124,10 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C - make + $MAKE_COMMAND msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" - make test + $MAKE_COMMAND test msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" tests/ssl-opt.sh -f "TLS 1.2" @@ -245,7 +245,7 @@ build_full_minus_something_and_test_tls () { scripts/config.py unset $sym done - make + $MAKE_COMMAND msg "test: full minus something, test TLS" ( cd tests; ./test_suite_ssl ) @@ -272,14 +272,14 @@ component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_SRV_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' } component_build_no_ssl_cli () { msg "build: full config except SSL client, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_CLI_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' } component_test_no_max_fragment_length () { @@ -370,10 +370,10 @@ component_test_when_no_ciphersuites_have_mac () { scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES - make + $MAKE_COMMAND msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" - make test + $MAKE_COMMAND test msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' @@ -401,10 +401,10 @@ component_test_tls13_only () { scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test: TLS 1.3 only, all key exchange modes enabled" - make test + $MAKE_COMMAND test msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" tests/ssl-opt.sh @@ -438,7 +438,7 @@ component_test_tls13_only_psk () { scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" cd tests; ./test_suite_ssl; cd .. @@ -454,7 +454,7 @@ component_test_tls13_only_ephemeral () { scripts/config.py unset MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -473,7 +473,7 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py unset PSA_WANT_ALG_ECDH - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -498,7 +498,7 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -524,7 +524,7 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -548,7 +548,7 @@ component_test_tls13_only_psk_all () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" cd tests; ./test_suite_ssl; cd .. @@ -563,7 +563,7 @@ component_test_tls13_only_ephemeral_all () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" cd tests; ./test_suite_ssl; cd .. diff --git a/tests/scripts/components-configuration-x509.sh b/tests/scripts/components-configuration-x509.sh index 800d98ed69..8010a2a2e6 100644 --- a/tests/scripts/components-configuration-x509.sh +++ b/tests/scripts/components-configuration-x509.sh @@ -14,10 +14,10 @@ component_test_no_x509_info () { scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.py set MBEDTLS_X509_REMOVE_INFO - make CFLAGS='-Werror -O2' + $MAKE_COMMAND CFLAGS='-Werror -O2' msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s - make test + $MAKE_COMMAND test msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min tests/ssl-opt.sh @@ -28,8 +28,8 @@ component_test_sw_inet_pton () { # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" + $MAKE_COMMAND CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" msg "test: default plus MBEDTLS_TEST_SW_INET_PTON" - make test + $MAKE_COMMAND test } diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index a35704f299..89104a3bab 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -11,12 +11,12 @@ component_test_default_out_of_box () { msg "build: make, default config (out-of-box)" # ~1min - make + $MAKE_COMMAND # Disable fancy stuff unset MBEDTLS_TEST_OUTCOME_FILE msg "test: main suites make, default config (out-of-box)" # ~10s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~10s programs/test/selftest @@ -160,19 +160,19 @@ component_test_default_no_deprecated () { # configuration leaves something consistent. msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s scripts/config.py set MBEDTLS_DEPRECATED_REMOVED - make CFLAGS='-O -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s - make test + $MAKE_COMMAND test } component_test_full_no_deprecated () { msg "build: make, full_no_deprecated config" # ~ 30s scripts/config.py full_no_deprecated - make CFLAGS='-O -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config" # ~ 5s - make test + $MAKE_COMMAND test msg "test: ensure that X509 has no direct dependency on BIGNUM_C" not grep mbedtls_mpi library/libmbedx509.a @@ -186,10 +186,10 @@ component_test_full_no_deprecated_deprecated_warning () { scripts/config.py full_no_deprecated scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED scripts/config.py set MBEDTLS_DEPRECATED_WARNING - make CFLAGS='-O -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s - make test + $MAKE_COMMAND test } component_test_full_deprecated_warning () { @@ -201,17 +201,17 @@ component_test_full_deprecated_warning () { # Expect warnings from '#warning' directives in check_config.h. # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to # display #warning messages without them being treated as errors. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs + $MAKE_COMMAND CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. # Expect warnings from '#warning' directives in check_config.h and # from the use of deprecated functions in test suites. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests + $MAKE_COMMAND CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s - make test + $MAKE_COMMAND test msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s tests/scripts/run_demos.py @@ -220,7 +220,7 @@ component_test_full_deprecated_warning () { component_build_baremetal () { msg "build: make, baremetal config" scripts/config.py baremetal - make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" + $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" } support_build_baremetal () { @@ -240,20 +240,20 @@ component_build_tfm () { cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" - make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" + $MAKE_COMMAND lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" msg "build: TF-M config, gcc native build" - make clean - make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe" + $MAKE_COMMAND clean + $MAKE_COMMAND lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe" } component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: malloc(0) returns NULL (ASan+UBSan build)" - make test + $MAKE_COMMAND test msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" # Just the calloc selftest. "make test" ran the others as part of the @@ -288,24 +288,24 @@ component_test_no_platform () { scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds - make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test } component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s scripts/config.py -w full_config.h full echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" # Make sure this feature is enabled. We'll disable it in the next phase. programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - make clean + $MAKE_COMMAND clean msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE" # In the user config, disable one feature (for simplicity, pick a feature # that nothing else depends on). echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES rm -f user_config.h full_config.h @@ -319,10 +319,10 @@ component_test_no_strings () { scripts/config.py unset MBEDTLS_ERROR_C scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY scripts/config.py unset MBEDTLS_VERSION_FEATURES - make CFLAGS='-Werror -Os' + $MAKE_COMMAND CFLAGS='-Werror -Os' msg "test: no strings" # ~ 10s - make test + $MAKE_COMMAND test } component_test_memory_buffer_allocator_backtrace () { diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 4c297483f6..d6eef6f781 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -19,10 +19,10 @@ component_test_m32_no_asm () { scripts/config.py full scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc, no asm (ASan build)" - make test + $MAKE_COMMAND test } support_test_m32_no_asm () { @@ -38,10 +38,10 @@ component_test_m32_o2 () { msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc -O2 (ASan build)" - make test + $MAKE_COMMAND test msg "test ssl-opt.sh, i386, make, gcc-O2" tests/ssl-opt.sh @@ -55,10 +55,10 @@ component_test_m32_everest () { msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s - make test + $MAKE_COMMAND test msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s tests/ssl-opt.sh -f ECDH @@ -75,10 +75,10 @@ support_test_m32_everest () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' msg "test: 64-bit ILP32, make, gcc" - make test + $MAKE_COMMAND test } support_test_mx32 () { @@ -118,16 +118,16 @@ component_test_aesni () { # ~ 60s # test the intrinsics implementation msg "AES tests, test intrinsics" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' # check that the intrinsics implementation is in use - this should be used by default when # supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # test the asm implementation msg "AES tests, test assembly" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' # check that the assembly implementation is in use - this should be used if the compiler # does not support intrinsics ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI ASSEMBLY" @@ -136,8 +136,8 @@ component_test_aesni () { # ~ 60s scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, plain C" - make clean - make CC=gcc CFLAGS='-O2 -Werror' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror' # check that the plain C implementation is present and the AESNI one is not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o @@ -148,8 +148,8 @@ component_test_aesni () { # ~ 60s scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' # check that the AESNI implementation is present and the plain C one is not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o @@ -172,8 +172,8 @@ component_test_aesni_m32 () { # ~ 60s # test the intrinsics implementation with gcc msg "AES tests, test intrinsics (gcc)" - make clean - make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # check that both the AESNI and plain C implementations are present @@ -184,8 +184,8 @@ component_test_aesni_m32 () { # ~ 60s scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" - make clean - make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" # check that the AESNI implementation is present and the plain C one is not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o @@ -206,8 +206,8 @@ component_test_aesni_m32_clang () { # test the intrinsics implementation with clang msg "AES tests, test intrinsics (clang)" - make clean - make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # check that both the AESNI and plain C implementations are present @@ -227,51 +227,51 @@ component_build_aes_armce () { scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "clang, test aarch64 crypto instructions built" grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" msg "clang, test A32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" msg "clang, test T32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY msg "MBEDTLS_AES_USE_both, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "clang, test aarch64 crypto instructions built" grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_both, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" msg "clang, test A32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_both, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" msg "clang, test T32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s scripts/config.py unset MBEDTLS_AESCE_C msg "no MBEDTLS_AESCE_C, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" msg "clang, test aarch64 crypto instructions not built" not grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "no MBEDTLS_AESCE_C, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" msg "clang, test A32 crypto instructions not built" not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "no MBEDTLS_AESCE_C, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" msg "clang, test T32 crypto instructions not built" not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s } @@ -287,44 +287,44 @@ component_build_sha_armce () { # Test variations of SHA256 Armv8 crypto extensions scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test aarch64 crypto instructions built" grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test A32 crypto instructions built" grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, test aarch64 crypto instructions built" grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT # examine the disassembly for absence of SHA instructions msg "clang, test A32 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s msg "clang, test T32 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s msg "clang, test aarch64 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" not grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s } component_test_arm_linux_gnueabi_gcc_arm5vte () { # Mimic Debian armel port msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, default config" # ~4m - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' msg "test: main suites make, default config (out-of-box)" # ~7m 40s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -341,10 +341,10 @@ support_test_arm_linux_gnueabi_gcc_arm5vte () { # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os component_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -O0, thumb 1, default config" # ~2m 10s - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb' msg "test: main suites make, default config (out-of-box)" # ~36m - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~10s programs/test/selftest @@ -359,10 +359,10 @@ support_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { component_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -Os, thumb 1, default config" # ~3m 10s - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb' msg "test: main suites make, default config (out-of-box)" # ~21m 10s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~2s programs/test/selftest @@ -377,10 +377,10 @@ support_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { component_test_arm_linux_gnueabihf_gcc_armv7 () { msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -O2, A32, default config" # ~4m 30s - make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm' msg "test: main suites make, default config (out-of-box)" # ~3m 30s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -395,10 +395,10 @@ support_test_arm_linux_gnueabihf_gcc_armv7 () { component_test_arm_linux_gnueabihf_gcc_thumb_2 () { msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -Os, thumb 2, default config" # ~4m - make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb' msg "test: main suites make, default config (out-of-box)" # ~3m 40s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -413,10 +413,10 @@ support_test_arm_linux_gnueabihf_gcc_thumb_2 () { component_test_aarch64_linux_gnu_gcc () { msg "test: ${AARCH64_LINUX_GNU_GCC_PREFIX}gcc -O2, default config" # ~3m 50s - make CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2' + $MAKE_COMMAND CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2' msg "test: main suites make, default config (out-of-box)" # ~1m 50s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -433,7 +433,7 @@ support_test_aarch64_linux_gnu_gcc () { component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o @@ -449,7 +449,7 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () { # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments. # Build everything including programs, see for example # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720 - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o @@ -467,7 +467,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { # This is an imperfect substitute for # component_build_arm_linux_gnueabi_gcc_arm5vte # in case the gcc-arm-linux-gnueabi toolchain is not available - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o @@ -478,7 +478,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { component_build_arm_none_eabi_gcc_m0plus () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s scripts/config.py baremetal_size - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o @@ -494,7 +494,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" not grep __aeabi_uldiv library/*.o not grep __aeabi_uldiv ${PSA_CORE_PATH}/*.o @@ -505,7 +505,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" not grep __aeabi_lmul library/*.o not grep __aeabi_lmul ${PSA_CORE_PATH}/*.o @@ -518,17 +518,17 @@ component_build_arm_clang_thumb () { scripts/config.py baremetal msg "build: clang thumb 2, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib + $MAKE_COMMAND clean + $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os msg "build: clang thumb 1 -O0, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib + $MAKE_COMMAND clean + $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib msg "build: clang thumb 1 -Os, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib + $MAKE_COMMAND clean + $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib } component_build_armcc () { diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh index a20f917ddb..e3952c5095 100644 --- a/tests/scripts/components-psasim.sh +++ b/tests/scripts/components-psasim.sh @@ -83,7 +83,7 @@ component_test_suite_with_psasim() helper_psasim_build client msg "build test suites" - make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests + $MAKE_COMMAND PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests helper_psasim_server start @@ -93,7 +93,7 @@ component_test_suite_with_psasim() export SKIP_TEST_SUITES msg "run test suites" - make PSASIM=1 test + $MAKE_COMMAND PSASIM=1 test helper_psasim_server kill } From 31f63210ec41a30b96d1a1d2daaf207a0a7ff65a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 29 Aug 2025 16:12:40 +0200 Subject: [PATCH 0922/1080] Deprecate Make Move and rename the root Makefile to scripts/legacy.make. That way running make from the root fails. Signed-off-by: Ronald Cron --- Makefile => scripts/legacy.make | 0 tests/scripts/depends.py | 7 ++++--- tests/scripts/psa_collect_statuses.py | 12 +++++++----- 3 files changed, 11 insertions(+), 8 deletions(-) rename Makefile => scripts/legacy.make (100%) diff --git a/Makefile b/scripts/legacy.make similarity index 100% rename from Makefile rename to scripts/legacy.make diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 11ee5a0680..10d7028df0 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -439,8 +439,9 @@ def config_symbols_matching(self, regexp): # pylint: disable=too-many-locals def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command, 'CFLAGS=-Werror -O2'] - build_and_test = [build_command, [options.make_command, 'test']] + build_command = [options.make_command, '-f', 'scripts/legacy.make', 'CFLAGS=-Werror -O2'] + build_and_test = [build_command, [options.make_command, '-f', + 'scripts/legacy.make', 'test']] self.all_config_symbols = set(conf.settings.keys()) psa_info = psa_information.Information().constructors algs = {crypto_knowledge.Algorithm(alg): symbol @@ -523,7 +524,7 @@ def get_jobs(self, name): def run(options, job, conf, colors=NO_COLORS): """Run the specified job (a Job instance).""" - subprocess.check_call([options.make_command, 'clean']) + subprocess.check_call([options.make_command, '-f', 'scripts/legacy.make', 'clean']) job.announce(colors, None) if not job.configure(conf, colors): job.announce(colors, False) diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index d835ba7c9a..a91e3a3b30 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -78,23 +78,25 @@ def collect_status_logs(options): os.remove(options.log_file) if not os.path.exists(options.log_file): if options.clean_before: - subprocess.check_call(['make', 'clean'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'clean'], cwd='tests', stdout=sys.stderr) with open(os.devnull, 'w') as devnull: - make_q_ret = subprocess.call(['make', '-q', 'lib', 'tests'], + make_q_ret = subprocess.call(['make', '-f', 'scripts/legacy.make', + '-q', 'lib', 'tests'], stdout=devnull, stderr=devnull) if make_q_ret != 0: - subprocess.check_call(['make', 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', + 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], stdout=sys.stderr) rebuilt = True - subprocess.check_call(['make', 'test'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'test'], stdout=sys.stderr) data = Statuses() data.collect_log(options.log_file) data.get_constant_names(options.psa_constant_names) if rebuilt and options.clean_after: - subprocess.check_call(['make', 'clean'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'clean'], cwd='tests', stdout=sys.stderr) return data From e7bac84a22a3b70df6cece3546eac1b3db4e515e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 09:13:19 +0200 Subject: [PATCH 0923/1080] Remove the generation of MS visual studio files Signed-off-by: Ronald Cron --- scripts/bump_version.sh | 3 - scripts/generate_visualc_files.pl | 352 ----------------------- scripts/legacy.make | 27 -- tests/scripts/components-basic-checks.sh | 6 - visualc/VS2017/.gitignore | 16 -- 5 files changed, 404 deletions(-) delete mode 100755 scripts/generate_visualc_files.pl delete mode 100644 visualc/VS2017/.gitignore diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 86ed74eada..62939e3823 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -143,6 +143,3 @@ scripts/generate_query_config.pl [ $VERBOSE ] && echo "Re-generating library/version_features.c" scripts/generate_features.pl -[ $VERBOSE ] && echo "Re-generating visualc files" -scripts/generate_visualc_files.pl - diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl deleted file mode 100755 index ef684b79d8..0000000000 --- a/scripts/generate_visualc_files.pl +++ /dev/null @@ -1,352 +0,0 @@ -#!/usr/bin/env perl - -# Generate main file, individual apps and solution files for -# MS Visual Studio 2017 -# -# Must be run from Mbed TLS root or scripts directory. -# Takes no argument. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use warnings; -use strict; -use Getopt::Long; -use Digest::MD5 'md5_hex'; - -# Declare variables for options -my $vsx_dir = "visualc/VS2017"; -my $list = 0; # Default off - -GetOptions( - "directory=s" => \$vsx_dir, # Target directory - "list" => \$list # Only list generated files -) or die "Invalid options\n"; - -my $vsx_ext = "vcxproj"; -my $vsx_app_tpl_file = "scripts/data_files/vs2017-app-template.$vsx_ext"; -my $vsx_main_tpl_file = "scripts/data_files/vs2017-main-template.$vsx_ext"; -my $vsx_main_file = "$vsx_dir/mbedTLS.$vsx_ext"; -my $vsx_sln_tpl_file = "scripts/data_files/vs2017-sln-template.sln"; -my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; - -my $mbedtls_programs_dir = "programs"; -my $framework_programs_dir = "framework/tests/programs"; -my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs"; - -my $mbedtls_header_dir = 'include/mbedtls'; -my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls'; -my $psa_header_dir = 'tf-psa-crypto/include/psa'; -my $tls_source_dir = 'library'; -my $crypto_core_source_dir = 'tf-psa-crypto/core'; -my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src'; -my $tls_test_source_dir = 'tests/src'; -my $tls_test_header_dir = 'tests/include/test'; -my $crypto_test_source_dir = 'tf-psa-crypto/tests/src'; -my $crypto_test_header_dir = 'tf-psa-crypto/tests/include/test'; -my $test_source_dir = 'framework/tests/src'; -my $test_header_dir = 'framework/tests/include/test'; -my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; -my $test_drivers_source_dir = 'framework/tests/src/drivers'; - -my @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest -); -my @thirdparty_source_dirs = qw( - tf-psa-crypto/drivers/everest/library - tf-psa-crypto/drivers/everest/library/kremlib - tf-psa-crypto/drivers/everest/library/legacy -); - -# Directories to add to the include path. -# Order matters in case there are files with the same name in more than -# one directory: the compiler will use the first match. -my @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs -); -my $include_directories = join(';', map {"../../$_"} @include_directories); - -# Directories to add to the include path when building the libraries, but not -# when building tests or applications. -my @library_include_directories = qw( - library - tf-psa-crypto/core - tf-psa-crypto/drivers/builtin/src -); -my $library_include_directories = - join(';', map {"../../$_"} (@library_include_directories, - @include_directories)); - -my @excluded_files = qw( - tf-psa-crypto/drivers/everest/library/Hacl_Curve25519.c -); -my %excluded_files = (); -foreach (@excluded_files) { $excluded_files{$_} = 1 } - -my $vsx_hdr_tpl = < -EOT -my $vsx_src_tpl = < -EOT - -my $vsx_sln_app_entry_tpl = <; - close $fh; - - return $content; -} - -sub content_to_file { - my ($content, $filename) = @_; - - open my $fh, '>:crlf', $filename or die "Could not write to $filename\n"; - print $fh $content; - close $fh; -} - -sub gen_app_guid { - my ($path) = @_; - - my $guid = md5_hex( "mbedTLS:$path" ); - $guid =~ s/(.{8})(.{4})(.{4})(.{4})(.{12})/\U{$1-$2-$3-$4-$5}/; - - return $guid; -} - -sub gen_app { - my ($path, $template, $dir, $ext) = @_; - - my $guid = gen_app_guid( $path ); - $path =~ s!/!\\!g; - (my $appname = $path) =~ s/.*\\//; - my $is_test_app = ($path =~ m/^test\\/); - - my $srcs; - if( $appname eq "metatest" or $appname eq "query_compile_time_config" or - $appname eq "query_included_headers" or $appname eq "zeroize" ) { - $srcs = ""; - } else { - $srcs = ""; - } - - if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or - $appname eq "query_compile_time_config" ) { - $srcs .= "\n "; - } - if( $appname eq "ssl_client2" or $appname eq "ssl_server2" ) { - $srcs .= "\n "; - } - - my $content = $template; - $content =~ s//$srcs/g; - $content =~ s//$appname/g; - $content =~ s//$guid/g; - $content =~ s/INCLUDE_DIRECTORIES\n/($is_test_app ? - $library_include_directories : - $include_directories)/ge; - - content_to_file( $content, "$dir/$appname.$ext" ); -} - -sub get_app_list { - my $makefile_contents = slurp_file('programs/Makefile'); - $makefile_contents =~ /\n\s*APPS\s*=[\\\s]*(.*?)(? } @header_dirs); - my @source_dirs = ( - $tls_source_dir, - $crypto_core_source_dir, - $crypto_source_dir, - $test_source_dir, - $tls_test_source_dir, - $crypto_test_source_dir, - $test_drivers_source_dir, - @thirdparty_source_dirs, - ); - my @sources = (map { <$_/*.c> } @source_dirs); - - @headers = grep { ! $excluded_files{$_} } @headers; - @sources = grep { ! $excluded_files{$_} } @sources; - map { s!/!\\!g } @headers; - map { s!/!\\!g } @sources; - - if ($list) { - foreach my $app (@app_list) { - $app =~ s/.*\///; - print "$vsx_dir/$app.$vsx_ext\n"; - } - print "$vsx_main_file\n"; - print "$vsx_sln_file\n"; - } else { - gen_app_files( @app_list ); - - gen_main_file( \@headers, \@sources, - $vsx_hdr_tpl, $vsx_src_tpl, - $vsx_main_tpl_file, $vsx_main_file ); - - gen_vsx_solution( @app_list ); - } - - return 0; -} diff --git a/scripts/legacy.make b/scripts/legacy.make index 6706143a24..9c8585cd86 100644 --- a/scripts/legacy.make +++ b/scripts/legacy.make @@ -62,7 +62,6 @@ tests/%: FORCE generated_files: library/generated_files generated_files: programs/generated_files generated_files: tests/generated_files -generated_files: visualc_files # Set GEN_FILES to the empty string to disable dependencies on generated # source files. Then `make generated_files` will only build files that @@ -87,26 +86,6 @@ else gen_file_dep = | endif -.PHONY: visualc_files -VISUALC_FILES = visualc/VS2017/mbedTLS.sln visualc/VS2017/mbedTLS.vcxproj -# TODO: $(app).vcxproj for each $(app) in programs/ -visualc_files: $(VISUALC_FILES) - -# Ensure that the .c files that generate_visualc_files.pl enumerates are -# present before it runs. It doesn't matter if the files aren't up-to-date, -# they just need to be present. -$(VISUALC_FILES): | library/generated_files -$(VISUALC_FILES): | programs/generated_files -$(VISUALC_FILES): | tests/generated_files -$(VISUALC_FILES): $(gen_file_dep) scripts/generate_visualc_files.pl -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-app-template.vcxproj -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-main-template.vcxproj -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-sln-template.sln -# TODO: also the list of .c and .h source files, but not their content -$(VISUALC_FILES): - echo " Gen $@ ..." - $(PERL) scripts/generate_visualc_files.pl - ifndef WINDOWS install: no_test mkdir -p $(DESTDIR)/include/mbedtls @@ -159,12 +138,6 @@ neat: clean_more_on_top $(MAKE) -C library neat $(MAKE) -C programs neat $(MAKE) -C tests neat -ifndef WINDOWS - rm -f visualc/VS2017/*.vcxproj visualc/VS2017/mbedTLS.sln -else - if exist visualc\VS2017\*.vcxproj del /Q /F visualc\VS2017\*.vcxproj - if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln -endif ifndef PSASIM check: lib diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 74b3ab3055..e791ad065c 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -39,12 +39,6 @@ component_check_generated_files () { make cd "$MBEDTLS_ROOT_DIR" - # Files for MS Visual Studio are not generated with cmake thus copy the - # ones generated with make to pacify make_generated_files.py check. - # Files for MS Visual Studio are rather on their way out thus not adding - # support for them with cmake. - cp -Rf visualc "$OUT_OF_SOURCE_DIR" - $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check cd $TF_PSA_CRYPTO_ROOT_DIR diff --git a/visualc/VS2017/.gitignore b/visualc/VS2017/.gitignore deleted file mode 100644 index e45eaf68fb..0000000000 --- a/visualc/VS2017/.gitignore +++ /dev/null @@ -1,16 +0,0 @@ -# Files that may be left over from make_generated-files.py --check -/*.bak - -# Visual Studio artifacts -/.localhistory/ -/.vs/ -/Debug/ -/Release/ -/*.vcxproj.filters -/*.vcxproj.user - -###START_GENERATED_FILES### -# Files automatically generated by generate_visualc_files.pl -/mbedTLS.sln -/*.vcxproj -###END_GENERATED_FILES### From ee63b6489212a3b97cc92c8b5cc7225cc26d1b3f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 29 Aug 2025 16:14:19 +0200 Subject: [PATCH 0924/1080] Update README.md Signed-off-by: Ronald Cron --- README.md | 75 +++++++++++++------------------------------------------ 1 file changed, 17 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 7981a0236d..7326a3ebe5 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Configuration Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions). -Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). +Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS`. We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` @@ -24,7 +24,9 @@ Documentation for the PSA Cryptography API is available [on GitHub](https://arm- To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. -1. Run `make apidoc`. +1. Run `mkdir /path/to/build_dir && cd /path/to/build_dir` +1. Run `cmake /path/to/mbedtls/source` +1. Run `make apidoc` 1. Browse `apidoc/index.html` or `apidoc/modules.html`. For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. @@ -32,26 +34,17 @@ For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. Compiling --------- -There are currently three active build systems used within Mbed TLS releases: - -- GNU Make -- CMake -- Microsoft Visual Studio - -The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. - -The Make and CMake build systems create three libraries: libmbedcrypto/libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto/libtfpsacrypto, and libmbedx509 depends on libmbedcrypto/libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. +We use CMake to configure and drive our build process. Three libraries are built: libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libtfpsacrypto, and libmbedx509 depends on libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -ltfpsacrypto`. ### Tool versions -You need the following tools to build the library with the provided makefiles: +You need the following tools to build the library: -* GNU Make 3.82 or a build tool that CMake supports. +* CMake 3.10.2 or later. +* A build system that CMake supports. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. * Python 3.8 to generate the test code. Python is also needed to integrate PSA drivers and to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. -* CMake 3.10.2 or later (if using CMake). -* Microsoft Visual Studio 2017 or later (if using Visual Studio). * Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). ### Git usage @@ -82,47 +75,12 @@ Note: If you have multiple toolchains installed, it is recommended to set `CC` o Any of the following methods are available to generate the configuration-independent files: -* If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files. -* On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically. -* Run `make generated_files` to generate all the configuration-independent files. -* On Unix/POSIX systems, run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files. -* On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files. - -### Make - -We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. - -We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake. - -In order to build from the source code using GNU Make, just enter at the command line: - - make - -In order to run the tests, enter: - - make check - -The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with: - - make no_test - -You'll still be able to run a much smaller set of tests with: - - programs/test/selftest - -In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available). - -Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. - -Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -Wextra`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line. - -Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/) for articles on your platform or issue. - -In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/). +* On non-Windows systems, when not cross-compiling, CMake generates the required files automatically. +* Run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files. ### CMake -In order to build the source using CMake in a separate directory (recommended), just enter at the command line: +In order to build the libraries using CMake in a separate directory (recommended), just enter at the command line: mkdir /path/to/build_dir && cd /path/to/build_dir cmake /path/to/mbedtls_source @@ -144,7 +102,7 @@ To configure CMake for building shared libraries, use: cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source -There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: +There are many different build types available with CMake. Most of them are available for gcc and clang, though some are compiler-specific: - `Release`. This generates the default code without any unnecessary information in the binary files. - `Debug`. This generates debug information and disables optimization of the code. @@ -155,7 +113,7 @@ There are many different build modes available within the CMake buildsystem. Mos - `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. - `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. -Switching build modes in CMake is simple. For debug mode, enter at the command line: +Switching build types in CMake is simple. For debug mode, enter at the command line: cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source @@ -175,9 +133,10 @@ If you already invoked cmake and want to change those settings, you need to remove the build directory and create it again. Note that it is possible to build in-place; this will however overwrite the -provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to -prevent `git status` from showing them as modified). In order to do so, from -the Mbed TLS source directory, use: +legacy Makefiles still used for testing purposes (see +`scripts/tmp_ignore_makefiles.sh` if you want to prevent `git status` from +showing them as modified). In order to do so, from the Mbed TLS source +directory, use: cmake . make From 7f6534617728524e70bc6abe0fffbf562fdf67c4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Sep 2025 08:52:41 +0200 Subject: [PATCH 0925/1080] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/make-visualc.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/make-visualc.txt diff --git a/ChangeLog.d/make-visualc.txt b/ChangeLog.d/make-visualc.txt new file mode 100644 index 0000000000..4b195da54e --- /dev/null +++ b/ChangeLog.d/make-visualc.txt @@ -0,0 +1,2 @@ +Removals + * Drop support for the GNU Make and Microsoft Visual Studio build systems. From e5bae0dde318fff1e1ef506dc074e3db8f96e5af Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Sep 2025 09:50:06 +0200 Subject: [PATCH 0926/1080] Adapt basic-build-test.sh to make deprecation Signed-off-by: Ronald Cron --- tests/scripts/basic-build-test.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 80012b94dc..298422687f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -71,11 +71,10 @@ echo # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' export LDFLAGS=' --coverage' -make clean +make -f scripts/legacy.make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full -make - +make -f scripts/legacy.make # Step 2 - Execute the tests TEST_OUTPUT=out_${PPID} @@ -119,7 +118,7 @@ echo # Step 3 - Process the coverage report cd .. { - make lcov + make -f scripts/legacy.make lcov echo SUCCESS } | tee tests/cov-$TEST_OUTPUT @@ -237,7 +236,7 @@ rm -f "tests/basic-build-test-$$.ok" touch "basic-build-test-$$.ok" } | tee coverage-summary.txt -make clean +make -f scripts/legacy.make clean if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" From 15cd8b0a636b90cf94be1b8dbcce1ef4b89b8f19 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Sep 2025 10:16:50 +0200 Subject: [PATCH 0927/1080] Adapt footprint.sh to make deprecation Signed-off-by: Ronald Cron --- scripts/footprint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 1f2945159e..f41c7454d1 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -85,9 +85,9 @@ doit() scripts/config.py --force -f ${CRYPTO_CONFIG_H} set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true } >/dev/null 2>&1 - make clean >/dev/null + make -f scripts/legacy.make clean >/dev/null CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld \ - CFLAGS="$ARMGCC_FLAGS" make lib >/dev/null + CFLAGS="$ARMGCC_FLAGS" make -f scripts/legacy.make lib >/dev/null OUT="size-${NAME}.txt" arm-none-eabi-size -t library/libmbed*.a > "$OUT" From 37148d0fe3a79b24313ebe42c52bfbb12544dd2a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Sep 2025 12:17:36 +0200 Subject: [PATCH 0928/1080] Adapt memory.sh to make deprecation Signed-off-by: Ronald Cron --- scripts/memory.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/memory.sh b/scripts/memory.sh index d119374d54..ffce225f2d 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -59,8 +59,8 @@ do_config() printf " Executable size... " - make clean - CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os lib >/dev/null 2>&1 + make -f ./scripts/legacy.make clean + CFLAGS=$CFLAGS_EXEC make -f ./scripts/legacy.make OFLAGS=-Os lib >/dev/null 2>&1 cd programs CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null strip ssl/$CLIENT @@ -69,8 +69,8 @@ do_config() printf " Peak ram usage... " - make clean - CFLAGS=$CFLAGS_MEM make OFLAGS=-Os lib >/dev/null 2>&1 + make -f ./scripts/legacy.make clean + CFLAGS=$CFLAGS_MEM make -f ./scripts/legacy.make OFLAGS=-Os lib >/dev/null 2>&1 cd programs CFLAGS=$CFLAGS_MEM make OFLAGS=-Os ssl/$CLIENT >/dev/null cd .. @@ -103,8 +103,8 @@ rm -f massif.out.* printf "building server... " -make clean -make lib >/dev/null 2>&1 +make -f ./scripts/legacy.make clean +make -f ./scripts/legacy.make lib >/dev/null 2>&1 (cd programs && make ssl/ssl_server2) >/dev/null cp programs/ssl/ssl_server2 . @@ -123,7 +123,7 @@ do_config "suite-b" \ # cleanup mv $CONFIG_BAK $CONFIG_H -make clean +make -f scripts/legacy.make clean rm ssl_server2 exit $FAILED From 3a252dda0ce310f3054774bcc20ac7e7c6f95a13 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jul 2024 17:00:50 +0200 Subject: [PATCH 0929/1080] Adapt code_size_compare.py to make deprecation and submodules Signed-off-by: Ronald Cron --- scripts/code_size_compare.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 8ed5f9cd63..171aafeec3 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -190,7 +190,7 @@ def __init__( self.compiler = size_dist_info.compiler self.opt_level = size_dist_info.opt_level - self.make_cmd = ['make', '-j', 'lib'] + self.make_cmd = ['make', '-f', './scripts/legacy.make', '-j', 'lib'] self.host_arch = host_arch self.logger = logger @@ -287,7 +287,7 @@ def __init__( #pylint: disable=too-many-arguments """ self.repo_path = "." self.git_command = "git" - self.make_clean = 'make clean' + self.make_clean = 'make -f ./scripts/legacy.make clean' self.git_rev = git_rev self.pre_make_cmd = pre_make_cmd @@ -319,6 +319,10 @@ def _create_git_worktree(self) -> str: git_worktree_path, self.git_rev], cwd=self.repo_path, stderr=subprocess.STDOUT ) + subprocess.check_output( + [self.git_command, "submodule", "update", "--init", "--recursive"], + cwd=git_worktree_path, stderr=subprocess.STDOUT + ) return git_worktree_path From d3d0652dcad175ac0c0be67a85c8682f233d4bab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:53:41 +0200 Subject: [PATCH 0930/1080] Update framework submodule with config_history.py Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 59d77ef052..0bfaf0ed97 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 59d77ef0528f368b7c8cc39870fef6adab5241db +Subproject commit 0bfaf0ed9721b3858e8982698c618ee748b21a7d From 24d058bc6c09118d897cef42c0a7f91fbdbd3b07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Apr 2025 18:30:35 +0200 Subject: [PATCH 0931/1080] Enable checks for bad options in the config file Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 5 +++++ library/mbedtls_config.c | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e40482a99a..7b7ff49f5a 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -68,6 +68,11 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +/* For the sake of consistency checks in mbedtls_config.c */ +#if defined(MBEDTLS_INCLUDE_AFTER_RAW_CONFIG) +#include MBEDTLS_INCLUDE_AFTER_RAW_CONFIG +#endif + /* Indicate that all configuration files have been read. * It is now time to adjust the configuration (follow through on dependencies, * make PSA and legacy crypto consistent, etc.). diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index 679f8e36f9..a3deae3152 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -6,8 +6,29 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* Apply the TF-PSA-Crypto configuration first. We need to do this + * before , because "mbedtls_config_check_before.h" + * needs to run after the crypto config (including derived macros) is + * finalized, but before the user's mbedtls config is applied. This way + * it is possible to differentiate macros set by the user's mbedtls config + * from macros set or derived by the crypto config. */ +#include + +/* Consistency checks on the user's configuration. + * Check that it doesn't define macros that we assume are under full + * control of the library, or options from past major versions that + * no longer have any effect. + * These headers are automatically generated. See + * framework/scripts/mbedtls_framework/config_checks_generator.py + */ +#include "mbedtls_config_check_before.h" +#define MBEDTLS_INCLUDE_AFTER_RAW_CONFIG "mbedtls_config_check_user.h" + #include /* Consistency checks in the configuration: check for incompatible options, * missing options when at least one of a set needs to be enabled, etc. */ +/* Manually written checks */ #include "mbedtls_check_config.h" +/* Automatically generated checks */ +#include "mbedtls_config_check_final.h" From 24273c06db37ad4fa67cf15b0b5df8645c0fab65 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 16 Jul 2025 22:27:09 +0200 Subject: [PATCH 0932/1080] Checks for crypto options or internal macros set in mbedtls Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 8 ++++++ tests/scripts/test_config_checks.py | 38 +++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index b0dc26b191..c5d8054207 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -7,11 +7,19 @@ from mbedtls_framework.config_checks_generator import * \ #pylint: disable=wildcard-import,unused-wildcard-import +class CryptoInternal(SubprojectInternal): + SUBPROJECT = 'TF-PSA-Crypto' + +class CryptoOption(SubprojectOption): + SUBPROJECT = 'psa/crypto_config.h' + MBEDTLS_CHECKS = BranchData( header_directory='library', header_prefix='mbedtls_', project_cpp_prefix='MBEDTLS', checkers=[ + CryptoInternal('MBEDTLS_MD5_C', 'PSA_WANT_ALG_MD5 in psa/crypto_config.h'), + CryptoOption('MBEDTLS_BASE64_C'), Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), ], diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 7403f7ebdb..911e2d9a58 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -55,5 +55,43 @@ def test_mbedtls_no_ecdsa(self) -> None: error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) + def test_define_MBEDTLS_MD5_C_redundant(self) -> None: + """Error when redundantly setting a subproject internal option.""" + self.bad_case('#define PSA_WANT_ALG_MD5 1', + '#define MBEDTLS_MD5_C', + error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + + def test_define_MBEDTLS_MD5_C_added(self) -> None: + """Error when setting a subproject internal option that was disabled.""" + self.bad_case(''' + #undef PSA_WANT_ALG_MD5 + #undef MBEDTLS_MD5_C + ''', + '#define MBEDTLS_MD5_C', + error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + + def test_define_MBEDTLS_BASE64_C_redundant(self) -> None: + """Ok to redundantly set a subproject option.""" + self.good_case(None, + '#define MBEDTLS_BASE64_C') + + def test_define_MBEDTLS_BASE64_C_added(self) -> None: + """Error when setting a subproject option that was disabled.""" + self.bad_case(''' + #undef MBEDTLS_BASE64_C + #undef MBEDTLS_PEM_PARSE_C + #undef MBEDTLS_PEM_WRITE_C + ''', + '#define MBEDTLS_BASE64_C', + error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') + + @unittest.skip("Checks for #undef are not implemented yet.") + def test_define_MBEDTLS_BASE64_C_unset(self) -> None: + """Error when unsetting a subproject option that was enabled.""" + self.bad_case(None, + '#undef MBEDTLS_BASE64_C', + error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') + + if __name__ == '__main__': unittest.main() From 8e44a94d395c011fdba40f4bb83f6d648169b048 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Sep 2025 15:27:20 +0200 Subject: [PATCH 0933/1080] Automatically generate checkers for removed options Read the list of historical config options in 3.6, compare that to 1.0/4.0 and emit the appropriate checkers. Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 29 +++++++++++++++++++++++------ tests/scripts/test_config_checks.py | 4 ++-- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index c5d8054207..a2a174bb4c 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -3,9 +3,12 @@ """Generate C preprocessor code to check for bad configurations. """ +from typing import Iterator + import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework.config_checks_generator import * \ #pylint: disable=wildcard-import,unused-wildcard-import +from mbedtls_framework import config_history class CryptoInternal(SubprojectInternal): SUBPROJECT = 'TF-PSA-Crypto' @@ -13,16 +16,30 @@ class CryptoInternal(SubprojectInternal): class CryptoOption(SubprojectOption): SUBPROJECT = 'psa/crypto_config.h' +def checkers_for_removed_options() -> Iterator[Checker]: + """Discover removed options. Yield corresponding checkers.""" + history = config_history.ConfigHistory() + old_public = history.options('mbedtls', '3.6') + new_public = history.options('mbedtls', '4.0') + crypto_public = history.options('tfpsacrypto', '1.0') + crypto_internal = history.internal('tfpsacrypto', '1.0') + for option in sorted(old_public - new_public): + if option in crypto_public: + yield CryptoOption(option) + elif option in crypto_internal: + yield CryptoInternal(option) + else: + yield Removed(option, 'Mbed TLS 4.0') + +def all_checkers() -> Iterator[Checker]: + """Yield all checkers.""" + yield from checkers_for_removed_options() + MBEDTLS_CHECKS = BranchData( header_directory='library', header_prefix='mbedtls_', project_cpp_prefix='MBEDTLS', - checkers=[ - CryptoInternal('MBEDTLS_MD5_C', 'PSA_WANT_ALG_MD5 in psa/crypto_config.h'), - CryptoOption('MBEDTLS_BASE64_C'), - Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), - Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), - ], + checkers=list(all_checkers()), ) if __name__ == '__main__': diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 911e2d9a58..86fd4db095 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -59,7 +59,7 @@ def test_define_MBEDTLS_MD5_C_redundant(self) -> None: """Error when redundantly setting a subproject internal option.""" self.bad_case('#define PSA_WANT_ALG_MD5 1', '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + error=r'MBEDTLS_MD5_C is an internal macro') def test_define_MBEDTLS_MD5_C_added(self) -> None: """Error when setting a subproject internal option that was disabled.""" @@ -68,7 +68,7 @@ def test_define_MBEDTLS_MD5_C_added(self) -> None: #undef MBEDTLS_MD5_C ''', '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + error=r'MBEDTLS_MD5_C is an internal macro') def test_define_MBEDTLS_BASE64_C_redundant(self) -> None: """Ok to redundantly set a subproject option.""" From 379d38de1cfc99d6c5c4f82dc5d9d17557332d98 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Apr 2025 18:30:47 +0200 Subject: [PATCH 0934/1080] Unit tests for checks for removed options in the config file Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 30 ++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 86fd4db095..dceadf6b7c 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -22,12 +22,23 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): 'tf-psa-crypto/drivers/builtin/include', ] + def test_crypto_config_read(self) -> None: + """Check that crypto_config.h is read in crypto.""" + self.bad_case('#error witness', + None, + error='witness') + + def test_mbedtls_config_read(self) -> None: + """Check that mbedtls_config.h is read in crypto.""" + self.bad_case('' + '#error witness', + error='witness') + @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.") - def test_crypto_no_fs_io(self) -> None: + def test_crypto_undef_MBEDTLS_FS_IO(self) -> None: """A sample error expected from crypto's check_config.h.""" self.bad_case('#undef MBEDTLS_FS_IO', - None, - error=('MBEDTLS_PSA_ITS_FILE_C')) + error='MBEDTLS_PSA_ITS_FILE_C') def test_mbedtls_no_session_tickets_for_early_data(self) -> None: """An error expected from mbedtls_check_config.h based on the TLS configuration.""" @@ -36,7 +47,7 @@ def test_mbedtls_no_session_tickets_for_early_data(self) -> None: #define MBEDTLS_SSL_EARLY_DATA #undef MBEDTLS_SSL_SESSION_TICKETS ''', - error=('MBEDTLS_SSL_EARLY_DATA')) + error='MBEDTLS_SSL_EARLY_DATA') def test_mbedtls_no_ecdsa(self) -> None: """An error expected from mbedtls_check_config.h based on crypto+TLS configuration.""" @@ -52,8 +63,17 @@ def test_mbedtls_no_ecdsa(self) -> None: #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected #endif ''', - error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) + error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED') + + def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Error when setting a removed option.""" + self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') + def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Bypassed error when setting a removed option.""" + self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) def test_define_MBEDTLS_MD5_C_redundant(self) -> None: """Error when redundantly setting a subproject internal option.""" From cc1ac1d3dccfc87dacd29743358e36e41c5cd5f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Sep 2025 22:03:15 +0200 Subject: [PATCH 0935/1080] CMake: support generated headers Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 063703bfe8..6c2b6bb0e6 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -118,6 +118,13 @@ if(GEN_FILES) ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c ${CMAKE_CURRENT_BINARY_DIR}/version_features.c ) + + # List generated headers as sources explicitly. Normally CMake finds + # headers by tracing include directives, but if that happens before the + # generated headers are generated, this process doesn't find them. + list(APPEND src_x509 + ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} + ) endif() if(CMAKE_COMPILER_IS_GNUCC) @@ -237,7 +244,9 @@ foreach(target IN LISTS target_libraries) $ PRIVATE ${MBEDTLS_DIR}/library/ ${MBEDTLS_DIR}/tf-psa-crypto/core - ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src) + ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src + # needed for generated headers + ${CMAKE_CURRENT_BINARY_DIR}) set_config_files_compile_definitions(${target}) install( TARGETS ${target} From c45d9ac4c2b6affb87e5128f04c4bcba15ca2b6d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Sep 2025 22:17:05 +0200 Subject: [PATCH 0936/1080] Allow setting removed options that are now always on Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index a2a174bb4c..bae93c3662 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -16,6 +16,11 @@ class CryptoInternal(SubprojectInternal): class CryptoOption(SubprojectOption): SUBPROJECT = 'psa/crypto_config.h' +ALWAYS_ENABLED_SINCE_4_0 = frozenset([ + 'MBEDTLS_PSA_CRYPTO_CONFIG', + 'MBEDTLS_USE_PSA_CRYPTO', +]) + def checkers_for_removed_options() -> Iterator[Checker]: """Discover removed options. Yield corresponding checkers.""" history = config_history.ConfigHistory() @@ -24,6 +29,8 @@ def checkers_for_removed_options() -> Iterator[Checker]: crypto_public = history.options('tfpsacrypto', '1.0') crypto_internal = history.internal('tfpsacrypto', '1.0') for option in sorted(old_public - new_public): + if option in ALWAYS_ENABLED_SINCE_4_0: + continue if option in crypto_public: yield CryptoOption(option) elif option in crypto_internal: From 562763b5bde95f1820142205f2a2f93143c26cce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Sep 2025 16:18:35 +0200 Subject: [PATCH 0937/1080] Add dependency of mbedtls_config on generated config check headers Fix the build of libmbedx509 when generated files are not already present. Signed-off-by: Gilles Peskine --- library/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/Makefile b/library/Makefile index a0b6d6eb1d..9085ab481c 100644 --- a/library/Makefile +++ b/library/Makefile @@ -346,6 +346,8 @@ $(GENERATED_CONFIG_CHECK_FILES): echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" $(PYTHON) ../scripts/generate_config_checks.py +mbedtls_config.o: $(GENERATED_CONFIG_CHECK_FILES) + TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ --list $(TF_PSA_CRYPTO_CORE_PATH)) From 4bb82fdb16f074204759b133b793752f54bdae68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Sep 2025 10:30:13 +0200 Subject: [PATCH 0938/1080] Fix copypasta in documentation Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index dceadf6b7c..edaf525f6d 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -23,13 +23,13 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): ] def test_crypto_config_read(self) -> None: - """Check that crypto_config.h is read in crypto.""" + """Check that crypto_config.h is read in mbedtls.""" self.bad_case('#error witness', None, error='witness') def test_mbedtls_config_read(self) -> None: - """Check that mbedtls_config.h is read in crypto.""" + """Check that mbedtls_config.h is read in mbedtls.""" self.bad_case('' '#error witness', error='witness') From f7ed4e506fcef9efcd74840c105f51087b20e3f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Sep 2025 10:32:55 +0200 Subject: [PATCH 0939/1080] Add test case for allowing setting an always-on removed option Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index edaf525f6d..ee624d886f 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -112,6 +112,15 @@ def test_define_MBEDTLS_BASE64_C_unset(self) -> None: '#undef MBEDTLS_BASE64_C', error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') + def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: + """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" + self.good_case('#define MBEDTLS_USE_PSA_CRYPTO') + + def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: + """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" + self.good_case(None, + '#define MBEDTLS_USE_PSA_CRYPTO') + if __name__ == '__main__': unittest.main() From 3cee43e8ab8a81a002771d4dbf5d33fa3a6b4dee Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Sep 2025 15:48:58 +0200 Subject: [PATCH 0940/1080] Be more consistent about method naming Indicate which config file has the most relevant tweak. Duplicate a few test cases so that both the crypto config and the mbedtls config are tested. Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 38 ++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index ee624d886f..2c6f6b3c81 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -22,6 +22,10 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): 'tf-psa-crypto/drivers/builtin/include', ] + ## Method naming convention: + ## * test_crypto_xxx when testing a tweak of crypto_config.h + ## * test_mbedtls_xxx when testing a tweak of mbedtls_config.h + def test_crypto_config_read(self) -> None: """Check that crypto_config.h is read in mbedtls.""" self.bad_case('#error witness', @@ -49,7 +53,7 @@ def test_mbedtls_no_session_tickets_for_early_data(self) -> None: ''', error='MBEDTLS_SSL_EARLY_DATA') - def test_mbedtls_no_ecdsa(self) -> None: + def test_crypto_mbedtls_no_ecdsa(self) -> None: """An error expected from mbedtls_check_config.h based on crypto+TLS configuration.""" self.bad_case(''' #undef PSA_WANT_ALG_ECDSA @@ -65,23 +69,35 @@ def test_mbedtls_no_ecdsa(self) -> None: ''', error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED') - def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Error when setting a removed option.""" + def test_crypto_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Error when setting a removed option via crypto_config.h.""" self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') - def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Bypassed error when setting a removed option.""" + def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Error when setting a removed option via mbedtls_config.h.""" + self.bad_case(None, + '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') + + def test_crypto_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Bypassed error when setting a removed option via crypto_config.h.""" self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) - def test_define_MBEDTLS_MD5_C_redundant(self) -> None: + def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Bypassed error when setting a removed option via mbedtls_config.h.""" + self.good_case(None, + '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) + + def test_mbedtls_define_MBEDTLS_MD5_C_redundant(self) -> None: """Error when redundantly setting a subproject internal option.""" self.bad_case('#define PSA_WANT_ALG_MD5 1', '#define MBEDTLS_MD5_C', error=r'MBEDTLS_MD5_C is an internal macro') - def test_define_MBEDTLS_MD5_C_added(self) -> None: + def test_mbedtls_define_MBEDTLS_MD5_C_added(self) -> None: """Error when setting a subproject internal option that was disabled.""" self.bad_case(''' #undef PSA_WANT_ALG_MD5 @@ -90,12 +106,12 @@ def test_define_MBEDTLS_MD5_C_added(self) -> None: '#define MBEDTLS_MD5_C', error=r'MBEDTLS_MD5_C is an internal macro') - def test_define_MBEDTLS_BASE64_C_redundant(self) -> None: + def test_mbedtls_define_MBEDTLS_BASE64_C_redundant(self) -> None: """Ok to redundantly set a subproject option.""" self.good_case(None, '#define MBEDTLS_BASE64_C') - def test_define_MBEDTLS_BASE64_C_added(self) -> None: + def test_mbedtls_define_MBEDTLS_BASE64_C_added(self) -> None: """Error when setting a subproject option that was disabled.""" self.bad_case(''' #undef MBEDTLS_BASE64_C @@ -106,7 +122,7 @@ def test_define_MBEDTLS_BASE64_C_added(self) -> None: error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') @unittest.skip("Checks for #undef are not implemented yet.") - def test_define_MBEDTLS_BASE64_C_unset(self) -> None: + def test_mbedtls_define_MBEDTLS_BASE64_C_unset(self) -> None: """Error when unsetting a subproject option that was enabled.""" self.bad_case(None, '#undef MBEDTLS_BASE64_C', @@ -116,7 +132,7 @@ def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" self.good_case('#define MBEDTLS_USE_PSA_CRYPTO') - def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: + def test_mbedtls_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" self.good_case(None, '#define MBEDTLS_USE_PSA_CRYPTO') From effa534e710772a612d04e5be4a6fe8f47f539d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 25 Sep 2025 15:51:07 +0200 Subject: [PATCH 0941/1080] Use worktrees instead of fetches for submodules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 243e6fc482..f2a7819048 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -197,6 +197,13 @@ def _update_git_submodules(self, git_worktree_path, version): """If the crypto submodule is present, initialize it. if version.crypto_revision exists, update it to that revision, otherwise update it to the default revision""" + submodule_output = subprocess.check_output( + [self.git_command, "submodule", "foreach", "--recursive", + 'git worktree add --detach "{}/$displaypath" HEAD'.format(git_worktree_path)], + cwd=self.repo_path, + stderr=subprocess.STDOUT + ) + self.log.debug(submodule_output.decode("utf-8")) update_output = subprocess.check_output( [self.git_command, "submodule", "update", "--init", '--recursive'], cwd=git_worktree_path, @@ -390,6 +397,12 @@ def _get_storage_format_tests(self, version, git_worktree_path): def _cleanup_worktree(self, git_worktree_path): """Remove the specified git worktree.""" shutil.rmtree(git_worktree_path) + submodule_output = subprocess.check_output( + [self.git_command, "submodule", "foreach", "--recursive", "git worktree prune"], + cwd=self.repo_path, + stderr=subprocess.STDOUT + ) + self.log.debug(submodule_output.decode("utf-8")) worktree_output = subprocess.check_output( [self.git_command, "worktree", "prune"], cwd=self.repo_path, From 355b00e8e00309e88e9ff83ad64ecfee49cfe3bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 26 Sep 2025 12:11:03 +0200 Subject: [PATCH 0942/1080] Fix includes in udp_proxy.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The program uses atoi() unconditionally, so it should include stdlib.h unconditionally. Previously this happened to be indirectly included by some other header (via pk.h via ssl.h) but we should not rely on that. Signed-off-by: Manuel Pégourié-Gonnard --- programs/test/udp_proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index c80a3f59fc..1c52990a8e 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -17,11 +17,11 @@ #include "mbedtls/build_info.h" #include +#include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include -#include #if defined(MBEDTLS_HAVE_TIME) #include #define mbedtls_time time From dc88f6e1f3fdcc5b7d8afdda61498cd8e85bced5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 26 Sep 2025 15:37:42 +0200 Subject: [PATCH 0943/1080] Use f-string literal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes path-construction a bit more readable Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index f2a7819048..18eb9d3dc1 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -199,7 +199,7 @@ def _update_git_submodules(self, git_worktree_path, version): otherwise update it to the default revision""" submodule_output = subprocess.check_output( [self.git_command, "submodule", "foreach", "--recursive", - 'git worktree add --detach "{}/$displaypath" HEAD'.format(git_worktree_path)], + f'git worktree add --detach "{git_worktree_path}/$displaypath" HEAD'], cwd=self.repo_path, stderr=subprocess.STDOUT ) From 8d95062aeb5a2a89d6ba63bf11e11a175385d8ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 26 Sep 2025 15:44:11 +0200 Subject: [PATCH 0944/1080] Eliminate use of git worktree prune MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 18eb9d3dc1..c526f15ef6 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -398,13 +398,14 @@ def _cleanup_worktree(self, git_worktree_path): """Remove the specified git worktree.""" shutil.rmtree(git_worktree_path) submodule_output = subprocess.check_output( - [self.git_command, "submodule", "foreach", "--recursive", "git worktree prune"], + [self.git_command, "submodule", "foreach", "--recursive", + f'git worktree remove "{git_worktree_path}/$displaypath"'], cwd=self.repo_path, stderr=subprocess.STDOUT ) self.log.debug(submodule_output.decode("utf-8")) worktree_output = subprocess.check_output( - [self.git_command, "worktree", "prune"], + [self.git_command, "worktree", "remove", git_worktree_path], cwd=self.repo_path, stderr=subprocess.STDOUT ) From cf9b557d1c83a74bc0f94d44db12fc9e9c70df20 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Sep 2025 16:07:38 +0200 Subject: [PATCH 0945/1080] Removed static ECDH Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/feature-removals.md | 31 ++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md index ae611a112c..8b2c4d0b8f 100644 --- a/docs/4.0-migration-guide/feature-removals.md +++ b/docs/4.0-migration-guide/feature-removals.md @@ -12,6 +12,7 @@ That is, the following key exchange types are no longer supported: * RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); * DHE-PSK (except in TLS 1.3); * DHE-RSA (except in TLS 1.3). +* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported). The full list of removed cipher suites is: @@ -59,6 +60,36 @@ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-NULL-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-NULL-SHA TLS-RSA-PSK-WITH-AES-128-CBC-SHA TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 From 7d3cf9b3dce7d204c791744564e99f388383eb8c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Sep 2025 18:09:37 +0200 Subject: [PATCH 0946/1080] Add section on the config file split Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 34 +++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 docs/4.0-migration-guide/configuration.md diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md new file mode 100644 index 0000000000..0065de4542 --- /dev/null +++ b/docs/4.0-migration-guide/configuration.md @@ -0,0 +1,34 @@ +## Compile-time configuration + +### Configuration file split + +All configuration options that are relevant to TF-PSA-Crypto must now be configured in one of its configuration files, namely: + +* `TF_PSA_CRYPTO_CONFIG_FILE`, if set on the preprocessor command line; +* otherwise ``; +* additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. + +Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, and `MBEDTLS_USER_CONFIG_FILE` is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. + +Generally speaking, the options that must be configured in TF-PSA-Crypto are: + +* options related to platform settings; +* options related to the choice of cryptographic mechanisms included in the build; +* options related to the inner workings of cryptographic mechanisms, such as size/memory/performance compromises; +* options related to crypto-adjacent features, such as ASN.1 and Base64. + +See `include/psa/crypto_config.h` in TF-PSA-Crypto and `include/mbedtls/mbedtls_config.h` in Mbed TLS for details. + +Notably, `` is no longer limited to `PSA_WANT_xxx` options. + +Note that many options related to cryptography have changed; see the TF-PSA-Crypto migration guide for details. + +### Split of `build_info.h` and `version.h` + +TF-PSA-Crypto has a header file `` which includes the configuration file and provides the adjusted configuration macros, similar to `` in Mbed TLS. Generally, you should include a feature-specific header file rather than `build_info.h`. + +TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. + +### Removal of `check_config.h` + +The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. From 93145552cd291e72b7e715d67ee073cee8c914cc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 Sep 2025 18:54:52 +0100 Subject: [PATCH 0947/1080] Restored changelog entries This commit restores all changelog entries between the mbedtls-3.6.0 tag and the mbedtls-4.0.0-beta tag. git diff ce4683e..09dc57d --name-status -- ChangeLog.d Signed-off-by: Minos Galanakis --- ChangeLog.d/9126.txt | 5 ++++ ChangeLog.d/9302.txt | 6 +++++ ChangeLog.d/9684.txt | 2 ++ ChangeLog.d/9685.txt | 2 ++ ChangeLog.d/9690.txt | 8 ++++++ ChangeLog.d/9874.txt | 5 ++++ ChangeLog.d/9892.txt | 4 +++ ChangeLog.d/9956.txt | 6 +++++ ChangeLog.d/9964.txt | 25 +++++++++++++++++++ ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 4 +++ ChangeLog.d/add-psa-iop-generate-key.txt | 3 +++ ChangeLog.d/add-psa-iop-key-agreement.txt | 4 +++ ChangeLog.d/add-psa-key-agreement.txt | 3 +++ ChangeLog.d/add-tls-exporter.txt | 6 +++++ ChangeLog.d/asn1-missing-guard-in-rsa.txt | 3 +++ ChangeLog.d/check-config.txt | 9 +++++++ ChangeLog.d/configuration-split.txt | 16 ++++++++++++ ChangeLog.d/dynamic-keystore.txt | 10 ++++++++ ChangeLog.d/ecdsa-conversion-overflow.txt | 6 +++++ ChangeLog.d/error-unification.txt | 11 ++++++++ ChangeLog.d/fix-aesni-asm-clobbers.txt | 5 ++++ .../fix-clang-psa-build-without-dhm.txt | 3 +++ ...ion-when-memcpy-is-function-like-macro.txt | 2 ++ ChangeLog.d/fix-compilation-with-djgpp.txt | 2 ++ ...concurrently-loading-non-existent-keys.txt | 4 +++ ChangeLog.d/fix-driver-schema-check.txt | 3 +++ ChangeLog.d/fix-legacy-compression-issue.txt | 6 +++++ .../fix-msvc-version-guard-format-zu.txt | 5 ++++ ChangeLog.d/fix-psa-cmac.txt | 4 +++ ...nation_warning_messages_for_GNU_SOURCE.txt | 5 ++++ .../fix-rsa-performance-regression.txt | 3 +++ .../fix-secure-element-key-creation.txt | 5 ++++ ChangeLog.d/fix-server-mode-only-build.txt | 3 +++ .../fix-string-to-names-memory-management.txt | 18 +++++++++++++ .../fix-string-to-names-store-named-data.txt | 8 ++++++ ChangeLog.d/fix-test-suite-pk-warnings.txt | 3 +++ .../fix_reporting_of_key_usage_issues.txt | 11 ++++++++ ChangeLog.d/fix_ubsan_mp_aead_gcm.txt | 3 +++ ...tls_psa_ecp_generate_key-no_public_key.txt | 3 +++ ChangeLog.d/mbedtls_psa_register_se_key.txt | 3 +++ ...sa_rsa_load_representation-memory_leak.txt | 3 +++ ChangeLog.d/mbedtls_ssl_set_hostname.txt | 16 ++++++++++++ ChangeLog.d/oid.txt | 8 ++++++ ChangeLog.d/pk-norsa-warning.txt | 2 ++ ChangeLog.d/psa-always-on.txt | 10 ++++++++ ChangeLog.d/psa-crypto-config-always-on.txt | 7 ++++++ ...decrypt-ccm_star-iv_length_enforcement.txt | 3 +++ ChangeLog.d/psa_generate_key_custom.txt | 9 +++++++ ChangeLog.d/psa_util-bits-0.txt | 3 +++ .../psa_util_in_builds_without_psa.txt | 5 ++++ ChangeLog.d/removal-of-rng.txt | 5 ++++ ChangeLog.d/remove-compat-2.x.txt | 2 ++ ChangeLog.d/remove-crypto-alt-interface.txt | 5 ++++ ChangeLog.d/remove-via-padlock-support.txt | 3 +++ ChangeLog.d/remove_RSA_key_exchange.txt | 2 ++ .../replace-close-with-mbedtls_net_close.txt | 4 +++ ChangeLog.d/repo-split.txt | 5 ++++ ChangeLog.d/rm-ssl-conf-curves.txt | 4 +++ ...ring-conversions-out-of-the-oid-module.txt | 4 +++ ChangeLog.d/tls-hs-defrag-in.txt | 7 ++++++ ChangeLog.d/tls-key-exchange-rsa.txt | 2 ++ ChangeLog.d/tls12-check-finished-calc.txt | 6 +++++ ChangeLog.d/tls13-cert-regressions.txt | 18 +++++++++++++ .../tls13-middlebox-compat-disabled.txt | 4 +++ ChangeLog.d/tls13-without-tickets.txt | 3 +++ .../unterminated-string-initialization.txt | 3 +++ 66 files changed, 380 insertions(+) create mode 100644 ChangeLog.d/9126.txt create mode 100644 ChangeLog.d/9302.txt create mode 100644 ChangeLog.d/9684.txt create mode 100644 ChangeLog.d/9685.txt create mode 100644 ChangeLog.d/9690.txt create mode 100644 ChangeLog.d/9874.txt create mode 100644 ChangeLog.d/9892.txt create mode 100644 ChangeLog.d/9956.txt create mode 100644 ChangeLog.d/9964.txt create mode 100644 ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt create mode 100644 ChangeLog.d/add-psa-iop-generate-key.txt create mode 100644 ChangeLog.d/add-psa-iop-key-agreement.txt create mode 100644 ChangeLog.d/add-psa-key-agreement.txt create mode 100644 ChangeLog.d/add-tls-exporter.txt create mode 100644 ChangeLog.d/asn1-missing-guard-in-rsa.txt create mode 100644 ChangeLog.d/check-config.txt create mode 100644 ChangeLog.d/configuration-split.txt create mode 100644 ChangeLog.d/dynamic-keystore.txt create mode 100644 ChangeLog.d/ecdsa-conversion-overflow.txt create mode 100644 ChangeLog.d/error-unification.txt create mode 100644 ChangeLog.d/fix-aesni-asm-clobbers.txt create mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt create mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt create mode 100644 ChangeLog.d/fix-compilation-with-djgpp.txt create mode 100644 ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt create mode 100644 ChangeLog.d/fix-driver-schema-check.txt create mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt create mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt create mode 100644 ChangeLog.d/fix-psa-cmac.txt create mode 100644 ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt create mode 100644 ChangeLog.d/fix-rsa-performance-regression.txt create mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt create mode 100644 ChangeLog.d/fix-server-mode-only-build.txt create mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt create mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt create mode 100644 ChangeLog.d/fix-test-suite-pk-warnings.txt create mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt create mode 100644 ChangeLog.d/fix_ubsan_mp_aead_gcm.txt create mode 100644 ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt create mode 100644 ChangeLog.d/mbedtls_psa_register_se_key.txt create mode 100644 ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt create mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt create mode 100644 ChangeLog.d/oid.txt create mode 100644 ChangeLog.d/pk-norsa-warning.txt create mode 100644 ChangeLog.d/psa-always-on.txt create mode 100644 ChangeLog.d/psa-crypto-config-always-on.txt create mode 100644 ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt create mode 100644 ChangeLog.d/psa_generate_key_custom.txt create mode 100644 ChangeLog.d/psa_util-bits-0.txt create mode 100644 ChangeLog.d/psa_util_in_builds_without_psa.txt create mode 100644 ChangeLog.d/removal-of-rng.txt create mode 100644 ChangeLog.d/remove-compat-2.x.txt create mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt create mode 100644 ChangeLog.d/remove-via-padlock-support.txt create mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt create mode 100644 ChangeLog.d/replace-close-with-mbedtls_net_close.txt create mode 100644 ChangeLog.d/repo-split.txt create mode 100644 ChangeLog.d/rm-ssl-conf-curves.txt create mode 100644 ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt create mode 100644 ChangeLog.d/tls-hs-defrag-in.txt create mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt create mode 100644 ChangeLog.d/tls12-check-finished-calc.txt create mode 100644 ChangeLog.d/tls13-cert-regressions.txt create mode 100644 ChangeLog.d/tls13-middlebox-compat-disabled.txt create mode 100644 ChangeLog.d/tls13-without-tickets.txt create mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt new file mode 100644 index 0000000000..22939df86f --- /dev/null +++ b/ChangeLog.d/9126.txt @@ -0,0 +1,5 @@ +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126. diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt new file mode 100644 index 0000000000..d61ba19632 --- /dev/null +++ b/ChangeLog.d/9302.txt @@ -0,0 +1,6 @@ +Features + * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which + uses static storage for keys, enabling malloc-less use of key slots. + The size of each buffer is given by the option + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the + largest PSA key enabled in the build. diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt new file mode 100644 index 0000000000..115ded87a0 --- /dev/null +++ b/ChangeLog.d/9684.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the DHE-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt new file mode 100644 index 0000000000..9820aff759 --- /dev/null +++ b/ChangeLog.d/9685.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the DHE-RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt new file mode 100644 index 0000000000..d00eb16bc9 --- /dev/null +++ b/ChangeLog.d/9690.txt @@ -0,0 +1,8 @@ +Security + * Fix a buffer underrun in mbedtls_pk_write_key_der() when + called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, + and the output buffer is smaller than the actual output. + Fix a related buffer underrun in mbedtls_pk_write_key_pem() + when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled + and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. + CVE-2024-49195 diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt new file mode 100644 index 0000000000..a4d2e032ee --- /dev/null +++ b/ChangeLog.d/9874.txt @@ -0,0 +1,5 @@ +API changes + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt new file mode 100644 index 0000000000..01d21b6e5f --- /dev/null +++ b/ChangeLog.d/9892.txt @@ -0,0 +1,4 @@ +Removals + * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was + already deprecated and superseeded by + mbedtls_x509write_crt_set_serial_raw(). diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt new file mode 100644 index 0000000000..cea4af1ec6 --- /dev/null +++ b/ChangeLog.d/9956.txt @@ -0,0 +1,6 @@ +Removals + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt new file mode 100644 index 0000000000..ca0cc4b48d --- /dev/null +++ b/ChangeLog.d/9964.txt @@ -0,0 +1,25 @@ +Removals + * Removal of the following sample programs: + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt new file mode 100644 index 0000000000..079cd741dc --- /dev/null +++ b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt @@ -0,0 +1,4 @@ +Security + * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does + not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when + MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/add-psa-iop-generate-key.txt new file mode 100644 index 0000000000..0f586ee197 --- /dev/null +++ b/ChangeLog.d/add-psa-iop-generate-key.txt @@ -0,0 +1,3 @@ +Features + * Add an interruptible version of generate key to the PSA interface. + See psa_generate_key_iop_setup() and related functions. diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/add-psa-iop-key-agreement.txt new file mode 100644 index 0000000000..92dfde1843 --- /dev/null +++ b/ChangeLog.d/add-psa-iop-key-agreement.txt @@ -0,0 +1,4 @@ +Features + * Add an interruptible version of key agreement to the PSA interface. + See psa_key_agreement_iop_setup() and related functions. + diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/add-psa-key-agreement.txt new file mode 100644 index 0000000000..771e6e2602 --- /dev/null +++ b/ChangeLog.d/add-psa-key-agreement.txt @@ -0,0 +1,3 @@ +Features + * Add a new psa_key_agreement() PSA API to perform key agreement and return + an identifier for the newly created key. diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt new file mode 100644 index 0000000000..1aea653e09 --- /dev/null +++ b/ChangeLog.d/add-tls-exporter.txt @@ -0,0 +1,6 @@ +Features + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt new file mode 100644 index 0000000000..bb5b470881 --- /dev/null +++ b/ChangeLog.d/asn1-missing-guard-in-rsa.txt @@ -0,0 +1,3 @@ +Bugfix + * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled + as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt new file mode 100644 index 0000000000..8570a11757 --- /dev/null +++ b/ChangeLog.d/check-config.txt @@ -0,0 +1,9 @@ +Changes + * Warn if mbedtls/check_config.h is included manually, as this can + lead to spurious errors. Error if a *adjust*.h header is included + manually, as this can lead to silently inconsistent configurations, + potentially resulting in buffer overflows. + When migrating from Mbed TLS 2.x, if you had a custom config.h that + included check_config.h, remove this inclusion from the Mbed TLS 3.x + configuration file (renamed to mbedtls_config.h). This change was made + in Mbed TLS 3.0, but was not announced in a changelog entry at the time. diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/configuration-split.txt new file mode 100644 index 0000000000..f4d9bc63ac --- /dev/null +++ b/ChangeLog.d/configuration-split.txt @@ -0,0 +1,16 @@ +Changes + * Cryptography and platform configuration options have been migrated + from the Mbed TLS library configuration file mbedtls_config.h to + crypto_config.h that will become the TF-PSA-Crypto configuration file, + see config-split.md for more information. The reference and test custom + configuration files respectively in configs/ and tests/configs/ have + been updated accordingly. + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them + to the PSA configuration scheme based on PSA_WANT_XXX symbols + (see psa-conditional-inclusion-c.md for more information). + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the + cryptographic and platform configuration options from mbedtls_config.h + to crypto_config.h (see config-split.md for more information and configs/ + for examples). diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt new file mode 100644 index 0000000000..c6aac3c991 --- /dev/null +++ b/ChangeLog.d/dynamic-keystore.txt @@ -0,0 +1,10 @@ +Features + * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, + the number of volatile PSA keys is virtually unlimited, at the expense + of increased code size. This option is off by default, but enabled in + the default mbedtls_config.h. Fixes #9216. + +Bugfix + * Fix interference between PSA volatile keys and built-in keys + when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and + MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt new file mode 100644 index 0000000000..83b7f2f88b --- /dev/null +++ b/ChangeLog.d/ecdsa-conversion-overflow.txt @@ -0,0 +1,6 @@ +Security + * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and + mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the + largest supported curve. In some configurations with PSA disabled, + all values of bits are affected. This never happens in internal library + calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt new file mode 100644 index 0000000000..bcf5ba1f3d --- /dev/null +++ b/ChangeLog.d/error-unification.txt @@ -0,0 +1,11 @@ +API changes + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. + +Removals + * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt new file mode 100644 index 0000000000..538f0c5115 --- /dev/null +++ b/ChangeLog.d/fix-aesni-asm-clobbers.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix missing constraints on the AES-NI inline assembly which is used on + GCC-like compilers when building AES for generic x86_64 targets. This + may have resulted in incorrect code with some compilers, depending on + optimizations. Fixes #9819. diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt new file mode 100644 index 0000000000..7ae1c68a40 --- /dev/null +++ b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled + but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt new file mode 100644 index 0000000000..11e7d25392 --- /dev/null +++ b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt new file mode 100644 index 0000000000..5b79fb69de --- /dev/null +++ b/ChangeLog.d/fix-compilation-with-djgpp.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix compilation on MS-DOS DJGPP. Fixes #9813. diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt new file mode 100644 index 0000000000..8a406a12e8 --- /dev/null +++ b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix rare concurrent access bug where attempting to operate on a + non-existent key while concurrently creating a new key could potentially + corrupt the key store. diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt new file mode 100644 index 0000000000..9b6d8acd6e --- /dev/null +++ b/ChangeLog.d/fix-driver-schema-check.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix invalid JSON schemas for driver descriptions used by + generate_driver_wrappers.py. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt new file mode 100644 index 0000000000..2549af8733 --- /dev/null +++ b/ChangeLog.d/fix-legacy-compression-issue.txt @@ -0,0 +1,6 @@ +Bugfix + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. + fixes #8995, #9243. + diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt new file mode 100644 index 0000000000..eefda618ca --- /dev/null +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013 or MinGW. + Fixes #10017. diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt new file mode 100644 index 0000000000..e3c8aecc2d --- /dev/null +++ b/ChangeLog.d/fix-psa-cmac.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in + CMAC is enabled, but no built-in unauthenticated cipher is enabled. + Fixes #9209. diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt new file mode 100644 index 0000000000..b5c26505c2 --- /dev/null +++ b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix issue of redefinition warning messages for _GNU_SOURCE in + entropy_poll.c and sha_256.c. There was a build warning during + building for linux platform. + Resolves #9026 diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/fix-rsa-performance-regression.txt new file mode 100644 index 0000000000..603612a314 --- /dev/null +++ b/ChangeLog.d/fix-rsa-performance-regression.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix unintended performance regression when using short RSA public keys. + Fixes #9232. diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt new file mode 100644 index 0000000000..23a46c068d --- /dev/null +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt new file mode 100644 index 0000000000..d1d8341f79 --- /dev/null +++ b/ChangeLog.d/fix-server-mode-only-build.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt new file mode 100644 index 0000000000..87bc59694f --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -0,0 +1,18 @@ +Security + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + +Changes + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This makes it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt new file mode 100644 index 0000000000..e517cbb72a --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -0,0 +1,8 @@ +Security + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt new file mode 100644 index 0000000000..26042193cc --- /dev/null +++ b/ChangeLog.d/fix-test-suite-pk-warnings.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. + Fixes #9029. diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt new file mode 100644 index 0000000000..b81fb426a7 --- /dev/null +++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt @@ -0,0 +1,11 @@ +Security + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert). diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt new file mode 100644 index 0000000000..e4726a45d7 --- /dev/null +++ b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined behaviour (incrementing a NULL pointer by zero length) when + passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt new file mode 100644 index 0000000000..69c00e1a77 --- /dev/null +++ b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt @@ -0,0 +1,3 @@ +Changes + * Improve performance of PSA key generation with ECC keys: it no longer + computes the public key (which was immediately discarded). Fixes #9732. diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt new file mode 100644 index 0000000000..2fc2751ac0 --- /dev/null +++ b/ChangeLog.d/mbedtls_psa_register_se_key.txt @@ -0,0 +1,3 @@ +Bugfix + * Document and enforce the limitation of mbedtls_psa_register_se_key() + to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt new file mode 100644 index 0000000000..dba25af611 --- /dev/null +++ b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix a memory leak that could occur when failing to process an RSA + key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt new file mode 100644 index 0000000000..250a5baafa --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -0,0 +1,16 @@ +Default behavior changes + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Security + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt new file mode 100644 index 0000000000..53828d85b1 --- /dev/null +++ b/ChangeLog.d/oid.txt @@ -0,0 +1,8 @@ +Removals + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt new file mode 100644 index 0000000000..d00aa8a870 --- /dev/null +++ b/ChangeLog.d/pk-norsa-warning.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt new file mode 100644 index 0000000000..45f4d9b101 --- /dev/null +++ b/ChangeLog.d/psa-always-on.txt @@ -0,0 +1,10 @@ +Default behavior changes + * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem + to perform cryptographic operations, with a few exceptions documented + in docs/architecture/psa-migration/psa-limitations.md. This + corresponds to the behavior of Mbed TLS 3.x when + MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO + is now always enabled. + * psa_crypto_init() must be called before performing any cryptographic + operation, including indirect requests such as parsing a key or + certificate or starting a TLS handshake. diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa-crypto-config-always-on.txt new file mode 100644 index 0000000000..d255f8c3c1 --- /dev/null +++ b/ChangeLog.d/psa-crypto-config-always-on.txt @@ -0,0 +1,7 @@ +Default behavior changes + * The `PSA_WANT_XXX` symbols as defined in + tf-psa-crypto/include/psa/crypto_config.h are now always used in the + configuration of the cryptographic mechanisms exposed by the PSA API. + This corresponds to the configuration behavior of Mbed TLS 3.x when + MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG + is now always enabled and the configuration option has been removed. diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt new file mode 100644 index 0000000000..39e03b93ba --- /dev/null +++ b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes + long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt new file mode 100644 index 0000000000..3fc1bd7d1f --- /dev/null +++ b/ChangeLog.d/psa_generate_key_custom.txt @@ -0,0 +1,9 @@ +API changes + * The experimental functions psa_generate_key_ext() and + psa_key_derivation_output_key_ext() have been replaced by + psa_generate_key_custom() and psa_key_derivation_output_key_custom(). + They have almost exactly the same interface, but the variable-length + data is passed in a separate parameter instead of a flexible array + member. This resolves a build failure under C++ compilers that do not + support flexible array members (a C99 feature not adopted by C++). + Fixes #9020. diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt new file mode 100644 index 0000000000..9aa70ad978 --- /dev/null +++ b/ChangeLog.d/psa_util-bits-0.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or + mbedtls_psa_der_to_raw() is called with bits=0. diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt new file mode 100644 index 0000000000..7c0866dd30 --- /dev/null +++ b/ChangeLog.d/psa_util_in_builds_without_psa.txt @@ -0,0 +1,5 @@ +Bugfix + * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, + some code was defining 0-size arrays, resulting in compilation errors. + Fixed by disabling the offending code in configurations without PSA + Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt new file mode 100644 index 0000000000..a8a19f4ee3 --- /dev/null +++ b/ChangeLog.d/removal-of-rng.txt @@ -0,0 +1,5 @@ +API changes + * All API functions now use the PSA random generator psa_get_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + tf-psa-crypto/docs/4.0-migration-guide.md. diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt new file mode 100644 index 0000000000..37f012c217 --- /dev/null +++ b/ChangeLog.d/remove-compat-2.x.txt @@ -0,0 +1,2 @@ +Removals + * Remove compat-2-x.h header from mbedtls. diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt new file mode 100644 index 0000000000..f9ab4c221c --- /dev/null +++ b/ChangeLog.d/remove-crypto-alt-interface.txt @@ -0,0 +1,5 @@ +Removals + * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options + at the module and function level for crypto mechanisms only. The remaining + alt interfaces for platform, threading and timing are unchanged. + Fixes #8149. diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt new file mode 100644 index 0000000000..a3f4b96573 --- /dev/null +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -0,0 +1,3 @@ +Removals + * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. + Fixes #5903. diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt new file mode 100644 index 0000000000..f9baaf1701 --- /dev/null +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt new file mode 100644 index 0000000000..213cf55b40 --- /dev/null +++ b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt @@ -0,0 +1,4 @@ +Bugfix + * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' + and 'mbedtls_net_connect' to prevent possible double close fd + problems. Fixes #9711. diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt new file mode 100644 index 0000000000..f03b5ed7fe --- /dev/null +++ b/ChangeLog.d/repo-split.txt @@ -0,0 +1,5 @@ +Changes + * Move the crypto part of the library (content of tf-psa-crypto directory) + from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and + tests development will now occur in TF-PSA-Crypto, which Mbed TLS + references as a Git submodule. diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt new file mode 100644 index 0000000000..4b29adc4c9 --- /dev/null +++ b/ChangeLog.d/rm-ssl-conf-curves.txt @@ -0,0 +1,4 @@ +Removals + * Remove the function mbedtls_ssl_conf_curves() which had been deprecated + in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. + diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt new file mode 100644 index 0000000000..938e9eccb6 --- /dev/null +++ b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt @@ -0,0 +1,4 @@ +Changes + * Functions regarding numeric string conversions for OIDs have been moved + from the OID module and now reside in X.509 module. This helps to reduce + the code size as these functions are not commonly used outside of X.509. diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt new file mode 100644 index 0000000000..6bab02a029 --- /dev/null +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -0,0 +1,7 @@ +Bugfix + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_handshake() for details. diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt new file mode 100644 index 0000000000..4df6b3e303 --- /dev/null +++ b/ChangeLog.d/tls-key-exchange-rsa.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt new file mode 100644 index 0000000000..cd52d32ffd --- /dev/null +++ b/ChangeLog.d/tls12-check-finished-calc.txt @@ -0,0 +1,6 @@ +Security + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt new file mode 100644 index 0000000000..8dd8a327d6 --- /dev/null +++ b/ChangeLog.d/tls13-cert-regressions.txt @@ -0,0 +1,18 @@ +Bugfix + * Fixed a regression introduced in 3.6.0 where the CA callback set with + mbedtls_ssl_conf_ca_cb() would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS + 1.3. + * Fixed a regression introduced in 3.6.0 where clients that relied on + optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() + with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop + working when connections were upgraded to TLS 1.3. Fixed by adding + support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 + standard makes server authentication mandatory; users are advised not to + use authmode none, and to carefully check the results when using optional + mode. + * Fixed a regression introduced in 3.6.0 where context-specific certificate + verify callbacks, set with mbedtls_ssl_set_verify() as opposed to + mbedtls_ssl_conf_verify(), would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for context-specific verify + callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt new file mode 100644 index 0000000000..f5331bc063 --- /dev/null +++ b/ChangeLog.d/tls13-middlebox-compat-disabled.txt @@ -0,0 +1,4 @@ +Bugfix + * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with + peers that have middlebox compatibility enabled, as long as no + problematic middlebox is in the way. Fixes #9551. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt new file mode 100644 index 0000000000..8ceef21ee5 --- /dev/null +++ b/ChangeLog.d/tls13-without-tickets.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt new file mode 100644 index 0000000000..75a72cae6b --- /dev/null +++ b/ChangeLog.d/unterminated-string-initialization.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. From 120914be2249e46f4013b395602d6867459f8b09 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 11 Sep 2025 22:48:18 +0100 Subject: [PATCH 0948/1080] Removed entries already in tf-psa-crypto Clog ripgrep was used to check against the tf-psa-crypto.v1.0.0-beta Changelog. rg --multiline -F -f {changelog_to_check}.txt -o ../tf-psa-crypto-ChangeLog Signed-off-by: Minos Galanakis --- ChangeLog.d/oid.txt | 8 -------- ChangeLog.d/removal-of-rng.txt | 5 ----- ChangeLog.d/unterminated-string-initialization.txt | 3 --- 3 files changed, 16 deletions(-) delete mode 100644 ChangeLog.d/oid.txt delete mode 100644 ChangeLog.d/removal-of-rng.txt delete mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt deleted file mode 100644 index 53828d85b1..0000000000 --- a/ChangeLog.d/oid.txt +++ /dev/null @@ -1,8 +0,0 @@ -Removals - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt deleted file mode 100644 index a8a19f4ee3..0000000000 --- a/ChangeLog.d/removal-of-rng.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * All API functions now use the PSA random generator psa_get_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - tf-psa-crypto/docs/4.0-migration-guide.md. diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt deleted file mode 100644 index 75a72cae6b..0000000000 --- a/ChangeLog.d/unterminated-string-initialization.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. From 5bb46ef737cd2daf2f113964c189edda422a082d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 Sep 2025 10:36:24 +0100 Subject: [PATCH 0949/1080] Moved TLS related changelogs Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => tls}/9684.txt | 0 ChangeLog.d/{ => tls}/9685.txt | 0 ChangeLog.d/{ => tls}/9956.txt | 0 ChangeLog.d/{ => tls}/fix-legacy-compression-issue.txt | 0 ChangeLog.d/{ => tls}/fix_reporting_of_key_usage_issues.txt | 0 ChangeLog.d/{ => tls}/remove_RSA_key_exchange.txt | 0 ChangeLog.d/{ => tls}/tls-hs-defrag-in.txt | 0 ChangeLog.d/{ => tls}/tls-key-exchange-rsa.txt | 0 ChangeLog.d/{ => tls}/tls12-check-finished-calc.txt | 0 ChangeLog.d/{ => tls}/tls13-cert-regressions.txt | 0 ChangeLog.d/{ => tls}/tls13-without-tickets.txt | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => tls}/9684.txt (100%) rename ChangeLog.d/{ => tls}/9685.txt (100%) rename ChangeLog.d/{ => tls}/9956.txt (100%) rename ChangeLog.d/{ => tls}/fix-legacy-compression-issue.txt (100%) rename ChangeLog.d/{ => tls}/fix_reporting_of_key_usage_issues.txt (100%) rename ChangeLog.d/{ => tls}/remove_RSA_key_exchange.txt (100%) rename ChangeLog.d/{ => tls}/tls-hs-defrag-in.txt (100%) rename ChangeLog.d/{ => tls}/tls-key-exchange-rsa.txt (100%) rename ChangeLog.d/{ => tls}/tls12-check-finished-calc.txt (100%) rename ChangeLog.d/{ => tls}/tls13-cert-regressions.txt (100%) rename ChangeLog.d/{ => tls}/tls13-without-tickets.txt (100%) diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/tls/9684.txt similarity index 100% rename from ChangeLog.d/9684.txt rename to ChangeLog.d/tls/9684.txt diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/tls/9685.txt similarity index 100% rename from ChangeLog.d/9685.txt rename to ChangeLog.d/tls/9685.txt diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/tls/9956.txt similarity index 100% rename from ChangeLog.d/9956.txt rename to ChangeLog.d/tls/9956.txt diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/tls/fix-legacy-compression-issue.txt similarity index 100% rename from ChangeLog.d/fix-legacy-compression-issue.txt rename to ChangeLog.d/tls/fix-legacy-compression-issue.txt diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt similarity index 100% rename from ChangeLog.d/fix_reporting_of_key_usage_issues.txt rename to ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/tls/remove_RSA_key_exchange.txt similarity index 100% rename from ChangeLog.d/remove_RSA_key_exchange.txt rename to ChangeLog.d/tls/remove_RSA_key_exchange.txt diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls/tls-hs-defrag-in.txt similarity index 100% rename from ChangeLog.d/tls-hs-defrag-in.txt rename to ChangeLog.d/tls/tls-hs-defrag-in.txt diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls/tls-key-exchange-rsa.txt similarity index 100% rename from ChangeLog.d/tls-key-exchange-rsa.txt rename to ChangeLog.d/tls/tls-key-exchange-rsa.txt diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls/tls12-check-finished-calc.txt similarity index 100% rename from ChangeLog.d/tls12-check-finished-calc.txt rename to ChangeLog.d/tls/tls12-check-finished-calc.txt diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls/tls13-cert-regressions.txt similarity index 100% rename from ChangeLog.d/tls13-cert-regressions.txt rename to ChangeLog.d/tls/tls13-cert-regressions.txt diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls/tls13-without-tickets.txt similarity index 100% rename from ChangeLog.d/tls13-without-tickets.txt rename to ChangeLog.d/tls/tls13-without-tickets.txt From f47c86561d6d8e3150760c39f68e1e231b567d85 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 Sep 2025 10:39:24 +0100 Subject: [PATCH 0950/1080] Moved x509 related changelogs Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => x509}/9892.txt | 0 ChangeLog.d/{ => x509}/fix-string-to-names-memory-management.txt | 0 ChangeLog.d/{ => x509}/fix-string-to-names-store-named-data.txt | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => x509}/9892.txt (100%) rename ChangeLog.d/{ => x509}/fix-string-to-names-memory-management.txt (100%) rename ChangeLog.d/{ => x509}/fix-string-to-names-store-named-data.txt (100%) diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/x509/9892.txt similarity index 100% rename from ChangeLog.d/9892.txt rename to ChangeLog.d/x509/9892.txt diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/x509/fix-string-to-names-memory-management.txt similarity index 100% rename from ChangeLog.d/fix-string-to-names-memory-management.txt rename to ChangeLog.d/x509/fix-string-to-names-memory-management.txt diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/x509/fix-string-to-names-store-named-data.txt similarity index 100% rename from ChangeLog.d/fix-string-to-names-store-named-data.txt rename to ChangeLog.d/x509/fix-string-to-names-store-named-data.txt From a439ac57d113fc400bd2371fe97b7c05e5802793 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 Sep 2025 10:41:29 +0100 Subject: [PATCH 0951/1080] moved psa changelogs Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => psa}/9126.txt | 0 ChangeLog.d/{ => psa}/9302.txt | 0 ChangeLog.d/{ => psa}/9690.txt | 0 ChangeLog.d/{ => psa}/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 0 ChangeLog.d/{ => psa}/add-psa-iop-generate-key.txt | 0 ChangeLog.d/{ => psa}/add-psa-iop-key-agreement.txt | 0 ChangeLog.d/{ => psa}/add-psa-key-agreement.txt | 0 ChangeLog.d/{ => psa}/configuration-split.txt | 0 ChangeLog.d/{ => psa}/dynamic-keystore.txt | 0 ChangeLog.d/{ => psa}/ecdsa-conversion-overflow.txt | 0 ChangeLog.d/{ => psa}/fix-aesni-asm-clobbers.txt | 0 ChangeLog.d/{ => psa}/fix-clang-psa-build-without-dhm.txt | 0 ChangeLog.d/{ => psa}/fix-psa-cmac.txt | 0 .../fix-redefination_warning_messages_for_GNU_SOURCE.txt | 0 ChangeLog.d/{ => psa}/fix-rsa-performance-regression.txt | 0 ChangeLog.d/{ => psa}/fix-secure-element-key-creation.txt | 0 ChangeLog.d/{ => psa}/fix-test-suite-pk-warnings.txt | 0 ChangeLog.d/{ => psa}/fix_ubsan_mp_aead_gcm.txt | 0 .../{ => psa}/mbedtls_psa_ecp_generate_key-no_public_key.txt | 0 ChangeLog.d/{ => psa}/mbedtls_psa_register_se_key.txt | 0 .../{ => psa}/mbedtls_psa_rsa_load_representation-memory_leak.txt | 0 ChangeLog.d/{ => psa}/pk-norsa-warning.txt | 0 ChangeLog.d/{ => psa}/psa-always-on.txt | 0 ChangeLog.d/{ => psa}/psa-crypto-config-always-on.txt | 0 .../psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt | 0 ChangeLog.d/{ => psa}/psa_generate_key_custom.txt | 0 ChangeLog.d/{ => psa}/psa_util_in_builds_without_psa.txt | 0 ChangeLog.d/{ => psa}/remove-crypto-alt-interface.txt | 0 ChangeLog.d/{ => psa}/remove-via-padlock-support.txt | 0 29 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => psa}/9126.txt (100%) rename ChangeLog.d/{ => psa}/9302.txt (100%) rename ChangeLog.d/{ => psa}/9690.txt (100%) rename ChangeLog.d/{ => psa}/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt (100%) rename ChangeLog.d/{ => psa}/add-psa-iop-generate-key.txt (100%) rename ChangeLog.d/{ => psa}/add-psa-iop-key-agreement.txt (100%) rename ChangeLog.d/{ => psa}/add-psa-key-agreement.txt (100%) rename ChangeLog.d/{ => psa}/configuration-split.txt (100%) rename ChangeLog.d/{ => psa}/dynamic-keystore.txt (100%) rename ChangeLog.d/{ => psa}/ecdsa-conversion-overflow.txt (100%) rename ChangeLog.d/{ => psa}/fix-aesni-asm-clobbers.txt (100%) rename ChangeLog.d/{ => psa}/fix-clang-psa-build-without-dhm.txt (100%) rename ChangeLog.d/{ => psa}/fix-psa-cmac.txt (100%) rename ChangeLog.d/{ => psa}/fix-redefination_warning_messages_for_GNU_SOURCE.txt (100%) rename ChangeLog.d/{ => psa}/fix-rsa-performance-regression.txt (100%) rename ChangeLog.d/{ => psa}/fix-secure-element-key-creation.txt (100%) rename ChangeLog.d/{ => psa}/fix-test-suite-pk-warnings.txt (100%) rename ChangeLog.d/{ => psa}/fix_ubsan_mp_aead_gcm.txt (100%) rename ChangeLog.d/{ => psa}/mbedtls_psa_ecp_generate_key-no_public_key.txt (100%) rename ChangeLog.d/{ => psa}/mbedtls_psa_register_se_key.txt (100%) rename ChangeLog.d/{ => psa}/mbedtls_psa_rsa_load_representation-memory_leak.txt (100%) rename ChangeLog.d/{ => psa}/pk-norsa-warning.txt (100%) rename ChangeLog.d/{ => psa}/psa-always-on.txt (100%) rename ChangeLog.d/{ => psa}/psa-crypto-config-always-on.txt (100%) rename ChangeLog.d/{ => psa}/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt (100%) rename ChangeLog.d/{ => psa}/psa_generate_key_custom.txt (100%) rename ChangeLog.d/{ => psa}/psa_util_in_builds_without_psa.txt (100%) rename ChangeLog.d/{ => psa}/remove-crypto-alt-interface.txt (100%) rename ChangeLog.d/{ => psa}/remove-via-padlock-support.txt (100%) diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/psa/9126.txt similarity index 100% rename from ChangeLog.d/9126.txt rename to ChangeLog.d/psa/9126.txt diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/psa/9302.txt similarity index 100% rename from ChangeLog.d/9302.txt rename to ChangeLog.d/psa/9302.txt diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/psa/9690.txt similarity index 100% rename from ChangeLog.d/9690.txt rename to ChangeLog.d/psa/9690.txt diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt similarity index 100% rename from ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt rename to ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/psa/add-psa-iop-generate-key.txt similarity index 100% rename from ChangeLog.d/add-psa-iop-generate-key.txt rename to ChangeLog.d/psa/add-psa-iop-generate-key.txt diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/psa/add-psa-iop-key-agreement.txt similarity index 100% rename from ChangeLog.d/add-psa-iop-key-agreement.txt rename to ChangeLog.d/psa/add-psa-iop-key-agreement.txt diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/psa/add-psa-key-agreement.txt similarity index 100% rename from ChangeLog.d/add-psa-key-agreement.txt rename to ChangeLog.d/psa/add-psa-key-agreement.txt diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/psa/configuration-split.txt similarity index 100% rename from ChangeLog.d/configuration-split.txt rename to ChangeLog.d/psa/configuration-split.txt diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/psa/dynamic-keystore.txt similarity index 100% rename from ChangeLog.d/dynamic-keystore.txt rename to ChangeLog.d/psa/dynamic-keystore.txt diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/psa/ecdsa-conversion-overflow.txt similarity index 100% rename from ChangeLog.d/ecdsa-conversion-overflow.txt rename to ChangeLog.d/psa/ecdsa-conversion-overflow.txt diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt similarity index 100% rename from ChangeLog.d/fix-aesni-asm-clobbers.txt rename to ChangeLog.d/psa/fix-aesni-asm-clobbers.txt diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt similarity index 100% rename from ChangeLog.d/fix-clang-psa-build-without-dhm.txt rename to ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/psa/fix-psa-cmac.txt similarity index 100% rename from ChangeLog.d/fix-psa-cmac.txt rename to ChangeLog.d/psa/fix-psa-cmac.txt diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt similarity index 100% rename from ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt rename to ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/psa/fix-rsa-performance-regression.txt similarity index 100% rename from ChangeLog.d/fix-rsa-performance-regression.txt rename to ChangeLog.d/psa/fix-rsa-performance-regression.txt diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/psa/fix-secure-element-key-creation.txt similarity index 100% rename from ChangeLog.d/fix-secure-element-key-creation.txt rename to ChangeLog.d/psa/fix-secure-element-key-creation.txt diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt similarity index 100% rename from ChangeLog.d/fix-test-suite-pk-warnings.txt rename to ChangeLog.d/psa/fix-test-suite-pk-warnings.txt diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt similarity index 100% rename from ChangeLog.d/fix_ubsan_mp_aead_gcm.txt rename to ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt similarity index 100% rename from ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt rename to ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt similarity index 100% rename from ChangeLog.d/mbedtls_psa_register_se_key.txt rename to ChangeLog.d/psa/mbedtls_psa_register_se_key.txt diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt similarity index 100% rename from ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt rename to ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/psa/pk-norsa-warning.txt similarity index 100% rename from ChangeLog.d/pk-norsa-warning.txt rename to ChangeLog.d/psa/pk-norsa-warning.txt diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa/psa-always-on.txt similarity index 100% rename from ChangeLog.d/psa-always-on.txt rename to ChangeLog.d/psa/psa-always-on.txt diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa/psa-crypto-config-always-on.txt similarity index 100% rename from ChangeLog.d/psa-crypto-config-always-on.txt rename to ChangeLog.d/psa/psa-crypto-config-always-on.txt diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt similarity index 100% rename from ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt rename to ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa/psa_generate_key_custom.txt similarity index 100% rename from ChangeLog.d/psa_generate_key_custom.txt rename to ChangeLog.d/psa/psa_generate_key_custom.txt diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt similarity index 100% rename from ChangeLog.d/psa_util_in_builds_without_psa.txt rename to ChangeLog.d/psa/psa_util_in_builds_without_psa.txt diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/psa/remove-crypto-alt-interface.txt similarity index 100% rename from ChangeLog.d/remove-crypto-alt-interface.txt rename to ChangeLog.d/psa/remove-crypto-alt-interface.txt diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/psa/remove-via-padlock-support.txt similarity index 100% rename from ChangeLog.d/remove-via-padlock-support.txt rename to ChangeLog.d/psa/remove-via-padlock-support.txt From 582cb04c6cf5ea34c6831be370029bbbc703a306 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 14:50:33 +0100 Subject: [PATCH 0952/1080] Changelog: Moved fix-clang-psa-build-without-dhm to MbedTLS Signed-off-by: Minos Galanakis --- ChangeLog.d/{psa => }/fix-clang-psa-build-without-dhm.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{psa => }/fix-clang-psa-build-without-dhm.txt (100%) diff --git a/ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt similarity index 100% rename from ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt rename to ChangeLog.d/fix-clang-psa-build-without-dhm.txt From 92a2154ed2323456af7abbf2f641d1ef5175d971 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:11:52 +0100 Subject: [PATCH 0953/1080] Changelog: Split changelogs for both libraries Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-asn1-store-named-data.txt | 8 ++++++++ ChangeLog.d/psa/psa-always-on.txt | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-asn1-store-named-data.txt diff --git a/ChangeLog.d/fix-asn1-store-named-data.txt b/ChangeLog.d/fix-asn1-store-named-data.txt new file mode 100644 index 0000000000..7a040bd43b --- /dev/null +++ b/ChangeLog.d/fix-asn1-store-named-data.txt @@ -0,0 +1,8 @@ +Security + * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it + would sometimes leave an item in the output list in an inconsistent + state with val.p == NULL but val.len > 0. Affected functions used in X.509 + would then dereference a NULL pointer. Applications that do not + call this function (directly, or indirectly through X.509 writing) are not + affected. Found by Linh Le and Ngan Nguyen from Calif. + diff --git a/ChangeLog.d/psa/psa-always-on.txt b/ChangeLog.d/psa/psa-always-on.txt index 45f4d9b101..6607e9fe40 100644 --- a/ChangeLog.d/psa/psa-always-on.txt +++ b/ChangeLog.d/psa/psa-always-on.txt @@ -1,5 +1,5 @@ Default behavior changes - * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem + * The X.509 and TLS modules now always use the PSA subsystem to perform cryptographic operations, with a few exceptions documented in docs/architecture/psa-migration/psa-limitations.md. This corresponds to the behavior of Mbed TLS 3.x when @@ -8,3 +8,4 @@ Default behavior changes * psa_crypto_init() must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. + From 4b0923f65344132d12a6d6f5c162816f6159285d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:38:14 +0100 Subject: [PATCH 0954/1080] Changelog: Brought forward changelog changes from #4716308 Signed-off-by: Minos Galanakis --- ChangeLog.d/9964.txt | 3 ++- ChangeLog.d/error-unification.txt | 3 ++- ChangeLog.d/x509/9892.txt | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt index ca0cc4b48d..0b28ea990a 100644 --- a/ChangeLog.d/9964.txt +++ b/ChangeLog.d/9964.txt @@ -1,5 +1,5 @@ Removals - * Removal of the following sample programs: + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c @@ -23,3 +23,4 @@ Removals hash/hello.c hash/generic_sum.c cipher/cipher_aead_demo.c + diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index bcf5ba1f3d..1f8e8af1df 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -7,5 +7,6 @@ API changes between -32767 and -1 as before. Removals - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), since these concepts no longer exists. There is just mbedtls_strerror(). + diff --git a/ChangeLog.d/x509/9892.txt b/ChangeLog.d/x509/9892.txt index 01d21b6e5f..962bdad823 100644 --- a/ChangeLog.d/x509/9892.txt +++ b/ChangeLog.d/x509/9892.txt @@ -1,4 +1,5 @@ Removals * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by + already deprecated and superseded by mbedtls_x509write_crt_set_serial_raw(). + From 1789bbdde876a7b0a9f76d7bf8618ac375ec5c7a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:47:55 +0100 Subject: [PATCH 0955/1080] Changelog: Moved entries to tf-psa-psa Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => psa}/asn1-missing-guard-in-rsa.txt | 0 .../{ => psa}/fix-concurrently-loading-non-existent-keys.txt | 0 ChangeLog.d/{ => psa}/fix-driver-schema-check.txt | 0 ChangeLog.d/{ => psa}/psa_util-bits-0.txt | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => psa}/asn1-missing-guard-in-rsa.txt (100%) rename ChangeLog.d/{ => psa}/fix-concurrently-loading-non-existent-keys.txt (100%) rename ChangeLog.d/{ => psa}/fix-driver-schema-check.txt (100%) rename ChangeLog.d/{ => psa}/psa_util-bits-0.txt (100%) diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt similarity index 100% rename from ChangeLog.d/asn1-missing-guard-in-rsa.txt rename to ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt similarity index 100% rename from ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt rename to ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/psa/fix-driver-schema-check.txt similarity index 100% rename from ChangeLog.d/fix-driver-schema-check.txt rename to ChangeLog.d/psa/fix-driver-schema-check.txt diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa/psa_util-bits-0.txt similarity index 100% rename from ChangeLog.d/psa_util-bits-0.txt rename to ChangeLog.d/psa/psa_util-bits-0.txt From 514375e8c1b239eb57f331113d75a6c6f467b144 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:49:33 +0100 Subject: [PATCH 0956/1080] Changelog: Brought entries from tf-psa-crypto Signed-off-by: Minos Galanakis --- ChangeLog.d/removal-of-rng.txt | 6 ++++++ ChangeLog.d/unterminated-string-initialization.txt | 3 +++ 2 files changed, 9 insertions(+) create mode 100644 ChangeLog.d/removal-of-rng.txt create mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt new file mode 100644 index 0000000000..7ecb29ffb7 --- /dev/null +++ b/ChangeLog.d/removal-of-rng.txt @@ -0,0 +1,6 @@ +API changes + * All API functions now use the PSA random generator psa_generate_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + docs/4.0-migration-guide.md. + diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt new file mode 100644 index 0000000000..75a72cae6b --- /dev/null +++ b/ChangeLog.d/unterminated-string-initialization.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. From 9b1db5da781ed6c000e363cade48cb2a86ddf78d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 16:38:14 +0100 Subject: [PATCH 0957/1080] Moved entries back to Changelog.d Signed-off-by: Minos Galanakis --- ChangeLog.d/{tls => }/9684.txt | 0 ChangeLog.d/{tls => }/9685.txt | 0 ChangeLog.d/{x509 => }/9892.txt | 0 ChangeLog.d/{tls => }/9956.txt | 0 ChangeLog.d/{tls => }/fix-legacy-compression-issue.txt | 0 ChangeLog.d/{x509 => }/fix-string-to-names-memory-management.txt | 0 ChangeLog.d/{x509 => }/fix-string-to-names-store-named-data.txt | 0 ChangeLog.d/{tls => }/fix_reporting_of_key_usage_issues.txt | 0 ChangeLog.d/{psa => }/psa-always-on.txt | 0 ChangeLog.d/{tls => }/remove_RSA_key_exchange.txt | 0 ChangeLog.d/{tls => }/tls-hs-defrag-in.txt | 0 ChangeLog.d/{tls => }/tls-key-exchange-rsa.txt | 0 ChangeLog.d/{tls => }/tls12-check-finished-calc.txt | 0 ChangeLog.d/{tls => }/tls13-cert-regressions.txt | 0 ChangeLog.d/{tls => }/tls13-without-tickets.txt | 0 15 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{tls => }/9684.txt (100%) rename ChangeLog.d/{tls => }/9685.txt (100%) rename ChangeLog.d/{x509 => }/9892.txt (100%) rename ChangeLog.d/{tls => }/9956.txt (100%) rename ChangeLog.d/{tls => }/fix-legacy-compression-issue.txt (100%) rename ChangeLog.d/{x509 => }/fix-string-to-names-memory-management.txt (100%) rename ChangeLog.d/{x509 => }/fix-string-to-names-store-named-data.txt (100%) rename ChangeLog.d/{tls => }/fix_reporting_of_key_usage_issues.txt (100%) rename ChangeLog.d/{psa => }/psa-always-on.txt (100%) rename ChangeLog.d/{tls => }/remove_RSA_key_exchange.txt (100%) rename ChangeLog.d/{tls => }/tls-hs-defrag-in.txt (100%) rename ChangeLog.d/{tls => }/tls-key-exchange-rsa.txt (100%) rename ChangeLog.d/{tls => }/tls12-check-finished-calc.txt (100%) rename ChangeLog.d/{tls => }/tls13-cert-regressions.txt (100%) rename ChangeLog.d/{tls => }/tls13-without-tickets.txt (100%) diff --git a/ChangeLog.d/tls/9684.txt b/ChangeLog.d/9684.txt similarity index 100% rename from ChangeLog.d/tls/9684.txt rename to ChangeLog.d/9684.txt diff --git a/ChangeLog.d/tls/9685.txt b/ChangeLog.d/9685.txt similarity index 100% rename from ChangeLog.d/tls/9685.txt rename to ChangeLog.d/9685.txt diff --git a/ChangeLog.d/x509/9892.txt b/ChangeLog.d/9892.txt similarity index 100% rename from ChangeLog.d/x509/9892.txt rename to ChangeLog.d/9892.txt diff --git a/ChangeLog.d/tls/9956.txt b/ChangeLog.d/9956.txt similarity index 100% rename from ChangeLog.d/tls/9956.txt rename to ChangeLog.d/9956.txt diff --git a/ChangeLog.d/tls/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt similarity index 100% rename from ChangeLog.d/tls/fix-legacy-compression-issue.txt rename to ChangeLog.d/fix-legacy-compression-issue.txt diff --git a/ChangeLog.d/x509/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt similarity index 100% rename from ChangeLog.d/x509/fix-string-to-names-memory-management.txt rename to ChangeLog.d/fix-string-to-names-memory-management.txt diff --git a/ChangeLog.d/x509/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt similarity index 100% rename from ChangeLog.d/x509/fix-string-to-names-store-named-data.txt rename to ChangeLog.d/fix-string-to-names-store-named-data.txt diff --git a/ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt similarity index 100% rename from ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt rename to ChangeLog.d/fix_reporting_of_key_usage_issues.txt diff --git a/ChangeLog.d/psa/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt similarity index 100% rename from ChangeLog.d/psa/psa-always-on.txt rename to ChangeLog.d/psa-always-on.txt diff --git a/ChangeLog.d/tls/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt similarity index 100% rename from ChangeLog.d/tls/remove_RSA_key_exchange.txt rename to ChangeLog.d/remove_RSA_key_exchange.txt diff --git a/ChangeLog.d/tls/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt similarity index 100% rename from ChangeLog.d/tls/tls-hs-defrag-in.txt rename to ChangeLog.d/tls-hs-defrag-in.txt diff --git a/ChangeLog.d/tls/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt similarity index 100% rename from ChangeLog.d/tls/tls-key-exchange-rsa.txt rename to ChangeLog.d/tls-key-exchange-rsa.txt diff --git a/ChangeLog.d/tls/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt similarity index 100% rename from ChangeLog.d/tls/tls12-check-finished-calc.txt rename to ChangeLog.d/tls12-check-finished-calc.txt diff --git a/ChangeLog.d/tls/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt similarity index 100% rename from ChangeLog.d/tls/tls13-cert-regressions.txt rename to ChangeLog.d/tls13-cert-regressions.txt diff --git a/ChangeLog.d/tls/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt similarity index 100% rename from ChangeLog.d/tls/tls13-without-tickets.txt rename to ChangeLog.d/tls13-without-tickets.txt From 48bfaa9353beaeee0b9f9844f7870a1f913289b5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 26 Sep 2025 10:37:00 +0100 Subject: [PATCH 0958/1080] Changelog: Removed psa migrated entries Signed-off-by: Minos Galanakis --- ChangeLog.d/psa/9126.txt | 5 ----- ChangeLog.d/psa/9302.txt | 6 ------ ChangeLog.d/psa/9690.txt | 8 -------- .../psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 4 ---- ChangeLog.d/psa/add-psa-iop-generate-key.txt | 3 --- ChangeLog.d/psa/add-psa-iop-key-agreement.txt | 4 ---- ChangeLog.d/psa/add-psa-key-agreement.txt | 3 --- ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt | 3 --- ChangeLog.d/psa/configuration-split.txt | 16 ---------------- ChangeLog.d/psa/dynamic-keystore.txt | 10 ---------- ChangeLog.d/psa/ecdsa-conversion-overflow.txt | 6 ------ ChangeLog.d/psa/fix-aesni-asm-clobbers.txt | 5 ----- ...ix-concurrently-loading-non-existent-keys.txt | 4 ---- ChangeLog.d/psa/fix-driver-schema-check.txt | 3 --- ChangeLog.d/psa/fix-psa-cmac.txt | 4 ---- ...efination_warning_messages_for_GNU_SOURCE.txt | 5 ----- .../psa/fix-rsa-performance-regression.txt | 3 --- .../psa/fix-secure-element-key-creation.txt | 5 ----- ChangeLog.d/psa/fix-test-suite-pk-warnings.txt | 3 --- ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt | 3 --- ...bedtls_psa_ecp_generate_key-no_public_key.txt | 3 --- ChangeLog.d/psa/mbedtls_psa_register_se_key.txt | 3 --- ...s_psa_rsa_load_representation-memory_leak.txt | 3 --- ChangeLog.d/psa/pk-norsa-warning.txt | 2 -- ChangeLog.d/psa/psa-crypto-config-always-on.txt | 7 ------- ...er_decrypt-ccm_star-iv_length_enforcement.txt | 3 --- ChangeLog.d/psa/psa_generate_key_custom.txt | 9 --------- ChangeLog.d/psa/psa_util-bits-0.txt | 3 --- .../psa/psa_util_in_builds_without_psa.txt | 5 ----- ChangeLog.d/psa/remove-crypto-alt-interface.txt | 5 ----- ChangeLog.d/psa/remove-via-padlock-support.txt | 3 --- 31 files changed, 149 deletions(-) delete mode 100644 ChangeLog.d/psa/9126.txt delete mode 100644 ChangeLog.d/psa/9302.txt delete mode 100644 ChangeLog.d/psa/9690.txt delete mode 100644 ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt delete mode 100644 ChangeLog.d/psa/add-psa-iop-generate-key.txt delete mode 100644 ChangeLog.d/psa/add-psa-iop-key-agreement.txt delete mode 100644 ChangeLog.d/psa/add-psa-key-agreement.txt delete mode 100644 ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt delete mode 100644 ChangeLog.d/psa/configuration-split.txt delete mode 100644 ChangeLog.d/psa/dynamic-keystore.txt delete mode 100644 ChangeLog.d/psa/ecdsa-conversion-overflow.txt delete mode 100644 ChangeLog.d/psa/fix-aesni-asm-clobbers.txt delete mode 100644 ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt delete mode 100644 ChangeLog.d/psa/fix-driver-schema-check.txt delete mode 100644 ChangeLog.d/psa/fix-psa-cmac.txt delete mode 100644 ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt delete mode 100644 ChangeLog.d/psa/fix-rsa-performance-regression.txt delete mode 100644 ChangeLog.d/psa/fix-secure-element-key-creation.txt delete mode 100644 ChangeLog.d/psa/fix-test-suite-pk-warnings.txt delete mode 100644 ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt delete mode 100644 ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt delete mode 100644 ChangeLog.d/psa/mbedtls_psa_register_se_key.txt delete mode 100644 ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt delete mode 100644 ChangeLog.d/psa/pk-norsa-warning.txt delete mode 100644 ChangeLog.d/psa/psa-crypto-config-always-on.txt delete mode 100644 ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt delete mode 100644 ChangeLog.d/psa/psa_generate_key_custom.txt delete mode 100644 ChangeLog.d/psa/psa_util-bits-0.txt delete mode 100644 ChangeLog.d/psa/psa_util_in_builds_without_psa.txt delete mode 100644 ChangeLog.d/psa/remove-crypto-alt-interface.txt delete mode 100644 ChangeLog.d/psa/remove-via-padlock-support.txt diff --git a/ChangeLog.d/psa/9126.txt b/ChangeLog.d/psa/9126.txt deleted file mode 100644 index 22939df86f..0000000000 --- a/ChangeLog.d/psa/9126.txt +++ /dev/null @@ -1,5 +0,0 @@ -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. diff --git a/ChangeLog.d/psa/9302.txt b/ChangeLog.d/psa/9302.txt deleted file mode 100644 index d61ba19632..0000000000 --- a/ChangeLog.d/psa/9302.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which - uses static storage for keys, enabling malloc-less use of key slots. - The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the - largest PSA key enabled in the build. diff --git a/ChangeLog.d/psa/9690.txt b/ChangeLog.d/psa/9690.txt deleted file mode 100644 index d00eb16bc9..0000000000 --- a/ChangeLog.d/psa/9690.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a buffer underrun in mbedtls_pk_write_key_der() when - called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, - and the output buffer is smaller than the actual output. - Fix a related buffer underrun in mbedtls_pk_write_key_pem() - when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled - and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. - CVE-2024-49195 diff --git a/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt deleted file mode 100644 index 079cd741dc..0000000000 --- a/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/psa/add-psa-iop-generate-key.txt b/ChangeLog.d/psa/add-psa-iop-generate-key.txt deleted file mode 100644 index 0f586ee197..0000000000 --- a/ChangeLog.d/psa/add-psa-iop-generate-key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add an interruptible version of generate key to the PSA interface. - See psa_generate_key_iop_setup() and related functions. diff --git a/ChangeLog.d/psa/add-psa-iop-key-agreement.txt b/ChangeLog.d/psa/add-psa-iop-key-agreement.txt deleted file mode 100644 index 92dfde1843..0000000000 --- a/ChangeLog.d/psa/add-psa-iop-key-agreement.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add an interruptible version of key agreement to the PSA interface. - See psa_key_agreement_iop_setup() and related functions. - diff --git a/ChangeLog.d/psa/add-psa-key-agreement.txt b/ChangeLog.d/psa/add-psa-key-agreement.txt deleted file mode 100644 index 771e6e2602..0000000000 --- a/ChangeLog.d/psa/add-psa-key-agreement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a new psa_key_agreement() PSA API to perform key agreement and return - an identifier for the newly created key. diff --git a/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt deleted file mode 100644 index bb5b470881..0000000000 --- a/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/psa/configuration-split.txt b/ChangeLog.d/psa/configuration-split.txt deleted file mode 100644 index f4d9bc63ac..0000000000 --- a/ChangeLog.d/psa/configuration-split.txt +++ /dev/null @@ -1,16 +0,0 @@ -Changes - * Cryptography and platform configuration options have been migrated - from the Mbed TLS library configuration file mbedtls_config.h to - crypto_config.h that will become the TF-PSA-Crypto configuration file, - see config-split.md for more information. The reference and test custom - configuration files respectively in configs/ and tests/configs/ have - been updated accordingly. - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them - to the PSA configuration scheme based on PSA_WANT_XXX symbols - (see psa-conditional-inclusion-c.md for more information). - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the - cryptographic and platform configuration options from mbedtls_config.h - to crypto_config.h (see config-split.md for more information and configs/ - for examples). diff --git a/ChangeLog.d/psa/dynamic-keystore.txt b/ChangeLog.d/psa/dynamic-keystore.txt deleted file mode 100644 index c6aac3c991..0000000000 --- a/ChangeLog.d/psa/dynamic-keystore.txt +++ /dev/null @@ -1,10 +0,0 @@ -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - -Bugfix - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/psa/ecdsa-conversion-overflow.txt b/ChangeLog.d/psa/ecdsa-conversion-overflow.txt deleted file mode 100644 index 83b7f2f88b..0000000000 --- a/ChangeLog.d/psa/ecdsa-conversion-overflow.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt b/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt deleted file mode 100644 index 538f0c5115..0000000000 --- a/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix missing constraints on the AES-NI inline assembly which is used on - GCC-like compilers when building AES for generic x86_64 targets. This - may have resulted in incorrect code with some compilers, depending on - optimizations. Fixes #9819. diff --git a/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt deleted file mode 100644 index 8a406a12e8..0000000000 --- a/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. diff --git a/ChangeLog.d/psa/fix-driver-schema-check.txt b/ChangeLog.d/psa/fix-driver-schema-check.txt deleted file mode 100644 index 9b6d8acd6e..0000000000 --- a/ChangeLog.d/psa/fix-driver-schema-check.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix invalid JSON schemas for driver descriptions used by - generate_driver_wrappers.py. diff --git a/ChangeLog.d/psa/fix-psa-cmac.txt b/ChangeLog.d/psa/fix-psa-cmac.txt deleted file mode 100644 index e3c8aecc2d..0000000000 --- a/ChangeLog.d/psa/fix-psa-cmac.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. diff --git a/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt deleted file mode 100644 index b5c26505c2..0000000000 --- a/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 diff --git a/ChangeLog.d/psa/fix-rsa-performance-regression.txt b/ChangeLog.d/psa/fix-rsa-performance-regression.txt deleted file mode 100644 index 603612a314..0000000000 --- a/ChangeLog.d/psa/fix-rsa-performance-regression.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. diff --git a/ChangeLog.d/psa/fix-secure-element-key-creation.txt b/ChangeLog.d/psa/fix-secure-element-key-creation.txt deleted file mode 100644 index 23a46c068d..0000000000 --- a/ChangeLog.d/psa/fix-secure-element-key-creation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. diff --git a/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt b/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt deleted file mode 100644 index 26042193cc..0000000000 --- a/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. diff --git a/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt deleted file mode 100644 index e4726a45d7..0000000000 --- a/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt deleted file mode 100644 index 69c00e1a77..0000000000 --- a/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Improve performance of PSA key generation with ECC keys: it no longer - computes the public key (which was immediately discarded). Fixes #9732. diff --git a/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt b/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt deleted file mode 100644 index 2fc2751ac0..0000000000 --- a/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt deleted file mode 100644 index dba25af611..0000000000 --- a/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/psa/pk-norsa-warning.txt b/ChangeLog.d/psa/pk-norsa-warning.txt deleted file mode 100644 index d00aa8a870..0000000000 --- a/ChangeLog.d/psa/pk-norsa-warning.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa/psa-crypto-config-always-on.txt b/ChangeLog.d/psa/psa-crypto-config-always-on.txt deleted file mode 100644 index d255f8c3c1..0000000000 --- a/ChangeLog.d/psa/psa-crypto-config-always-on.txt +++ /dev/null @@ -1,7 +0,0 @@ -Default behavior changes - * The `PSA_WANT_XXX` symbols as defined in - tf-psa-crypto/include/psa/crypto_config.h are now always used in the - configuration of the cryptographic mechanisms exposed by the PSA API. - This corresponds to the configuration behavior of Mbed TLS 3.x when - MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG - is now always enabled and the configuration option has been removed. diff --git a/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt deleted file mode 100644 index 39e03b93ba..0000000000 --- a/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa/psa_generate_key_custom.txt b/ChangeLog.d/psa/psa_generate_key_custom.txt deleted file mode 100644 index 3fc1bd7d1f..0000000000 --- a/ChangeLog.d/psa/psa_generate_key_custom.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() have been replaced by - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. diff --git a/ChangeLog.d/psa/psa_util-bits-0.txt b/ChangeLog.d/psa/psa_util-bits-0.txt deleted file mode 100644 index 9aa70ad978..0000000000 --- a/ChangeLog.d/psa/psa_util-bits-0.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or - mbedtls_psa_der_to_raw() is called with bits=0. diff --git a/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt deleted file mode 100644 index 7c0866dd30..0000000000 --- a/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/psa/remove-crypto-alt-interface.txt b/ChangeLog.d/psa/remove-crypto-alt-interface.txt deleted file mode 100644 index f9ab4c221c..0000000000 --- a/ChangeLog.d/psa/remove-crypto-alt-interface.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. diff --git a/ChangeLog.d/psa/remove-via-padlock-support.txt b/ChangeLog.d/psa/remove-via-padlock-support.txt deleted file mode 100644 index a3f4b96573..0000000000 --- a/ChangeLog.d/psa/remove-via-padlock-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. From 98dfcd4908f66a058716bf687f2959d779412c66 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 26 Sep 2025 16:30:36 +0100 Subject: [PATCH 0959/1080] Add missing include of stdio.h This is required in util.h in PSASIM as it uses fprintf. Previously stdio was inadvertantly included via psa/crypto_struct.h (of all places). Signed-off-by: David Horstmann --- tests/psa-client-server/psasim/include/util.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/psa-client-server/psasim/include/util.h b/tests/psa-client-server/psasim/include/util.h index 5eb8238c5c..dfc9a32379 100644 --- a/tests/psa-client-server/psasim/include/util.h +++ b/tests/psa-client-server/psasim/include/util.h @@ -7,6 +7,8 @@ #include "service.h" +#include + #define PRINT(fmt, ...) \ fprintf(stdout, fmt "\n", ##__VA_ARGS__) From ce9f08a11bafb4a594b1e72978bfc87771409cb2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Sep 2025 19:21:15 +0200 Subject: [PATCH 0960/1080] More removals found in changelog entries Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 10 ++++++++++ docs/4.0-migration-guide/feature-removals.md | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md index 0065de4542..c8e54f657b 100644 --- a/docs/4.0-migration-guide/configuration.md +++ b/docs/4.0-migration-guide/configuration.md @@ -32,3 +32,13 @@ TF-PSA-Crypto exposes its version through ``, similar t ### Removal of `check_config.h` The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. + +### Changes to TLS options + +#### Enabling null cipher suites + +The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTLS_CIPHER_NULL_CIPHER` to `MBEDTLS_SSL_NULL_CIPHERSUITES`. It remains disabled in the default configuration. + +#### Removal of backward compatibility options + +The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md index 8b2c4d0b8f..b958f864fc 100644 --- a/docs/4.0-migration-guide/feature-removals.md +++ b/docs/4.0-migration-guide/feature-removals.md @@ -140,3 +140,13 @@ mbedtls_ssl_conf_dh_param_bin() mbedtls_ssl_conf_dh_param_ctx() mbedtls_ssl_conf_dhm_min_bitlen() ``` + +### Removal of elliptic curves + +Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS. + +### Removal of deprecated functions + +The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. + +The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. From 0f2a4f3d1fcbcf0f298d4ae6c78c8f9fb423a17e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 26 Sep 2025 20:10:04 +0200 Subject: [PATCH 0961/1080] Prevent unnecessary submodule fetches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index c526f15ef6..dfe7f9ef15 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -204,11 +204,24 @@ def _update_git_submodules(self, git_worktree_path, version): stderr=subprocess.STDOUT ) self.log.debug(submodule_output.decode("utf-8")) - update_output = subprocess.check_output( - [self.git_command, "submodule", "update", "--init", '--recursive'], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) + + try: + # Try to update the submodules using local commits + # (Git will sometimes insist on fetching the remote without --no-fetch if the submodules are shallow clones) + update_output = subprocess.check_output( + [self.git_command, "submodule", "update", "--init", '--recursive', '--no-fetch'], + cwd=git_worktree_path, + stderr=subprocess.STDOUT + ) + except subprocess.CalledProcessError as err: + self.log.debug(err.stdout.decode("utf-8")) + + # Checkout with --no-fetch failed, falling back to fetching from origin + update_output = subprocess.check_output( + [self.git_command, "submodule", "update", "--init", '--recursive'], + cwd=git_worktree_path, + stderr=subprocess.STDOUT + ) self.log.debug(update_output.decode("utf-8")) if not (os.path.exists(os.path.join(git_worktree_path, "crypto")) and version.crypto_revision): From 9364208e330c195fb1fff659155ba4024ead4973 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 10:39:23 +0100 Subject: [PATCH 0962/1080] Changelogs: Fixed aligment issues Signed-off-by: Minos Galanakis --- ChangeLog.d/9964.txt | 2 +- ChangeLog.d/fix-dependency-on-generated-files.txt | 4 ++-- ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt index 0b28ea990a..189b4c1d0e 100644 --- a/ChangeLog.d/9964.txt +++ b/ChangeLog.d/9964.txt @@ -1,5 +1,5 @@ Removals - * Sample programs for the legacy crypto API have been removed. + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt index b3e7e4e16b..540cf0ded2 100644 --- a/ChangeLog.d/fix-dependency-on-generated-files.txt +++ b/ChangeLog.d/fix-dependency-on-generated-files.txt @@ -1,3 +1,3 @@ Bugfix - * Fix potential CMake parallel build failure when building both the static - and shared libraries. + * Fix potential CMake parallel build failure when building both the static + and shared libraries. diff --git a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt index e04f45a488..e7ac54684c 100644 --- a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt +++ b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt @@ -1,3 +1,3 @@ API changes - * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw - function to a const to align with the rest of the API. + * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw + function to a const to align with the rest of the API. From 9114d4ae0cadf6a6b0794f99fea80965b23d7755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 29 Sep 2025 11:49:40 +0200 Subject: [PATCH 0963/1080] all.sh: prepare component for hiding small curves MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c9c6a13e43..0551e6a404 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -100,6 +100,7 @@ component_test_psa_crypto_without_heap() { # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. scripts/config.py set PSA_WANT_ECC_SECP_K1_192 scripts/config.py set PSA_WANT_ECC_SECP_R1_192 + scripts/config.py set TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS || true # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT) From cc3f987c4f66ebceba518d40b0e0f92c86de23f8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 10:58:51 +0100 Subject: [PATCH 0964/1080] Changelogs: Added CVEs Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-string-to-names-memory-management.txt | 1 + ChangeLog.d/fix-string-to-names-store-named-data.txt | 2 ++ ChangeLog.d/fix_reporting_of_key_usage_issues.txt | 1 + ChangeLog.d/mbedtls_ssl_set_hostname.txt | 2 ++ 4 files changed, 6 insertions(+) diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt index 87bc59694f..6b744a74fb 100644 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -10,6 +10,7 @@ Security were affected (use-after-free if the san string contains more than one DN). Code that does not call mbedtls_string_to_names() directly is not affected. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-47917 Changes * The function mbedtls_x509_string_to_names() now requires its head argument diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt index e517cbb72a..b088468612 100644 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -6,3 +6,5 @@ Security users of the output structure, such as mbedtls_x509_write_names(). This only affects applications that create (as opposed to consume) X.509 certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 + diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt index b81fb426a7..506f2bdf0e 100644 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt @@ -9,3 +9,4 @@ Security authentication anyway. Only TLS 1.3 servers were affected, and only with optional authentication (required would abort the handshake with a fatal alert). + CVE-2024-45159 diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt index 250a5baafa..05f375dcb3 100644 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -14,3 +14,5 @@ Security MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if mbedtls_ssl_set_hostname() has not been called. Reported by Daniel Stenberg. + CVE-2025-27809 + From 30f42edd43d5d259b7e99e9b0fd137da50b9d171 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 11:38:10 +0100 Subject: [PATCH 0965/1080] Changelog: Reworded fix-clang-psa-build-without-dhm Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-clang-psa-build-without-dhm.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt index 7ae1c68a40..543f4dbf1b 100644 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt @@ -1,3 +1,5 @@ Bugfix - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. + * Fix Clang compilation error when finite-field Diffie-Hellman is disabled. + Reported by Michael Schuster in #9188. + + From 8120169554dbbdb662f1626fba65fd0f55d12306 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 11:38:39 +0100 Subject: [PATCH 0966/1080] Changelog: Removed check-config.txt Signed-off-by: Minos Galanakis --- ChangeLog.d/check-config.txt | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 ChangeLog.d/check-config.txt diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt deleted file mode 100644 index 8570a11757..0000000000 --- a/ChangeLog.d/check-config.txt +++ /dev/null @@ -1,9 +0,0 @@ -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. From 55e4bf8acd75eb0d570b9652d6aaa3c8e7f04ee6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 11:42:30 +0100 Subject: [PATCH 0967/1080] Changelog: Introduced oid.txt Signed-off-by: Minos Galanakis --- ChangeLog.d/oid.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/oid.txt diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt new file mode 100644 index 0000000000..53828d85b1 --- /dev/null +++ b/ChangeLog.d/oid.txt @@ -0,0 +1,8 @@ +Removals + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. From 9defedb833210957506c4171e92a6b292d0caa71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 29 Sep 2025 14:24:25 +0200 Subject: [PATCH 0968/1080] Fix comment too long for pylint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index dfe7f9ef15..4fe7f54fc0 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -207,7 +207,8 @@ def _update_git_submodules(self, git_worktree_path, version): try: # Try to update the submodules using local commits - # (Git will sometimes insist on fetching the remote without --no-fetch if the submodules are shallow clones) + # (Git will sometimes insist on fetching the remote without --no-fetch + # if the submodules are shallow clones) update_output = subprocess.check_output( [self.git_command, "submodule", "update", "--init", '--recursive', '--no-fetch'], cwd=git_worktree_path, From 7e8e438fce7a9b5ece2b483b973d8e0d9e7d9817 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 26 Sep 2025 15:25:43 +0100 Subject: [PATCH 0969/1080] Replace cases of time_t with mbedtls_time_t Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- programs/ssl/ssl_context_info.c | 2 +- programs/test/udp_proxy.c | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 37e4259e55..75c59a96ad 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3178,7 +3178,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, start = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; - session->start = (time_t) start; + session->start = (mbedtls_time_t) start; #endif /* MBEDTLS_HAVE_TIME */ /* diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 7bcd50fe65..46875ec414 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -277,7 +277,7 @@ static void print_time(const uint64_t *time) { #if defined(MBEDTLS_HAVE_TIME) char buf[20]; - struct tm *t = gmtime((time_t *) time); + struct tm *t = gmtime((mbedtls_time_t *) time); static const char format[] = "%Y-%m-%d %H:%M:%S"; if (NULL != t) { strftime(buf, sizeof(buf), format, t); diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 1c52990a8e..efa003da0d 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -25,7 +25,6 @@ #if defined(MBEDTLS_HAVE_TIME) #include #define mbedtls_time time -#define mbedtls_time_t time_t #endif #define mbedtls_printf printf #define mbedtls_calloc calloc From 6efe52473ca719f273c9b2db97344bc2b0d6edd1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 07:53:36 +0100 Subject: [PATCH 0970/1080] revert change to gmtime arguments int ssl_context_info.c Signed-off-by: Ben Taylor --- programs/ssl/ssl_context_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 46875ec414..7bcd50fe65 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -277,7 +277,7 @@ static void print_time(const uint64_t *time) { #if defined(MBEDTLS_HAVE_TIME) char buf[20]; - struct tm *t = gmtime((mbedtls_time_t *) time); + struct tm *t = gmtime((time_t *) time); static const char format[] = "%Y-%m-%d %H:%M:%S"; if (NULL != t) { strftime(buf, sizeof(buf), format, t); From b11d5bc949671ebb79e1caf7a898c3009448eb44 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 13:59:26 +0100 Subject: [PATCH 0971/1080] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/replace_time_t.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/replace_time_t.txt diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt new file mode 100644 index 0000000000..53b63cfd43 --- /dev/null +++ b/ChangeLog.d/replace_time_t.txt @@ -0,0 +1,3 @@ +Bugfix + * Replace occurances of time_t with + mbedtls_time_t. From c797a35acd88ed89eb6079903a08cf224c6f9cb9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 14:18:20 +0100 Subject: [PATCH 0972/1080] Improve ChangeLog entry Signed-off-by: Ben Taylor --- ChangeLog.d/replace_time_t.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt index 53b63cfd43..ec0282a9f2 100644 --- a/ChangeLog.d/replace_time_t.txt +++ b/ChangeLog.d/replace_time_t.txt @@ -1,3 +1,4 @@ Bugfix - * Replace occurances of time_t with - mbedtls_time_t. + * Fix a build error or incorrect TLS session + lifetime on platforms where mbedtls_time_t + is not time_t. Fixes #10236. From 2c2e24338b4d51de3677719ff0ea03396c1e7f28 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Sep 2025 15:47:23 +0200 Subject: [PATCH 0973/1080] There's no reason to discourage including */build_info.h directly Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md index c8e54f657b..144f7bbe15 100644 --- a/docs/4.0-migration-guide/configuration.md +++ b/docs/4.0-migration-guide/configuration.md @@ -25,7 +25,7 @@ Note that many options related to cryptography have changed; see the TF-PSA-Cryp ### Split of `build_info.h` and `version.h` -TF-PSA-Crypto has a header file `` which includes the configuration file and provides the adjusted configuration macros, similar to `` in Mbed TLS. Generally, you should include a feature-specific header file rather than `build_info.h`. +The header file ``, which includes the configuration file and provides the adjusted configuration macros, now has an similar file `` in TF-PSA-Crypto. The Mbed TLS header includes the TF-PSA-Crypto header, so including `` remains sufficient to obtain information about the crypto configuration. TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. From e27c35c6a622bdbe1cfff66bc51b074220b12152 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Sep 2025 15:48:58 +0200 Subject: [PATCH 0974/1080] Copyediting Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md index 144f7bbe15..25bddf44f9 100644 --- a/docs/4.0-migration-guide/configuration.md +++ b/docs/4.0-migration-guide/configuration.md @@ -8,7 +8,7 @@ All configuration options that are relevant to TF-PSA-Crypto must now be configu * otherwise ``; * additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. -Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, and `MBEDTLS_USER_CONFIG_FILE` is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. +Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, plus `MBEDTLS_USER_CONFIG_FILE` if it is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. Generally speaking, the options that must be configured in TF-PSA-Crypto are: From c8e4fd3f1a637608501f4422da992b2892a7d216 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 22 Sep 2025 14:09:40 +0100 Subject: [PATCH 0975/1080] Initial removal of DES from mbedtls Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 15 +-------------- tests/scripts/depends.py | 4 ---- tests/scripts/set_psa_test_dependencies.py | 1 - 3 files changed, 1 insertion(+), 19 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0551e6a404..f5a0afc82c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -90,9 +90,6 @@ component_test_psa_crypto_without_heap() { # is disabled below. scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" - # DES requires built-in support for key generation (parity check) so it - # cannot be accelerated - scripts/config.py unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core scripts/config.py unset PSA_WANT_ALG_JPAKE # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. @@ -330,7 +327,6 @@ component_test_full_no_cipher () { scripts/config.py unset PSA_WANT_ALG_OFB scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1709,10 +1705,6 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { common_psa_crypto_config_accel_cipher_aead_cmac - # Disable DES, if it still exists. - # This can be removed once we remove DES from the library. - scripts/config.py unset PSA_WANT_KEY_TYPE_DES - # Build # ----- @@ -1749,11 +1741,8 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" common_psa_crypto_config_accel_cipher_aead_cmac - # Disable DES, if it still exists. - # This can be removed once we remove DES from the library. - scripts/config.py unset PSA_WANT_KEY_TYPE_DES - $MAKE_COMMAND + make msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" $MAKE_COMMAND test @@ -2016,7 +2005,6 @@ component_build_aes_variations () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py unset PSA_WANT_KEY_TYPE_DES build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ @@ -2230,7 +2218,6 @@ config_block_cipher_no_decrypt () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py unset PSA_WANT_KEY_TYPE_DES } component_test_block_cipher_no_decrypt_aesni () { diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 10d7028df0..bf401e0675 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -324,10 +324,6 @@ def test(self, options): '-PSA_WANT_ALG_CCM', '-PSA_WANT_ALG_GCM', '-PSA_WANT_ALG_ECB_NO_PADDING'], - 'PSA_WANT_KEY_TYPE_DES': ['-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], } def handle_exclusive_groups(config_settings, symbol): """For every symbol tested in an exclusive group check if there are other diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 0be8ac5e4e..37152112be 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -53,7 +53,6 @@ 'MBEDTLS_CHACHAPOLY_C', 'MBEDTLS_CMAC_C', 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_DES_C', 'MBEDTLS_ECDH_C', 'MBEDTLS_ECDSA_C', 'MBEDTLS_ECJPAKE_C', From 4936b17737031c38436cfcf9358e223f8a61c75c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 25 Sep 2025 11:08:25 +0100 Subject: [PATCH 0976/1080] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-des.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/remove-des.txt diff --git a/ChangeLog.d/remove-des.txt b/ChangeLog.d/remove-des.txt new file mode 100644 index 0000000000..e9be9c031f --- /dev/null +++ b/ChangeLog.d/remove-des.txt @@ -0,0 +1,3 @@ +Removals + * Remove DES and 3DES and all it's references + as it is not longer allowed by NIST. From c32f591bb10e89b4bcd805736e70cf7e8b2bf2f1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 26 Sep 2025 11:19:02 +0100 Subject: [PATCH 0977/1080] Improved ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-des.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/remove-des.txt b/ChangeLog.d/remove-des.txt index e9be9c031f..0c83ec1107 100644 --- a/ChangeLog.d/remove-des.txt +++ b/ChangeLog.d/remove-des.txt @@ -1,3 +1,2 @@ Removals - * Remove DES and 3DES and all it's references - as it is not longer allowed by NIST. + * Removed DES (including 3DES) From c4dee5cf6215f27c8f3fcd983bf465cc33c1f980 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 11:33:29 +0100 Subject: [PATCH 0978/1080] Remove ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-des.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ChangeLog.d/remove-des.txt diff --git a/ChangeLog.d/remove-des.txt b/ChangeLog.d/remove-des.txt deleted file mode 100644 index 0c83ec1107..0000000000 --- a/ChangeLog.d/remove-des.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Removed DES (including 3DES) From 1317d7f14d97d0b163c9a9f28cd992779abdd20f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 11:35:55 +0100 Subject: [PATCH 0979/1080] Remove spurious make command Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f5a0afc82c..c330ccd814 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1742,7 +1742,6 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { common_psa_crypto_config_accel_cipher_aead_cmac $MAKE_COMMAND - make msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" $MAKE_COMMAND test From 6c4df1a2cc1820a117d722f6bf18b847defa9270 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 30 Sep 2025 08:17:38 +0100 Subject: [PATCH 0980/1080] Update tf-psa-crypto submodule Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 9a43f3fe86..092a54c678 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 9a43f3fe868ef6da5a312a3da076b9595e02a75e +Subproject commit 092a54c67864d06a93ac7e8bfe90b01b3e2ec2e5 From db39c0fe0a315b8e5174ca297a33d9c7cc09ef56 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 30 Sep 2025 10:14:41 +0100 Subject: [PATCH 0981/1080] Update framework modules Signed-off-by: Ben Taylor --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 0bfaf0ed97..ab4d9cee6d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 0bfaf0ed9721b3858e8982698c618ee748b21a7d +Subproject commit ab4d9cee6d63c0ddcdc150144ff2e1f2db914381 From 28d1d61d72721ae0128184a39b3edf21bf7af8c0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 10:42:05 +0200 Subject: [PATCH 0982/1080] Update BRANCHES.md Signed-off-by: Ronald Cron --- BRANCHES.md | 26 +++----------------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index 806629721c..5945f95d9c 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -6,9 +6,8 @@ At any point in time, we have a number of maintained branches, currently consist this always contains the latest release, including all publicly available security fixes. - The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch: - this is where the next major version of Mbed TLS (version 4.0) is being - prepared. It has API changes that make it incompatible with Mbed TLS 3.x, - as well as all the new features and bug fixes and security fixes. + this is where the next minor version of Mbed TLS 4 is prepared. It contains + new features, bug fixes, and security fixes. - One or more long-time support (LTS) branches: these only get bug fixes and security fixes. Currently, the supported LTS branches are: - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6). @@ -19,7 +18,7 @@ These branches will not receive any changes or updates. We use [Semantic Versioning](https://semver.org/). In particular, we maintain API compatibility in the `main` branch across minor version changes (e.g. -the API of 3.(x+1) is backward compatible with 3.x). We only break API +the API of 4.(x+1) is backward compatible with 4.x). We only break API compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain ABI compatibility within LTS branches; see the next section for details. @@ -66,25 +65,6 @@ crypto that was found to be weak) may need to be changed. In case security comes in conflict with backwards compatibility, we will put security first, but always attempt to provide a compatibility option. -## Backward compatibility for the key store - -We maintain backward compatibility with previous versions of the -PSA Crypto persistent storage since Mbed TLS 2.25.0, provided that the -storage backend (PSA ITS implementation) is configured in a compatible way. -We intend to maintain this backward compatibility throughout a major version -of Mbed TLS (for example, all Mbed TLS 3.y versions will be able to read -keys written under any Mbed TLS 3.x with x <= y). - -Mbed TLS 3.x can also read keys written by Mbed TLS 2.25.0 through 2.28.x -LTS, but future major version upgrades (for example from 2.28.x/3.x to 4.y) -may require the use of an upgrade tool. - -Note that this guarantee does not currently fully extend to drivers, which -are an experimental feature. We intend to maintain compatibility with the -basic use of drivers from Mbed TLS 2.28.0 onwards, even if driver APIs -change. However, for more experimental parts of the driver interface, such -as the use of driver state, we do not yet guarantee backward compatibility. - ## Long-time support branches For the LTS branches, additionally we try very hard to also maintain ABI From 94f102c06cf8e7b6b13ff882d287940537148c54 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 12:19:29 +0200 Subject: [PATCH 0983/1080] Update SECURITY.md Signed-off-by: Ronald Cron --- SECURITY.md | 37 ------------------------------------- 1 file changed, 37 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 4682f7aacc..4e7bb14316 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -37,10 +37,6 @@ being implemented. (For example Mbed TLS alone won't guarantee that the messages will arrive without delay, as the TLS protocol doesn't guarantee that either.) -**Warning!** Block ciphers do not yet achieve full protection against attackers -who can measure the timing of packets with sufficient precision. For details -and workarounds see the [Block Ciphers](#block-ciphers) section. - ### Local attacks In this section, we consider an attacker who can run software on the same @@ -69,9 +65,6 @@ physical side channels as well. Remote and physical timing attacks are covered in the [Remote attacks](remote-attacks) and [Physical attacks](physical-attacks) sections respectively. -**Warning!** Block ciphers do not yet achieve full protection. For -details and workarounds see the [Block Ciphers](#block-ciphers) section. - #### Local non-timing side channels The attacker code running on the platform has access to some sensor capable of @@ -115,36 +108,6 @@ protection against a class of attacks outside of the above described threat model. Neither does it mean that the failure of such a countermeasure is considered a vulnerability. -#### Block ciphers - -Currently there are four block ciphers in Mbed TLS: AES, CAMELLIA, ARIA and -DES. The pure software implementation in Mbed TLS implementation uses lookup -tables, which are vulnerable to timing attacks. - -These timing attacks can be physical, local or depending on network latency -even a remote. The attacks can result in key recovery. - -**Workarounds:** - -- Turn on hardware acceleration for AES. This is supported only on selected - architectures and currently only available for AES. See configuration options - `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details. -- Add a secure alternative implementation (typically hardware acceleration) for - the vulnerable cipher. See the [Alternative Implementations -Guide](docs/architecture/alternative-implementations.md) for more information. -- Use cryptographic mechanisms that are not based on block ciphers. In - particular, for authenticated encryption, use ChaCha20/Poly1305 instead of - block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG. - -#### Everest - -The HACL* implementation of X25519 taken from the Everest project only protects -against remote timing attacks. (See their [Security -Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) - -The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` -configuration option is defined. This option is off by default. - #### Formatting of X.509 certificates and certificate signing requests When parsing X.509 certificates and certificate signing requests (CSRs), From dc0036b4cd73f96838f088651243f83ec9a3ac16 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 1 Oct 2025 16:54:42 +0100 Subject: [PATCH 0984/1080] Updated framework pointer Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index ab4d9cee6d..d80c4f9ec3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit ab4d9cee6d63c0ddcdc150144ff2e1f2db914381 +Subproject commit d80c4f9ec3a01c001778658023f82e40fdb51d40 From 0552033183b168980492169f493908cdfd572be2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 1 Oct 2025 16:54:51 +0100 Subject: [PATCH 0985/1080] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 092a54c678..cf4c26de94 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 092a54c67864d06a93ac7e8bfe90b01b3e2ec2e5 +Subproject commit cf4c26de948e8bfe6566dd8b78299df4b627127d From d196cbd3e529faffe10bee2f0a8e74aac9da24df Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 09:58:08 +0200 Subject: [PATCH 0986/1080] README.md: The crypto code is provided by TF-PSA-Crypto Signed-off-by: Ronald Cron --- README.md | 46 +++------------------------------------------- 1 file changed, 3 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index 7326a3ebe5..449926c738 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,8 @@ README for Mbed TLS =================== -Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. - -Mbed TLS includes a reference implementation of the [PSA Cryptography API](#psa-cryptography-api). This is currently a preview for evaluation purposes only. +Mbed TLS is a C library that implements X.509 certificate manipulation and the TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. +Mbed TLS includes the [TF-PSA-Crypto repository](https://github.com/Mbed-TLS/TF-PSA-Crypto) that provides an implementation of the [PSA Cryptography API](https://arm-software.github.io/psa-api). Configuration ------------- @@ -19,8 +18,6 @@ Documentation The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls.readthedocs.io/). -Documentation for the PSA Cryptography API is available [on GitHub](https://arm-software.github.io/psa-api/crypto/). - To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. @@ -43,7 +40,7 @@ You need the following tools to build the library: * CMake 3.10.2 or later. * A build system that CMake supports. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. -* Python 3.8 to generate the test code. Python is also needed to integrate PSA drivers and to build the development branch (see next section). +* Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. * Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). @@ -236,48 +233,11 @@ Mbed TLS is mostly written in portable C99; however, it has a few platform requi - Mixed-endian platforms are not supported. - SIZE_MAX must be at least as big as INT_MAX and UINT_MAX. -PSA cryptography API --------------------- - -### PSA API - -Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. - -The [PSA cryptography API](https://arm-software.github.io/psa-api/crypto/) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform. - -The design goals of the PSA cryptography API include: - -* The API distinguishes caller memory from internal memory, which allows the library to be implemented in an isolated space for additional security. Library calls can be implemented as direct function calls if isolation is not desired, and as remote procedure calls if isolation is desired. -* The structure of internal data is hidden to the application, which allows substituting alternative implementations at build time or run time, for example, in order to take advantage of hardware accelerators. -* All access to the keys happens through key identifiers, which allows support for external cryptoprocessors that is transparent to applications. -* The interface to algorithms is generic, favoring algorithm agility. -* The interface is designed to be easy to use and hard to accidentally misuse. - -Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received by email is treated confidentially. - -### PSA implementation in Mbed TLS - -Mbed TLS includes a reference implementation of the PSA Cryptography API. -However, it does not aim to implement the whole specification; in particular it does not implement all the algorithms. - -### PSA drivers - -Mbed TLS supports drivers for cryptographic accelerators, secure elements and random generators. This is work in progress. Please note that the driver interfaces are not fully stable yet and may change without notice. We intend to preserve backward compatibility for application code (using the PSA Crypto API), but the code of the drivers may have to change in future minor releases of Mbed TLS. - -Please see the [PSA driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md) for information on writing a driver. - License ------- Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. -### Third-party code included in Mbed TLS - -This project contains code from other projects. This code is located within the `tf-psa-crypto/drivers/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below: - -* `drivers/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `drivers/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author. - Contributing ------------ From eef87b348f2e84e7d62734376781245192a738a6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 13:06:32 +0200 Subject: [PATCH 0987/1080] README.md: Microsoft Visual Studio is not directly supported anymore Signed-off-by: Ronald Cron --- README.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/README.md b/README.md index 449926c738..0e35fe9aa8 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ The source code of Mbed TLS includes some files that are automatically generated The following tools are required: -* Perl, for some library source files and for Visual Studio build files. +* Perl, for some library source files. * Python 3.8 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: ``` python3 -m pip install --user -r scripts/basic.requirements.txt @@ -185,14 +185,6 @@ Mbed TLS supports being built as a CMake subproject. One can use `add_subdirectory()` from a parent CMake project to include Mbed TLS as a subproject. -### Microsoft Visual Studio - -The build files for Microsoft Visual Studio are generated for Visual Studio 2017. - -The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available. - -In the development branch of Mbed TLS, the Visual Studio solution files need to be generated first as described in [“Generated source files in the development branch”](#generated-source-files-in-the-development-branch). - Example programs ---------------- From 0f2ef4a896dff5f2d53affbc3b083032e8326cac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 18:30:32 +0200 Subject: [PATCH 0988/1080] README.md: Update Configuration section Signed-off-by: Ronald Cron --- README.md | 7 ++++--- configs/README.txt | 34 ++++++++++++++++++---------------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 0e35fe9aa8..171323c7d0 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,13 @@ Mbed TLS includes the [TF-PSA-Crypto repository](https://github.com/Mbed-TLS/TF- Configuration ------------- +Configuration options related to X.509 and TLS are available in `include/mbedtls/mbedtls_config.h`, while cryptography and platform options are located in the TF-PSA-Crypto configuration file `tf-psa-crypto/include/psa/crypto_config.h`. -Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions). +With the default platform options, Mbed TLS should build out of the box on most systems. -Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS`. +These configuration files can be edited manually, or programmatically using the Python 3 script scripts/config.py (run with --help for usage instructions). -We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` +We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. Documentation ------------- diff --git a/configs/README.txt b/configs/README.txt index 86496db013..9e471344ef 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -1,24 +1,26 @@ This directory contains example configuration files. -The examples are generally focused on a particular usage case (eg, support for -a restricted number of ciphersuites) and aim at minimizing resource usage for -this target. They can be used as a basis for custom configurations. +The examples are generally focused on a particular use case (eg, support for +a restricted set of ciphersuites) and aim to minimize resource usage for +the target. They can be used as a basis for custom configurations. -These files are complete replacements for the default mbedtls_config.h. To use one of -them, you can pick one of the following methods: +These files come in pairs and are complete replacements for the default +mbedtls_config.h and crypto_config.h. The two files of a pair share the same or +very similar name, with the crypto file prefixed by "crypto-". Note +that some of the cryptography configuration files may be located in +tf-psa-crypto/configs. -1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one. +To use one of these pairs, you can pick one of the following methods: -2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. - For example, using make: +1. Replace the default files include/mbedtls/mbedtls_config.h and + tf-psa-crypto/include/psa/crypto_config.h with the chosen ones. - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" make +2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE options of the + CMake build system: - Or, using cmake: + cmake -DMBEDTLS_CONFIG_FILE="path-to-your-mbedtls-config-file" \ + -DTF_PSA_CRYPTO_CONFIG_FILE="path-to-your-tf-psa-crypto-config-file" . + make - find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" cmake . - make - -Note that the second method also works if you want to keep your custom -configuration file outside the Mbed TLS tree. +The second method also works if you want to keep your custom configuration +files outside the Mbed TLS tree. From 200b89bb87849192b96d1c4d3e631489c83eb370 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 10:05:34 +0200 Subject: [PATCH 0989/1080] README.md: Update/Fix documentation section Signed-off-by: Ronald Cron --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 171323c7d0..1e07fd8018 100644 --- a/README.md +++ b/README.md @@ -22,9 +22,8 @@ The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls. To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. -1. Run `mkdir /path/to/build_dir && cd /path/to/build_dir` -1. Run `cmake /path/to/mbedtls/source` -1. Run `make apidoc` +1. Run `cmake -B /path/to/build_dir /path/to/mbedtls/source` +1. Run `cmake --build /path/to/build_dir --target mbedtls-apidoc` 1. Browse `apidoc/index.html` or `apidoc/modules.html`. For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. From 7cf78b4c2cacddf77f76e5e612e22ee24be7c94f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 10:28:17 +0200 Subject: [PATCH 0990/1080] README.md: Update build sections Signed-off-by: Ronald Cron --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1e07fd8018..9ba6ae36ac 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. Compiling --------- -We use CMake to configure and drive our build process. Three libraries are built: libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libtfpsacrypto, and libmbedx509 depends on libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -ltfpsacrypto`. +We use CMake to configure and drive our build process. Three libraries are built: `libtfpsacrypto`, `libmbedx509`, and `libmbedtls`. Note that `libmbedtls` depends on `libmbedx509` and `libtfpsacrypto`, and `libmbedx509` depends on `libtfpsacrypto`. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -ltfpsacrypto`. The cryptographic library `libtfpsacrypto` is also provided under its legacy name, `libmbedcrypto`. ### Tool versions @@ -106,9 +106,11 @@ There are many different build types available with CMake. Most of them are avai - `Coverage`. This generates code coverage information in addition to debug information. - `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) - `ASanDbg`. Same as ASan but slower, with debug information and better stack traces. -- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64. +- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. - `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. - `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. +- `TSan`. This instruments the code with ThreadSanitizer to detect data races and other threading-related concurrency issues at runtime. +- `TSanDbg`. Same as TSan but slower, with debug information, better stack traces and origin tracking. Switching build types in CMake is simple. For debug mode, enter at the command line: From 4ccdaf1cd5d3c5426b6d58b921edfbd000a0a5cc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 12:40:27 +0200 Subject: [PATCH 0991/1080] README.md: Update minimum version of tools Signed-off-by: Ronald Cron --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9ba6ae36ac..ddf2dbf6bc 100644 --- a/README.md +++ b/README.md @@ -35,14 +35,14 @@ We use CMake to configure and drive our build process. Three libraries are built ### Tool versions -You need the following tools to build the library: +You need the following tools to build the library from the main branch with the provided CMake files. Mbed TLS minimum tool version requirements are set based on the versions shipped in the latest or penultimate (depending on the release cadence) long-term support releases of major Linux distributions, namely at time of writing: Ubuntu 22.04, RHEL 9, and SLES 15 SP4. -* CMake 3.10.2 or later. +* CMake 3.20.4 or later. * A build system that CMake supports. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. * Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. -* Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). +* Doxygen 1.8.14 or later (if building the documentation; slightly older versions should work). ### Git usage @@ -55,7 +55,7 @@ The source code of Mbed TLS includes some files that are automatically generated The following tools are required: * Perl, for some library source files. -* Python 3.8 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: +* Python 3 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: ``` python3 -m pip install --user -r scripts/basic.requirements.txt ``` From e2d4684ec401e27e5679c139846c641c2322e236 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 13:04:49 +0200 Subject: [PATCH 0992/1080] README.md: Update tests section Signed-off-by: Ronald Cron --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ddf2dbf6bc..1c6bc42885 100644 --- a/README.md +++ b/README.md @@ -202,7 +202,6 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad - `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. - `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. -- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations. - `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. - `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc). From c9d79ff0d493d5c33b68d641da0ecf3460d34566 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 2 Oct 2025 19:14:14 +0200 Subject: [PATCH 0993/1080] README.md: Various small improvements Signed-off-by: Ronald Cron --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1c6bc42885..d745b24bef 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Configuration options related to X.509 and TLS are available in `include/mbedtls With the default platform options, Mbed TLS should build out of the box on most systems. -These configuration files can be edited manually, or programmatically using the Python 3 script scripts/config.py (run with --help for usage instructions). +These configuration files can be edited manually, or programmatically using the Python 3 script `scripts/config.py` (run with --help for usage instructions). We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. @@ -38,7 +38,7 @@ We use CMake to configure and drive our build process. Three libraries are built You need the following tools to build the library from the main branch with the provided CMake files. Mbed TLS minimum tool version requirements are set based on the versions shipped in the latest or penultimate (depending on the release cadence) long-term support releases of major Linux distributions, namely at time of writing: Ubuntu 22.04, RHEL 9, and SLES 15 SP4. * CMake 3.20.4 or later. -* A build system that CMake supports. +* A build system like Make or Ninja for which CMake can generate build files. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. * Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. @@ -138,7 +138,7 @@ showing them as modified). In order to do so, from the Mbed TLS source directory, use: cmake . - make + cmake --build . If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the CMake cache. This can be done with the following command using GNU find: @@ -148,10 +148,10 @@ CMake cache. This can be done with the following command using GNU find: You can now make the desired change: CC=your_cc cmake . - make + cmake --build . Regarding variables, also note that if you set CFLAGS when invoking cmake, -your value of CFLAGS doesn't override the content provided by cmake (depending +your value of CFLAGS doesn't override the content provided by CMake (depending on the build mode as seen above), it's merely prepended to it. #### Consuming Mbed TLS @@ -196,13 +196,13 @@ Please note that the goal of these sample programs is to demonstrate specific fe Tests ----- -Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_ssl.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_ssl.function`) and a `data file` (e.g. `suites/test\_suite\_ssl.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. +Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test_suite_ssl.c`). These files are generated from a `function file` (e.g. `suites/test_suite_ssl.function`) and a `data file` (e.g. `suites/test_suite_ssl.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: - `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. - `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. -- `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. +- `tests/scripts/depends.py` tests builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. - `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc). Instead of manually installing the required versions of all tools required for testing, it is possible to use the Docker images from our CI systems, as explained in [our testing infrastructure repository](https://github.com/Mbed-TLS/mbedtls-test/blob/main/README.md#quick-start). From c9998d399b7f8814994721e516107a5733d97741 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 3 Oct 2025 10:03:20 +0200 Subject: [PATCH 0994/1080] README.md: Fix/Update the "Git usage" section Signed-off-by: Ronald Cron --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d745b24bef..33ad4ac23d 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,15 @@ You need the following tools to build the library from the main branch with the ### Git usage -The `development` branch and the `mbedtls-3.6` long-term support branch of Mbed TLS use a [Git submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules#_cloning_submodules) ([framework](https://github.com/Mbed-TLS/mbedtls-framework)). This is not needed to merely compile the library at a release tag. This is not needed to consume a release archive (zip or tar). +The supported branches (see [`BRANCHES.md`](BRANCHES.md)) use [Git submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules#_cloning_submodules). They contain two submodules: the [framework](https://github.com/Mbed-TLS/mbedtls-framework) submodule and the [tf-psa-crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto) submodule, except for the 3.6 LTS branch, which contains only the framework submodule. Release tags also use Git submodules. + +After cloning or checking out a branch or tag, run: + ``` + git submodule update --init --recursive + ``` + to initialize and update the submodules before building. + +However, the official source release tarballs (e.g. [mbedtls-4.0.0-beta.tar.bz2](https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-4.0.0-beta/mbedtls-4.0.0-beta.tar.bz2)) include the contents of the submodules. ### Generated source files in the development branch From 74a4984eacfd40e2d026359b0dcb29ed38b1b486 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 3 Oct 2025 11:13:44 +0200 Subject: [PATCH 0995/1080] README.md: Fix/Improve CMake section Signed-off-by: Ronald Cron --- README.md | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 33ad4ac23d..40e9e579c3 100644 --- a/README.md +++ b/README.md @@ -95,14 +95,10 @@ In order to run the tests, enter: ctest -The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with: +The test suites need Python to be built. If you don't have Python installed, you'll want to disable the test suites with: cmake -DENABLE_TESTING=Off /path/to/mbedtls_source -If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with: - - programs/test/selftest - To configure CMake for building shared libraries, use: cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source @@ -137,7 +133,7 @@ for example: CC=your_cc cmake /path/to/mbedtls_source If you already invoked cmake and want to change those settings, you need to -remove the build directory and create it again. +invoke the configuration phase of CMake again with the new settings. Note that it is possible to build in-place; this will however overwrite the legacy Makefiles still used for testing purposes (see @@ -164,17 +160,23 @@ on the build mode as seen above), it's merely prepended to it. #### Consuming Mbed TLS -Mbed TLS provides a package config file for consumption as a dependency in other -CMake projects. You can include Mbed TLS's CMake targets yourself with: +Mbed TLS provides a CMake package configuration file for consumption as a +dependency in other CMake projects. You can load its CMake targets with: + + find_package(MbedTLS REQUIRED) + +You can help CMake find the package: - find_package(MbedTLS) +- By setting the variable `MbedTLS_DIR` to `${YOUR_MBEDTLS_BUILD_DIR}/cmake`, + as shown in `programs/test/cmake_package/CMakeLists.txt`, or +- By adding the Mbed TLS installation prefix to `CMAKE_PREFIX_PATH`, + as shown in `programs/test/cmake_package_install/CMakeLists.txt`. -If prompted, set `MbedTLS_DIR` to `${YOUR_MBEDTLS_INSTALL_DIR}/cmake`. This -creates the following targets: +After a successful `find_package(MbedTLS)`, the following imported targets are available: -- `MbedTLS::tfpsacrypto` (Crypto library) -- `MbedTLS::mbedtls` (TLS library) -- `MbedTLS::mbedx509` (X509 library) +- `MbedTLS::tfpsacrypto`, the crypto library +- `MbedTLS::mbedtls`, the TLS library +- `MbedTLS::mbedx509`, the X.509 library You can then use these directly through `target_link_libraries()`: From e943bd73ac83dc5ac472d42203d5f7df8aacac9a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:46:20 +0200 Subject: [PATCH 0996/1080] configs/README.txt: Improve example with MBEDTLS/TF_PSA_CRYPTO_CONFIG_FILE Signed-off-by: Ronald Cron --- configs/README.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/configs/README.txt b/configs/README.txt index 9e471344ef..38348dda0e 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -15,12 +15,14 @@ To use one of these pairs, you can pick one of the following methods: 1. Replace the default files include/mbedtls/mbedtls_config.h and tf-psa-crypto/include/psa/crypto_config.h with the chosen ones. -2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE options of the - CMake build system: +2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE CMake options. For + example, to build out-of-tree with the config-ccm-psk-tls1_2.h and + crypto-config-ccm-psk-tls1_2.h configuration pair: - cmake -DMBEDTLS_CONFIG_FILE="path-to-your-mbedtls-config-file" \ - -DTF_PSA_CRYPTO_CONFIG_FILE="path-to-your-tf-psa-crypto-config-file" . - make + cmake -DMBEDTLS_CONFIG_FILE="configs/config-ccm-psk-tls1_2.h" \ + -DTF_PSA_CRYPTO_CONFIG_FILE="configs/crypto-config-ccm-psk-tls1_2.h" + -B build-psktls12 . + cmake --build build-psktls12 The second method also works if you want to keep your custom configuration files outside the Mbed TLS tree. From 8267196b8bb77df0da538ec32ae657fdd9164924 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:58:41 +0200 Subject: [PATCH 0997/1080] README.md: Add mention to topics.html for Doxygen documentation Signed-off-by: Ronald Cron --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 40e9e579c3..3f905c1322 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,9 @@ To generate a local copy of the library documentation in HTML format, tailored t 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. 1. Run `cmake -B /path/to/build_dir /path/to/mbedtls/source` 1. Run `cmake --build /path/to/build_dir --target mbedtls-apidoc` -1. Browse `apidoc/index.html` or `apidoc/modules.html`. +1. Open one of the main generated HTML files: + * `apidoc/index.html` + * `apidoc/modules.html` or `apidoc/topics.html` For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. From b906301e10b7e4df40077526658aa808d2a8c19a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:47:45 +0200 Subject: [PATCH 0998/1080] Various minor improvements Signed-off-by: Ronald Cron --- BRANCHES.md | 2 +- README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index 5945f95d9c..c781704977 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -6,7 +6,7 @@ At any point in time, we have a number of maintained branches, currently consist this always contains the latest release, including all publicly available security fixes. - The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch: - this is where the next minor version of Mbed TLS 4 is prepared. It contains + this is where the next minor version of Mbed TLS 4.x is prepared. It contains new features, bug fixes, and security fixes. - One or more long-time support (LTS) branches: these only get bug fixes and security fixes. Currently, the supported LTS branches are: diff --git a/README.md b/README.md index 3f905c1322..4b1188e3b3 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Configuration options related to X.509 and TLS are available in `include/mbedtls With the default platform options, Mbed TLS should build out of the box on most systems. -These configuration files can be edited manually, or programmatically using the Python 3 script `scripts/config.py` (run with --help for usage instructions). +These configuration files can be edited manually, or programmatically using the Python script `scripts/config.py` (run with --help for usage instructions). We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. @@ -41,8 +41,8 @@ You need the following tools to build the library from the main branch with the * CMake 3.20.4 or later. * A build system like Make or Ninja for which CMake can generate build files. -* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. -* Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). +* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. +* Python 3.8 or later to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. * Doxygen 1.8.14 or later (if building the documentation; slightly older versions should work). @@ -69,7 +69,7 @@ The following tools are required: ``` python3 -m pip install --user -r scripts/basic.requirements.txt ``` - Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option. + Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide or in a virtual environment, omit the `--user` option. * A C compiler for the host platform, for some test data. The scripts that generate the configuration-independent files will look for a host C compiler in the following places (in order of preference): From 864c31a1f8042b858d0e427548fbe83dbe57959e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 17:28:11 +0200 Subject: [PATCH 0999/1080] README.md: IAR not currently used in our testing Signed-off-by: Ronald Cron --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b1188e3b3..0638cd8385 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ You need the following tools to build the library from the main branch with the * CMake 3.20.4 or later. * A build system like Make or Ninja for which CMake can generate build files. -* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. +* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. * Python 3.8 or later to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. * Doxygen 1.8.14 or later (if building the documentation; slightly older versions should work). From 63180eb1323834d43d32880a171bfb1c9d6efd78 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 17:41:01 +0200 Subject: [PATCH 1000/1080] README.md: Adjust CMake minimum version Adjust CMake minimum version to 3.20.2. That is the version in CentOS which is the rolling-delivery upstream of RHEL 9. Signed-off-by: Ronald Cron --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0638cd8385..69f2dcb26e 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ We use CMake to configure and drive our build process. Three libraries are built You need the following tools to build the library from the main branch with the provided CMake files. Mbed TLS minimum tool version requirements are set based on the versions shipped in the latest or penultimate (depending on the release cadence) long-term support releases of major Linux distributions, namely at time of writing: Ubuntu 22.04, RHEL 9, and SLES 15 SP4. -* CMake 3.20.4 or later. +* CMake 3.20.2 or later. * A build system like Make or Ninja for which CMake can generate build files. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. * Python 3.8 or later to generate the test code. Python is also needed to build the development branch (see next section). From 91b8310e54129c60b2d7fcbc7cc6f8776a76b04a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 7 Oct 2025 08:19:44 +0100 Subject: [PATCH 1001/1080] Remove internal deprecated items Signed-off-by: Ben Taylor --- library/ssl_misc.h | 42 ---------------------- library/ssl_tls.c | 3 -- tests/suites/test_suite_x509write.function | 18 ---------- 3 files changed, 63 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5b852bdd19..0df7f96360 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -775,11 +775,6 @@ struct mbedtls_ssl_handshake_params { uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]; #endif -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const uint16_t *group_list; - const uint16_t *sig_algs; -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_psa_bits; @@ -2306,12 +2301,6 @@ static inline const void *mbedtls_ssl_get_sig_algs( { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake != NULL && - ssl->handshake->sig_algs != NULL) { - return ssl->handshake->sig_algs; - } -#endif return ssl->conf->sig_algs; #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -2576,37 +2565,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type psa_key_type_t *key_type, size_t *key_size); -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Convert given PSA status to mbedtls error code. - * - * \param status [in] given PSA status - * - * \return corresponding mbedtls error code - */ -static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t status) -{ - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_SIGNATURE: - return MBEDTLS_ERR_SSL_INVALID_MAC; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - case PSA_ERROR_BAD_STATE: - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) typedef enum { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 75c59a96ad..833af9f973 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4368,9 +4368,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - handshake->sig_algs = NULL; -#endif /* MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (ssl->handshake->certificate_request_context) { mbedtls_free((void *) handshake->certificate_request_context); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 40677f2338..760ff5fe03 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -318,9 +318,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, unsigned char check_buf[5000]; unsigned char *p, *end; unsigned char tag, sz; -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi serial_mpi; -#endif int ret, before_tag, after_tag; size_t olen = 0, pem_len = 0, buf_index = 0; int der_len = -1; @@ -373,9 +370,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, } memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_init(&serial_mpi); -#endif mbedtls_pk_init(&subject_key); mbedtls_pk_init(&issuer_key); @@ -561,9 +555,6 @@ exit: mbedtls_pk_free(&issuer_key_alt); mbedtls_pk_free(&subject_key); mbedtls_pk_free(&issuer_key); -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_free(&serial_mpi); -#endif psa_destroy_key(key_id); MD_OR_USE_PSA_DONE(); } @@ -575,11 +566,6 @@ void x509_set_serial_check() mbedtls_x509write_cert ctx; uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1]; -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi serial_mpi; - mbedtls_mpi_init(&serial_mpi); -#endif - USE_PSA_INIT(); memset(invalid_serial, 0x01, sizeof(invalid_serial)); @@ -588,11 +574,7 @@ void x509_set_serial_check() MBEDTLS_ERR_X509_BAD_INPUT_DATA); exit: -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_free(&serial_mpi); -#else ; -#endif USE_PSA_DONE(); } /* END_CASE */ From 9228e4a794076dc92e8ce212bd5f40a0db65de99 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:25:43 +0200 Subject: [PATCH 1002/1080] Add repo-split migration guide Also a section about the CMake being now the only build system. Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 101 +++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 docs/4.0-migration-guide/repo-split.md diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md new file mode 100644 index 0000000000..4e8da82e3d --- /dev/null +++ b/docs/4.0-migration-guide/repo-split.md @@ -0,0 +1,101 @@ +## CMake as the only build system +CMake is now the only supported build system for Mbed TLS. +Support for the legacy GNU Make and Microsoft Visual Studio project-based build systems has been removed. + +The GNU Make build system is still used internally for testing, but it will be removed once all test components have been migrated to CMake. +The previous .sln/.vcxproj files are no longer distributed or generated. + +Builds must now be configured and executed through CMake. See `Compiling` section in README.md for initial build instructions. +If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. + +## Repository split +In Mbed TLS 4.0, the project was split into two repositories: +- [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. +- [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. +Mbed TLS consumes TF-PSA-Crypto as a submodule. +You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the PSA Cryptography API through the `tf-psa-crypto` submodule. + +### File and directory relocations + +The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. +These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. + +| Original location | New location(s) | Notes | +|--------------------------------------|--------------------------------------------------------------------------------------|-------| +| `library/` | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/` | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `include/psa/` | `tf-psa-crypto/include/` | All PSA headers consolidated here. | +| `3rdparty/everest/`
`3rdparty/p256-m/` | `tf-psa-crypto/drivers/` | Third-party crypto driver implementations. | + +If you use your own build system to build Mbed TLS libraries, you will need to adapt to the new tree. + +### Configuration file split +Cryptography and platform configuration options have been moved from `mbedtls_config.h` to `crypto_config.h`, which is now mandatory. See [Compile-time configuration](#compile-time-confiuration). + +### Impact on some usages of the library + +#### Checking out a branch or a tag +After checking out a branch or tag of the Mbed TLS repository, you must now recursively update the submodules, as TF-PSA-Crypto contains itself a nested submodule: +``` +git submodule update --init --recursive +``` + +#### Linking directly to a built library +The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +The cryptography libraries are also now provided as `libtfpsacrypto.` like in the TF-PSA-Crypto repository. + +#### Linking through a CMake target of the cryptography library +The base name of the CMake cryptography library target has been changed from `mbedcrypto` to `tfpsacrypto`. +If no target prefix is specified through the MBEDTLS_TARGET_PREFIX option, the associated CMake target is thus now `tfpsacrypto`. + +The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package. +When no global target prefix is defined, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. + +As an example, the following CMake code: +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::mbedcrypto) + +``` +would be updated to something like +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) +``` + +For more information, see the CMake section of `README.md`. +You can also refer to the following example programs demonstrating how to consume Mbed TLS via CMake: +* `programs/test/cmake_subproject` +* `programs/test/cmake_package` +* `programs/test/cmake_package_install`. + +#### Using Mbed TLS Crypto pkg-config file +The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the `tfpsacrypto` library. +A new pkg-config file, `tfpsacrypto.pc`, is also provided. +Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. + +### Audience-Specific Notes + +#### Application Developers using a distribution package +You should stay with Mbed TLS if you use TLS or X.509 functionality. +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). + +### Developer or package maintainers +If you build or distribute Mbed TLS: +- The build system is now CMake only, Makefiles and Visual Studio projects are removed. +- You may need to adapt packaging scripts to handle the TF-PSA-Crypto submodule. +- You should update submodules recursively after checkout. +- Review [File and directory relocations](#file-and-directory-relocations) for updated paths. +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). +- Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). + +### Platform Integrators +If you integrate Mbed TLS with a platform or hardware drivers: +- TF-PSA-Crypto is now a submodule, update integration scripts to initialize submodules recursively. +- The PSA driver wrapper is now generated in TF-PSA-Crypto. +- Platform-specific configuration are now handled in `crypto_config.h`. +- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. From a5e1b6d32859bb1bb983b3f7b0f493d225b94afc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 09:10:54 +0200 Subject: [PATCH 1003/1080] Rework "CMake as the only build system" section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 4e8da82e3d..880d1f4746 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -1,11 +1,10 @@ ## CMake as the only build system -CMake is now the only supported build system for Mbed TLS. -Support for the legacy GNU Make and Microsoft Visual Studio project-based build systems has been removed. +Mbed TLS now uses CMake exclusively to configure and drive its build process. +Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. -The GNU Make build system is still used internally for testing, but it will be removed once all test components have been migrated to CMake. -The previous .sln/.vcxproj files are no longer distributed or generated. +The previous `.sln` and `.vcxproj` files are no longer distributed or generated. -Builds must now be configured and executed through CMake. See `Compiling` section in README.md for initial build instructions. +See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. ## Repository split From c7646249bb6d452636b5cc3365cfe7d307517ce9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 09:59:01 +0200 Subject: [PATCH 1004/1080] Various small changes Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 880d1f4746..6be9396cc7 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -12,7 +12,7 @@ In Mbed TLS 4.0, the project was split into two repositories: - [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. - [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. Mbed TLS consumes TF-PSA-Crypto as a submodule. -You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the PSA Cryptography API through the `tf-psa-crypto` submodule. +You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the cryptography library. ### File and directory relocations @@ -70,13 +70,12 @@ You can also refer to the following example programs demonstrating how to consum #### Using Mbed TLS Crypto pkg-config file The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the `tfpsacrypto` library. -A new pkg-config file, `tfpsacrypto.pc`, is also provided. +A new pkg-config file, `tfpsacrypto.pc`, is also provided. Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. ### Audience-Specific Notes #### Application Developers using a distribution package -You should stay with Mbed TLS if you use TLS or X.509 functionality. - See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - Linking against the cryptography library or CMake targets. - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). From d3f02cddd469bf4b73802408216bf730d2e926ed Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 09:52:59 +0200 Subject: [PATCH 1005/1080] Improve file and directory relocation table Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 6be9396cc7..76443beff9 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -19,14 +19,14 @@ You should stay with Mbed TLS if you use TLS or X.509 functionality. You still h The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. -| Original location | New location(s) | Notes | -|--------------------------------------|--------------------------------------------------------------------------------------|-------| -| `library/` | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | -| `include/mbedtls/` | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | -| `include/psa/` | `tf-psa-crypto/include/` | All PSA headers consolidated here. | -| `3rdparty/everest/`
`3rdparty/p256-m/` | `tf-psa-crypto/drivers/` | Third-party crypto driver implementations. | - -If you use your own build system to build Mbed TLS libraries, you will need to adapt to the new tree. +| Original location | New location(s) | Notes | +|-----------------------------------------|--------------------------------------------------------------------------------------|-------| +| `library/*` (\*) | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/*` (\*) | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | +| `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | + +(\*) The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. ### Configuration file split Cryptography and platform configuration options have been moved from `mbedtls_config.h` to `crypto_config.h`, which is now mandatory. See [Compile-time configuration](#compile-time-confiuration). From 79a2631a1128f2fcef5db6b2be8eebaa7feb8ab9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 11:29:52 +0200 Subject: [PATCH 1006/1080] Expand "Configuration file split" section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 76443beff9..c7d0b0c3b4 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -29,7 +29,23 @@ These changes reflect the move of cryptographic, cryptographic-adjacent, and pla (\*) The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. ### Configuration file split -Cryptography and platform configuration options have been moved from `mbedtls_config.h` to `crypto_config.h`, which is now mandatory. See [Compile-time configuration](#compile-time-confiuration). +Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. +See [Compile-time configuration](#compile-time-configuration). + +The header `include/mbedtls/mbedtls_config.h` still exists and now contains only the TLS and X.509 configuration options. + +If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. + +There has been significant changes in the configuration options, primarily affecting cryptography. + +#### Cryptography configuration +- See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). +- See also the following sections in the TF-PSA-Crypto 1.0 migration guide: + - *PSA as the Only Cryptography API* and its sub-section *Impact on the Library Configuration* + - *Random Number Generation Configuration* + +#### TLS configuration +For details about TLS-related changes, see [Changes to TLS options](#changes-to-tls-options). ### Impact on some usages of the library From 5d069c99891ac4ec3713219b84f93a60e727debd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 12:08:55 +0200 Subject: [PATCH 1007/1080] Add Make to CMake migration section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 48 ++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index c7d0b0c3b4..466c9a0124 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -7,6 +7,54 @@ The previous `.sln` and `.vcxproj` files are no longer distributed or generated. See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. +### Translating Make commands to CMake + +With the removal of GNU Make support, all build, test, and installation operations must now be performed using CMake. +This section provides a quick reference for translating common `make` commands into their CMake equivalents. + +#### Basic build workflow + +Run `cmake -S . -B build` once before building to configure the build and generate native build files (e.g., Makefiles) in the `build` directory. +This sets up an out-of-tree build, which is recommended. + +| Make command | CMake equivalent | Description | +|----------------|------------------------------------------------|--------------------------------------------------------------------| +| `make` | `cmake --build build` | Build the libraries, programs, and tests in the `build` directory. | +| `make test` | `ctest --test-dir build` | Run the tests produced by the previous build. | +| `make clean` | `cmake --build build --target clean` | Remove build artifacts produced by the previous build. | +| `make install` | `cmake --install build --prefix build/install` | Install the built libraries, headers, and tests to `build/install`. | + +#### Building specific targets + +Unless otherwise specified, the CMake command in the table below should be preceded by a `cmake -S . -B build` call to configure the build and generate build files in the `build` directory. + +| Make command | CMake equivalent | Description | +|-----------------|---------------------------------------------------------------------|---------------------------| +| `make lib` | `cmake --build build --target lib` | Build only the libraries. | +| `make tests` | `cmake -S . -B build -DENABLE_PROGRAMS=Off && cmake --build build` | Build test suites. | +| `make programs` | `cmake --build build --target programs` | Build example programs. | +| `make apidoc` | `cmake --build build --target mbedtls-apidoc` | Build documentation. | + +Target names may differ slightly; use `cmake --build build --target help` to list all available CMake targets. + +There is no CMake equivalent for `make generated_files` or `make neat`. +Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. +If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. + +There is no CMake equivalent for `make uninstall`. +To remove an installation, simply delete the directory specified as the installation prefix. + +#### Common build options + +| Make usage | CMake usage | Description | +|----------------------------|-------------------------------------------------------|----------------------| +| `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | +| `make SHARED=1` | `cmake -S . -B build -DUSE_SHARED_MBEDTLS_LIBRARY=On` | Also build shared libraries. | +| `make GEN_FILES=""` | `cmake -S . -B build -DGEN_FILES=OFF` | Skip generating files (not a strict equivalent). | +| `make DESTDIR=install_dir` | `cmake --install build --prefix install_dir` | Specify installation path. | +| `make CC=clang` | `cmake -S . -B build -DCMAKE_C_COMPILER=clang` | Set the compiler. | +| `make CFLAGS='-O2 -Wall'` | `cmake -S . -B build -DCMAKE_C_FLAGS="-O2 -Wall"` | Set compiler flags. | + ## Repository split In Mbed TLS 4.0, the project was split into two repositories: - [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. From 25b1a0245491451865734322543d2e1d703fc91c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 17:15:30 +0200 Subject: [PATCH 1008/1080] Rework "Impact on some usages of the library" section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 54 +++++++++++++++++++------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 466c9a0124..4f51f7b676 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -104,38 +104,62 @@ git submodule update --init --recursive ``` #### Linking directly to a built library + The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -The cryptography libraries are also now provided as `libtfpsacrypto.` like in the TF-PSA-Crypto repository. +These libraries are still located in the `library` directory within the build tree. + +The cryptography libraries are also now provided as `libtfpsacrypto.`, consistent with the naming used in the TF-PSA-Crypto repository. + +You may need to update include paths to the public header files, see [File and Directory Relocations](#file-and-directory-relocations) for details. + +#### Using Mbed TLS as a CMake subproject -#### Linking through a CMake target of the cryptography library The base name of the CMake cryptography library target has been changed from `mbedcrypto` to `tfpsacrypto`. -If no target prefix is specified through the MBEDTLS_TARGET_PREFIX option, the associated CMake target is thus now `tfpsacrypto`. +If no target prefix is specified through the `MBEDTLS_TARGET_PREFIX` option, the associated CMake target is now `tfpsacrypto`, and you will need to update it in your CMake scripts. + +You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: +- `programs/test/cmake_subproject` + +#### Using Mbed TLS as a CMake package The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package. When no global target prefix is defined, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. -As an example, the following CMake code: +For example, the following CMake code: ``` find_package(MbedTLS REQUIRED) target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::mbedcrypto) - ``` -would be updated to something like +should be updated to: ``` find_package(MbedTLS REQUIRED) target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) ``` +You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: +- programs/test/cmake_package +- programs/test/cmake_package_install + +#### Using the Mbed TLS Crypto pkg-config file + +The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. +Internally, it now references the tfpsacrypto library. + +A new pkg-config file, tfpsacrypto.pc, is also provided. +Both mbedcrypto.pc and tfpsacrypto.pc are functionally equivalent, providing the same compiler and linker flags. + +#### Using Mbed TLS as an installed library + +The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +The cryptography library is also now provided as `libtfpsacrypto.`. + +Regarding the headers, the main change is the relocation of some headers to private directories. +These headers are installed primarily to satisfy compiler dependencies. +Others remain for historical reasons and may be cleaned up in later versions of the library. -For more information, see the CMake section of `README.md`. -You can also refer to the following example programs demonstrating how to consume Mbed TLS via CMake: -* `programs/test/cmake_subproject` -* `programs/test/cmake_package` -* `programs/test/cmake_package_install`. +We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. +See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. -#### Using Mbed TLS Crypto pkg-config file -The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the `tfpsacrypto` library. -A new pkg-config file, `tfpsacrypto.pc`, is also provided. -Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. +Finally, note the new include/tf-psa-crypto directory, which contains the TF-PSA-Crypto version and build-time configuration headers. ### Audience-Specific Notes From de8bb9628dfc4b468de5d692f6df29558e055c4d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 10:45:36 +0200 Subject: [PATCH 1009/1080] Change footnote indication Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 4f51f7b676..ca4403b5a2 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -69,12 +69,12 @@ These changes reflect the move of cryptographic, cryptographic-adjacent, and pla | Original location | New location(s) | Notes | |-----------------------------------------|--------------------------------------------------------------------------------------|-------| -| `library/*` (\*) | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | -| `include/mbedtls/*` (\*) | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `library/*` () | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/*` () | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | | `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | | `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | -(\*) The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. +() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. ### Configuration file split Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. From f37dbf67cb68964fd1ca2fa726ca8e555a0198b9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 11:00:38 +0200 Subject: [PATCH 1010/1080] Add missing typesettings Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index ca4403b5a2..98c646258b 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -136,16 +136,16 @@ find_package(MbedTLS REQUIRED) target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) ``` You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: -- programs/test/cmake_package -- programs/test/cmake_package_install +- `programs/test/cmake_package` +- `programs/test/cmake_package_install` #### Using the Mbed TLS Crypto pkg-config file The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the tfpsacrypto library. -A new pkg-config file, tfpsacrypto.pc, is also provided. -Both mbedcrypto.pc and tfpsacrypto.pc are functionally equivalent, providing the same compiler and linker flags. +A new pkg-config file, `tfpsacrypto.pc`, is also provided. +Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. #### Using Mbed TLS as an installed library @@ -159,7 +159,7 @@ Others remain for historical reasons and may be cleaned up in later versions of We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. -Finally, note the new include/tf-psa-crypto directory, which contains the TF-PSA-Crypto version and build-time configuration headers. +Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-PSA-Crypto version and build-time configuration headers. ### Audience-Specific Notes From 15557d0d0370a819a703fe860c92b33fef3acfb4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 11:05:25 +0200 Subject: [PATCH 1011/1080] Various improvements Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 98c646258b..7f966ac0d4 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -41,8 +41,7 @@ There is no CMake equivalent for `make generated_files` or `make neat`. Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. -There is no CMake equivalent for `make uninstall`. -To remove an installation, simply delete the directory specified as the installation prefix. +There is currently no equivalent for `make uninstall` in the Mbed TLS CMake build system. #### Common build options @@ -74,7 +73,7 @@ These changes reflect the move of cryptographic, cryptographic-adjacent, and pla | `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | | `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | -() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. +() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but now contain only TLS and X.509 components. ### Configuration file split Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. @@ -152,7 +151,7 @@ Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. The cryptography library is also now provided as `libtfpsacrypto.`. -Regarding the headers, the main change is the relocation of some headers to private directories. +Regarding the headers, the main change is the relocation of some headers to subdirectories called `private`. These headers are installed primarily to satisfy compiler dependencies. Others remain for historical reasons and may be cleaned up in later versions of the library. From dca3b381fa222e53dbe0be3c5ddfce371f018f3b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 17:21:23 +0200 Subject: [PATCH 1012/1080] Various improvements Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 7f966ac0d4..e18fbf1ae3 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -45,6 +45,9 @@ There is currently no equivalent for `make uninstall` in the Mbed TLS CMake buil #### Common build options +The following table illustrates the approximate CMake equivalents of common make commands. +Most CMake examples show only the configuration step, others (like installation) correspond to different stages of the build process. + | Make usage | CMake usage | Description | |----------------------------|-------------------------------------------------------|----------------------| | `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | @@ -83,7 +86,7 @@ The header `include/mbedtls/mbedtls_config.h` still exists and now contains only If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. -There has been significant changes in the configuration options, primarily affecting cryptography. +There have been significant changes in the configuration options, primarily affecting cryptography. #### Cryptography configuration - See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). @@ -165,7 +168,8 @@ Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-P #### Application Developers using a distribution package - See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - Linking against the cryptography library or CMake targets. - - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). + - Using the Mbed TLS Crypto pkg-config file. + - Using Mbed TLS as an installed library ### Developer or package maintainers If you build or distribute Mbed TLS: @@ -175,7 +179,8 @@ If you build or distribute Mbed TLS: - Review [File and directory relocations](#file-and-directory-relocations) for updated paths. - See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - Linking against the cryptography library or CMake targets. - - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). + - Using the Mbed TLS Crypto pkg-config file (`mbedcrypto.pc` or `tfpsacrypto.pc`). + - Using Mbed TLS as an installed library - Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). ### Platform Integrators From 7c39b6055e6e87fea4e7f02f39f1fc2d50ed0913 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 18:07:59 +0200 Subject: [PATCH 1013/1080] Improve sections "Using Mbed TLS as a CMake subproject/package" Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index e18fbf1ae3..5ad741855b 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -116,26 +116,35 @@ You may need to update include paths to the public header files, see [File and D #### Using Mbed TLS as a CMake subproject -The base name of the CMake cryptography library target has been changed from `mbedcrypto` to `tfpsacrypto`. -If no target prefix is specified through the `MBEDTLS_TARGET_PREFIX` option, the associated CMake target is now `tfpsacrypto`, and you will need to update it in your CMake scripts. +The base name of the libraries are now `tfpsacrypto` (formely `mbedcrypto`), `mbedx509` and `mbedtls`. +As before, these base names are also the names of CMake targets to build each library. +If your CMake scripts reference a cryptography library target, you need to update its name accordingly. + +For example, the following CMake code: +``` +target_link_libraries(mytarget PRIVATE mbedcrypto) +``` +should be updated to: +``` +target_link_libraries(mytarget PRIVATE tfpsacrypto) +``` You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: - `programs/test/cmake_subproject` #### Using Mbed TLS as a CMake package -The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package. -When no global target prefix is defined, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. +The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. For example, the following CMake code: ``` find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::mbedcrypto) +target_link_libraries(myapp PRIVATE MbedTLS::mbedcrypto) ``` should be updated to: ``` find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) +target_link_libraries(myapp PRIVATE MbedTLS::tfpsacrypto) ``` You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: - `programs/test/cmake_package` From 9fc5910bdc8d027f33ae80d2fddbd93f7a688c1b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:48:06 +0200 Subject: [PATCH 1014/1080] Remove 3.0 migration guide Migrating from 2.x to 3.0 is no longer relevant: some of the advice wouldn't work with 4.0. We don't really need a migration guide from 3.x any longer since 2.x is no longer officially supported. Signed-off-by: Gilles Peskine --- docs/3.0-migration-guide.md | 1039 ----------------------------------- 1 file changed, 1039 deletions(-) delete mode 100644 docs/3.0-migration-guide.md diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md deleted file mode 100644 index e927667b7e..0000000000 --- a/docs/3.0-migration-guide.md +++ /dev/null @@ -1,1039 +0,0 @@ -# Migrating from Mbed TLS 2.x to Mbed TLS 3.0 - -This guide details the steps required to migrate from Mbed TLS version 2.x to -Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks -compatibility with previous versions, so users (and alt implementers) might -need to change their own code in order to make it work with Mbed TLS 3.0. - -Here's the list of breaking changes; each entry should help you answer these -two questions: (1) am I affected? (2) if yes, what's my migration path? - -The changes are detailed below, and include: - -- Removal of many insecure or obsolete features -- Tidying up of configuration options (including removing some less useful options). -- Changing function signatures, e.g. adding return codes, adding extra parameters, or making some arguments const. -- Removal of functions, macros, and types previously marked as deprecated. - -Much of the information needed to determine a migration path can be found in the Mbed TLS 2.x documentation. - - -## Accessing the Mbed TLS 2.x documentation - -For features previously marked as deprecated, Mbed TLS 2.x documentation may -explain how to upgrade, and should be referred to when migrating code. Where a -migration path is not provided in prior documentation, changes made and the -upgrade steps required will be explained later in this guide. - -It's best to use the latest version of Mbed TLS 2.x for this purpose, which is the 2.28 LTS release. -So to generate the documentation, checkout the `mbedtls-2.28` branch and follow -the instructions in the [Documentation section of the README](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-2.28/README.md#documentation). -Then browse `apidoc/deprecated.html` for guidance on upgrading deprecated code. - -For some deprecated functions, 2.x documentation will suggest using a variant -suffixed with `_ret`. In Mbed TLS 3.x, this change may not be required, as most -of these variants have been renamed without the suffix. The section -[Rename mbedtls_*_ret...](#rename-mbedtls__ret-cryptography-functions-whose-deprecated-variants-have-been-removed) -has further detail on which functions this applies to. - - -## General changes - -### Introduce a level of indirection and versioning in the config files - -`config.h` was split into `build_info.h` and `mbedtls_config.h`. - -* In code, use `#include `. Don't include `mbedtls/config.h` and don't refer to `MBEDTLS_CONFIG_FILE`. -* In build tools, edit `mbedtls_config.h`, or edit `MBEDTLS_CONFIG_FILE` as before. -* If you had a tool that parsed the library version from `include/mbedtls/version.h`, this has moved to `include/mbedtls/build_info.h`. From C code, both headers now define the `MBEDTLS_VERSION_xxx` macros. - -Also, if you have a custom configuration file: - -* Don't include `check_config.h` or `config_psa.h` anymore. -* Don't define `MBEDTLS_CONFIG_H` anymore. - -A config file version symbol, `MBEDTLS_CONFIG_VERSION` was introduced. -Defining it to a particular value will ensure that Mbed TLS interprets -the config file in a way that's compatible with the config file format -used by the Mbed TLS release whose `MBEDTLS_VERSION_NUMBER` has the same -value. -The only value supported by Mbed TLS 3.0.0 is `0x03000000`. - -### Most structure fields are now private - -Direct access to fields of structures (`struct` types) declared in public headers is no longer supported. In Mbed TLS 3, the layout of structures is not considered part of the stable API, and minor versions (3.1, 3.2, etc.) may add, remove, rename, reorder or change the type of structure fields. - -There is a small number of exceptions where some fields are guaranteed to remain stable throughout the lifetime of Mbed TLS 3.x. These fields are explicitly documented as public. Please note that even if all the fields of a structure are public, future versions may add new fields. Also, as before, some public fields should be considered read-only, since modifying them may make the structure inconsistent; check the documentation in each case. - -Attempting to access a private field directly will result in a compilation error. - -If you were accessing structure fields directly, and these fields are not documented as public, you need to change your code. If an accessor (getter/setter) function exists, use that. Direct accessor functions are usually called `mbedtls__{get,set}_` or `mbedtls___{get,set}_`. Accessor functions that change the format may use different verbs, for example `read`/`write` for functions that import/export data from/to a text or byte string. - -If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.). - -As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. In the Mbed TLS 3.6 LTS this will tend to be safer than in a normal minor release because LTS versions try to maintain ABI stability. - -### Move part of timing module out of the library - -The change affects users who use any of the following functions: -`mbedtls_timing_self_test()`, `mbedtls_hardclock_poll()`, -`mbedtls_timing_hardclock()` and `mbedtls_set_alarm()`. - -If you were relying on these functions, you'll now need to change to using your -platform's corresponding functions directly. - -### Deprecated net.h file was removed - -The file `include/mbedtls/net.h` was removed because its only function was to -include `mbedtls/net_sockets.h` which now should be included directly. - -### Remove `MBEDTLS_CHECK_PARAMS` option - -This change does not affect users who use the default configuration; it only -affects users who enabled that option. - -The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enabled certain kinds -of “parameter validation”. It covered two kinds of validations: - -- In some functions that require a valid pointer, “parameter validation” checks -that the pointer is non-null. With the feature disabled, a null pointer is not -treated differently from any other invalid pointer, and typically leads to a -runtime crash. 90% of the uses of the feature are of this kind. -- In some functions that take an enum-like argument, “parameter validation” -checks that the value is a valid one. With the feature disabled, an invalid -value causes a silent default to one of the valid values. - -The default reaction to a failed check was to call a function -`mbedtls_param_failed()` which the application had to provide. If this function -returned, its caller returned an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`. - -This feature was only used in some classic (non-PSA) cryptography modules. It was -not used in X.509, TLS or in PSA crypto, and it was not implemented in all -classic crypto modules. - -This feature has been removed. The library no longer checks for NULL pointers; -checks for enum-like arguments will be kept or re-introduced on a case-by-case -basis, but their presence will no longer be dependent on a compile-time option. - -Validation of enum-like values is somewhat useful, but not extremely important, -because the parameters concerned are usually constants in applications. - -For more information see issue #4313. - -### Remove the `MBEDTLS_TEST_NULL_ENTROPY` configuration option - -This does not affect users who use the default `mbedtls_config.h`, as this option was -already off by default. - -If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform -doesn't have any entropy source, you should use `MBEDTLS_ENTROPY_NV_SEED` -and make sure your device is provisioned with a strong random seed. -Alternatively, for testing purposes only, you can create and register a fake -entropy function. - -### Remove the HAVEGE module - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects users who called the HAVEGE modules directly (not -recommended), or users who used it through the entropy module but had it as the -only source of entropy. If you're in that case, please declare OS or hardware -RNG interfaces with `mbedtls_entropy_add_source()` and/or use an entropy seed -file created securely during device provisioning. See - for more -information. - -### Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0 - -This only affects people who've been using Mbed TLS since before version 2.0 -and still relied on `compat-1.3.h` in their code. - -Please use the new names directly in your code; `scripts/rename.pl` (from any -of the 2.x releases — no longer included in 3.0) might help you do that. - - -## Low-level crypto - -Please also refer to the section [High-level crypto](#high-level-crypto) for -changes that could sit in either category. - -### Deprecated functions were removed from bignum - -The function `mbedtls_mpi_is_prime()` was removed. Please use -`mbedtls_mpi_is_prime_ext()` instead which additionally allows specifying the -number of Miller-Rabin rounds. - -### Deprecated functions were removed from DRBGs - -The functions `mbedtls_ctr_drbg_update_ret()` and `mbedtls_hmac_drbg_update_ret()` -were renamed to replace the corresponding functions without `_ret` appended. Please call -the name without `_ret` appended and check the return value. - -### Deprecated hex-encoded primes were removed from DHM - -The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`, -`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`, -`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`, -`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were -removed. The primes from RFC 5114 are deprecated because their derivation is not -documented and therefore their usage constitutes a security risk; they are fully -removed from the library. Please use parameters from RFC 3526 (still in the -library, only in binary form) or RFC 7919 (also available in the library) or -other trusted sources instead. - -### Deprecated functions were removed from hashing modules - -Modules: MD5, SHA1, SHA256, SHA512, MD. - -- The functions `mbedtls_xxx_starts_ret()`, `mbedtls_xxx_update_ret()`, - `mbedtls_xxx_finish_ret()` and `mbedtls_xxx_ret()` were renamed to replace - the corresponding functions without `_ret` appended. Please call the name without `_ret` appended and check the return value. -- The function `mbedtls_md_init_ctx()` was removed; please use - `mbedtls_md_setup()` instead. -- The functions `mbedtls_xxx_process()` were removed. You normally don't need - to call that from application code. However if you do (or if you want to - provide your own version of that function), please use - `mbedtls_internal_xxx_process()` instead, and check the return value. - -### Change `MBEDTLS_ECP_FIXED_POINT_OPTIM` behavior - -The option `MBEDTLS_ECP_FIXED_POINT_OPTIM` now increases code size and it does -not increase peak RAM usage anymore. - -If you are limited by code size, you can define `MBEDTLS_ECP_FIXED_POINT_OPTIM` -to `0` in your config file. The impact depends on the number and size of -enabled curves. For example, for P-256 the difference is 1KB; see the documentation -of this option for details. - -### Separated `MBEDTLS_SHA224_C` and `MBEDTLS_SHA256_C` - -This does not affect users who use the default `mbedtls_config.h`. `MBEDTLS_SHA256_C` -was enabled by default. Now both `MBEDTLS_SHA256_C` and `MBEDTLS_SHA224_C` are -enabled. - -If you were using custom config file with `MBEDTLS_SHA256_C` enabled, then -you will need to add `#define MBEDTLS_SHA224_C` option to your config. -Current version of the library does not support enabling `MBEDTLS_SHA256_C` -without `MBEDTLS_SHA224_C`. - -### Replaced `MBEDTLS_SHA512_NO_SHA384` with `MBEDTLS_SHA384_C` - -This does not affect users who use the default `mbedtls_config.h`. -`MBEDTLS_SHA512_NO_SHA384` was disabled by default, now `MBEDTLS_SHA384_C` is -enabled by default. - -If you were using a config file with both `MBEDTLS_SHA512_C` and -MBEDTLS_SHA512_NO_SHA384, then just remove the `MBEDTLS_SHA512_NO_SHA384`. -If you were using a config file with `MBEDTLS_SHA512_C` and without -`MBEDTLS_SHA512_NO_SHA384` and you need the SHA-384 algorithm, then add -`#define MBEDTLS_SHA384_C` to your config file. - -### GCM multipart interface: application changes - -The GCM module now supports arbitrary chunked input in the multipart interface. -This changes the interface for applications using the GCM module directly for multipart operations. -Applications using one-shot GCM or using GCM via the `mbedtls_cipher_xxx` or `psa_aead_xxx` interfaces do not require any changes. - -* `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). Call the new function `mbedtls_gcm_update_ad()` to pass the associated data. -* `mbedtls_gcm_update()` now takes an extra parameter to indicate the actual output length. In Mbed TLS 2.x, applications had to pass inputs consisting of whole 16-byte blocks except for the last block (this limitation has been lifted). In this case: - * As long as the input remains block-aligned, the output length is exactly the input length, as before. - * If the length of the last input is not a multiple of 16, alternative implementations may return the last partial block in the call to `mbedtls_gcm_finish()` instead of returning it in the last call to `mbedtls_gcm_update()`. -* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block. This is needed for alternative implementations that can only process a whole block at a time. - -### GCM interface changes: impact for alternative implementations - -The GCM multipart interface has changed as described in [“GCM multipart interface: application changes”](#gcm-multipart-interface-application-changes). The consequences for an alternative implementation of GCM (`MBEDTLS_GCM_ALT`) are as follows: - -* `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). The new function `mbedtls_gcm_update_ad()` receives the associated data. It may be called multiple times. -* `mbedtls_gcm_update()` now allows arbitrary-length inputs, takes an extra parameter to indicate the actual output length. Alternative implementations may choose between two modes: - * Always return the partial output immediately, even if it does not consist of a whole number of blocks. - * Buffer the data for the last partial block, to be returned in the next call to `mbedtls_gcm_update()` or `mbedtls_gcm_finish()`. -* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block if needed. - -### The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed - -This doesn't affect users of the default configuration; it only affects people -who were explicitly setting this option. - -This was a trade-off between code size and countermeasures; it is no longer -relevant as the countermeasure is now always on at no cost in code size. - -### SHA-512 and SHA-256 output type change - -The output parameter of `mbedtls_sha256_finish()`, `mbedtls_sha256()`, `mbedtls_sha512_finish()`, `mbedtls_sha512()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer. - -This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. - -Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly. - -### Deprecated error codes for hardware failures were removed - -- The macros `MBEDTLS_ERR_xxx_FEATURE_UNAVAILABLE` from various crypto modules - were removed; `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used - instead. -- The macro `MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION` was removed; - `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used instead. -- The macros `MBEDTLS_ERR_xxx_HW_ACCEL_FAILED` from various crypto modules - were removed; `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` is now used instead. - -### Deprecated error codes for invalid input data were removed - -- The macros `MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH` from ARIA and Camellia - modules were removed; `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` is now used instead. - -### Remove the mode parameter from RSA functions - -This affects all users who use the RSA encrypt, decrypt, sign and -verify APIs. - -The RSA module no longer supports private-key operations with the public key or -vice versa. As a consequence, RSA operation functions no longer have a mode -parameter. If you were calling RSA operations with the normal mode (public key -for verification or encryption, private key for signature or decryption), remove -the `MBEDTLS_RSA_PUBLIC` or `MBEDTLS_RSA_PRIVATE` argument. If you were calling -RSA operations with the wrong mode, which rarely makes sense from a security -perspective, this is no longer supported. - -### Deprecated functions were removed from AES - -The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were -removed. - -If you're simply using the AES module, you should be calling the higher-level -functions `mbedtls_aes_crypt_xxx()`. - -If you're providing an alternative implementation using -`MBEDTLS_AES_ENCRYPT_ALT` or `MBEDTLS_AES_DECRYPT_ALT`, you should be -replacing the removed functions with `mbedtls_internal_aes_encrypt()` and -`mbedtls_internal_aes_decrypt()` respectively. - -### Deprecated functions were removed from ECDSA - -The functions `mbedtls_ecdsa_write_signature_det()` and -`mbedtls_ecdsa_sign_det()` were removed. They were superseded by -`mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_sign_det_ext()` -respectively. - -### Rename `mbedtls_*_ret()` cryptography functions whose deprecated variants have been removed - -This change affects users who were using the `mbedtls_*_ret()` cryptography -functions. - -Those functions were created based on now-deprecated functions according to a -requirement that a function needs to return a value. This change brings back the -original names of those functions. The renamed functions are: - -| name before this change | after the change | -|--------------------------------|----------------------------| -| `mbedtls_ctr_drbg_update_ret` | `mbedtls_ctr_drbg_update` | -| `mbedtls_hmac_drbg_update_ret` | `mbedtls_hmac_drbg_update` | -| `mbedtls_md5_starts_ret` | `mbedtls_md5_starts` | -| `mbedtls_md5_update_ret` | `mbedtls_md5_update` | -| `mbedtls_md5_finish_ret` | `mbedtls_md5_finish` | -| `mbedtls_md5_ret` | `mbedtls_md5` | -| `mbedtls_ripemd160_starts_ret` | `mbedtls_ripemd160_starts` | -| `mbedtls_ripemd160_update_ret` | `mbedtls_ripemd160_update` | -| `mbedtls_ripemd160_finish_ret` | `mbedtls_ripemd160_finish` | -| `mbedtls_ripemd160_ret` | `mbedtls_ripemd160` | -| `mbedtls_sha1_starts_ret` | `mbedtls_sha1_starts` | -| `mbedtls_sha1_update_ret` | `mbedtls_sha1_update` | -| `mbedtls_sha1_finish_ret` | `mbedtls_sha1_finish` | -| `mbedtls_sha1_ret` | `mbedtls_sha1` | -| `mbedtls_sha256_starts_ret` | `mbedtls_sha256_starts` | -| `mbedtls_sha256_update_ret` | `mbedtls_sha256_update` | -| `mbedtls_sha256_finish_ret` | `mbedtls_sha256_finish` | -| `mbedtls_sha256_ret` | `mbedtls_sha256` | -| `mbedtls_sha512_starts_ret` | `mbedtls_sha512_starts` | -| `mbedtls_sha512_update_ret` | `mbedtls_sha512_update` | -| `mbedtls_sha512_finish_ret` | `mbedtls_sha512_finish` | -| `mbedtls_sha512_ret` | `mbedtls_sha512` | - -To migrate to this change the user can keep the `*_ret` names in their code -and include the `compat_2.x.h` header file which holds macros with proper -renaming or to rename those functions in their code according to the list from -mentioned header file. - -### Remove the RNG parameter from RSA verify functions - -RSA verification functions also no longer take random generator arguments (this -was only needed when using a private key). This affects all applications using -the RSA verify functions. - -### Remove the padding parameters from `mbedtls_rsa_init()` - -This affects all users who use the RSA encrypt, decrypt, sign and -verify APIs. - -The function `mbedtls_rsa_init()` no longer supports selecting the PKCS#1 v2.1 -encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If -you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call -to `mbedtls_rsa_init()`, to call `mbedtls_rsa_set_padding()` to set it. - -To choose the padding type when initializing a context, instead of - -```C - mbedtls_rsa_init(ctx, padding, hash_id); -``` - -use - -```C - mbedtls_rsa_init(ctx); - mbedtls_rsa_set_padding(ctx, padding, hash_id); -``` - -To use PKCS#1 v1.5 padding, instead of - -```C - mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, ); -``` - -just use - -```C - mbedtls_rsa_init(ctx); -``` - - -## High-level crypto - -Please also refer to the section [Low-level crypto](#low-level-crypto) for -changes that could sit in either category. - -### Calling `mbedtls_cipher_finish()` is mandatory for all multi-part operations - -This only affects people who use the cipher module to perform AEAD operations -using the multi-part API. - -Previously, the documentation didn't state explicitly if it was OK to call -`mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after -the last call to `mbedtls_cipher_update()` — that is, without calling -`mbedtls_cipher_finish()` in-between. If your code was missing that call, -please add it and be prepared to get as much as 15 bytes of output. - -Currently the output is always 0 bytes, but it may be more when alternative -implementations of the underlying primitives are in use, or with future -versions of the library. - -### Remove MD2, MD4, RC4, Blowfish and XTEA algorithms - -This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms. - -They are already niche or obsolete and most of them are weak or broken. For -those reasons possible users should consider switching to modern and safe -alternatives to be found in the literature. - -### Deprecated functions were removed from cipher - -The functions `mbedtls_cipher_auth_encrypt()` and -`mbedtls_cipher_auth_decrypt()` were removed. They were superseded by -`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()` -respectively which additionally support key wrapping algorithms such as -NIST_KW. - -### Extra parameter for the output buffer size - -The following functions now take an extra parameter indicating the size of the output buffer: - -* `mbedtls_ecdsa_write_signature()`, `mbedtls_ecdsa_write_signature_restartable()` -* `mbedtls_pk_sign()`, `mbedtls_pk_sign_restartable()` - -The requirements for the output buffer have not changed, but passing a buffer that is too small now reliably causes the functions to return an error, rather than overflowing the buffer. - -### Signature functions now require the hash length to match the expected value - -This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected. - -All the functions in the RSA module that accept a `hashlen` parameter used to -ignore it unless the `md_alg` parameter was `MBEDTLS_MD_NONE`, indicating raw -data was signed. The `hashlen` parameter is now always the size that is read -from the `hash` input buffer. This length must be equal to the output size of -the hash algorithm used when signing a hash. (The requirements when signing -raw data are unchanged.) This affects the following functions: - -* `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_pkcs1_verify` -* `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_verify` -* `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_verify` -* `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify_ext` - -The signature functions in the PK module no longer accept 0 as the `hash_len` parameter. The `hash_len` parameter is now always the size that is read from the `hash` input buffer. This affects the following functions: - -* `mbedtls_pk_sign`, `mbedtls_pk_verify` -* `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable` -* `mbedtls_pk_verify_ext` - -The migration path is to pass the correct value to those functions. - -### Some function parameters were made const - -Various functions in the PK and ASN.1 modules had a `const` qualifier added to -some of their parameters. - -This normally doesn't affect your code, unless you use pointers to reference -those functions. In this case, you'll need to update the type of your pointers -in order to match the new signature. - -### The RNG parameter is now mandatory for all functions that accept one - -This change affects all users who called a function accepting a `f_rng` -parameter with `NULL` as the value of this argument; this is no longer -supported. - -The changed functions are: the X.509 CRT and CSR writing functions; the PK and -RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM -and ECDH that compute the shared secret; the scalar multiplication functions in -ECP. - -You now need to pass a properly seeded, cryptographically secure RNG to all -functions that accept a `f_rng` parameter. It is of course still possible to -pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a -context. - -Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT` -configuration options) may have their own internal and are free to ignore the -`f_rng` argument but must allow users to pass one anyway. - -### Some functions gained an RNG parameter - -This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, -`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and -`mbedtls_pk_parse_keyfile()`. - -You now need to pass a properly seeded, cryptographically secure RNG when -calling these functions. It is used for blinding, a countermeasure against -side-channel attacks. - - -## PSA - -### Deprecated names for PSA constants and types were removed - -Some constants and types that were present in beta versions of the PSA Crypto -API were removed from version 1.0 of specification. Please switch to the new -names provided by the 1.0 specification instead. - - -## Changes that only affect alternative implementations - -### Internal / alt-focused headers were moved to a private location - -This shouldn't affect users who took care not to include headers that -were documented as internal, despite being in the public include directory. - -If you're providing alt implementations of ECP or RSA, you'll need to add our -`library` directory to your include path when building your alt -implementations, and note that `ecp_internal.h` and `rsa_internal.h` have been -renamed to `ecp_internal_alt.h` and `rsa_alt_helpers.h` respectively. - -If you're a library user and used to rely on having access to a structure or -function that's now in a private header, please reach out on the mailing list -and explain your need; we'll consider adding a new API in a future version. - -### CCM interface changes: impact for alternative implementations - -The CCM interface has changed with the addition of support for -multi-part operations. Five new API functions have been defined: - `mbedtls_ccm_starts()`, `mbedtls_ccm_set_lengths()`, - `mbedtls_ccm_update_ad()`, `mbedtls_ccm_update()` and `mbedtls_ccm_finish()`. -Alternative implementations of CCM (`MBEDTLS_CCM_ALT`) have now to -implement those additional five API functions. - - -## X.509 - -### Remove the certs module from the library - -This should not affect production use of the library, as the certificates and -keys included there were never suitable for production use. - -However it might affect you if you relied on them for testing purposes. In -that case, please embed your own test certificates in your test code; now that -`certs.c` is out of the library there is no longer any stability guaranteed -and it may change in incompatible ways at any time. - -### Change the API to allow adding critical extensions to CSRs - -This affects applications that call the `mbedtls_x509write_csr_set_extension` -function. - -The API is changed to include the parameter `critical` which enables marking an -extension included in a CSR as critical. To get the previous behavior pass 0. - -### Remove the config option `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` - -This change does not affect users of the default configuration; it only affects -users who enable this option. - -The X.509 standard says that implementations must reject critical extensions that -they don't recognize, and this is what Mbed TLS does by default. This option -allowed to continue parsing those certificates but didn't provide a convenient -way to handle those extensions. - -The migration path from that option is to use the -`mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally -equivalent to `mbedtls_x509_crt_parse_der()`, and/or -`mbedtls_x509_crt_parse_der_nocopy()` but it calls the callback with every -unsupported certificate extension and additionally the "certificate policies" -extension if it contains any unsupported certificate policies. - -### Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h` - -This change affects users who have chosen the configuration options to disable the -library's verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 -certificates. - -The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE` -configuration options are removed and the X.509 code now behaves as if they were -always enabled. It is consequently not possible anymore to disable at compile -time the verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 -certificates. - -The verification of the `keyUsage` and `extendedKeyUsage` fields is important, -disabling it can cause security issues and it is thus not recommended. If the -verification is for some reason undesirable, it can still be disabled by means -of the verification callback function passed to `mbedtls_x509_crt_verify()` (see -the documentation of this function for more information). - -### Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option - -This change does not affect users who were using the default configuration, as -this option was already disabled by default. Also, it does not affect users who -are working with current V3 X.509 certificates. - -Extensions were added in V3 of the X.509 specification, so pre-V3 certificates -containing extensions were never compliant. Mbed TLS now rejects them with a -parsing error in all configurations, as it did previously in the default -configuration. - -If you are working with the pre-V3 certificates you need to switch to the -current ones. - -### Strengthen default algorithm selection for X.509 - -This is described in the section [Strengthen default algorithm selection for X.509 and TLS](#strengthen-default-algorithm-selection-for-x.509-and-tls). - -### Remove wrapper for libpkcs11-helper - -This doesn't affect people using the default configuration as it was already -disabled by default. - -If you used to rely on this module in order to store your private keys -securely, please have a look at the key management facilities provided by the -PSA crypto API. If you have a use case that's not covered yet by this API, -please reach out on the mailing list. - - -## SSL - -### Remove support for TLS 1.0, 1.1 and DTLS 1.0 - -This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols. - -These versions have been deprecated by RFC 8996. -Keeping them in the library creates opportunities for misconfiguration -and possibly downgrade attacks. More generally, more code means a larger attack -surface, even if the code is supposedly not used. - -The migration path is to adopt the latest versions of the protocol. - -As a consequence of removing TLS 1.0, support for CBC record splitting was -also removed, as it was a work-around for a weakness in this particular -version. There is no migration path since the feature is no longer relevant. - -As a consequence of currently supporting only one version of (D)TLS (and in the -future 1.3 which will have a different version negotiation mechanism), support -for fallback SCSV (RFC 7507) was also removed. There is no migration path as -it's no longer useful with TLS 1.2 and later. - -As a consequence of currently supporting only one version of (D)TLS (and in the -future 1.3 which will have a different concept of ciphersuites), support for -configuring ciphersuites separately for each version via -`mbedtls_ssl_conf_ciphersuites_for_version()` was removed. Use -`mbedtls_ssl_conf_ciphersuites()` to configure ciphersuites to use with (D)TLS -1.2; in the future a different API will be added for (D)TLS 1.3. - -### Remove support for SSL 3.0 - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who explicitly enabled `MBEDTLS_SSL_PROTO_SSL3` -and relied on that version in order to communicate with peers that are not up -to date. If one of your peers is in that case, please try contacting them and -encouraging them to upgrade their software. - -### Remove support for parsing SSLv2 ClientHello - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS servers that have clients who send an SSLv2 ClientHello. -These days clients are very unlikely to do that. If you have a client that -does, please try contacting them and encouraging them to upgrade their -software. - -### Remove support for truncated HMAC - -This affects users of truncated HMAC, that is, users who called -`mbedtls_ssl_conf_truncated_hmac( ..., MBEDTLS_SSL_TRUNC_HMAC_ENABLED)`, -regardless of whether the standard version was used or compatibility version -(`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). - -The recommended migration path for people who want minimal overhead is to use a -CCM-8 ciphersuite. - -### Remove support for TLS record-level compression - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who enabled `MBEDTLS_ZLIB_SUPPORT`. This will not -cause any failures however if you used to enable TLS record-level compression -you may find that your bandwidth usage increases without compression. There's -no general solution to this problem; application protocols might have their -own compression mechanisms and are in a better position than the TLS stack to -avoid variants of the CRIME and BREACH attacks. - -### Remove support for TLS RC4-based ciphersuites - -This does not affect people who used the default `mbedtls_config.h` and the default -list of ciphersuites, as RC4-based ciphersuites were already not negotiated in -that case. - -Please switch to any of the modern, recommended ciphersuites (based on -AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support -any, encourage them to upgrade their software. - -### Remove support for TLS single-DES ciphersuites - -This doesn't affect people using the default configuration as it was already -disabled by default. - -Please switch to any of the modern, recommended ciphersuites (based on -AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support -any, encourage them to upgrade their software. - -### Remove support for TLS record-level hardware acceleration - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This feature had been broken for a while so we doubt anyone still used it. -However if you did, please reach out on the mailing list and let us know about -your use case. - -### Remove config option `MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME` - -This doesn't affect people using the default configuration. - -This option has not had any effect for a long time. Please use the `lifetime` -parameter of `mbedtls_ssl_ticket_setup()` instead. - -### Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options - -This change affects users who modified the default `mbedtls_config.h` padding granularity -settings, i.e. enabled at least one of the options. - -The `mbedtls_config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and -`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because -they used exactly the same padding mechanism and hence their respective padding -granularities can be used in exactly the same way. This change simplifies the -code maintenance. - -The new single option `MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY` can be used -for both DTLS-CID and TLS 1.3. - -### TLS now favors faster curves over larger curves - -The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves. - -If you prefer a different order, call `mbedtls_ssl_conf_groups()` when configuring a TLS connection. - -### SSL key export interface change - -This affects users of the SSL key export APIs: -``` - mbedtls_ssl_conf_export_keys_cb() - mbedtls_ssl_conf_export_keys_ext_cb() -``` - -Those APIs have been removed and replaced by the new API -`mbedtls_ssl_set_export_keys_cb()`. This API differs from -the previous key export API in the following ways: - -- It is no longer bound to an SSL configuration, but to an - SSL context. This allows users to more easily identify the - connection an exported key belongs to. -- It no longer exports raw keys and IV. -- A secret type parameter has been added to identify which key - is being exported. For TLS 1.2, only the master secret is - exported, but upcoming TLS 1.3 support will add other kinds of keys. -- The callback now specifies a void return type, rather than - returning an error code. It is the responsibility of the application - to handle failures in the key export callback, for example by - shutting down the TLS connection. - -For users which do not rely on raw keys and IV, adjusting to the new -callback type should be straightforward — see the example programs -`programs/ssl/ssl_client2` and `programs/ssl/ssl_server2` for callbacks -for NSSKeylog, EAP-TLS and DTLS-SRTP. - -Users which require access to the raw keys used to secure application -traffic may derive those by hand based on the master secret and the -handshake transcript hashes which can be obtained from the raw data -on the wire. Such users are also encouraged to reach out to the -Mbed TLS team on the mailing list, to let the team know about their -use case. - -### Remove MaximumFragmentLength (MFL) query API - -This affects users which use the MFL query APIs -`mbedtls_ssl_get_{input,output}_max_frag_len()` to -infer upper bounds on the plaintext size of incoming and -outgoing record. - -Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()` -instead, which also provides such upper bounds but takes more factors -than just the MFL configuration into account. - -### Relaxed semantics for PSK configuration - -This affects users which call the PSK configuration APIs -`mbedtls_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()` -multiple times on the same SSL configuration. - -In Mbed TLS 2.x, users would observe later calls overwriting -the effect of earlier calls, with the prevailing PSK being -the one that has been configured last. In Mbed TLS 3.0, -calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times -will return an error, leaving the first PSK intact. - -To achieve equivalent functionality when migrating to Mbed TLS 3.0, -users calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times should -remove all but the last call, so that only one call to _either_ -`mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()` -remains. - -### Remove the configuration to enable weak ciphersuites in SSL / TLS - -This does not affect users who use the default `mbedtls_config.h`, as this option was -already off by default. - -If you were using a weak cipher, please switch to any of the modern, -recommended ciphersuites (based on AES-GCM, AES-CCM or ChachaPoly for example) -and if your peer doesn't support any, encourage them to upgrade their software. - -If you were using a ciphersuite without encryption, you just have to -enable `MBEDTLS_CIPHER_NULL_CIPHER` now. - -### Remove the `MBEDTLS_SSL_MAX_CONTENT_LEN` configuration option - -This affects users who use the `MBEDTLS_SSL_MAX_CONTENT_LEN` option to -set the maximum length of incoming and outgoing plaintext fragments, -which can save memory by reducing the size of the TLS I/O buffers. - -This option is replaced by the more fine-grained options -`MBEDTLS_SSL_IN_CONTENT_LEN` and `MBEDTLS_SSL_OUT_CONTENT_LEN` that set -the maximum incoming and outgoing plaintext fragment lengths, respectively. - -### Remove the SSL API `mbedtls_ssl_get_session_pointer()` - -This affects two classes of users: - -1. Users who manually inspect parts of the current session through - direct structure field access. - -2. Users of session resumption who query the current session - via `mbedtls_ssl_get_session_pointer()` prior to saving or exporting - it via `mbedtls_ssl_session_copy()` or `mbedtls_ssl_session_save()`, - respectively. - -Migration paths: - -1. Mbed TLS 3.0 does not offer a migration path for the use case 1: Like many - other Mbed TLS structures, the structure of `mbedtls_ssl_session` is no - longer part of the public API in Mbed TLS 3.0, and direct structure field - access is no longer supported. Please see the [section on private structure fields](#most-structure-fields-are-now-private) for more details. - -2. Users should replace calls to `mbedtls_ssl_get_session_pointer()` by - calls to `mbedtls_ssl_get_session()` as demonstrated in the example - program `programs/ssl/ssl_client2.c`. - -### Remove `MBEDTLS_SSL_DTLS_BADMAC_LIMIT` option - -This change does not affect users who used the default `mbedtls_config.h`, as the option -`MBEDTLS_SSL_DTLS_BADMAC_LIMIT` was already on by default. - -This option was a trade-off between functionality and code size: it allowed -users who didn't need that feature to avoid paying the cost in code size, by -disabling it. - -This option is no longer present, but its functionality is now always enabled. - -### Deprecated functions were removed from SSL - -The function `mbedtls_ssl_conf_dh_param()` was removed. Please use -`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead. - -The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use -`mbedtls_ssl_get_max_out_record_payload()` and -`mbedtls_ssl_get_max_in_record_payload()` -instead. - -### Remove `MBEDTLS_SSL_RECORD_CHECKING` option and enable its action by default - -This change does not affect users who use the default `mbedtls_config.h`, as the -option `MBEDTLS_SSL_RECORD_CHECKING` was already on by default. - -This option was added only to control compilation of one function, - `mbedtls_ssl_check_record()`, which is only useful in some specific cases, so it -was made optional to allow users who don't need it to save some code space. -However, the same effect can be achieved by using link-time garbage collection. - -Users who changed the default setting of the option need to change the config/ -build system to remove that change. - -### Session Cache API Change - -This affects users who use `mbedtls_ssl_conf_session_cache()` -to configure a custom session cache implementation different -from the one Mbed TLS implements in `library/ssl_cache.c`. - -Those users will need to modify the API of their session cache -implementation to that of a key-value store with keys being -session IDs and values being instances of `mbedtls_ssl_session`: - -```C -typedef int mbedtls_ssl_cache_get_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session ); -typedef int mbedtls_ssl_cache_set_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session ); -``` - -Since the structure of `mbedtls_ssl_session` is no longer public from 3.0 -onwards, portable session cache implementations must not access fields of -`mbedtls_ssl_session`. See the corresponding migration guide. Users that -find themselves unable to migrate their session cache functionality without -accessing fields of `mbedtls_ssl_session` should describe their use case -on the Mbed TLS mailing list. - -### Changes in the SSL error code space - -This affects users manually checking for the following error codes: - -- `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` -- `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` -- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` -- `MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN` -- `MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE` -- `MBEDTLS_ERR_SSL_BAD_HS_XXX` - -Migration paths: -- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and - `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate - is too large to fit into the output buffers. - - Users should check for `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially - compare the size of their own certificate against the configured size of the output buffer to - understand if the error is due to an overly large certificate. - -- `MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN` and `MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE` have been - replaced by `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE`. - -- All codes of the form `MBEDTLS_ERR_SSL_BAD_HS_XXX` have been replaced by various alternatives, which give more information about the type of error raised. - - Users should check for the newly introduced generic error codes - - * `MBEDTLS_ERR_SSL_DECODE_ERROR` - * `MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER`, - * `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` - * `MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION` - * `MBEDTLS_ERR_SSL_BAD_CERTIFICATE` - * `MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME` - * `MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION` - * `MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL` - - and the pre-existing generic error codes - - * `MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE` - * `MBEDTLS_ERR_SSL_INTERNAL_ERROR` - - instead. - -### Modified semantics of `mbedtls_ssl_{get,set}_session()` - -This affects users who call `mbedtls_ssl_get_session()` or -`mbedtls_ssl_set_session()` multiple times on the same SSL context -representing an established TLS 1.2 connection. -Those users will now observe the second call to fail with -`MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`. - -Migration path: -- Exporting the same TLS 1.2 connection multiple times via - `mbedtls_ssl_get_session()` leads to multiple copies of - the same session. This use of `mbedtls_ssl_get_session()` - is discouraged, and the following should be considered: - * If the various session copies are later loaded into - fresh SSL contexts via `mbedtls_ssl_set_session()`, - export via `mbedtls_ssl_get_session()` only once and - load the same session into different contexts via - `mbedtls_ssl_set_session()`. Since `mbedtls_ssl_set_session()` - makes a copy of the session that's being loaded, this - is functionally equivalent. - * If the various session copies are later serialized - via `mbedtls_ssl_session_save()`, export and serialize - the session only once via `mbedtls_ssl_get_session()` and - `mbedtls_ssl_session_save()` and make copies of the raw - data instead. -- Calling `mbedtls_ssl_set_session()` multiple times in Mbed TLS 2.x - is not useful since subsequent calls overwrite the effect of previous - calls. Applications achieve equivalent functional behavior by - issuing only the very last call to `mbedtls_ssl_set_session()`. - -### Turn `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` configuration option into a runtime option - -This change affects users who were enabling `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` -option in the `mbedtls_config.h` - -This option has been removed and a new function with similar functionality has -been introduced into the SSL API. - -This new function `mbedtls_ssl_conf_preference_order()` can be used to -change the preferred order of ciphersuites on the server to those used on the client, -e.g.: `mbedtls_ssl_conf_preference_order(ssl_config, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)` -has the same effect as enabling the removed option. The default state is to use -the server order of suites. - -### Strengthen default algorithm selection for X.509 and TLS - -The default X.509 verification profile (`mbedtls_x509_crt_profile_default`) and the default curve and hash selection in TLS have changed. They are now aligned, except that the X.509 profile only lists curves that support signature verification. - -Hashes and curves weaker than 255 bits (security strength less than 128 bits) are no longer accepted by default. The following hashes have been removed: SHA-1 (formerly only accepted for key exchanges but not for certificate signatures), SHA-224 (weaker hashes were already not accepted). The following curves have been removed: secp192r1, secp224r1, secp192k1, secp224k1. - -The compile-time options `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` and `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` are no longer available. - -The curve secp256k1 has also been removed from the default X.509 and TLS profiles. [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422#section-5.1.1) deprecates it in TLS, and it is very rarely used, although it is not known to be weak at the time of writing. - -If you still need to accept certificates signed with algorithms that have been removed from the default profile, call `mbedtls_x509_crt_verify_with_profile` instead of `mbedtls_x509_crt_verify` and pass a profile that allows the curves and hashes you want. For example, to allow SHA-224: -```C -mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; -my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); -``` - -If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_groups()` with the desired lists. - -### Remove 3DES ciphersuites - -This change does not affect users using default settings for 3DES in `mbedtls_config.h` -because the 3DES ciphersuites were disabled by that. - -3DES has weaknesses/limitations and there are better alternatives, and more and -more standard bodies are recommending against its use in TLS. - -The migration path here is to chose from the alternatives recommended in the -literature, such as AES. From e79923c65de283ddf4a871b2d1f8f346ebdf3a39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:50:20 +0200 Subject: [PATCH 1015/1080] Consolidate migration guide chapters into a single file Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 599 ++++++++++++++++++ docs/4.0-migration-guide/configuration.md | 44 -- .../deprecated-removals.md | 14 - docs/4.0-migration-guide/error-codes.md | 37 -- docs/4.0-migration-guide/feature-removals.md | 152 ----- .../function-prototype-changes.md | 89 --- docs/4.0-migration-guide/oid.md | 7 - docs/4.0-migration-guide/private-decls.md | 33 - docs/4.0-migration-guide/psa-only.md | 23 - docs/4.0-migration-guide/repo-split.md | 200 ------ 10 files changed, 599 insertions(+), 599 deletions(-) create mode 100644 docs/4.0-migration-guide.md delete mode 100644 docs/4.0-migration-guide/configuration.md delete mode 100644 docs/4.0-migration-guide/deprecated-removals.md delete mode 100644 docs/4.0-migration-guide/error-codes.md delete mode 100644 docs/4.0-migration-guide/feature-removals.md delete mode 100644 docs/4.0-migration-guide/function-prototype-changes.md delete mode 100644 docs/4.0-migration-guide/oid.md delete mode 100644 docs/4.0-migration-guide/private-decls.md delete mode 100644 docs/4.0-migration-guide/psa-only.md delete mode 100644 docs/4.0-migration-guide/repo-split.md diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md new file mode 100644 index 0000000000..83ec90ca92 --- /dev/null +++ b/docs/4.0-migration-guide.md @@ -0,0 +1,599 @@ +## CMake as the only build system +Mbed TLS now uses CMake exclusively to configure and drive its build process. +Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. + +The previous `.sln` and `.vcxproj` files are no longer distributed or generated. + +See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. +If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. + +### Translating Make commands to CMake + +With the removal of GNU Make support, all build, test, and installation operations must now be performed using CMake. +This section provides a quick reference for translating common `make` commands into their CMake equivalents. + +#### Basic build workflow + +Run `cmake -S . -B build` once before building to configure the build and generate native build files (e.g., Makefiles) in the `build` directory. +This sets up an out-of-tree build, which is recommended. + +| Make command | CMake equivalent | Description | +|----------------|------------------------------------------------|--------------------------------------------------------------------| +| `make` | `cmake --build build` | Build the libraries, programs, and tests in the `build` directory. | +| `make test` | `ctest --test-dir build` | Run the tests produced by the previous build. | +| `make clean` | `cmake --build build --target clean` | Remove build artifacts produced by the previous build. | +| `make install` | `cmake --install build --prefix build/install` | Install the built libraries, headers, and tests to `build/install`. | + +#### Building specific targets + +Unless otherwise specified, the CMake command in the table below should be preceded by a `cmake -S . -B build` call to configure the build and generate build files in the `build` directory. + +| Make command | CMake equivalent | Description | +|-----------------|---------------------------------------------------------------------|---------------------------| +| `make lib` | `cmake --build build --target lib` | Build only the libraries. | +| `make tests` | `cmake -S . -B build -DENABLE_PROGRAMS=Off && cmake --build build` | Build test suites. | +| `make programs` | `cmake --build build --target programs` | Build example programs. | +| `make apidoc` | `cmake --build build --target mbedtls-apidoc` | Build documentation. | + +Target names may differ slightly; use `cmake --build build --target help` to list all available CMake targets. + +There is no CMake equivalent for `make generated_files` or `make neat`. +Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. +If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. + +There is currently no equivalent for `make uninstall` in the Mbed TLS CMake build system. + +#### Common build options + +The following table illustrates the approximate CMake equivalents of common make commands. +Most CMake examples show only the configuration step, others (like installation) correspond to different stages of the build process. + +| Make usage | CMake usage | Description | +|----------------------------|-------------------------------------------------------|----------------------| +| `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | +| `make SHARED=1` | `cmake -S . -B build -DUSE_SHARED_MBEDTLS_LIBRARY=On` | Also build shared libraries. | +| `make GEN_FILES=""` | `cmake -S . -B build -DGEN_FILES=OFF` | Skip generating files (not a strict equivalent). | +| `make DESTDIR=install_dir` | `cmake --install build --prefix install_dir` | Specify installation path. | +| `make CC=clang` | `cmake -S . -B build -DCMAKE_C_COMPILER=clang` | Set the compiler. | +| `make CFLAGS='-O2 -Wall'` | `cmake -S . -B build -DCMAKE_C_FLAGS="-O2 -Wall"` | Set compiler flags. | + +## Repository split +In Mbed TLS 4.0, the project was split into two repositories: +- [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. +- [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. +Mbed TLS consumes TF-PSA-Crypto as a submodule. +You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the cryptography library. + +### File and directory relocations + +The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. +These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. + +| Original location | New location(s) | Notes | +|-----------------------------------------|--------------------------------------------------------------------------------------|-------| +| `library/*` () | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/*` () | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | +| `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | + +() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but now contain only TLS and X.509 components. + +### Configuration file split +Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. +See [Compile-time configuration](#compile-time-configuration). + +The header `include/mbedtls/mbedtls_config.h` still exists and now contains only the TLS and X.509 configuration options. + +If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. + +There have been significant changes in the configuration options, primarily affecting cryptography. + +#### Cryptography configuration +- See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). +- See also the following sections in the TF-PSA-Crypto 1.0 migration guide: + - *PSA as the Only Cryptography API* and its sub-section *Impact on the Library Configuration* + - *Random Number Generation Configuration* + +#### TLS configuration +For details about TLS-related changes, see [Changes to TLS options](#changes-to-tls-options). + +### Impact on some usages of the library + +#### Checking out a branch or a tag +After checking out a branch or tag of the Mbed TLS repository, you must now recursively update the submodules, as TF-PSA-Crypto contains itself a nested submodule: +``` +git submodule update --init --recursive +``` + +#### Linking directly to a built library + +The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +These libraries are still located in the `library` directory within the build tree. + +The cryptography libraries are also now provided as `libtfpsacrypto.`, consistent with the naming used in the TF-PSA-Crypto repository. + +You may need to update include paths to the public header files, see [File and Directory Relocations](#file-and-directory-relocations) for details. + +#### Using Mbed TLS as a CMake subproject + +The base name of the libraries are now `tfpsacrypto` (formely `mbedcrypto`), `mbedx509` and `mbedtls`. +As before, these base names are also the names of CMake targets to build each library. +If your CMake scripts reference a cryptography library target, you need to update its name accordingly. + +For example, the following CMake code: +``` +target_link_libraries(mytarget PRIVATE mbedcrypto) +``` +should be updated to: +``` +target_link_libraries(mytarget PRIVATE tfpsacrypto) +``` + +You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: +- `programs/test/cmake_subproject` + +#### Using Mbed TLS as a CMake package + +The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. + +For example, the following CMake code: +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::mbedcrypto) +``` +should be updated to: +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::tfpsacrypto) +``` +You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: +- `programs/test/cmake_package` +- `programs/test/cmake_package_install` + +#### Using the Mbed TLS Crypto pkg-config file + +The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. +Internally, it now references the tfpsacrypto library. + +A new pkg-config file, `tfpsacrypto.pc`, is also provided. +Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. + +#### Using Mbed TLS as an installed library + +The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +The cryptography library is also now provided as `libtfpsacrypto.`. + +Regarding the headers, the main change is the relocation of some headers to subdirectories called `private`. +These headers are installed primarily to satisfy compiler dependencies. +Others remain for historical reasons and may be cleaned up in later versions of the library. + +We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. +See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. + +Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-PSA-Crypto version and build-time configuration headers. + +### Audience-Specific Notes + +#### Application Developers using a distribution package +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Using the Mbed TLS Crypto pkg-config file. + - Using Mbed TLS as an installed library + +### Developer or package maintainers +If you build or distribute Mbed TLS: +- The build system is now CMake only, Makefiles and Visual Studio projects are removed. +- You may need to adapt packaging scripts to handle the TF-PSA-Crypto submodule. +- You should update submodules recursively after checkout. +- Review [File and directory relocations](#file-and-directory-relocations) for updated paths. +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Using the Mbed TLS Crypto pkg-config file (`mbedcrypto.pc` or `tfpsacrypto.pc`). + - Using Mbed TLS as an installed library +- Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). + +### Platform Integrators +If you integrate Mbed TLS with a platform or hardware drivers: +- TF-PSA-Crypto is now a submodule, update integration scripts to initialize submodules recursively. +- The PSA driver wrapper is now generated in TF-PSA-Crypto. +- Platform-specific configuration are now handled in `crypto_config.h`. +- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. +## Compile-time configuration + +### Configuration file split + +All configuration options that are relevant to TF-PSA-Crypto must now be configured in one of its configuration files, namely: + +* `TF_PSA_CRYPTO_CONFIG_FILE`, if set on the preprocessor command line; +* otherwise ``; +* additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. + +Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, plus `MBEDTLS_USER_CONFIG_FILE` if it is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. + +Generally speaking, the options that must be configured in TF-PSA-Crypto are: + +* options related to platform settings; +* options related to the choice of cryptographic mechanisms included in the build; +* options related to the inner workings of cryptographic mechanisms, such as size/memory/performance compromises; +* options related to crypto-adjacent features, such as ASN.1 and Base64. + +See `include/psa/crypto_config.h` in TF-PSA-Crypto and `include/mbedtls/mbedtls_config.h` in Mbed TLS for details. + +Notably, `` is no longer limited to `PSA_WANT_xxx` options. + +Note that many options related to cryptography have changed; see the TF-PSA-Crypto migration guide for details. + +### Split of `build_info.h` and `version.h` + +The header file ``, which includes the configuration file and provides the adjusted configuration macros, now has an similar file `` in TF-PSA-Crypto. The Mbed TLS header includes the TF-PSA-Crypto header, so including `` remains sufficient to obtain information about the crypto configuration. + +TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. + +### Removal of `check_config.h` + +The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. + +### Changes to TLS options + +#### Enabling null cipher suites + +The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTLS_CIPHER_NULL_CIPHER` to `MBEDTLS_SSL_NULL_CIPHERSUITES`. It remains disabled in the default configuration. + +#### Removal of backward compatibility options + +The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. +## PSA as the only cryptography API + +The PSA API is now the only API for cryptographic primitives. + +### Impact on application code + +The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. + +`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. + +A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. + +### No random generator instantiation + +Formerly, applications using TLS, asymmetric cryptography operations involving a private key, or other features needing random numbers, needed to provide a random generator, generally by instantiating an entropy context (`mbedtls_entropy_context`) and a DRBG context (`mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`). This is no longer necessary, or possible. All features that require a random generator (RNG) now use the one provided by the PSA subsystem. + +Instead, applications that use random generators or keys (even public keys) need to call `psa_crypto_init()` before any cryptographic operation or key management operation. + +See also [function prototype changes](#function-prototype-changes), many of which are related to the move from RNG callbacks to a global RNG. + +### Impact on the library configuration + +Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. +## Private declarations + +Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. + +### Understanding private declarations in public headers + +In Mbed TLS 4.x, private elements in header files include: + +* Anything appearing in a header file whose path contains `/private` (unless re-exported and documented in another non-private header). +* Structure and union fields declared with `MBEDTLS_PRIVATE(field_name)` in the source code, and appearing as `private_field_name` in the rendered documentation. (This was already the case since Mbed TLS 3.0.) +* Any preprocessor macro that is not documented with a Doxygen comment. + In the source code, Doxygen comments start with `/**` or `/*!`. If a macro only has a comment above that starts with `/*`, the macro is considered private. + In the rendered documentation, private macros appear with only an automatically rendered parameter list, value and location, but no custom text. +* Any declaration that is guarded by the preprocessor macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`. + +### Usage of private declarations + +Some private declarations are present in public headers for technical reasons, because they need to be visible to the compiler. Others are present for historical reasons and may be cleaned up in later versions of the library. We strongly recommend against relying on these declarations, since they may be removed or may have their semantics changed without notice. + +Note that Mbed TLS 4.0 still relies on some private interfaces of TF-PSA-Crypto 1.0. We expect to remove this reliance gradually in future minor releases. + +Sample programs have not been fully updated yet and some of them might still +use APIs that are no longer public. You can recognize them by the fact that they +define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or +`MBEDTLS_ALLOW_PRIVATE_ACCESS`) at the very top (before including headers). When +you see one of these two macros in a sample program, be aware it has not been +updated and parts of it do not demonstrate current practice. + +We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or +`MBEDTLS_ALLOW_PRIVATE_ACCESS` in your own application. If you do so, your code +may not compile or work with future minor releases. If there's something you +want to do that you feel can only be achieved by using one of these two macros, +please reach out on github or the mailing list. +## Error codes + +### Unified error code space + +The convention still applies that functions return 0 for success and a negative value between -32767 and -1 on error. PSA functions (`psa_xxx()` or `mbedtls_psa_xxx()`) still return a `PSA_ERROR_xxx` error codes. Non-PSA functions (`mbedtls_xxx()` excluding `mbedtls_psa_xxx()`) can return either `PSA_ERROR_xxx` or `MBEDTLS_ERR_xxx` error codes. + +There may be cases where an `MBEDTLS_ERR_xxx` constant has the same numerical value as a `PSA_ERROR_xxx`. In such cases, they have the same meaning: they are different names for the same error condition. + +### Simplified legacy error codes + +All values returned by a function to indicate an error now have a defined constant named `MBEDTLS_ERR_xxx` or `PSA_ERROR_xxx`. Functions no longer return the sum of a “low-level” and a “high-level” error code. + +Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. + +As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_level_strerr()` no longer exist. + +### Removed error code names + +Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. + +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +|-----------------------------------------|---------------------------------| +| `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | +| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | + +See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. +## Removal of deprecated functions + +### Removal of deprecated X.509 functions + +The deprecated function `mbedtls_x509write_crt_set_serial()` has been removed. The function was superseded by `mbedtls_x509write_crt_set_serial_raw()`. + +### Removal of deprecated SSL functions + +The deprecated function `mbedtls_ssl_conf_curves()` has been removed. +The function was superseded by `mbedtls_ssl_conf_groups()`. + +### Removal of `compat-2.x.h` + +The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. +## Removed features + +### Removal of obsolete key exchanges methods in (D)TLS 1.2 + +Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. + +Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). + +That is, the following key exchange types are no longer supported: + +* RSA-PSK; +* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); +* DHE-PSK (except in TLS 1.3); +* DHE-RSA (except in TLS 1.3). +* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported). + +The full list of removed cipher suites is: + +``` +TLS-DHE-PSK-WITH-AES-128-CBC-SHA +TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 +TLS-DHE-PSK-WITH-AES-128-CCM +TLS-DHE-PSK-WITH-AES-128-CCM-8 +TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 +TLS-DHE-PSK-WITH-AES-256-CBC-SHA +TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 +TLS-DHE-PSK-WITH-AES-256-CCM +TLS-DHE-PSK-WITH-AES-256-CCM-8 +TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 +TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA +TLS-DHE-PSK-WITH-NULL-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA384 +TLS-DHE-RSA-WITH-AES-128-CBC-SHA +TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-128-CCM +TLS-DHE-RSA-WITH-AES-128-CCM-8 +TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 +TLS-DHE-RSA-WITH-AES-256-CBC-SHA +TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-256-CCM +TLS-DHE-RSA-WITH-AES-256-CCM-8 +TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 +TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-NULL-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-NULL-SHA +TLS-RSA-PSK-WITH-AES-128-CBC-SHA +TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 +TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 +TLS-RSA-PSK-WITH-AES-256-CBC-SHA +TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 +TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 +TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA +TLS-RSA-PSK-WITH-NULL-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA384 +TLS-RSA-WITH-AES-128-CBC-SHA +TLS-RSA-WITH-AES-128-CBC-SHA256 +TLS-RSA-WITH-AES-128-CCM +TLS-RSA-WITH-AES-128-CCM-8 +TLS-RSA-WITH-AES-128-GCM-SHA256 +TLS-RSA-WITH-AES-256-CBC-SHA +TLS-RSA-WITH-AES-256-CBC-SHA256 +TLS-RSA-WITH-AES-256-CCM +TLS-RSA-WITH-AES-256-CCM-8 +TLS-RSA-WITH-AES-256-GCM-SHA384 +TLS-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-WITH-NULL-MD5 +TLS-RSA-WITH-NULL-SHA +TLS-RSA-WITH-NULL-SHA256 +``` + +As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: + +``` +mbedtls_ssl_conf_dh_param_bin() +mbedtls_ssl_conf_dh_param_ctx() +mbedtls_ssl_conf_dhm_min_bitlen() +``` + +### Removal of elliptic curves + +Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS. + +### Removal of deprecated functions + +The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. + +The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. +## Function prototype changes + +A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. + +### Public functions no longer take a RNG callback + +Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. + +### RNG removal in X.509 + +The following function prototypes have been changed in `mbedtls/x509_crt.h`: + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); + +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); + +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +The following function prototypes have been changed in `mbedtls/x509_csr.h`: +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); + +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); + +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); +``` + +### RNG removal in SSL + +The following function prototype has been changed in `mbedtls/ssl_cookie.h`: + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); +``` + +### Removal of `mbedtls_ssl_conf_rng` + +`mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. + +### Changes to mbedtls_ssl_ticket_setup + +In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments. + +The prototype in `mbedtls/ssl_ticket.h` has changed from + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + mbedtls_f_rng_t *f_rng, void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime); +``` + +to + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, + uint32_t lifetime); +``` +## OID module + +The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. + +Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_()` and `mbedtls_oid_get_oid_by_()`). + +The header `` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509. diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md deleted file mode 100644 index 25bddf44f9..0000000000 --- a/docs/4.0-migration-guide/configuration.md +++ /dev/null @@ -1,44 +0,0 @@ -## Compile-time configuration - -### Configuration file split - -All configuration options that are relevant to TF-PSA-Crypto must now be configured in one of its configuration files, namely: - -* `TF_PSA_CRYPTO_CONFIG_FILE`, if set on the preprocessor command line; -* otherwise ``; -* additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. - -Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, plus `MBEDTLS_USER_CONFIG_FILE` if it is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. - -Generally speaking, the options that must be configured in TF-PSA-Crypto are: - -* options related to platform settings; -* options related to the choice of cryptographic mechanisms included in the build; -* options related to the inner workings of cryptographic mechanisms, such as size/memory/performance compromises; -* options related to crypto-adjacent features, such as ASN.1 and Base64. - -See `include/psa/crypto_config.h` in TF-PSA-Crypto and `include/mbedtls/mbedtls_config.h` in Mbed TLS for details. - -Notably, `` is no longer limited to `PSA_WANT_xxx` options. - -Note that many options related to cryptography have changed; see the TF-PSA-Crypto migration guide for details. - -### Split of `build_info.h` and `version.h` - -The header file ``, which includes the configuration file and provides the adjusted configuration macros, now has an similar file `` in TF-PSA-Crypto. The Mbed TLS header includes the TF-PSA-Crypto header, so including `` remains sufficient to obtain information about the crypto configuration. - -TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. - -### Removal of `check_config.h` - -The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. - -### Changes to TLS options - -#### Enabling null cipher suites - -The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTLS_CIPHER_NULL_CIPHER` to `MBEDTLS_SSL_NULL_CIPHERSUITES`. It remains disabled in the default configuration. - -#### Removal of backward compatibility options - -The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. diff --git a/docs/4.0-migration-guide/deprecated-removals.md b/docs/4.0-migration-guide/deprecated-removals.md deleted file mode 100644 index e74b1adc10..0000000000 --- a/docs/4.0-migration-guide/deprecated-removals.md +++ /dev/null @@ -1,14 +0,0 @@ -## Removal of deprecated functions - -### Removal of deprecated X.509 functions - -The deprecated function `mbedtls_x509write_crt_set_serial()` has been removed. The function was superseded by `mbedtls_x509write_crt_set_serial_raw()`. - -### Removal of deprecated SSL functions - -The deprecated function `mbedtls_ssl_conf_curves()` has been removed. -The function was superseded by `mbedtls_ssl_conf_groups()`. - -### Removal of `compat-2.x.h` - -The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md deleted file mode 100644 index a2744679e0..0000000000 --- a/docs/4.0-migration-guide/error-codes.md +++ /dev/null @@ -1,37 +0,0 @@ -## Error codes - -### Unified error code space - -The convention still applies that functions return 0 for success and a negative value between -32767 and -1 on error. PSA functions (`psa_xxx()` or `mbedtls_psa_xxx()`) still return a `PSA_ERROR_xxx` error codes. Non-PSA functions (`mbedtls_xxx()` excluding `mbedtls_psa_xxx()`) can return either `PSA_ERROR_xxx` or `MBEDTLS_ERR_xxx` error codes. - -There may be cases where an `MBEDTLS_ERR_xxx` constant has the same numerical value as a `PSA_ERROR_xxx`. In such cases, they have the same meaning: they are different names for the same error condition. - -### Simplified legacy error codes - -All values returned by a function to indicate an error now have a defined constant named `MBEDTLS_ERR_xxx` or `PSA_ERROR_xxx`. Functions no longer return the sum of a “low-level” and a “high-level” error code. - -Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. - -As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_level_strerr()` no longer exist. - -### Removed error code names - -Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. - -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | -|-----------------------------------------|---------------------------------| -| `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | -| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | -| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL` | `PSA_ERROR_INVALID_SIGNATURE` | -| `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | - -See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md deleted file mode 100644 index b958f864fc..0000000000 --- a/docs/4.0-migration-guide/feature-removals.md +++ /dev/null @@ -1,152 +0,0 @@ -## Removed features - -### Removal of obsolete key exchanges methods in (D)TLS 1.2 - -Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. - -Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). - -That is, the following key exchange types are no longer supported: - -* RSA-PSK; -* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); -* DHE-PSK (except in TLS 1.3); -* DHE-RSA (except in TLS 1.3). -* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported). - -The full list of removed cipher suites is: - -``` -TLS-DHE-PSK-WITH-AES-128-CBC-SHA -TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 -TLS-DHE-PSK-WITH-AES-128-CCM -TLS-DHE-PSK-WITH-AES-128-CCM-8 -TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 -TLS-DHE-PSK-WITH-AES-256-CBC-SHA -TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 -TLS-DHE-PSK-WITH-AES-256-CCM -TLS-DHE-PSK-WITH-AES-256-CCM-8 -TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 -TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 -TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 -TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 -TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 -TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 -TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 -TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 -TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 -TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 -TLS-DHE-PSK-WITH-NULL-SHA -TLS-DHE-PSK-WITH-NULL-SHA256 -TLS-DHE-PSK-WITH-NULL-SHA384 -TLS-DHE-RSA-WITH-AES-128-CBC-SHA -TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 -TLS-DHE-RSA-WITH-AES-128-CCM -TLS-DHE-RSA-WITH-AES-128-CCM-8 -TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 -TLS-DHE-RSA-WITH-AES-256-CBC-SHA -TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 -TLS-DHE-RSA-WITH-AES-256-CCM -TLS-DHE-RSA-WITH-AES-256-CCM-8 -TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 -TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA -TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA -TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-NULL-SHA -TLS-ECDH-RSA-WITH-AES-128-CBC-SHA -TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-AES-256-CBC-SHA -TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-NULL-SHA -TLS-RSA-PSK-WITH-AES-128-CBC-SHA -TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 -TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 -TLS-RSA-PSK-WITH-AES-256-CBC-SHA -TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 -TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 -TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 -TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 -TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 -TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 -TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 -TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 -TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 -TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 -TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 -TLS-RSA-PSK-WITH-NULL-SHA -TLS-RSA-PSK-WITH-NULL-SHA256 -TLS-RSA-PSK-WITH-NULL-SHA384 -TLS-RSA-WITH-AES-128-CBC-SHA -TLS-RSA-WITH-AES-128-CBC-SHA256 -TLS-RSA-WITH-AES-128-CCM -TLS-RSA-WITH-AES-128-CCM-8 -TLS-RSA-WITH-AES-128-GCM-SHA256 -TLS-RSA-WITH-AES-256-CBC-SHA -TLS-RSA-WITH-AES-256-CBC-SHA256 -TLS-RSA-WITH-AES-256-CCM -TLS-RSA-WITH-AES-256-CCM-8 -TLS-RSA-WITH-AES-256-GCM-SHA384 -TLS-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-RSA-WITH-CAMELLIA-128-CBC-SHA -TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-RSA-WITH-CAMELLIA-256-CBC-SHA -TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 -TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-RSA-WITH-NULL-MD5 -TLS-RSA-WITH-NULL-SHA -TLS-RSA-WITH-NULL-SHA256 -``` - -As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: - -``` -mbedtls_ssl_conf_dh_param_bin() -mbedtls_ssl_conf_dh_param_ctx() -mbedtls_ssl_conf_dhm_min_bitlen() -``` - -### Removal of elliptic curves - -Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS. - -### Removal of deprecated functions - -The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. - -The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. diff --git a/docs/4.0-migration-guide/function-prototype-changes.md b/docs/4.0-migration-guide/function-prototype-changes.md deleted file mode 100644 index 52e37c7286..0000000000 --- a/docs/4.0-migration-guide/function-prototype-changes.md +++ /dev/null @@ -1,89 +0,0 @@ -## Function prototype changes - -A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. - -### Public functions no longer take a RNG callback - -Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. - -### RNG removal in X.509 - -The following function prototypes have been changed in `mbedtls/x509_crt.h`: - -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); - -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -``` - -The following function prototypes have been changed in `mbedtls/x509_csr.h`: -```c -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); - -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); -``` - -### RNG removal in SSL - -The following function prototype has been changed in `mbedtls/ssl_cookie.h`: - -```c -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); -``` - -### Removal of `mbedtls_ssl_conf_rng` - -`mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. - -### Changes to mbedtls_ssl_ticket_setup - -In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments. - -The prototype in `mbedtls/ssl_ticket.h` has changed from - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - mbedtls_f_rng_t *f_rng, void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime); -``` - -to - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, - uint32_t lifetime); -``` diff --git a/docs/4.0-migration-guide/oid.md b/docs/4.0-migration-guide/oid.md deleted file mode 100644 index 875f062155..0000000000 --- a/docs/4.0-migration-guide/oid.md +++ /dev/null @@ -1,7 +0,0 @@ -## OID module - -The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. - -Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_()` and `mbedtls_oid_get_oid_by_()`). - -The header `` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509. diff --git a/docs/4.0-migration-guide/private-decls.md b/docs/4.0-migration-guide/private-decls.md deleted file mode 100644 index ff974746c5..0000000000 --- a/docs/4.0-migration-guide/private-decls.md +++ /dev/null @@ -1,33 +0,0 @@ -## Private declarations - -Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. - -### Understanding private declarations in public headers - -In Mbed TLS 4.x, private elements in header files include: - -* Anything appearing in a header file whose path contains `/private` (unless re-exported and documented in another non-private header). -* Structure and union fields declared with `MBEDTLS_PRIVATE(field_name)` in the source code, and appearing as `private_field_name` in the rendered documentation. (This was already the case since Mbed TLS 3.0.) -* Any preprocessor macro that is not documented with a Doxygen comment. - In the source code, Doxygen comments start with `/**` or `/*!`. If a macro only has a comment above that starts with `/*`, the macro is considered private. - In the rendered documentation, private macros appear with only an automatically rendered parameter list, value and location, but no custom text. -* Any declaration that is guarded by the preprocessor macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`. - -### Usage of private declarations - -Some private declarations are present in public headers for technical reasons, because they need to be visible to the compiler. Others are present for historical reasons and may be cleaned up in later versions of the library. We strongly recommend against relying on these declarations, since they may be removed or may have their semantics changed without notice. - -Note that Mbed TLS 4.0 still relies on some private interfaces of TF-PSA-Crypto 1.0. We expect to remove this reliance gradually in future minor releases. - -Sample programs have not been fully updated yet and some of them might still -use APIs that are no longer public. You can recognize them by the fact that they -define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or -`MBEDTLS_ALLOW_PRIVATE_ACCESS`) at the very top (before including headers). When -you see one of these two macros in a sample program, be aware it has not been -updated and parts of it do not demonstrate current practice. - -We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or -`MBEDTLS_ALLOW_PRIVATE_ACCESS` in your own application. If you do so, your code -may not compile or work with future minor releases. If there's something you -want to do that you feel can only be achieved by using one of these two macros, -please reach out on github or the mailing list. diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md deleted file mode 100644 index 7d7bfee193..0000000000 --- a/docs/4.0-migration-guide/psa-only.md +++ /dev/null @@ -1,23 +0,0 @@ -## PSA as the only cryptography API - -The PSA API is now the only API for cryptographic primitives. - -### Impact on application code - -The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. - -`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. - -A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. - -### No random generator instantiation - -Formerly, applications using TLS, asymmetric cryptography operations involving a private key, or other features needing random numbers, needed to provide a random generator, generally by instantiating an entropy context (`mbedtls_entropy_context`) and a DRBG context (`mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`). This is no longer necessary, or possible. All features that require a random generator (RNG) now use the one provided by the PSA subsystem. - -Instead, applications that use random generators or keys (even public keys) need to call `psa_crypto_init()` before any cryptographic operation or key management operation. - -See also [function prototype changes](#function-prototype-changes), many of which are related to the move from RNG callbacks to a global RNG. - -### Impact on the library configuration - -Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md deleted file mode 100644 index 5ad741855b..0000000000 --- a/docs/4.0-migration-guide/repo-split.md +++ /dev/null @@ -1,200 +0,0 @@ -## CMake as the only build system -Mbed TLS now uses CMake exclusively to configure and drive its build process. -Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. - -The previous `.sln` and `.vcxproj` files are no longer distributed or generated. - -See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. -If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. - -### Translating Make commands to CMake - -With the removal of GNU Make support, all build, test, and installation operations must now be performed using CMake. -This section provides a quick reference for translating common `make` commands into their CMake equivalents. - -#### Basic build workflow - -Run `cmake -S . -B build` once before building to configure the build and generate native build files (e.g., Makefiles) in the `build` directory. -This sets up an out-of-tree build, which is recommended. - -| Make command | CMake equivalent | Description | -|----------------|------------------------------------------------|--------------------------------------------------------------------| -| `make` | `cmake --build build` | Build the libraries, programs, and tests in the `build` directory. | -| `make test` | `ctest --test-dir build` | Run the tests produced by the previous build. | -| `make clean` | `cmake --build build --target clean` | Remove build artifacts produced by the previous build. | -| `make install` | `cmake --install build --prefix build/install` | Install the built libraries, headers, and tests to `build/install`. | - -#### Building specific targets - -Unless otherwise specified, the CMake command in the table below should be preceded by a `cmake -S . -B build` call to configure the build and generate build files in the `build` directory. - -| Make command | CMake equivalent | Description | -|-----------------|---------------------------------------------------------------------|---------------------------| -| `make lib` | `cmake --build build --target lib` | Build only the libraries. | -| `make tests` | `cmake -S . -B build -DENABLE_PROGRAMS=Off && cmake --build build` | Build test suites. | -| `make programs` | `cmake --build build --target programs` | Build example programs. | -| `make apidoc` | `cmake --build build --target mbedtls-apidoc` | Build documentation. | - -Target names may differ slightly; use `cmake --build build --target help` to list all available CMake targets. - -There is no CMake equivalent for `make generated_files` or `make neat`. -Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. -If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. - -There is currently no equivalent for `make uninstall` in the Mbed TLS CMake build system. - -#### Common build options - -The following table illustrates the approximate CMake equivalents of common make commands. -Most CMake examples show only the configuration step, others (like installation) correspond to different stages of the build process. - -| Make usage | CMake usage | Description | -|----------------------------|-------------------------------------------------------|----------------------| -| `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | -| `make SHARED=1` | `cmake -S . -B build -DUSE_SHARED_MBEDTLS_LIBRARY=On` | Also build shared libraries. | -| `make GEN_FILES=""` | `cmake -S . -B build -DGEN_FILES=OFF` | Skip generating files (not a strict equivalent). | -| `make DESTDIR=install_dir` | `cmake --install build --prefix install_dir` | Specify installation path. | -| `make CC=clang` | `cmake -S . -B build -DCMAKE_C_COMPILER=clang` | Set the compiler. | -| `make CFLAGS='-O2 -Wall'` | `cmake -S . -B build -DCMAKE_C_FLAGS="-O2 -Wall"` | Set compiler flags. | - -## Repository split -In Mbed TLS 4.0, the project was split into two repositories: -- [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. -- [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. -Mbed TLS consumes TF-PSA-Crypto as a submodule. -You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the cryptography library. - -### File and directory relocations - -The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. -These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. - -| Original location | New location(s) | Notes | -|-----------------------------------------|--------------------------------------------------------------------------------------|-------| -| `library/*` () | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | -| `include/mbedtls/*` () | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | -| `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | -| `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | - -() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but now contain only TLS and X.509 components. - -### Configuration file split -Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. -See [Compile-time configuration](#compile-time-configuration). - -The header `include/mbedtls/mbedtls_config.h` still exists and now contains only the TLS and X.509 configuration options. - -If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. - -There have been significant changes in the configuration options, primarily affecting cryptography. - -#### Cryptography configuration -- See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). -- See also the following sections in the TF-PSA-Crypto 1.0 migration guide: - - *PSA as the Only Cryptography API* and its sub-section *Impact on the Library Configuration* - - *Random Number Generation Configuration* - -#### TLS configuration -For details about TLS-related changes, see [Changes to TLS options](#changes-to-tls-options). - -### Impact on some usages of the library - -#### Checking out a branch or a tag -After checking out a branch or tag of the Mbed TLS repository, you must now recursively update the submodules, as TF-PSA-Crypto contains itself a nested submodule: -``` -git submodule update --init --recursive -``` - -#### Linking directly to a built library - -The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -These libraries are still located in the `library` directory within the build tree. - -The cryptography libraries are also now provided as `libtfpsacrypto.`, consistent with the naming used in the TF-PSA-Crypto repository. - -You may need to update include paths to the public header files, see [File and Directory Relocations](#file-and-directory-relocations) for details. - -#### Using Mbed TLS as a CMake subproject - -The base name of the libraries are now `tfpsacrypto` (formely `mbedcrypto`), `mbedx509` and `mbedtls`. -As before, these base names are also the names of CMake targets to build each library. -If your CMake scripts reference a cryptography library target, you need to update its name accordingly. - -For example, the following CMake code: -``` -target_link_libraries(mytarget PRIVATE mbedcrypto) -``` -should be updated to: -``` -target_link_libraries(mytarget PRIVATE tfpsacrypto) -``` - -You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: -- `programs/test/cmake_subproject` - -#### Using Mbed TLS as a CMake package - -The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. - -For example, the following CMake code: -``` -find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::mbedcrypto) -``` -should be updated to: -``` -find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::tfpsacrypto) -``` -You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: -- `programs/test/cmake_package` -- `programs/test/cmake_package_install` - -#### Using the Mbed TLS Crypto pkg-config file - -The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. -Internally, it now references the tfpsacrypto library. - -A new pkg-config file, `tfpsacrypto.pc`, is also provided. -Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. - -#### Using Mbed TLS as an installed library - -The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -The cryptography library is also now provided as `libtfpsacrypto.`. - -Regarding the headers, the main change is the relocation of some headers to subdirectories called `private`. -These headers are installed primarily to satisfy compiler dependencies. -Others remain for historical reasons and may be cleaned up in later versions of the library. - -We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. -See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. - -Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-PSA-Crypto version and build-time configuration headers. - -### Audience-Specific Notes - -#### Application Developers using a distribution package -- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - - Linking against the cryptography library or CMake targets. - - Using the Mbed TLS Crypto pkg-config file. - - Using Mbed TLS as an installed library - -### Developer or package maintainers -If you build or distribute Mbed TLS: -- The build system is now CMake only, Makefiles and Visual Studio projects are removed. -- You may need to adapt packaging scripts to handle the TF-PSA-Crypto submodule. -- You should update submodules recursively after checkout. -- Review [File and directory relocations](#file-and-directory-relocations) for updated paths. -- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - - Linking against the cryptography library or CMake targets. - - Using the Mbed TLS Crypto pkg-config file (`mbedcrypto.pc` or `tfpsacrypto.pc`). - - Using Mbed TLS as an installed library -- Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). - -### Platform Integrators -If you integrate Mbed TLS with a platform or hardware drivers: -- TF-PSA-Crypto is now a submodule, update integration scripts to initialize submodules recursively. -- The PSA driver wrapper is now generated in TF-PSA-Crypto. -- Platform-specific configuration are now handled in `crypto_config.h`. -- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. From 2c0cb9926a979cfc6e97f33d4eca9a8259e10305 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:56:21 +0200 Subject: [PATCH 1016/1080] Add short introduction Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 83ec90ca92..040194b478 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -1,3 +1,16 @@ +# Migrating from Mbed TLS 3.x to TF-PSA-Crypto 1.0 + +This guide details the steps required to migrate from Mbed TLS version 2.x to Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 3.0. + +Here's the list of breaking changes; each entry should help you answer these two questions: (1) am I affected? (2) if yes, what's my migration path? + +- Mbed TLS has been split between two products: TF-PSA-Crypto for cryptography, and Mbed TLS for X.509 and (D)TLS. +- CMake is now the only supported build system. +- The cryptography API is now mostly the PSA API: most legacy cryptography APIs have been removed. This has led to adaptations in some X.509 and TLS APIs, notably because the library always uses the PSA random generator. +- Various deprecated or minor functionality has been removed. + +Please consult the [TF-PSA-Crypto migration guide](../tf-psa-crypto/docs/1.0-migration-guide.md) for all information related to the crytography part of the library. + ## CMake as the only build system Mbed TLS now uses CMake exclusively to configure and drive its build process. Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. @@ -248,7 +261,7 @@ The PSA API is now the only API for cryptographic primitives. ### Impact on application code -The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. +The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. `psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. From 66719098b872da4cb25728cd29ea11410155bbb0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:51:17 +0200 Subject: [PATCH 1017/1080] Ensure there is a blank line before headers (markdown portability) Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 040194b478..16328ad028 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -211,6 +211,7 @@ If you integrate Mbed TLS with a platform or hardware drivers: - The PSA driver wrapper is now generated in TF-PSA-Crypto. - Platform-specific configuration are now handled in `crypto_config.h`. - See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. + ## Compile-time configuration ### Configuration file split @@ -255,6 +256,7 @@ The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTL #### Removal of backward compatibility options The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. + ## PSA as the only cryptography API The PSA API is now the only API for cryptographic primitives. @@ -278,6 +280,7 @@ See also [function prototype changes](#function-prototype-changes), many of whic ### Impact on the library configuration Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. + ## Private declarations Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. @@ -311,6 +314,7 @@ We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or may not compile or work with future minor releases. If there's something you want to do that you feel can only be achieved by using one of these two macros, please reach out on github or the mailing list. + ## Error codes ### Unified error code space @@ -348,6 +352,7 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally | `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. + ## Removal of deprecated functions ### Removal of deprecated X.509 functions @@ -362,6 +367,7 @@ The function was superseded by `mbedtls_ssl_conf_groups()`. ### Removal of `compat-2.x.h` The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. + ## Removed features ### Removal of obsolete key exchanges methods in (D)TLS 1.2 @@ -514,6 +520,7 @@ Following their removal from the crypto library, elliptic curves of less than 25 The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. + ## Function prototype changes A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. @@ -603,6 +610,7 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); ``` + ## OID module The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. From d83c476f3b9d38890b86b2d3daee1fcf54e851a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 16:36:42 +0200 Subject: [PATCH 1018/1080] Fix copypasta Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 16328ad028..fa7732b8c6 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -1,6 +1,6 @@ # Migrating from Mbed TLS 3.x to TF-PSA-Crypto 1.0 -This guide details the steps required to migrate from Mbed TLS version 2.x to Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 3.0. +This guide details the steps required to migrate from Mbed TLS version 3.x to Mbed TLS version 4.0 or greater. Unlike normal releases, Mbed TLS 4.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 4.0. Here's the list of breaking changes; each entry should help you answer these two questions: (1) am I affected? (2) if yes, what's my migration path? From 75a36bd9cdffc4778d2ef70c3ee44cd4aca973a3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 17:45:33 +0200 Subject: [PATCH 1019/1080] Fix copypasta in title Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index fa7732b8c6..ec4b8c9b8c 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -1,4 +1,4 @@ -# Migrating from Mbed TLS 3.x to TF-PSA-Crypto 1.0 +# Migrating from Mbed TLS 3.x to Mbed TLS 4.0 This guide details the steps required to migrate from Mbed TLS version 3.x to Mbed TLS version 4.0 or greater. Unlike normal releases, Mbed TLS 4.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 4.0. From fa4e9461bd43866939f627ca6c4451df42575020 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 17:54:00 +0200 Subject: [PATCH 1020/1080] Add sentence that was in 3.0 and is in TF-PSA-Crypto 1.0 Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index ec4b8c9b8c..9b4768a3a1 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -4,6 +4,8 @@ This guide details the steps required to migrate from Mbed TLS version 3.x to Mb Here's the list of breaking changes; each entry should help you answer these two questions: (1) am I affected? (2) if yes, what's my migration path? +The changes are detailed below. Here is a summary of the main points: + - Mbed TLS has been split between two products: TF-PSA-Crypto for cryptography, and Mbed TLS for X.509 and (D)TLS. - CMake is now the only supported build system. - The cryptography API is now mostly the PSA API: most legacy cryptography APIs have been removed. This has led to adaptations in some X.509 and TLS APIs, notably because the library always uses the PSA random generator. From 65c29f07c7931cd97ad23ea7a664b6fed5f7b93c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:44:26 +0100 Subject: [PATCH 1021/1080] Updated framework submodule Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d80c4f9ec3..4579964747 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d80c4f9ec3a01c001778658023f82e40fdb51d40 +Subproject commit 457996474728cb8e968ed21953b72f74d2f536b2 From 0ff335d715540a164c906a58f850f00c79627b51 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 15:17:44 +0100 Subject: [PATCH 1022/1080] Remove uses of mbedtls_pk_verify_new Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7675f95e37..91f500294f 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1995,7 +1995,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e88c00a564..748efb4815 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,13 +300,13 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new(sig_alg, + if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { return 0; } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_new", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); error: /* RFC 8446 section 4.4.3 From 21cd2ddb1e7cd89f01abe9dc426ef2584a1df8bf Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:44:44 +0100 Subject: [PATCH 1023/1080] Updated tf psa-crypto submodule Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index cf4c26de94..76920edddc 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit cf4c26de948e8bfe6566dd8b78299df4b627127d +Subproject commit 76920edddcad00ac41b248e12d937b845df7bedb From e5862c04940b07a7c4f871e63715fcce00bf14a3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:52:07 +0100 Subject: [PATCH 1024/1080] Removed Beta Changelog Signed-off-by: Minos Galanakis --- ChangeLog | 325 ------------------------------------------------------ 1 file changed, 325 deletions(-) diff --git a/ChangeLog b/ChangeLog index 912a1786b7..1c48958e39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,330 +1,5 @@ Mbed TLS ChangeLog (Sorted per branch, date) -= Mbed TLS 4.0.0-beta branch released 2025-07-04 - -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() have been replaced by - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. - * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to - specify the AEAD for ticket protection. - * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() - functions can now return PSA_ERROR_xxx values. - There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes. - This will not affect most applications since the error values are - between -32767 and -1 as before. - * All API functions now use the PSA random generator psa_generate_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - tf-psa-crypto/docs/4.0-migration-guide.md. - -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. - * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. - * The `PSA_WANT_XXX` symbols as defined in - tf-psa-crypto/include/psa/crypto_config.h are now always used in the - configuration of the cryptographic mechanisms exposed by the PSA API. - This corresponds to the configuration behavior of Mbed TLS 3.x when - MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG - is now always enabled and the configuration option has been removed. - * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, - mbedtls_ssl_handshake() now fails with - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if certificate-based authentication of the server is attempted. - This is because authenticating a server without knowing what name - to expect is usually insecure. - -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. - * Remove support for the RSA-PSK key exchange in TLS 1.2. - * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseded by - mbedtls_x509write_crt_set_serial_raw(). - * Remove the function mbedtls_ssl_conf_curves() which had been deprecated - in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. - * Remove support for the DHE-PSK key exchange in TLS 1.2. - * Remove support for the DHE-RSA key exchange in TLS 1.2. - * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the - following SSL functions are removed: - - mbedtls_ssl_conf_dh_param_bin - - mbedtls_ssl_conf_dh_param_ctx - - mbedtls_ssl_conf_dhm_min_bitlen - * Remove support for the RSA key exchange in TLS 1.2. - * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), - since these concepts no longer exists. There is just mbedtls_strerror(). - * Sample programs for the legacy crypto API have been removed. - pkey/rsa_genkey.c - pkey/pk_decrypt.c - pkey/dh_genprime.c - pkey/rsa_verify.c - pkey/mpi_demo.c - pkey/rsa_decrypt.c - pkey/key_app.c - pkey/dh_server.c - pkey/ecdh_curve25519.c - pkey/pk_encrypt.c - pkey/rsa_sign.c - pkey/key_app_writer.c - pkey/dh_client.c - pkey/ecdsa.c - pkey/rsa_encrypt.c - wince_main.c - aes/crypt_and_hash.c - random/gen_random_ctr_drbg.c - random/gen_entropy.c - hash/md_hmac_demo.c - hash/hello.c - hash/generic_sum.c - cipher/cipher_aead_demo.c - * Remove compat-2-x.h header from mbedtls. - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. - -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - * Add a new psa_key_agreement() PSA API to perform key agreement and return - an identifier for the newly created key. - * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which - uses static storage for keys, enabling malloc-less use of key slots. - The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the - largest PSA key enabled in the build. - * Add an interruptible version of key agreement to the PSA interface. - See psa_key_agreement_iop_setup() and related functions. - * Add an interruptible version of generate key to the PSA interface. - See psa_generate_key_iop_setup() and related functions. - * Add the function mbedtls_ssl_export_keying_material() which allows the - client and server to extract additional shared symmetric keys from an SSL - session, according to the TLS-Exporter specification in RFC 8446 and 5705. - This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in - mbedtls_config.h. - -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. - CVE-2024-45157 - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. - CVE-2024-45158 - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). - CVE-2024-45159 - * Fix a buffer underrun in mbedtls_pk_write_key_der() when - called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, - and the output buffer is smaller than the actual output. - Fix a related buffer underrun in mbedtls_pk_write_key_pem() - when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled - and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. - CVE-2024-49195 - * Note that TLS clients should generally call mbedtls_ssl_set_hostname() - if they use certificate authentication (i.e. not pre-shared keys). - Otherwise, in many scenarios, the server could be impersonated. - The library will now prevent the handshake and return - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if mbedtls_ssl_set_hostname() has not been called. - Reported by Daniel Stenberg. - CVE-2025-27809 - * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed - or there was a cryptographic hardware failure when calculating the - Finished message, it could be calculated incorrectly. This would break - the security guarantees of the TLS handshake. - CVE-2025-27810 - * Fix possible use-after-free or double-free in code calling - mbedtls_x509_string_to_names(). This was caused by the function calling - mbedtls_asn1_free_named_data_list() on its head argument, while the - documentation did no suggest it did, making it likely for callers relying - on the documented behaviour to still hold pointers to memory blocks after - they were free()d, resulting in high risk of use-after-free or double-free, - with consequences ranging up to arbitrary code execution. - In particular, the two sample programs x509/cert_write and x509/cert_req - were affected (use-after-free if the san string contains more than one DN). - Code that does not call mbedtls_string_to_names() directly is not affected. - Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-47917 - * Fix a bug in mbedtls_x509_string_to_names() and the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, - where some inputs would cause an inconsistent state to be reached, causing - a NULL dereference either in the function itself, or in subsequent - users of the output structure, such as mbedtls_x509_write_names(). This - only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-48965 - -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. - * Fix invalid JSON schemas for driver descriptions used by - generate_driver_wrappers.py. - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. - * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or - mbedtls_psa_der_to_raw() is called with bits=0. - * Fix compilation on MS-DOS DJGPP. Fixes #9813. - * Fix missing constraints on the AES-NI inline assembly which is used on - GCC-like compilers when building AES for generic x86_64 targets. This - may have resulted in incorrect code with some compilers, depending on - optimizations. Fixes #9819. - * Support re-assembly of fragmented handshake messages in TLS (both - 1.2 and 1.3). The lack of support was causing handshake failures with - some servers, especially with TLS 1.3 in practice. There are a few - limitations, notably a fragmented ClientHello is only supported when - TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_handshake() for details. - * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that - occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013 or MinGW. - Fixes #10017. - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. - -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. - * Improve performance of PSA key generation with ECC keys: it no longer - computes the public key (which was immediately discarded). Fixes #9732. - * Cryptography and platform configuration options have been migrated - from the Mbed TLS library configuration file mbedtls_config.h to - crypto_config.h that will become the TF-PSA-Crypto configuration file, - see config-split.md for more information. The reference and test custom - configuration files respectively in configs/ and tests/configs/ have - been updated accordingly. - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them - to the PSA configuration scheme based on PSA_WANT_XXX symbols - (see psa-conditional-inclusion-c.md for more information). - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the - cryptographic and platform configuration options from mbedtls_config.h - to crypto_config.h (see config-split.md for more information and configs/ - for examples). - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. - * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This makes it likely that existing risky uses of - this function (see the entry in the Security section) will be detected and - fixed. - = Mbed TLS 3.6.0 branch released 2024-03-28 API changes From 38181b6d667e579586b775bb7a00f12ee1358699 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:53:21 +0100 Subject: [PATCH 1025/1080] Assemble ChangeLog Signed-off-by: Minos Galanakis --- ChangeLog | 256 ++++++++++++++++++ ChangeLog.d/10285.txt | 3 - ChangeLog.d/9684.txt | 2 - ChangeLog.d/9685.txt | 2 - ChangeLog.d/9874.txt | 5 - ChangeLog.d/9892.txt | 5 - ChangeLog.d/9956.txt | 6 - ChangeLog.d/9964.txt | 26 -- ChangeLog.d/add-tls-exporter.txt | 6 - ChangeLog.d/check_config.txt | 5 - ChangeLog.d/error-unification.txt | 12 - ChangeLog.d/fix-asn1-store-named-data.txt | 8 - .../fix-clang-psa-build-without-dhm.txt | 5 - ...ion-when-memcpy-is-function-like-macro.txt | 2 - ChangeLog.d/fix-compilation-with-djgpp.txt | 2 - .../fix-dependency-on-generated-files.txt | 3 - ChangeLog.d/fix-legacy-compression-issue.txt | 6 - .../fix-msvc-version-guard-format-zu.txt | 5 - ChangeLog.d/fix-server-mode-only-build.txt | 3 - .../fix-string-to-names-memory-management.txt | 19 -- .../fix-string-to-names-store-named-data.txt | 10 - .../fix_reporting_of_key_usage_issues.txt | 12 - ChangeLog.d/make-visualc.txt | 2 - ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt | 4 - .../mbedtls_ssl_conf_alpn_protocols.txt | 4 - ChangeLog.d/mbedtls_ssl_set_hostname.txt | 18 -- ChangeLog.d/oid.txt | 8 - ChangeLog.d/psa-always-on.txt | 11 - ChangeLog.d/removal-of-rng.txt | 6 - ChangeLog.d/remove-compat-2.x.txt | 2 - ChangeLog.d/remove-deprecated-items.txt | 11 - ChangeLog.d/remove_RSA_key_exchange.txt | 2 - ChangeLog.d/remove_mbedtls_pk_type.txt | 3 - .../replace-close-with-mbedtls_net_close.txt | 4 - ChangeLog.d/replace_time_t.txt | 4 - ChangeLog.d/repo-split.txt | 5 - ChangeLog.d/rm-ssl-conf-curves.txt | 4 - ChangeLog.d/runtime-version-interface.txt | 9 - ChangeLog.d/secp256k1-removal.txt | 3 - ...ring-conversions-out-of-the-oid-module.txt | 4 - ChangeLog.d/static-ecdh-removal.txt | 3 - ChangeLog.d/tls-hs-defrag-in.txt | 7 - ChangeLog.d/tls-key-exchange-rsa.txt | 2 - ChangeLog.d/tls12-check-finished-calc.txt | 6 - ChangeLog.d/tls13-cert-regressions.txt | 18 -- .../tls13-middlebox-compat-disabled.txt | 4 - ChangeLog.d/tls13-without-tickets.txt | 3 - ChangeLog.d/unify-errors.txt | 7 - .../unterminated-string-initialization.txt | 3 - ...x509write_crt_set_serial_raw-alignment.txt | 3 - 50 files changed, 256 insertions(+), 307 deletions(-) delete mode 100644 ChangeLog.d/10285.txt delete mode 100644 ChangeLog.d/9684.txt delete mode 100644 ChangeLog.d/9685.txt delete mode 100644 ChangeLog.d/9874.txt delete mode 100644 ChangeLog.d/9892.txt delete mode 100644 ChangeLog.d/9956.txt delete mode 100644 ChangeLog.d/9964.txt delete mode 100644 ChangeLog.d/add-tls-exporter.txt delete mode 100644 ChangeLog.d/check_config.txt delete mode 100644 ChangeLog.d/error-unification.txt delete mode 100644 ChangeLog.d/fix-asn1-store-named-data.txt delete mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt delete mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt delete mode 100644 ChangeLog.d/fix-compilation-with-djgpp.txt delete mode 100644 ChangeLog.d/fix-dependency-on-generated-files.txt delete mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt delete mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt delete mode 100644 ChangeLog.d/fix-server-mode-only-build.txt delete mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt delete mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt delete mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt delete mode 100644 ChangeLog.d/make-visualc.txt delete mode 100644 ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt delete mode 100644 ChangeLog.d/oid.txt delete mode 100644 ChangeLog.d/psa-always-on.txt delete mode 100644 ChangeLog.d/removal-of-rng.txt delete mode 100644 ChangeLog.d/remove-compat-2.x.txt delete mode 100644 ChangeLog.d/remove-deprecated-items.txt delete mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt delete mode 100644 ChangeLog.d/remove_mbedtls_pk_type.txt delete mode 100644 ChangeLog.d/replace-close-with-mbedtls_net_close.txt delete mode 100644 ChangeLog.d/replace_time_t.txt delete mode 100644 ChangeLog.d/repo-split.txt delete mode 100644 ChangeLog.d/rm-ssl-conf-curves.txt delete mode 100644 ChangeLog.d/runtime-version-interface.txt delete mode 100644 ChangeLog.d/secp256k1-removal.txt delete mode 100644 ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt delete mode 100644 ChangeLog.d/static-ecdh-removal.txt delete mode 100644 ChangeLog.d/tls-hs-defrag-in.txt delete mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt delete mode 100644 ChangeLog.d/tls12-check-finished-calc.txt delete mode 100644 ChangeLog.d/tls13-cert-regressions.txt delete mode 100644 ChangeLog.d/tls13-middlebox-compat-disabled.txt delete mode 100644 ChangeLog.d/tls13-without-tickets.txt delete mode 100644 ChangeLog.d/unify-errors.txt delete mode 100644 ChangeLog.d/unterminated-string-initialization.txt delete mode 100644 ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt diff --git a/ChangeLog b/ChangeLog index 1c48958e39..d31ada506f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,261 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 4.0.0 branch released 2025-10-15 + +API changes + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. + * All API functions now use the PSA random generator psa_generate_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + docs/4.0-migration-guide.md. + * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared + as having const elements, reflecting the fact that the library will + not modify it + * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw + function to a const to align with the rest of the API. + * Change the signature of the runtime version information methods that took + a char* as an argument to take zero arguments and return a const char* + instead. This aligns us with the interface used in TF PSA Crypto 1.0. + If you need to support linking against both Mbed TLS 3.x and 4.x, please + use the build-time version macros or mbedtls_version_get_number() to + determine the correct signature for mbedtls_version_get_string() and + mbedtls_version_get_string_full() before calling them. + Fixes issue #10308. + * Make the following error codes aliases of their PSA equivalents, where + xxx is a module, e.g. X509 or SSL. + MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT + MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY + MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL + MBEDTLS_ERR_PKCS7_VERIFY_FAIL -> PSA_ERROR_INVALID_SIGNATURE + * Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables + TLS 1.2 ciphersuites without encryption and is disabled by default. + This new option replaces MBEDTLS_CIPHER_NULL_CIPHER. + +Default behavior changes + * The X.509 and TLS modules now always use the PSA subsystem + to perform cryptographic operations, with a few exceptions documented + in docs/architecture/psa-migration/psa-limitations.md. This + corresponds to the behavior of Mbed TLS 3.x when + MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO + is now always enabled. + * psa_crypto_init() must be called before performing any cryptographic + operation, including indirect requests such as parsing a key or + certificate or starting a TLS handshake. + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Removals + * Remove support for the RSA-PSK key exchange in TLS 1.2. + * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was + already deprecated and superseded by + mbedtls_x509write_crt_set_serial_raw(). + * Remove the function mbedtls_ssl_conf_curves() which had been deprecated + in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. + * Remove support for the DHE-PSK key exchange in TLS 1.2. + * Remove support for the DHE-RSA key exchange in TLS 1.2. + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen + * Remove support for the RSA key exchange in TLS 1.2. + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). + * Sample programs for the legacy crypto API have been removed. + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c + * Remove compat-2-x.h header from mbedtls. + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. + * The header no longer exists. Including it + from a custom config file was no longer needed since Mbed TLS 3.0, + and could lead to spurious errors. The checks that it performed are + now done automatically when building the library. + * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is + removed from TLS. + * Remove mbedtls_pk_type_t from the public interface and replace it with + mbedtls_pk_sigalg_t. + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the + standard version (defined in RFC 9146) of DTLS connection ID is supported. + * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and + the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and + MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and + mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. + Note that the new names of the new constants use the TLS protocol versions, + unlike the old constants whose names are based on internal encodings. + * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() + instead. + * Removed all public key sample programs from the programs/pkey + directory. + * Removed support for TLS 1.2 static ECDH key + exchanges (ECDH-ECDSA and ECDH-RSA). + * Drop support for the GNU Make and Microsoft Visual Studio build systems. + +Features + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. + +Security + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert). + CVE-2024-45159 + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. + CVE-2025-27809 + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-47917 + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 + * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it + would sometimes leave an item in the output list in an inconsistent + state with val.p == NULL but val.len > 0. Affected functions used in X.509 + would then dereference a NULL pointer. Applications that do not + call this function (directly, or indirectly through X.509 writing) are not + affected. Found by Linh Le and Ngan Nguyen from Calif. + +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. + * Fix Clang compilation error when finite-field Diffie-Hellman is disabled. + Reported by Michael Schuster in #9188. + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. + fixes #8995, #9243. + * Fixed a regression introduced in 3.6.0 where the CA callback set with + mbedtls_ssl_conf_ca_cb() would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS + 1.3. + * Fixed a regression introduced in 3.6.0 where clients that relied on + optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() + with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop + working when connections were upgraded to TLS 1.3. Fixed by adding + support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 + standard makes server authentication mandatory; users are advised not to + use authmode none, and to carefully check the results when using optional + mode. + * Fixed a regression introduced in 3.6.0 where context-specific certificate + verify callbacks, set with mbedtls_ssl_set_verify() as opposed to + mbedtls_ssl_conf_verify(), would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for context-specific verify + callback in TLS 1.3. + * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with + peers that have middlebox compatibility enabled, as long as no + problematic middlebox is in the way. Fixes #9551. + * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' + and 'mbedtls_net_connect' to prevent possible double close fd + problems. Fixes #9711. + * Fix compilation on MS-DOS DJGPP. Fixes #9813. + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_handshake() for details. + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013 or MinGW. + Fixes #10017. + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. + * Fix potential CMake parallel build failure when building both the static + and shared libraries. + * Fix a build error or incorrect TLS session + lifetime on platforms where mbedtls_time_t + is not time_t. Fixes #10236. + +Changes + * Functions regarding numeric string conversions for OIDs have been moved + from the OID module and now reside in X.509 module. This helps to reduce + the code size as these functions are not commonly used outside of X.509. + * Move the crypto part of the library (content of tf-psa-crypto directory) + from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and + tests development will now occur in TF-PSA-Crypto, which Mbed TLS + references as a Git submodule. + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This makes it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. + = Mbed TLS 3.6.0 branch released 2024-03-28 API changes diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt deleted file mode 100644 index 2ac05ab90f..0000000000 --- a/ChangeLog.d/10285.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Removed all public key sample programs from the programs/pkey - directory. diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt deleted file mode 100644 index 115ded87a0..0000000000 --- a/ChangeLog.d/9684.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt deleted file mode 100644 index 9820aff759..0000000000 --- a/ChangeLog.d/9685.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt deleted file mode 100644 index a4d2e032ee..0000000000 --- a/ChangeLog.d/9874.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to - specify the AEAD for ticket protection. diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt deleted file mode 100644 index 962bdad823..0000000000 --- a/ChangeLog.d/9892.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseded by - mbedtls_x509write_crt_set_serial_raw(). - diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt deleted file mode 100644 index cea4af1ec6..0000000000 --- a/ChangeLog.d/9956.txt +++ /dev/null @@ -1,6 +0,0 @@ -Removals - * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the - following SSL functions are removed: - - mbedtls_ssl_conf_dh_param_bin - - mbedtls_ssl_conf_dh_param_ctx - - mbedtls_ssl_conf_dhm_min_bitlen diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt deleted file mode 100644 index 189b4c1d0e..0000000000 --- a/ChangeLog.d/9964.txt +++ /dev/null @@ -1,26 +0,0 @@ -Removals - * Sample programs for the legacy crypto API have been removed. - pkey/rsa_genkey.c - pkey/pk_decrypt.c - pkey/dh_genprime.c - pkey/rsa_verify.c - pkey/mpi_demo.c - pkey/rsa_decrypt.c - pkey/key_app.c - pkey/dh_server.c - pkey/ecdh_curve25519.c - pkey/pk_encrypt.c - pkey/rsa_sign.c - pkey/key_app_writer.c - pkey/dh_client.c - pkey/ecdsa.c - pkey/rsa_encrypt.c - wince_main.c - aes/crypt_and_hash.c - random/gen_random_ctr_drbg.c - random/gen_entropy.c - hash/md_hmac_demo.c - hash/hello.c - hash/generic_sum.c - cipher/cipher_aead_demo.c - diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt deleted file mode 100644 index 1aea653e09..0000000000 --- a/ChangeLog.d/add-tls-exporter.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add the function mbedtls_ssl_export_keying_material() which allows the - client and server to extract additional shared symmetric keys from an SSL - session, according to the TLS-Exporter specification in RFC 8446 and 5705. - This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in - mbedtls_config.h. diff --git a/ChangeLog.d/check_config.txt b/ChangeLog.d/check_config.txt deleted file mode 100644 index f9f44a4b85..0000000000 --- a/ChangeLog.d/check_config.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * The header no longer exists. Including it - from a custom config file was no longer needed since Mbed TLS 3.0, - and could lead to spurious errors. The checks that it performed are - now done automatically when building the library. diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt deleted file mode 100644 index 1f8e8af1df..0000000000 --- a/ChangeLog.d/error-unification.txt +++ /dev/null @@ -1,12 +0,0 @@ -API changes - * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() - functions can now return PSA_ERROR_xxx values. - There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes. - This will not affect most applications since the error values are - between -32767 and -1 as before. - -Removals - * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), - since these concepts no longer exists. There is just mbedtls_strerror(). - diff --git a/ChangeLog.d/fix-asn1-store-named-data.txt b/ChangeLog.d/fix-asn1-store-named-data.txt deleted file mode 100644 index 7a040bd43b..0000000000 --- a/ChangeLog.d/fix-asn1-store-named-data.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it - would sometimes leave an item in the output list in an inconsistent - state with val.p == NULL but val.len > 0. Affected functions used in X.509 - would then dereference a NULL pointer. Applications that do not - call this function (directly, or indirectly through X.509 writing) are not - affected. Found by Linh Le and Ngan Nguyen from Calif. - diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt deleted file mode 100644 index 543f4dbf1b..0000000000 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix Clang compilation error when finite-field Diffie-Hellman is disabled. - Reported by Michael Schuster in #9188. - - diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt deleted file mode 100644 index 11e7d25392..0000000000 --- a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt deleted file mode 100644 index 5b79fb69de..0000000000 --- a/ChangeLog.d/fix-compilation-with-djgpp.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation on MS-DOS DJGPP. Fixes #9813. diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt deleted file mode 100644 index 540cf0ded2..0000000000 --- a/ChangeLog.d/fix-dependency-on-generated-files.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix potential CMake parallel build failure when building both the static - and shared libraries. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt deleted file mode 100644 index 2549af8733..0000000000 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt deleted file mode 100644 index eefda618ca..0000000000 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that - occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013 or MinGW. - Fixes #10017. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt deleted file mode 100644 index d1d8341f79..0000000000 --- a/ChangeLog.d/fix-server-mode-only-build.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt deleted file mode 100644 index 6b744a74fb..0000000000 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ /dev/null @@ -1,19 +0,0 @@ -Security - * Fix possible use-after-free or double-free in code calling - mbedtls_x509_string_to_names(). This was caused by the function calling - mbedtls_asn1_free_named_data_list() on its head argument, while the - documentation did no suggest it did, making it likely for callers relying - on the documented behaviour to still hold pointers to memory blocks after - they were free()d, resulting in high risk of use-after-free or double-free, - with consequences ranging up to arbitrary code execution. - In particular, the two sample programs x509/cert_write and x509/cert_req - were affected (use-after-free if the san string contains more than one DN). - Code that does not call mbedtls_string_to_names() directly is not affected. - Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-47917 - -Changes - * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This makes it likely that existing risky uses of - this function (see the entry in the Security section) will be detected and - fixed. diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt deleted file mode 100644 index b088468612..0000000000 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ /dev/null @@ -1,10 +0,0 @@ -Security - * Fix a bug in mbedtls_x509_string_to_names() and the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, - where some inputs would cause an inconsistent state to be reached, causing - a NULL dereference either in the function itself, or in subsequent - users of the output structure, such as mbedtls_x509_write_names(). This - only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-48965 - diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt deleted file mode 100644 index 506f2bdf0e..0000000000 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ /dev/null @@ -1,12 +0,0 @@ -Security - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). - CVE-2024-45159 diff --git a/ChangeLog.d/make-visualc.txt b/ChangeLog.d/make-visualc.txt deleted file mode 100644 index 4b195da54e..0000000000 --- a/ChangeLog.d/make-visualc.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Drop support for the GNU Make and Microsoft Visual Studio build systems. diff --git a/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt b/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt deleted file mode 100644 index a1312d0cb4..0000000000 --- a/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt +++ /dev/null @@ -1,4 +0,0 @@ -API changes - * Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables - TLS 1.2 ciphersuites without encryption and is disabled by default. - This new option replaces MBEDTLS_CIPHER_NULL_CIPHER. diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt deleted file mode 100644 index 0e396bbeff..0000000000 --- a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt +++ /dev/null @@ -1,4 +0,0 @@ -API changes - * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared - as having const elements, reflecting the fact that the library will - not modify it diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt deleted file mode 100644 index 05f375dcb3..0000000000 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ /dev/null @@ -1,18 +0,0 @@ -Default behavior changes - * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, - mbedtls_ssl_handshake() now fails with - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if certificate-based authentication of the server is attempted. - This is because authenticating a server without knowing what name - to expect is usually insecure. - -Security - * Note that TLS clients should generally call mbedtls_ssl_set_hostname() - if they use certificate authentication (i.e. not pre-shared keys). - Otherwise, in many scenarios, the server could be impersonated. - The library will now prevent the handshake and return - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if mbedtls_ssl_set_hostname() has not been called. - Reported by Daniel Stenberg. - CVE-2025-27809 - diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt deleted file mode 100644 index 53828d85b1..0000000000 --- a/ChangeLog.d/oid.txt +++ /dev/null @@ -1,8 +0,0 @@ -Removals - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt deleted file mode 100644 index 6607e9fe40..0000000000 --- a/ChangeLog.d/psa-always-on.txt +++ /dev/null @@ -1,11 +0,0 @@ -Default behavior changes - * The X.509 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. - diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt deleted file mode 100644 index 7ecb29ffb7..0000000000 --- a/ChangeLog.d/removal-of-rng.txt +++ /dev/null @@ -1,6 +0,0 @@ -API changes - * All API functions now use the PSA random generator psa_generate_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - docs/4.0-migration-guide.md. - diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt deleted file mode 100644 index 37f012c217..0000000000 --- a/ChangeLog.d/remove-compat-2.x.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove compat-2-x.h header from mbedtls. diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt deleted file mode 100644 index 855265788e..0000000000 --- a/ChangeLog.d/remove-deprecated-items.txt +++ /dev/null @@ -1,11 +0,0 @@ -Removals - * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the - standard version (defined in RFC 9146) of DTLS connection ID is supported. - * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and - the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and - MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and - mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. - Note that the new names of the new constants use the TLS protocol versions, - unlike the old constants whose names are based on internal encodings. - * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() - instead. diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt deleted file mode 100644 index f9baaf1701..0000000000 --- a/ChangeLog.d/remove_RSA_key_exchange.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt deleted file mode 100644 index 4b33d1e110..0000000000 --- a/ChangeLog.d/remove_mbedtls_pk_type.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Remove mbedtls_pk_type_t from the public interface and replace it with - mbedtls_pk_sigalg_t. diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt deleted file mode 100644 index 213cf55b40..0000000000 --- a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt deleted file mode 100644 index ec0282a9f2..0000000000 --- a/ChangeLog.d/replace_time_t.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a build error or incorrect TLS session - lifetime on platforms where mbedtls_time_t - is not time_t. Fixes #10236. diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt deleted file mode 100644 index f03b5ed7fe..0000000000 --- a/ChangeLog.d/repo-split.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt deleted file mode 100644 index 4b29adc4c9..0000000000 --- a/ChangeLog.d/rm-ssl-conf-curves.txt +++ /dev/null @@ -1,4 +0,0 @@ -Removals - * Remove the function mbedtls_ssl_conf_curves() which had been deprecated - in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. - diff --git a/ChangeLog.d/runtime-version-interface.txt b/ChangeLog.d/runtime-version-interface.txt deleted file mode 100644 index 1cf42665ca..0000000000 --- a/ChangeLog.d/runtime-version-interface.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * Change the signature of the runtime version information methods that took - a char* as an argument to take zero arguments and return a const char* - instead. This aligns us with the interface used in TF PSA Crypto 1.0. - If you need to support linking against both Mbed TLS 3.x and 4.x, please - use the build-time version macros or mbedtls_version_get_number() to - determine the correct signature for mbedtls_version_get_string() and - mbedtls_version_get_string_full() before calling them. - Fixes issue #10308. diff --git a/ChangeLog.d/secp256k1-removal.txt b/ChangeLog.d/secp256k1-removal.txt deleted file mode 100644 index 9933b8e7a9..0000000000 --- a/ChangeLog.d/secp256k1-removal.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is - removed from TLS. diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt deleted file mode 100644 index 938e9eccb6..0000000000 --- a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt deleted file mode 100644 index 94512a21f9..0000000000 --- a/ChangeLog.d/static-ecdh-removal.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Removed support for TLS 1.2 static ECDH key - exchanges (ECDH-ECDSA and ECDH-RSA). diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt deleted file mode 100644 index 6bab02a029..0000000000 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ /dev/null @@ -1,7 +0,0 @@ -Bugfix - * Support re-assembly of fragmented handshake messages in TLS (both - 1.2 and 1.3). The lack of support was causing handshake failures with - some servers, especially with TLS 1.3 in practice. There are a few - limitations, notably a fragmented ClientHello is only supported when - TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_handshake() for details. diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt deleted file mode 100644 index 4df6b3e303..0000000000 --- a/ChangeLog.d/tls-key-exchange-rsa.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt deleted file mode 100644 index cd52d32ffd..0000000000 --- a/ChangeLog.d/tls12-check-finished-calc.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed - or there was a cryptographic hardware failure when calculating the - Finished message, it could be calculated incorrectly. This would break - the security guarantees of the TLS handshake. - CVE-2025-27810 diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt deleted file mode 100644 index 8dd8a327d6..0000000000 --- a/ChangeLog.d/tls13-cert-regressions.txt +++ /dev/null @@ -1,18 +0,0 @@ -Bugfix - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt deleted file mode 100644 index f5331bc063..0000000000 --- a/ChangeLog.d/tls13-middlebox-compat-disabled.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt deleted file mode 100644 index 8ceef21ee5..0000000000 --- a/ChangeLog.d/tls13-without-tickets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt deleted file mode 100644 index f229f1bc4d..0000000000 --- a/ChangeLog.d/unify-errors.txt +++ /dev/null @@ -1,7 +0,0 @@ -API changes - * Make the following error codes aliases of their PSA equivalents, where - xxx is a module, e.g. X509 or SSL. - MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT - MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY - MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL - MBEDTLS_ERR_PKCS7_VERIFY_FAIL -> PSA_ERROR_INVALID_SIGNATURE diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt deleted file mode 100644 index 75a72cae6b..0000000000 --- a/ChangeLog.d/unterminated-string-initialization.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. diff --git a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt deleted file mode 100644 index e7ac54684c..0000000000 --- a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt +++ /dev/null @@ -1,3 +0,0 @@ -API changes - * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw - function to a const to align with the rest of the API. From 411461a86e8371d6173ee99ae09ee42eaaa53dae Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:48:56 +0100 Subject: [PATCH 1026/1080] Doc: Removed references to beta version Signed-off-by: Minos Galanakis --- README.md | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 69f2dcb26e..d3fb638802 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ After cloning or checking out a branch or tag, run: ``` to initialize and update the submodules before building. -However, the official source release tarballs (e.g. [mbedtls-4.0.0-beta.tar.bz2](https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-4.0.0-beta/mbedtls-4.0.0-beta.tar.bz2)) include the contents of the submodules. +However, the official source release tarballs (e.g. [mbedtls-4.0.0.tar.bz2](https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-4.0.0/mbedtls-4.0.0.tar.bz2)) include the contents of the submodules. ### Generated source files in the development branch diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index c1d0f36215..4eda5ba2aa 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v4.0.0-beta API Documentation + * @mainpage Mbed TLS v4.0.0 API Documentation * * This documentation describes the application programming interface (API) * of Mbed TLS. diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 00e64d05c9..80e459cc72 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v4.0.0-beta" +PROJECT_NAME = "Mbed TLS v4.0.0" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES From ec4044008d2d069da38288bc76b0fee34ec78646 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 13 Oct 2025 16:50:50 +0100 Subject: [PATCH 1027/1080] ChangeLog: Added CVEs Signed-off-by: Minos Galanakis --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index d31ada506f..4dc0941fee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -188,6 +188,7 @@ Security would then dereference a NULL pointer. Applications that do not call this function (directly, or indirectly through X.509 writing) are not affected. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 Bugfix * Fix TLS 1.3 client build and runtime when support for session tickets is From b2878ee402906b8f116420a58604a6ae42075371 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 15 Oct 2025 16:59:12 +0100 Subject: [PATCH 1028/1080] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 76920edddc..609a7064cb 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 76920edddcad00ac41b248e12d937b845df7bedb +Subproject commit 609a7064cbf8b325fe2579476f69d66ffad9d106 From 58439de2ae3eb02c0107267a7a51e933a13202c0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 Oct 2025 16:36:02 +0200 Subject: [PATCH 1029/1080] Fix documentation link to submodule that doesn't work on GitHub Fixes #10458 Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 9b4768a3a1..956609810e 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -11,7 +11,7 @@ The changes are detailed below. Here is a summary of the main points: - The cryptography API is now mostly the PSA API: most legacy cryptography APIs have been removed. This has led to adaptations in some X.509 and TLS APIs, notably because the library always uses the PSA random generator. - Various deprecated or minor functionality has been removed. -Please consult the [TF-PSA-Crypto migration guide](../tf-psa-crypto/docs/1.0-migration-guide.md) for all information related to the crytography part of the library. +Please consult the [TF-PSA-Crypto migration guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/1.0-migration-guide.md) for all information related to the crytography part of the library. ## CMake as the only build system Mbed TLS now uses CMake exclusively to configure and drive its build process. From d0881eda4eed7742546af2324aea0520fc230b41 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 20 Oct 2025 15:57:49 +0100 Subject: [PATCH 1030/1080] prepare_release.sh: Added psed helper function Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 3b63ed9e6c..7488f10dd7 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -16,6 +16,20 @@ EOF set -eu +# Portable inline sed. Helper function that will automatically pre-pend +# an empty string as the backup suffix (required by macOS sed). +psed() { + # macOS sed does not offer a version + if sed --version >/dev/null 2>&1; then + sed -i "$@" + # macOS/BSD sed + else + local file="${@: -1}" + local args=("${@:1:$#-1}") + sed -i '' "${args[@]}" "$file" + fi +} + if [ $# -ne 0 ] && [ "$1" = "--help" ]; then print_usage exit @@ -32,25 +46,21 @@ while getopts u OPTLET; do esac done - - #### .gitignore processing #### GITIGNORES=$(find . -name ".gitignore") for GITIGNORE in $GITIGNORES; do if [ -n "$unrelease" ]; then - sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE - sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE - sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE + psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE + psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE + psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE else - sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE - sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE - sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE + psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE + psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE + psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE fi done - - #### Build scripts #### # GEN_FILES defaults on (non-empty) in development, off (empty) in releases @@ -59,7 +69,7 @@ if [ -n "$unrelease" ]; then else r='' fi -sed -i 's/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1'"$r/" Makefile */Makefile +psed "s/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1$r/" Makefile */Makefile # GEN_FILES defaults on in development, off in releases if [ -n "$unrelease" ]; then @@ -67,4 +77,4 @@ if [ -n "$unrelease" ]; then else r='OFF' fi -sed -i '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt +psed "/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *\"[^\"]*\" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1$r/" CMakeLists.txt From 1f95b78310ad735988668ea7d1c97ab28f5c6f28 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 20 Oct 2025 16:13:35 +0100 Subject: [PATCH 1031/1080] prepare_release.sh: Limited .gitignore to current project Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 7488f10dd7..9a61568de9 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -47,17 +47,15 @@ while getopts u OPTLET; do done #### .gitignore processing #### - -GITIGNORES=$(find . -name ".gitignore") -for GITIGNORE in $GITIGNORES; do +for GITIGNORE in $(git ls-files -- '*.gitignore'); do if [ -n "$unrelease" ]; then - psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE - psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE - psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE + psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' "$GITIGNORE" + psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' "$GITIGNORE" + psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' "$GITIGNORE" else - psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE - psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE - psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE + psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' "$GITIGNORE" + psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" + psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" fi done From d995a21b6a0637975a24bec2bf29b293ce5ff072 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 20 Oct 2025 17:11:28 +0100 Subject: [PATCH 1032/1080] prepare_release.sh: Adjusted logic - Introduced a new -r to explicitely request project modification for release - Changed the default behaviour to print_help when invoked without arguments Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 9a61568de9..40a5f721b6 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -7,6 +7,7 @@ Usage: $0 [OPTION]... Prepare the source tree for a release. Options: + -r Prepare for release -u Prepare for development (undo the release preparation) EOF } @@ -30,15 +31,17 @@ psed() { fi } -if [ $# -ne 0 ] && [ "$1" = "--help" ]; then +if [ $# -eq 0 ] || [ "$1" = "--help" ]; then print_usage exit fi -unrelease= # if non-empty, we're in undo-release mode -while getopts u OPTLET; do +unrelease=0 # if 1 then we are in development mode, + # if 0 then we are in release mode +while getopts ru OPTLET; do case $OPTLET in u) unrelease=1;; + r) unrelease=0;; \?) echo 1>&2 "$0: unknown option: -$OPTLET" echo 1>&2 "Try '$0 --help' for more information." @@ -48,7 +51,7 @@ done #### .gitignore processing #### for GITIGNORE in $(git ls-files -- '*.gitignore'); do - if [ -n "$unrelease" ]; then + if [ "$unrelease" -eq 1 ]; then psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' "$GITIGNORE" psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' "$GITIGNORE" psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' "$GITIGNORE" @@ -62,7 +65,7 @@ done #### Build scripts #### # GEN_FILES defaults on (non-empty) in development, off (empty) in releases -if [ -n "$unrelease" ]; then +if [ "$unrelease" -eq 1 ]; then r=' yes' else r='' @@ -70,7 +73,7 @@ fi psed "s/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1$r/" Makefile */Makefile # GEN_FILES defaults on in development, off in releases -if [ -n "$unrelease" ]; then +if [ "$unrelease" -eq 1 ]; then r='ON' else r='OFF' From 0b7966649fd8a03dff67880a06dcdc2200c672fa Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 21 Oct 2025 10:55:27 +0100 Subject: [PATCH 1033/1080] prepare_release.sh:Removed Makefiles modification Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 40a5f721b6..800dfe0195 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -63,15 +63,6 @@ for GITIGNORE in $(git ls-files -- '*.gitignore'); do done #### Build scripts #### - -# GEN_FILES defaults on (non-empty) in development, off (empty) in releases -if [ "$unrelease" -eq 1 ]; then - r=' yes' -else - r='' -fi -psed "s/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1$r/" Makefile */Makefile - # GEN_FILES defaults on in development, off in releases if [ "$unrelease" -eq 1 ]; then r='ON' From 61fdef52a35a08fd10a774c9add07a1acb7dea2b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 22 Oct 2025 11:17:32 +0100 Subject: [PATCH 1034/1080] prepare_release.sh: Adjusted psed logic. Fixed double quoting in sed. Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 800dfe0195..cc5ceb4023 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -25,9 +25,7 @@ psed() { sed -i "$@" # macOS/BSD sed else - local file="${@: -1}" - local args=("${@:1:$#-1}") - sed -i '' "${args[@]}" "$file" + sed -i '' "$@" fi } @@ -69,4 +67,4 @@ if [ "$unrelease" -eq 1 ]; then else r='OFF' fi -psed "/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *\"[^\"]*\" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1$r/" CMakeLists.txt +psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt \ No newline at end of file From c4d4f6b4a12fe758c777f6d3443dbc118a7d3f02 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 22 Oct 2025 11:48:09 +0100 Subject: [PATCH 1035/1080] prepare_release.sh: Removed -r/-u modes Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 47 ++------------------------------------ 1 file changed, 2 insertions(+), 45 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index cc5ceb4023..ac7c4b7177 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -1,17 +1,4 @@ #!/bin/bash - -print_usage() -{ - cat <&2 "$0: unknown option: -$OPTLET" - echo 1>&2 "Try '$0 --help' for more information." - exit 3;; - esac -done - #### .gitignore processing #### for GITIGNORE in $(git ls-files -- '*.gitignore'); do - if [ "$unrelease" -eq 1 ]; then - psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' "$GITIGNORE" - psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' "$GITIGNORE" - psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' "$GITIGNORE" - else psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' "$GITIGNORE" psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" - fi done -#### Build scripts #### -# GEN_FILES defaults on in development, off in releases -if [ "$unrelease" -eq 1 ]; then - r='ON' -else - r='OFF' -fi -psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt \ No newline at end of file +#### Build system #### +psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"OFF/" CMakeLists.txt From ffc2606bf26ecca1149b47be0969263adb0d3654 Mon Sep 17 00:00:00 2001 From: Luc Schrijvers Date: Thu, 23 Oct 2025 08:17:08 +0200 Subject: [PATCH 1036/1080] Use GNUInstallDirs CMAKE_INSTALL_INCLUDEDDIR path for headers installation Signed-off-by: Luc Schrijvers --- ChangeLog.d/gnuinstalldirs_include.txt | 3 +++ include/CMakeLists.txt | 4 ++-- library/CMakeLists.txt | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/gnuinstalldirs_include.txt diff --git a/ChangeLog.d/gnuinstalldirs_include.txt b/ChangeLog.d/gnuinstalldirs_include.txt new file mode 100644 index 0000000000..7e0782d1e1 --- /dev/null +++ b/ChangeLog.d/gnuinstalldirs_include.txt @@ -0,0 +1,3 @@ +Bugfix + * CMake now installs headers to `CMAKE_INSTALL_INCLUDEDIR` instead of the + hard-coded `include` directory. diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 9ea17af8b8..f76977fbab 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -5,13 +5,13 @@ if(INSTALL_MBEDTLS_HEADERS) file(GLOB headers "mbedtls/*.h") install(FILES ${headers} - DESTINATION include/mbedtls + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) file(GLOB private_headers "mbedtls/private/*.h") install(FILES ${private_headers} - DESTINATION include/mbedtls/private + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls/private PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endif(INSTALL_MBEDTLS_HEADERS) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6d8c78807a..5474e2cacf 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -241,7 +241,7 @@ foreach(target IN LISTS target_libraries) PUBLIC $ $ $ - $ + $ PRIVATE ${MBEDTLS_DIR}/library/ ${MBEDTLS_DIR}/tf-psa-crypto/core ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src From 94f1628aca013c39100cc7c33ac38cbf880a7263 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 13:29:19 +0100 Subject: [PATCH 1037/1080] Remove dependencies on mbedtls_pk_sign Replace mbedtls_pk_sign with mbedtls_pk_sign_restartable, as mbedtls_pk_sign has now been removed and was origonally a pass through call to mbedtls_pk_sign_restartable. Signed-off-by: Ben Taylor --- library/ssl_tls12_server.c | 4 ++-- library/x509write_crt.c | 4 ++-- library/x509write_csr.c | 4 ++-- programs/ssl/ssl_server2.c | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 07641cb3e8..14b63aadbf 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2880,11 +2880,11 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), + if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), md_alg, hash, hashlen, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, - signature_len)) != 0) { + signature_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 663b308d62..e34a4636bb 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -571,8 +571,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { + if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, + hash, hash_length, sig, sizeof(sig), &sig_len, NULL)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8e37278f95..a7d0cb513b 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -217,8 +217,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, &hash_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len)) != 0) { + if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0, + sig, sig_size, &sig_len, NULL)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 64fd45952f..3db13132d1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign(key_slot->pk, + ret = mbedtls_pk_sign_restartable(key_slot->pk, ctx->md_alg, ctx->input, ctx->input_len, - output, output_size, output_len); + output, output_size, output_len, NULL); break; default: mbedtls_printf( From 279dd4ab5938cb8d2fe565f89685c141e9da6767 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 13:39:33 +0100 Subject: [PATCH 1038/1080] Remove dependencies on mbedtls_pk_verify Replace mbedtls_pk_verify with mbedtls_pk_verify_restartable, as mbedtls_pk_verify has now been removed and was origonally a pass through call to mbedtls_pk_verify_restartable. Signed-off-by: Ben Taylor --- library/pkcs7.c | 4 ++-- library/ssl_tls12_server.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 3481cbdb1b..5810506c34 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,9 +704,9 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash, + ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len); + signer->sig.p, signer->sig.len, NULL); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 14b63aadbf..9faf74134e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3456,9 +3456,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify(peer_pk, + if ((ret = mbedtls_pk_verify_restartable(peer_pk, md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len)) != 0) { + ssl->in_msg + i, sig_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } From c3e2b375305a9d3f0cc550eca80c9bf856a0823c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 14:48:16 +0100 Subject: [PATCH 1039/1080] Remove mbedtls_ssl_write_handshake_msg as it now replaced by mbedtls_ssl_write_handshake_msg_ext Signed-off-by: Ben Taylor --- library/ssl_client.c | 2 +- library/ssl_misc.h | 5 ----- library/ssl_msg.c | 2 +- library/ssl_tls.c | 6 +++--- library/ssl_tls12_client.c | 4 ++-- library/ssl_tls12_server.c | 12 ++++++------ 6 files changed, 13 insertions(+), 18 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 307da0fabb..10d4952198 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -943,7 +943,7 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) */ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0df7f96360..6462917093 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1436,11 +1436,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, int update_checksum, int force_flush); -static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */); -} - /* * Write handshake message tail */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 731cbc8ece..6f7d2b9b9b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5028,7 +5028,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 833af9f973..6259f2d4db 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4247,7 +4247,7 @@ static int ssl_write_hello_request(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -6726,7 +6726,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -7456,7 +7456,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) } #endif - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 91f500294f..a05b107f80 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2565,7 +2565,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2725,7 +2725,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9faf74134e..cdbf917f20 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2017,7 +2017,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2315,7 +2315,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; - ret = mbedtls_ssl_write_handshake_msg(ssl); + ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); @@ -2505,7 +2505,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); - ret = mbedtls_ssl_write_handshake_msg(ssl); + ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); @@ -2971,7 +2971,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2999,7 +2999,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) } #endif - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -3521,7 +3521,7 @@ static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) */ ssl->handshake->new_session_ticket = 0; - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } From 5e230932854ee6eb2c9a0590f58b5579842dcf43 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 15:29:51 +0100 Subject: [PATCH 1040/1080] Fix code style issues Signed-off-by: Ben Taylor --- library/pkcs7.c | 4 ++-- library/ssl_tls12_server.c | 12 ++++++------ library/x509write_crt.c | 3 ++- library/x509write_csr.c | 2 +- programs/ssl/ssl_server2.c | 6 +++--- 5 files changed, 14 insertions(+), 13 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 5810506c34..dda15725a6 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -705,8 +705,8 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len, NULL); + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len, NULL); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index cdbf917f20..a8bd02e539 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2881,10 +2881,10 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len, NULL)) != 0) { + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } @@ -3457,8 +3457,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } if ((ret = mbedtls_pk_verify_restartable(peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len, NULL)) != 0) { + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e34a4636bb..d06e5f5232 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -572,7 +572,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, NULL)) != 0) { + hash, hash_length, sig, sizeof(sig), &sig_len, + NULL)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index a7d0cb513b..c50482ddcd 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -218,7 +218,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, NULL)) != 0) { + sig, sig_size, &sig_len, NULL)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3db13132d1..de27d6eec8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1244,9 +1244,9 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: ret = mbedtls_pk_sign_restartable(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len, NULL); + ctx->md_alg, + ctx->input, ctx->input_len, + output, output_size, output_len, NULL); break; default: mbedtls_printf( From cef9d2d31f83ee90bf6c2891fa8d52ebd75adc38 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 11:29:27 +0100 Subject: [PATCH 1041/1080] Revert change to mbedtls_pk_{sign,verify}_restartable and replace with ext version Signed-off-by: Ben Taylor --- library/pkcs7.c | 6 +++--- library/ssl_tls12_server.c | 16 ++++++++-------- library/x509write_crt.c | 5 ++--- programs/ssl/ssl_server2.c | 8 ++++---- 4 files changed, 17 insertions(+), 18 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index dda15725a6..ba4529d3e9 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,9 +704,9 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len, NULL); + ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash, + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a8bd02e539..8f3b5d2492 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2880,11 +2880,11 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len, NULL)) != 0) { + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) sig_alg, mbedtls_ssl_own_key(ssl), + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } @@ -3456,9 +3456,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify_restartable(peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len, NULL)) != 0) { + if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d06e5f5232..ba2387e046 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -571,9 +571,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, - NULL)) != 0) { + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg, + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index de27d6eec8..64fd45952f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign_restartable(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len, NULL); + ret = mbedtls_pk_sign(key_slot->pk, + ctx->md_alg, + ctx->input, ctx->input_len, + output, output_size, output_len); break; default: mbedtls_printf( From 2c056721d152f11a485aa2ff20933c7ce79cd2f8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 11:43:54 +0100 Subject: [PATCH 1042/1080] Tidy up debug of non ext functions Signed-off-by: Ben Taylor --- library/ssl_client.c | 2 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 6 +++--- library/ssl_tls12_client.c | 8 ++++---- library/ssl_tls12_server.c | 12 ++++++------ 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 10d4952198..6fe6dd8fe6 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -944,7 +944,7 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6f7d2b9b9b..0cb2f00c12 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5029,7 +5029,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6259f2d4db..8a35a5753e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4248,7 +4248,7 @@ static int ssl_write_hello_request(mbedtls_ssl_context *ssl) ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -6727,7 +6727,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -7457,7 +7457,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) #endif if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a05b107f80..a8800904f7 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2014,7 +2014,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; @@ -2566,7 +2566,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -2708,7 +2708,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) out_buf_len - 6 - offset, &n, rs_ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; @@ -2726,7 +2726,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8f3b5d2492..34971dfab2 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2018,7 +2018,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -2885,7 +2885,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, signature_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); return ret; } } @@ -2972,7 +2972,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -3000,7 +3000,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) #endif if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -3459,7 +3459,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash_start, hashlen, ssl->in_msg + i, sig_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); return ret; } @@ -3522,7 +3522,7 @@ static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) ssl->handshake->new_session_ticket = 0; if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } From 1b32994bef6e7e8b43aa190d183256a1bab9de4d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 12:00:21 +0100 Subject: [PATCH 1043/1080] Fix style issues Signed-off-by: Ben Taylor --- library/pkcs7.c | 4 ++-- library/ssl_tls12_server.c | 12 ++++++------ library/x509write_crt.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index ba4529d3e9..10d008a923 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -705,8 +705,8 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len); + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 34971dfab2..3511016080 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2881,10 +2881,10 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) sig_alg, mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len)) != 0) { + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); return ret; } @@ -3457,8 +3457,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len)) != 0) { + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ba2387e046..6399527f82 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -572,7 +572,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } From b190c1bb0b9ddbe69c58f86f6316231219b2af5c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 08:32:33 +0100 Subject: [PATCH 1044/1080] Replace change to restartable with ext Signed-off-by: Ben Taylor --- library/x509write_csr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index c50482ddcd..5755a42b49 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -217,10 +217,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, &hash_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, NULL)) != 0) { - return ret; - } if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { pk_alg = MBEDTLS_PK_RSA; @@ -230,6 +226,11 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->key, ctx->md_alg, hash, 0, + sig, sig_size, &sig_len)) != 0) { + return ret; + } + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; From 10d471a14dd324ff0abb2f34916d6c8c8aa76cf6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 08:36:02 +0100 Subject: [PATCH 1045/1080] Correct debug return Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a8800904f7..140e00555b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2014,7 +2014,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_restartable", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; From 4b4ca812e51940df8dd5d58b15ba48f0c774e330 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 08:37:41 +0100 Subject: [PATCH 1046/1080] Corrected debug return Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 140e00555b..165ef760ac 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2708,7 +2708,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) out_buf_len - 6 - offset, &n, rs_ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_restartable", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; From a2de40a1009552adece510fcd22916ab9ed3ff59 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 10:42:09 +0100 Subject: [PATCH 1047/1080] Change the return type of mbedtls_ssl_get_ciphersuite_sig_pk_alg to mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- library/ssl_ciphersuites.c | 16 ++++++++-------- library/ssl_ciphersuites_internal.h | 4 ++-- library/ssl_misc.h | 2 +- library/ssl_tls.c | 7 +++---- library/ssl_tls12_server.c | 12 ++++++------ 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index d61932cb95..2809a1424a 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -902,17 +902,17 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui } #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } @@ -943,17 +943,17 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c } } -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 524e419f47..9a9b42b998 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -16,10 +16,10 @@ #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); #endif /* MBEDTLS_PK_C */ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6462917093..cf3791e900 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1510,7 +1510,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type); +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8a35a5753e..9c6f236ded 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5619,13 +5619,12 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) return MBEDTLS_SSL_SIG_ANON; } -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type) +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) { switch (type) { - case MBEDTLS_PK_RSA: + case MBEDTLS_PK_SIGALG_RSA_PKCS1V15: return MBEDTLS_SSL_SIG_RSA; - case MBEDTLS_PK_ECDSA: - case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_SIGALG_ECDSA: return MBEDTLS_SSL_SIG_ECDSA; default: return MBEDTLS_SSL_SIG_ANON; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3511016080..6f88d31e3e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -760,7 +760,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, const mbedtls_ssl_ciphersuite_t *suite_info; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_type; + mbedtls_pk_sigalg_t sig_type; #endif suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); @@ -829,7 +829,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); - if (sig_type != MBEDTLS_PK_NONE && + if (sig_type != MBEDTLS_PK_SIGALG_NONE && mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) { MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm " @@ -1608,8 +1608,8 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) /* Debugging-only output for testsuite */ #if defined(MBEDTLS_DEBUG_C) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); - if (sig_alg != MBEDTLS_PK_NONE) { + mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); + if (sig_alg != MBEDTLS_PK_SIGALG_NONE) { unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %u", @@ -2788,7 +2788,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * to choose appropriate hash. */ - mbedtls_pk_type_t sig_alg = + mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); unsigned char sig_hash = @@ -2799,7 +2799,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, /* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ - if (sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE) { + if (sig_alg == MBEDTLS_PK_SIGALG_NONE || md_alg == MBEDTLS_MD_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); /* (... because we choose a cipher suite * only if there is a matching hash.) */ From bc076f9f76f4a2cef01d92b242a2cc2111fd91ca Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 10:49:47 +0100 Subject: [PATCH 1048/1080] fix style isses Signed-off-by: Ben Taylor --- library/x509write_csr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 5755a42b49..e7f547f03b 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -227,7 +227,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, } if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len)) != 0) { + sig, sig_size, &sig_len)) != 0) { return ret; } From a5384bdf09707de55756ebfd33de5427b11e9054 Mon Sep 17 00:00:00 2001 From: Jan Spannberger Date: Tue, 28 Oct 2025 15:13:08 +0100 Subject: [PATCH 1049/1080] add cast to fix IAR compiler errors IAR throws a warning "mixed ENUM with other type" Signed-off-by: Jan Spannberger --- ChangeLog.d/iar-6.5fs.txt | 3 +++ library/ssl_misc.h | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/iar-6.5fs.txt diff --git a/ChangeLog.d/iar-6.5fs.txt b/ChangeLog.d/iar-6.5fs.txt new file mode 100644 index 0000000000..63e903b9c3 --- /dev/null +++ b/ChangeLog.d/iar-6.5fs.txt @@ -0,0 +1,3 @@ +Changes + * Add casts to some Enums to remove compiler errors thrown by IAR 6.5. + Removes Warning "mixed ENUM with other type". diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0df7f96360..f78ebed2b9 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1315,14 +1315,14 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", - ssl->state, mbedtls_ssl_states_str(ssl->state), + ssl->state, mbedtls_ssl_states_str((mbedtls_ssl_states)ssl->state), (int) state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) { - mbedtls_ssl_handshake_set_state(ssl, ssl->state + 1); + mbedtls_ssl_handshake_set_state(ssl, (mbedtls_ssl_states)(ssl->state + 1)); } MBEDTLS_CHECK_RETURN_CRITICAL From 574aae2146636d6f7dc7d54e845a5a97f14418a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 29 Oct 2025 12:26:53 +0100 Subject: [PATCH 1050/1080] Fix duplication of product version in CMakeLists.txt The CMake package version definition had its own line with a copy of the version number since 2.27.0. Until recently, `bump_version.sh` updated both copies, and that was still the case when we bumped the version to 4.0.0 (7ba04a298cc648255b820d9b5ad184528a6ea5ca). However, since then, we changed the format of the product version definition (879cba1a67d01317422870ff736057ca2d23247f), and after that, `bump_version.sh` would only have updated the product version, not the CMake package version. TF-PSA-Crypto 1.0.0 has the same problem, and there we did ship with an outdated CMake package version: https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/553 Signed-off-by: Gilles Peskine --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 659fd50885..728adc8bbe 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -522,7 +522,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 4.0.0) + VERSION "${MBEDTLS_VERSION}") install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" From 64e7d4b64b4cf2316c84227e8c39df269704cc3f Mon Sep 17 00:00:00 2001 From: Jan Wille Date: Wed, 29 Oct 2025 15:49:10 +0100 Subject: [PATCH 1051/1080] format: apply suggestions (add spaces) Signed-off-by: Jan Wille --- library/ssl_misc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f78ebed2b9..06e38dee30 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1315,14 +1315,14 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", - ssl->state, mbedtls_ssl_states_str((mbedtls_ssl_states)ssl->state), + ssl->state, mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), (int) state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) { - mbedtls_ssl_handshake_set_state(ssl, (mbedtls_ssl_states)(ssl->state + 1)); + mbedtls_ssl_handshake_set_state(ssl, (mbedtls_ssl_states) (ssl->state + 1)); } MBEDTLS_CHECK_RETURN_CRITICAL From 958d9d97a47ec5ff4f45ce9f8f8d22b7a10aa978 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 29 Oct 2025 11:20:25 +0000 Subject: [PATCH 1052/1080] prepare_release.sh: Added documentation Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index ac7c4b7177..6685899d5c 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -2,6 +2,14 @@ # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# prepare_release.sh — Prepare the source tree for a release. +# +# This script switches the repo into “release” mode: +# - Updates all tracked `.gitignore` files to stop +# ignoring the automatically-generated files. +# - Sets the CMake option `GEN_FILES` to OFF to explicitely disable +# recreating the automatically-generated files. + set -eu # Portable inline sed. Helper function that will automatically pre-pend From bdb1dcbdb6153d6c2e4f5d90d4bc384425d5413e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 29 Oct 2025 11:21:23 +0000 Subject: [PATCH 1053/1080] prepare_release.sh: simplified regex Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 6685899d5c..16b0351983 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -32,4 +32,4 @@ for GITIGNORE in $(git ls-files -- '*.gitignore'); do done #### Build system #### -psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"OFF/" CMakeLists.txt +psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1OFF/' CMakeLists.txt tf-psa-crypto/CMakeLists.txt From a2cba40df64847f68fe9276734dba3220df7d7bc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 30 Oct 2025 10:00:07 +0000 Subject: [PATCH 1054/1080] prepare_release.sh: modify submodule files recursively Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 16b0351983..657d1380d4 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -9,6 +9,8 @@ # ignoring the automatically-generated files. # - Sets the CMake option `GEN_FILES` to OFF to explicitely disable # recreating the automatically-generated files. +#. - The script will recursively update the tf-psa-crypto files too. + set -eu @@ -25,7 +27,7 @@ psed() { } #### .gitignore processing #### -for GITIGNORE in $(git ls-files -- '*.gitignore'); do +for GITIGNORE in $(git ls-files --recurse-submodules -- '*.gitignore'); do psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' "$GITIGNORE" psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" From 4565d5d4e613ed412d2a2235c2c4d2fa84ef69bd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 13:37:09 +0000 Subject: [PATCH 1055/1080] Change the call to mbedtls_pk_verify_ext in pkcs7 to have a variable input cert->sig_pk Signed-off-by: Ben Taylor --- library/pkcs7.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 10d008a923..2cc7812bf0 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,7 +704,7 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash, + ret = mbedtls_pk_verify_ext(cert->sig_pk, &pk_cxt, md_alg, hash, mbedtls_md_get_size(md_info), signer->sig.p, signer->sig.len); From 0035cfb1f05b7a90fc786169349cc1eccc61f6f1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 13:42:30 +0000 Subject: [PATCH 1056/1080] Removed unnecessary cast in mbedtls_pk_sign_ext Signed-off-by: Ben Taylor --- library/ssl_tls12_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6f88d31e3e..0dffb91064 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2880,7 +2880,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) sig_alg, mbedtls_ssl_own_key(ssl), + if ((ret = mbedtls_pk_sign_ext(sig_alg, mbedtls_ssl_own_key(ssl), md_alg, hash, hashlen, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, From 5f037c7fb3e71ec7e6160cc329e362bc42ca9018 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 14:59:24 +0000 Subject: [PATCH 1057/1080] Rename mbedtls_ssl_pk_alg_from_sig to mbedtls_ssl_pk_alg_from_sig_pk_alg and update to use mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- library/ssl_misc.h | 14 +++++++------- library/ssl_tls.c | 8 ++++---- library/ssl_tls12_client.c | 8 ++++---- library/ssl_tls12_server.c | 10 +++++----- library/ssl_tls13_generic.c | 6 +++--- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cf3791e900..41b3cd0e3e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1511,7 +1511,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); +mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig); #endif mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); @@ -2410,12 +2410,12 @@ static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, } static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg) + uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg) { - *pk_type = mbedtls_ssl_pk_alg_from_sig(sig_alg & 0xff); + *pk_type = mbedtls_ssl_pk_alg_from_sig_pk_alg(sig_alg & 0xff); *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff); - if (*pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE) { + if (*pk_type != MBEDTLS_PK_SIGALG_NONE && *md_alg != MBEDTLS_MD_NONE) { return 0; } @@ -2424,19 +2424,19 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_RSASSA_PSS; + *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_256 */ #if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_RSASSA_PSS; + *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_384 */ #if defined(PSA_WANT_ALG_SHA_512) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_RSASSA_PSS; + *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_512 */ #endif /* PSA_WANT_ALG_RSA_PSS */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9c6f236ded..07e5824858 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5631,19 +5631,19 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) } } -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) +mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig) { switch (sig) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_SSL_SIG_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) case MBEDTLS_SSL_SIG_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; #endif default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } #endif /* MBEDTLS_PK_C && diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 165ef760ac..482fd46182 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1884,7 +1884,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; + mbedtls_pk_sigalg_t pk_alg = MBEDTLS_PK_SIGALG_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); size_t params_len = (size_t) (p - params); void *rs_ctx = NULL; @@ -1922,7 +1922,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } p += 2; - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( @@ -1978,7 +1978,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) /* * Verify signature */ - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, @@ -1994,7 +1994,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 0dffb91064..09d872bfbb 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3324,7 +3324,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) unsigned char hash[48]; unsigned char *hash_start = hash; size_t hashlen; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; mbedtls_md_type_t md_alg; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -3416,8 +3416,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Signature */ - if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i])) - == MBEDTLS_PK_NONE) { + if ((pk_alg = mbedtls_ssl_pk_alg_from_sig_pk_alg(ssl->in_msg[i])) + == MBEDTLS_PK_SIGALG_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" " for verify message")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; @@ -3426,7 +3426,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } @@ -3456,7 +3456,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + if ((ret = mbedtls_pk_verify_ext(pk_alg, peer_pk, md_alg, hash_start, hashlen, ssl->in_msg + i, sig_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 748efb4815..6aabf4e58e 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -221,7 +221,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, const unsigned char *p = buf; uint16_t algorithm; size_t signature_len; - mbedtls_pk_type_t sig_alg; + mbedtls_pk_sigalg_t sig_alg; mbedtls_md_type_t md_alg; psa_algorithm_t hash_alg = PSA_ALG_NONE; unsigned char verify_hash[PSA_HASH_MAX_SIZE]; @@ -277,7 +277,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) { + if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, (mbedtls_pk_type_t) sig_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key")); goto error; } @@ -927,7 +927,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; + mbedtls_pk_sigalg_t pk_type = MBEDTLS_PK_SIGALG_NONE; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; psa_algorithm_t psa_algorithm = PSA_ALG_NONE; unsigned char verify_hash[PSA_HASH_MAX_SIZE]; From 00b04a6590d078d2e3cef1837dbf6b36fc5ec9a8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 15:11:09 +0000 Subject: [PATCH 1058/1080] Update mbedtls_pk_sign_ext in x509write_crt.c to use mbedtls_pk_sigalg_t directly and remove casts Signed-off-by: Ben Taylor --- library/x509write_crt.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6399527f82..e4cdd5064b 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -396,7 +396,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; int write_sig_null_par; /* @@ -409,9 +409,9 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* There's no direct way of extracting a signature algorithm * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_RSA; + pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_ECDSA; + pk_alg = MBEDTLS_PK_SIGALG_ECDSA; } else { return MBEDTLS_ERR_X509_INVALID_ALG; } @@ -489,7 +489,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* * Signature ::= AlgorithmIdentifier */ - if (pk_alg == MBEDTLS_PK_ECDSA) { + if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) { /* * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and @@ -571,7 +571,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg, + if ((ret = mbedtls_pk_sign_ext(pk_alg, ctx->issuer_key, ctx->md_alg, hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } @@ -588,7 +588,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, sig_oid, sig_oid_len, sig, sig_len, - (mbedtls_pk_sigalg_t) pk_alg)); + pk_alg)); /* * Memory layout after this step: From f21e63c6d026364537b21046daf3b5eef7040ea1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 15:29:02 +0000 Subject: [PATCH 1059/1080] Update pk_alg to use mbedtls_pk_sigalg_t and remove casts in library/x509write_csr.c Signed-off-by: Ben Taylor --- library/x509write_csr.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e7f547f03b..0fac775106 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -142,7 +142,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; size_t hash_len; psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); @@ -219,19 +219,19 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, } if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_RSA; + pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_ECDSA; + pk_alg = MBEDTLS_PK_SIGALG_ECDSA; } else { return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->key, ctx->md_alg, hash, 0, + if ((ret = mbedtls_pk_sign_ext(pk_alg, ctx->key, ctx->md_alg, hash, 0, sig, sig_size, &sig_len)) != 0) { return ret; } - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; } @@ -250,7 +250,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, (mbedtls_pk_sigalg_t) pk_alg)); + sig, sig_len, pk_alg)); /* * Compact the space between the CSR data and signature by moving the From b76c38334a4f13eb92b74047683ee29e5a053685 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 31 Oct 2025 07:55:02 +0000 Subject: [PATCH 1060/1080] Update name of mbedtls_ssl_pk_alg_from_sig_pk_alg to mbedtls_ssl_pk_sig_alg_from_sig Signed-off-by: Ben Taylor --- library/ssl_misc.h | 4 ++-- library/ssl_tls.c | 2 +- library/ssl_tls12_server.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 41b3cd0e3e..60c5dea35e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1511,7 +1511,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); -mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig); +mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig); #endif mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); @@ -2412,7 +2412,7 @@ static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg) { - *pk_type = mbedtls_ssl_pk_alg_from_sig_pk_alg(sig_alg & 0xff); + *pk_type = mbedtls_ssl_pk_sig_alg_from_sig(sig_alg & 0xff); *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff); if (*pk_type != MBEDTLS_PK_SIGALG_NONE && *md_alg != MBEDTLS_MD_NONE) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 07e5824858..550f79de29 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5631,7 +5631,7 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) } } -mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig) +mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig) { switch (sig) { #if defined(MBEDTLS_RSA_C) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 09d872bfbb..0856dcfdd2 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3416,7 +3416,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Signature */ - if ((pk_alg = mbedtls_ssl_pk_alg_from_sig_pk_alg(ssl->in_msg[i])) + if ((pk_alg = mbedtls_ssl_pk_sig_alg_from_sig(ssl->in_msg[i])) == MBEDTLS_PK_SIGALG_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" " for verify message")); From 42074c193fc2bca0a15039b3d0949518c49f1a08 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 31 Oct 2025 08:38:53 +0000 Subject: [PATCH 1061/1080] Rename mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg to mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg Signed-off-by: Ben Taylor --- library/ssl_misc.h | 2 +- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 60c5dea35e..237475ff1b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2409,7 +2409,7 @@ static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, return 0; } -static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( +static inline int mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg) { *pk_type = mbedtls_ssl_pk_sig_alg_from_sig(sig_alg & 0xff); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 482fd46182..35ae891c1d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1908,7 +1908,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) */ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( + if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( sig_alg, &pk_alg, &md_alg) != 0 && !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) && !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 6aabf4e58e..f8aca908c4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -261,7 +261,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, goto error; } - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( + if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( algorithm, &sig_alg, &md_alg) != 0) { goto error; } @@ -945,7 +945,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, continue; } - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( + if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( *sig_alg, &pk_type, &md_alg) != 0) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } From 284481f7ca080b553cabfb23abf2d6455ee850ad Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 14 Oct 2025 11:44:13 +0100 Subject: [PATCH 1062/1080] Remove lcov.sh as this will be moved to the framework Signed-off-by: Ben Taylor --- scripts/lcov.sh | 96 ------------------------------------------------- 1 file changed, 96 deletions(-) delete mode 100755 scripts/lcov.sh diff --git a/scripts/lcov.sh b/scripts/lcov.sh deleted file mode 100755 index 60fce6cbc2..0000000000 --- a/scripts/lcov.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -help () { - cat <&1; exit 120;; - esac -done -shift $((OPTIND - 1)) - -"$main" "$@" From 9b4f222f4f4d54ad2bf1a558f1aa73ecc39fb2a2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 17 Oct 2025 08:47:52 +0100 Subject: [PATCH 1063/1080] Update lcov.sh paths in make files Signed-off-by: Ben Taylor --- CMakeLists.txt | 4 ++-- scripts/legacy.make | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 659fd50885..c59bc7f96c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -489,9 +489,9 @@ if(ENABLE_TESTING) # 2. Run the relevant tests for the part of the code you're interested in. # For the reference coverage measurement, see # tests/scripts/basic-build-test.sh - # 3. Run scripts/lcov.sh to generate an HTML report. + # 3. Run framework/scripts/lcov.sh to generate an HTML report. ADD_CUSTOM_TARGET(lcov - COMMAND scripts/lcov.sh + COMMAND framework/scripts/lcov.sh ) ADD_CUSTOM_TARGET(memcheck diff --git a/scripts/legacy.make b/scripts/legacy.make index 9c8585cd86..b22b8ef8bf 100644 --- a/scripts/legacy.make +++ b/scripts/legacy.make @@ -154,9 +154,9 @@ ifndef WINDOWS # 2. Run the relevant tests for the part of the code you're interested in. # For the reference coverage measurement, see # tests/scripts/basic-build-test.sh -# 3. Run scripts/lcov.sh to generate an HTML report. +# 3. Run framework/scripts/lcov.sh to generate an HTML report. lcov: - scripts/lcov.sh + framework/scripts/lcov.sh apidoc: mkdir -p apidoc From 82a48d42fff027b85cf623cad0ba1e1aa0864358 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 11:17:14 +0100 Subject: [PATCH 1064/1080] Update lcov.sh patch to use CMake variable Signed-off-by: Ben Taylor --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c59bc7f96c..49206c12ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -489,9 +489,9 @@ if(ENABLE_TESTING) # 2. Run the relevant tests for the part of the code you're interested in. # For the reference coverage measurement, see # tests/scripts/basic-build-test.sh - # 3. Run framework/scripts/lcov.sh to generate an HTML report. + # 3. Run ${MBEDTLS_FRAMEWORK_DIR}/scripts/lcov.sh to generate an HTML report. ADD_CUSTOM_TARGET(lcov - COMMAND framework/scripts/lcov.sh + COMMAND ${MBEDTLS_FRAMEWORK_DIR}/scripts/lcov.sh ) ADD_CUSTOM_TARGET(memcheck From 76899ea606fd4e9a07a9c5c27588cd1fdb9e5ae6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 24 Oct 2025 11:00:01 +0100 Subject: [PATCH 1065/1080] Update framework module Signed-off-by: Ben Taylor --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4579964747..875ec308e7 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 457996474728cb8e968ed21953b72f74d2f536b2 +Subproject commit 875ec308e7ff34610075507b7216172ce8eb0785 From 4b8d9d41ee70d522d837e04f106890407ff5c468 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 31 Oct 2025 14:41:31 +0000 Subject: [PATCH 1066/1080] Update tf-psa-crypto submodule to include new framework Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 609a7064cb..0a7317cc51 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 609a7064cbf8b325fe2579476f69d66ffad9d106 +Subproject commit 0a7317cc517bcb8a2505e43f52da6cbc40b7134b From a35e332bbb7c7690d172c61c3943890372b103af Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Nov 2025 10:25:15 +0100 Subject: [PATCH 1067/1080] library: debug: remove temporary fixes for RSA key handling Since crypto#308 has been merged: - replace MBEDTLS_PK_USE_PSA_RSA_DATA with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - remove "no-check-names" Signed-off-by: Valerio Setti --- library/debug.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/library/debug.c b/library/debug.c index 94b1c2778f..362c07981c 100644 --- a/library/debug.c +++ b/library/debug.c @@ -220,8 +220,7 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -/* no-check-names will be removed in mbedtls#10229. */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t bitlen) @@ -257,8 +256,7 @@ static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int leve debug_send_line(ssl, level, file, line, str); } } -/* no-check-names will be removed in mbedtls#10229. */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, @@ -292,8 +290,7 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -/* no-check-names will be removed in mbedtls#10229. */ -#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) static size_t debug_count_valid_bits(unsigned char **buf, size_t len) { size_t i, bits; @@ -389,8 +386,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve mbedtls_snprintf(str, sizeof(str), "%s.E", text); mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); } -/* no-check-names will be removed in mbedtls#10229. */ -#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -421,12 +417,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ -/* no-check-names will be removed in mbedtls#10229. */ -#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names - if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { //no-check-names +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) + if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); } else -#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); From 910bf4bbc6b5134338077eedb65a7ac071e33bb3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Nov 2025 10:27:24 +0100 Subject: [PATCH 1068/1080] tests: suite_x509parse: remove temporary fixes Removes the temporary fixes that were introduced in order to allow crypto#308 to be merged. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index ccd85378b8..e892ab9a9e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1133,14 +1133,6 @@ void x509parse_crt(data_t *buf, char *result_str, int result) int result_back_comp = result; int res; -#if !defined(MBEDTLS_PK_USE_PSA_RSA_DATA) - /* Support for mbedtls#10213 before psa#308. Once psa#308 will be - * merged this dirty fix can be removed. */ - if (result == MBEDTLS_ERR_PK_INVALID_PUBKEY) { - result_back_comp = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; - } -#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ - mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); From 666fa2da3d6a857dcf82702c836a226dcb81b527 Mon Sep 17 00:00:00 2001 From: Juha-Pekka Kesonen Date: Wed, 5 Nov 2025 14:08:46 +0200 Subject: [PATCH 1069/1080] ssl_msg.c: change log level for record checking Signed-off-by: Juha-Pekka --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0cb2f00c12..e1198fa627 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -221,7 +221,7 @@ int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, size_t buflen) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record")); + MBEDTLS_SSL_DEBUG_MSG(3, ("=> mbedtls_ssl_check_record")); MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen); /* We don't support record checking in TLS because @@ -263,7 +263,7 @@ int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record")); + MBEDTLS_SSL_DEBUG_MSG(3, ("<= mbedtls_ssl_check_record")); return ret; } From 5f4cbcd33688389baa7dad238dd8b85633f2d611 Mon Sep 17 00:00:00 2001 From: Juha-Pekka Kesonen Date: Wed, 5 Nov 2025 14:10:52 +0200 Subject: [PATCH 1070/1080] ssl_tls12: change log level for ECDH computation Signed-off-by: Juha-Pekka --- library/ssl_tls12_client.c | 4 ++-- library/ssl_tls12_server.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 35ae891c1d..4024c0014b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2304,7 +2304,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) header_len = 4; - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); /* * Generate EC private key for ECDHE exchange. @@ -2412,7 +2412,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) header_len += ssl->conf->psk_identity_len; - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); /* * Generate EC private key for ECDHE exchange. diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 0856dcfdd2..6b37a954d4 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2683,7 +2683,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, psa_key_type_t key_type = PSA_KEY_TYPE_NONE; size_t ec_bits = 0; - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); /* Convert EC's TLS ID to PSA key type. */ if (mbedtls_ssl_get_psa_curve_info_from_tls_id(*curr_tls_id, From 1f2f6fc9cbcd8e330b3befff32e5feab20b523a8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Nov 2025 23:48:36 +0100 Subject: [PATCH 1071/1080] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 875ec308e7..9232f41572 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 875ec308e7ff34610075507b7216172ce8eb0785 +Subproject commit 9232f4157207829d45f8689c50951e2e84c1a83b From 808ed12c06369e95127b37bf365d55d059ff1c72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 17 Nov 2025 16:51:45 +0100 Subject: [PATCH 1072/1080] Move abi_check.py into the framework MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- .gitattributes | 2 - .github/ISSUE_TEMPLATE/bug_report.md | 45 - .github/ISSUE_TEMPLATE/config.yml | 8 - .github/ISSUE_TEMPLATE/feature_request.md | 17 - .github/pull_request_template.md | 31 - .gitignore | 74 - .gitmodules | 6 - .globalrc | 3 - .mypy.ini | 4 - .pylintrc | 91 - .readthedocs.yaml | 39 - .travis.yml | 28 - .uncrustify.cfg | 240 - 3rdparty/.gitignore | 1 - BRANCHES.md | 92 - BUGS.md | 20 - CMakeLists.txt | 550 - CONTRIBUTING.md | 97 - ChangeLog | 6366 ------- ChangeLog.d/00README.md | 91 - ChangeLog.d/gnuinstalldirs_include.txt | 3 - ChangeLog.d/iar-6.5fs.txt | 3 - DartConfiguration.tcl | 4 - LICENSE | 553 - README.md | 256 - SECURITY.md | 128 - SUPPORT.md | 16 - cmake/MbedTLSConfig.cmake.in | 3 - configs/README.txt | 28 - configs/config-ccm-psk-dtls1_2.h | 66 - configs/config-ccm-psk-tls1_2.h | 58 - configs/config-suite-b.h | 53 - configs/config-symmetric-only.h | 16 - configs/config-tfm.h | 12 - configs/config-thread.h | 43 - configs/crypto-config-ccm-psk-tls1_2.h | 38 - configs/crypto-config-suite-b.h | 72 - configs/crypto-config-thread.h | 69 - configs/ext/README.md | 22 - configs/ext/config_tfm.h | 13 - configs/ext/mbedtls_entropy_nv_seed_config.h | 13 - .../tfm_mbedcrypto_config_profile_medium.h | 85 - dco.txt | 37 - docs/.gitignore | 4 - docs/4.0-migration-guide.md | 622 - docs/Makefile | 40 - docs/architecture/Makefile | 21 - .../psa-migration/outcome-analysis.sh | 139 - .../psa-migration/psa-limitations.md | 338 - docs/architecture/psa-migration/syms.sh | 73 - docs/architecture/testing/invasive-testing.md | 367 - docs/architecture/testing/test-framework.md | 64 - docs/architecture/tls13-support.md | 428 - docs/conf.py | 34 - docs/index.rst | 20 - docs/proposed/Makefile | 22 - docs/proposed/README | 4 - docs/proposed/config-split.md | 469 - docs/redirects.yaml | 11 - docs/requirements.in | 3 - docs/requirements.txt | 83 - docs/tls13-early-data.md | 192 - doxygen/input/doc_encdec.h | 52 - doxygen/input/doc_hashing.h | 30 - doxygen/input/doc_mainpage.h | 52 - doxygen/input/doc_rng.h | 27 - doxygen/input/doc_ssltls.h | 37 - doxygen/input/doc_tcpip.h | 32 - doxygen/input/doc_x509.h | 31 - doxygen/mbedtls.doxyfile | 56 - framework | 1 - include/.gitignore | 4 - include/CMakeLists.txt | 21 - include/mbedtls/build_info.h | 93 - include/mbedtls/debug.h | 135 - include/mbedtls/error.h | 37 - include/mbedtls/mbedtls_config.h | 1202 -- include/mbedtls/net_sockets.h | 299 - include/mbedtls/oid.h | 304 - include/mbedtls/pkcs7.h | 240 - include/mbedtls/private/config_adjust_ssl.h | 84 - include/mbedtls/private/config_adjust_x509.h | 35 - include/mbedtls/ssl.h | 5366 ------ include/mbedtls/ssl_cache.h | 187 - include/mbedtls/ssl_ciphersuites.h | 304 - include/mbedtls/ssl_cookie.h | 90 - include/mbedtls/ssl_ticket.h | 186 - include/mbedtls/timing.h | 94 - include/mbedtls/version.h | 69 - include/mbedtls/x509.h | 493 - include/mbedtls/x509_crl.h | 180 - include/mbedtls/x509_crt.h | 1169 -- include/mbedtls/x509_csr.h | 368 - library/.gitignore | 12 - library/CMakeLists.txt | 376 - library/Makefile | 379 - library/debug.c | 490 - library/debug_internal.h | 115 - library/mbedtls_check_config.h | 369 - library/mbedtls_config.c | 34 - library/mps_common.h | 181 - library/mps_error.h | 89 - library/mps_reader.c | 538 - library/mps_reader.h | 366 - library/mps_trace.c | 112 - library/mps_trace.h | 154 - library/net_sockets.c | 696 - library/pkcs7.c | 772 - library/ssl_cache.c | 409 - library/ssl_ciphersuites.c | 996 -- library/ssl_ciphersuites_internal.h | 111 - library/ssl_client.c | 1015 -- library/ssl_client.h | 18 - library/ssl_cookie.c | 251 - library/ssl_debug_helpers.h | 81 - library/ssl_misc.h | 2873 ---- library/ssl_msg.c | 6168 ------- library/ssl_ticket.c | 453 - library/ssl_tls.c | 9002 ---------- library/ssl_tls12_client.c | 2967 ---- library/ssl_tls12_server.c | 3655 ---- library/ssl_tls13_client.c | 3181 ---- library/ssl_tls13_generic.c | 1732 -- library/ssl_tls13_invasive.h | 23 - library/ssl_tls13_keys.c | 1860 -- library/ssl_tls13_keys.h | 668 - library/ssl_tls13_server.c | 3589 ---- library/timing.c | 154 - library/version.c | 30 - library/x509.c | 1831 -- library/x509_create.c | 744 - library/x509_crl.c | 701 - library/x509_crt.c | 3268 ---- library/x509_csr.c | 633 - library/x509_internal.h | 85 - library/x509_oid.c | 603 - library/x509_oid.h | 153 - library/x509write.c | 172 - library/x509write_crt.c | 637 - library/x509write_csr.c | 317 - pkgconfig/.gitignore | 2 - pkgconfig/CMakeLists.txt | 25 - pkgconfig/JoinPaths.cmake | 27 - pkgconfig/mbedcrypto.pc.in | 10 - pkgconfig/mbedtls.pc.in | 11 - pkgconfig/mbedx509.pc.in | 11 - programs/.gitignore | 48 - programs/CMakeLists.txt | 11 - programs/Makefile | 309 - programs/README.md | 58 - programs/fuzz/.gitignore | 8 - programs/fuzz/CMakeLists.txt | 56 - programs/fuzz/Makefile | 54 - programs/fuzz/README.md | 68 - programs/fuzz/corpuses/client | Bin 4037 -> 0 bytes programs/fuzz/corpuses/dtlsclient | Bin 4058 -> 0 bytes programs/fuzz/corpuses/dtlsserver | Bin 1189 -> 0 bytes programs/fuzz/corpuses/server | Bin 675 -> 0 bytes programs/fuzz/fuzz_client.c | 188 - programs/fuzz/fuzz_client.options | 2 - programs/fuzz/fuzz_dtlsclient.c | 132 - programs/fuzz/fuzz_dtlsclient.options | 2 - programs/fuzz/fuzz_dtlsserver.c | 174 - programs/fuzz/fuzz_dtlsserver.options | 2 - programs/fuzz/fuzz_pkcs7.c | 23 - programs/fuzz/fuzz_pkcs7.options | 2 - programs/fuzz/fuzz_privkey.options | 2 - programs/fuzz/fuzz_pubkey.options | 2 - programs/fuzz/fuzz_server.c | 211 - programs/fuzz/fuzz_server.options | 2 - programs/fuzz/fuzz_x509crl.c | 38 - programs/fuzz/fuzz_x509crl.options | 2 - programs/fuzz/fuzz_x509crt.c | 38 - programs/fuzz/fuzz_x509crt.options | 2 - programs/fuzz/fuzz_x509csr.c | 38 - programs/fuzz/fuzz_x509csr.options | 2 - programs/ssl/CMakeLists.txt | 73 - programs/ssl/dtls_client.c | 337 - programs/ssl/dtls_server.c | 407 - programs/ssl/mini_client.c | 270 - programs/ssl/ssl_client1.c | 286 - programs/ssl/ssl_client2.c | 3252 ---- programs/ssl/ssl_context_info.c | 987 -- programs/ssl/ssl_fork_server.c | 376 - programs/ssl/ssl_mail_client.c | 811 - programs/ssl/ssl_pthread_server.c | 490 - programs/ssl/ssl_server.c | 356 - programs/ssl/ssl_server2.c | 4307 ----- programs/ssl/ssl_test_common_source.c | 375 - programs/ssl/ssl_test_lib.c | 620 - programs/ssl/ssl_test_lib.h | 303 - programs/test/CMakeLists.txt | 111 - programs/test/cmake_package/.gitignore | 4 - programs/test/cmake_package/CMakeLists.txt | 38 - programs/test/cmake_package/cmake_package.c | 26 - .../test/cmake_package_install/.gitignore | 4 - .../test/cmake_package_install/CMakeLists.txt | 48 - .../cmake_package_install.c | 27 - programs/test/cmake_subproject/.gitignore | 3 - programs/test/cmake_subproject/CMakeLists.txt | 23 - .../test/cmake_subproject/cmake_subproject.c | 27 - programs/test/dlopen.c | 141 - programs/test/generate_cpp_dummy_build.sh | 101 - programs/test/selftest.c | 575 - programs/test/udp_proxy.c | 966 -- programs/test/udp_proxy_wrapper.sh | 120 - programs/util/CMakeLists.txt | 21 - programs/util/pem2der.c | 267 - programs/util/strerror.c | 63 - programs/x509/CMakeLists.txt | 28 - programs/x509/cert_app.c | 453 - programs/x509/cert_req.c | 525 - programs/x509/cert_write.c | 1033 -- programs/x509/crl_app.c | 130 - programs/x509/load_roots.c | 163 - programs/x509/req_app.c | 130 - scripts/basic.requirements.txt | 5 - scripts/bump_version.sh | 141 - scripts/ci.requirements.txt | 28 - scripts/code_size_compare.py | 957 -- scripts/common.make | 170 - scripts/config.py | 498 - scripts/data_files/error.fmt | 155 - scripts/data_files/query_config.fmt | 63 - scripts/data_files/version_features.fmt | 50 - .../data_files/vs2017-app-template.vcxproj | 175 - .../data_files/vs2017-main-template.vcxproj | 163 - scripts/data_files/vs2017-sln-template.sln | 30 - scripts/driver.requirements.txt | 19 - scripts/ecp_comb_table.py | 237 - scripts/footprint.sh | 127 - scripts/framework_scripts_path.py | 17 - scripts/generate_config_checks.py | 53 - scripts/generate_errors.pl | 267 - scripts/generate_features.pl | 79 - scripts/generate_query_config.pl | 147 - scripts/legacy.make | 204 - scripts/maintainer.requirements.txt | 10 - scripts/make_generated_files.bat | 15 - scripts/massif_max.pl | 36 - scripts/{ => mbedtls_framework}/abi_check.py | 0 scripts/memory.sh | 129 - scripts/min_requirements.py | 16 - scripts/prepare_release.sh | 37 - scripts/project_name.txt | 1 - scripts/sbom.cdx.json | 48 - scripts/tmp_ignore_makefiles.sh | 47 - tests/.gitignore | 27 - tests/.jenkins/Jenkinsfile | 1 - tests/CMakeLists.txt | 236 - tests/Descriptions.txt | 22 - tests/Makefile | 384 - tests/compat-in-docker.sh | 55 - tests/compat.sh | 1154 -- tests/configs/tls13-only.h | 27 - tests/configs/user-config-malloc-0-null.h | 22 - tests/context-info.sh | 418 - tests/git-scripts/README.md | 16 - tests/git-scripts/pre-push.sh | 34 - tests/include/alt-dummy/platform_alt.h | 16 - tests/include/alt-dummy/threading_alt.h | 14 - tests/include/alt-dummy/timing_alt.h | 19 - tests/include/test/certs.h | 234 - tests/include/test/ssl_helpers.h | 779 - tests/make-in-docker.sh | 21 - tests/opt-testcases/sample.sh | 383 - tests/opt-testcases/tls13-kex-modes.sh | 3325 ---- tests/opt-testcases/tls13-misc.sh | 1310 -- tests/psa-client-server/README.md | 6 - tests/psa-client-server/psasim/.gitignore | 12 - tests/psa-client-server/psasim/Makefile | 81 - tests/psa-client-server/psasim/README.md | 42 - .../psa-client-server/psasim/include/client.h | 75 - .../psa-client-server/psasim/include/common.h | 52 - .../psasim/include/error_ext.h | 19 - tests/psa-client-server/psasim/include/init.h | 15 - .../psasim/include/lifecycle.h | 17 - .../psasim/include/service.h | 253 - tests/psa-client-server/psasim/include/util.h | 33 - tests/psa-client-server/psasim/src/aut_main.c | 71 - .../psasim/src/aut_psa_aead_encrypt.c | 227 - .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 126 - .../src/aut_psa_asymmetric_encrypt_decrypt.c | 81 - .../src/aut_psa_cipher_encrypt_decrypt.c | 84 - .../psasim/src/aut_psa_hash.c | 167 - .../psasim/src/aut_psa_hash_compute.c | 81 - .../psasim/src/aut_psa_hkdf.c | 121 - .../psasim/src/aut_psa_key_agreement.c | 146 - .../psasim/src/aut_psa_mac.c | 162 - .../psasim/src/aut_psa_random.c | 47 - .../psasim/src/aut_psa_sign_verify.c | 93 - tests/psa-client-server/psasim/src/client.c | 23 - .../psasim/src/manifest.json | 29 - .../psasim/src/psa_ff_client.c | 385 - .../psasim/src/psa_ff_server.c | 655 - .../psasim/src/psa_functions_codes.h | 107 - .../psasim/src/psa_sim_crypto_client.c | 7906 --------- .../psasim/src/psa_sim_crypto_server.c | 9226 ---------- .../psasim/src/psa_sim_generate.pl | 1208 -- .../psasim/src/psa_sim_serialise.c | 1765 -- .../psasim/src/psa_sim_serialise.h | 1432 -- .../psasim/src/psa_sim_serialise.pl | 1048 -- tests/psa-client-server/psasim/src/server.c | 117 - .../psasim/test/kill_servers.sh | 17 - .../psa-client-server/psasim/test/run_test.sh | 24 - .../psasim/test/start_server.sh | 24 - .../psasim/tools/psa_autogen.py | 174 - tests/scripts/all.sh | 16 - tests/scripts/analyze_outcomes.py | 680 - tests/scripts/audit-validity-dates.py | 469 - tests/scripts/basic-build-test.sh | 248 - tests/scripts/components-basic-checks.sh | 123 - tests/scripts/components-build-system.sh | 241 - tests/scripts/components-compiler.sh | 173 - .../components-configuration-crypto.sh | 2438 --- .../components-configuration-platform.sh | 124 - tests/scripts/components-configuration-tls.sh | 617 - .../scripts/components-configuration-x509.sh | 35 - tests/scripts/components-configuration.sh | 354 - tests/scripts/components-platform.sh | 588 - tests/scripts/components-psasim.sh | 99 - tests/scripts/components-sanitizers.sh | 188 - tests/scripts/depends.py | 631 - tests/scripts/gen_ctr_drbg.pl | 96 - tests/scripts/gen_gcm_decrypt.pl | 101 - tests/scripts/gen_gcm_encrypt.pl | 84 - tests/scripts/gen_pkcs1_v21_sign_verify.pl | 74 - tests/scripts/generate-afl-tests.sh | 71 - tests/scripts/generate_server9_bad_saltlen.py | 87 - tests/scripts/libtestdriver1_rewrite.pl | 48 - tests/scripts/list-identifiers.sh | 54 - tests/scripts/list_internal_identifiers.py | 49 - tests/scripts/psa_collect_statuses.py | 130 - tests/scripts/run-metatests.sh | 89 - tests/scripts/run-test-suites.pl | 165 - tests/scripts/run_demos.py | 65 - tests/scripts/scripts_path.py | 20 - tests/scripts/set_psa_test_dependencies.py | 278 - tests/scripts/test_config_checks.py | 142 - tests/scripts/test_config_script.py | 175 - tests/src/certs.c | 483 - tests/src/test_helpers/ssl_helpers.c | 2613 --- tests/ssl-opt.sh | 13976 ---------------- tests/suites/test_suite_config.function | 14 - .../test_suite_config.tls_combinations.data | 9 - .../suites/test_suite_constant_time_hmac.data | 15 - .../test_suite_constant_time_hmac.function | 108 - tests/suites/test_suite_debug.data | 76 - tests/suites/test_suite_debug.function | 324 - tests/suites/test_suite_error.data | 17 - tests/suites/test_suite_error.function | 21 - tests/suites/test_suite_mps.data | 125 - tests/suites/test_suite_mps.function | 1164 -- tests/suites/test_suite_net.data | 8 - tests/suites/test_suite_net.function | 137 - tests/suites/test_suite_pkcs7.data | 3257 ---- tests/suites/test_suite_pkcs7.function | 185 - tests/suites/test_suite_ssl.data | 3366 ---- tests/suites/test_suite_ssl.function | 5938 ------- tests/suites/test_suite_ssl.records.data | 162 - tests/suites/test_suite_ssl.tls-defrag.data | 215 - tests/suites/test_suite_ssl_decrypt.function | 313 - tests/suites/test_suite_ssl_decrypt.misc.data | 399 - tests/suites/test_suite_test_helpers.data | 23 - tests/suites/test_suite_test_helpers.function | 40 - tests/suites/test_suite_timing.data | 8 - tests/suites/test_suite_timing.function | 57 - tests/suites/test_suite_version.data | 15 - tests/suites/test_suite_version.function | 71 - tests/suites/test_suite_x509_oid.data | 106 - tests/suites/test_suite_x509_oid.function | 92 - tests/suites/test_suite_x509parse.data | 3486 ---- tests/suites/test_suite_x509parse.function | 1794 -- tests/suites/test_suite_x509write.data | 339 - tests/suites/test_suite_x509write.function | 691 - tf-psa-crypto | 1 - 376 files changed, 183480 deletions(-) delete mode 100644 .gitattributes delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md delete mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md delete mode 100644 .github/pull_request_template.md delete mode 100644 .gitignore delete mode 100644 .gitmodules delete mode 100644 .globalrc delete mode 100644 .mypy.ini delete mode 100644 .pylintrc delete mode 100644 .readthedocs.yaml delete mode 100644 .travis.yml delete mode 100644 .uncrustify.cfg delete mode 100644 3rdparty/.gitignore delete mode 100644 BRANCHES.md delete mode 100644 BUGS.md delete mode 100644 CMakeLists.txt delete mode 100644 CONTRIBUTING.md delete mode 100644 ChangeLog delete mode 100644 ChangeLog.d/00README.md delete mode 100644 ChangeLog.d/gnuinstalldirs_include.txt delete mode 100644 ChangeLog.d/iar-6.5fs.txt delete mode 100644 DartConfiguration.tcl delete mode 100644 LICENSE delete mode 100644 README.md delete mode 100644 SECURITY.md delete mode 100644 SUPPORT.md delete mode 100644 cmake/MbedTLSConfig.cmake.in delete mode 100644 configs/README.txt delete mode 100644 configs/config-ccm-psk-dtls1_2.h delete mode 100644 configs/config-ccm-psk-tls1_2.h delete mode 100644 configs/config-suite-b.h delete mode 100644 configs/config-symmetric-only.h delete mode 100644 configs/config-tfm.h delete mode 100644 configs/config-thread.h delete mode 100644 configs/crypto-config-ccm-psk-tls1_2.h delete mode 100644 configs/crypto-config-suite-b.h delete mode 100644 configs/crypto-config-thread.h delete mode 100644 configs/ext/README.md delete mode 100644 configs/ext/config_tfm.h delete mode 100644 configs/ext/mbedtls_entropy_nv_seed_config.h delete mode 100644 configs/ext/tfm_mbedcrypto_config_profile_medium.h delete mode 100644 dco.txt delete mode 100644 docs/.gitignore delete mode 100644 docs/4.0-migration-guide.md delete mode 100644 docs/Makefile delete mode 100644 docs/architecture/Makefile delete mode 100755 docs/architecture/psa-migration/outcome-analysis.sh delete mode 100644 docs/architecture/psa-migration/psa-limitations.md delete mode 100755 docs/architecture/psa-migration/syms.sh delete mode 100644 docs/architecture/testing/invasive-testing.md delete mode 100644 docs/architecture/testing/test-framework.md delete mode 100644 docs/architecture/tls13-support.md delete mode 100644 docs/conf.py delete mode 100644 docs/index.rst delete mode 100644 docs/proposed/Makefile delete mode 100644 docs/proposed/README delete mode 100644 docs/proposed/config-split.md delete mode 100644 docs/redirects.yaml delete mode 100644 docs/requirements.in delete mode 100644 docs/requirements.txt delete mode 100644 docs/tls13-early-data.md delete mode 100644 doxygen/input/doc_encdec.h delete mode 100644 doxygen/input/doc_hashing.h delete mode 100644 doxygen/input/doc_mainpage.h delete mode 100644 doxygen/input/doc_rng.h delete mode 100644 doxygen/input/doc_ssltls.h delete mode 100644 doxygen/input/doc_tcpip.h delete mode 100644 doxygen/input/doc_x509.h delete mode 100644 doxygen/mbedtls.doxyfile delete mode 160000 framework delete mode 100644 include/.gitignore delete mode 100644 include/CMakeLists.txt delete mode 100644 include/mbedtls/build_info.h delete mode 100644 include/mbedtls/debug.h delete mode 100644 include/mbedtls/error.h delete mode 100644 include/mbedtls/mbedtls_config.h delete mode 100644 include/mbedtls/net_sockets.h delete mode 100644 include/mbedtls/oid.h delete mode 100644 include/mbedtls/pkcs7.h delete mode 100644 include/mbedtls/private/config_adjust_ssl.h delete mode 100644 include/mbedtls/private/config_adjust_x509.h delete mode 100644 include/mbedtls/ssl.h delete mode 100644 include/mbedtls/ssl_cache.h delete mode 100644 include/mbedtls/ssl_ciphersuites.h delete mode 100644 include/mbedtls/ssl_cookie.h delete mode 100644 include/mbedtls/ssl_ticket.h delete mode 100644 include/mbedtls/timing.h delete mode 100644 include/mbedtls/version.h delete mode 100644 include/mbedtls/x509.h delete mode 100644 include/mbedtls/x509_crl.h delete mode 100644 include/mbedtls/x509_crt.h delete mode 100644 include/mbedtls/x509_csr.h delete mode 100644 library/.gitignore delete mode 100644 library/CMakeLists.txt delete mode 100644 library/Makefile delete mode 100644 library/debug.c delete mode 100644 library/debug_internal.h delete mode 100644 library/mbedtls_check_config.h delete mode 100644 library/mbedtls_config.c delete mode 100644 library/mps_common.h delete mode 100644 library/mps_error.h delete mode 100644 library/mps_reader.c delete mode 100644 library/mps_reader.h delete mode 100644 library/mps_trace.c delete mode 100644 library/mps_trace.h delete mode 100644 library/net_sockets.c delete mode 100644 library/pkcs7.c delete mode 100644 library/ssl_cache.c delete mode 100644 library/ssl_ciphersuites.c delete mode 100644 library/ssl_ciphersuites_internal.h delete mode 100644 library/ssl_client.c delete mode 100644 library/ssl_client.h delete mode 100644 library/ssl_cookie.c delete mode 100644 library/ssl_debug_helpers.h delete mode 100644 library/ssl_misc.h delete mode 100644 library/ssl_msg.c delete mode 100644 library/ssl_ticket.c delete mode 100644 library/ssl_tls.c delete mode 100644 library/ssl_tls12_client.c delete mode 100644 library/ssl_tls12_server.c delete mode 100644 library/ssl_tls13_client.c delete mode 100644 library/ssl_tls13_generic.c delete mode 100644 library/ssl_tls13_invasive.h delete mode 100644 library/ssl_tls13_keys.c delete mode 100644 library/ssl_tls13_keys.h delete mode 100644 library/ssl_tls13_server.c delete mode 100644 library/timing.c delete mode 100644 library/version.c delete mode 100644 library/x509.c delete mode 100644 library/x509_create.c delete mode 100644 library/x509_crl.c delete mode 100644 library/x509_crt.c delete mode 100644 library/x509_csr.c delete mode 100644 library/x509_internal.h delete mode 100644 library/x509_oid.c delete mode 100644 library/x509_oid.h delete mode 100644 library/x509write.c delete mode 100644 library/x509write_crt.c delete mode 100644 library/x509write_csr.c delete mode 100644 pkgconfig/.gitignore delete mode 100644 pkgconfig/CMakeLists.txt delete mode 100644 pkgconfig/JoinPaths.cmake delete mode 100644 pkgconfig/mbedcrypto.pc.in delete mode 100644 pkgconfig/mbedtls.pc.in delete mode 100644 pkgconfig/mbedx509.pc.in delete mode 100644 programs/.gitignore delete mode 100644 programs/CMakeLists.txt delete mode 100644 programs/Makefile delete mode 100644 programs/README.md delete mode 100644 programs/fuzz/.gitignore delete mode 100644 programs/fuzz/CMakeLists.txt delete mode 100644 programs/fuzz/Makefile delete mode 100644 programs/fuzz/README.md delete mode 100644 programs/fuzz/corpuses/client delete mode 100644 programs/fuzz/corpuses/dtlsclient delete mode 100644 programs/fuzz/corpuses/dtlsserver delete mode 100644 programs/fuzz/corpuses/server delete mode 100644 programs/fuzz/fuzz_client.c delete mode 100644 programs/fuzz/fuzz_client.options delete mode 100644 programs/fuzz/fuzz_dtlsclient.c delete mode 100644 programs/fuzz/fuzz_dtlsclient.options delete mode 100644 programs/fuzz/fuzz_dtlsserver.c delete mode 100644 programs/fuzz/fuzz_dtlsserver.options delete mode 100644 programs/fuzz/fuzz_pkcs7.c delete mode 100644 programs/fuzz/fuzz_pkcs7.options delete mode 100644 programs/fuzz/fuzz_privkey.options delete mode 100644 programs/fuzz/fuzz_pubkey.options delete mode 100644 programs/fuzz/fuzz_server.c delete mode 100644 programs/fuzz/fuzz_server.options delete mode 100644 programs/fuzz/fuzz_x509crl.c delete mode 100644 programs/fuzz/fuzz_x509crl.options delete mode 100644 programs/fuzz/fuzz_x509crt.c delete mode 100644 programs/fuzz/fuzz_x509crt.options delete mode 100644 programs/fuzz/fuzz_x509csr.c delete mode 100644 programs/fuzz/fuzz_x509csr.options delete mode 100644 programs/ssl/CMakeLists.txt delete mode 100644 programs/ssl/dtls_client.c delete mode 100644 programs/ssl/dtls_server.c delete mode 100644 programs/ssl/mini_client.c delete mode 100644 programs/ssl/ssl_client1.c delete mode 100644 programs/ssl/ssl_client2.c delete mode 100644 programs/ssl/ssl_context_info.c delete mode 100644 programs/ssl/ssl_fork_server.c delete mode 100644 programs/ssl/ssl_mail_client.c delete mode 100644 programs/ssl/ssl_pthread_server.c delete mode 100644 programs/ssl/ssl_server.c delete mode 100644 programs/ssl/ssl_server2.c delete mode 100644 programs/ssl/ssl_test_common_source.c delete mode 100644 programs/ssl/ssl_test_lib.c delete mode 100644 programs/ssl/ssl_test_lib.h delete mode 100644 programs/test/CMakeLists.txt delete mode 100644 programs/test/cmake_package/.gitignore delete mode 100644 programs/test/cmake_package/CMakeLists.txt delete mode 100644 programs/test/cmake_package/cmake_package.c delete mode 100644 programs/test/cmake_package_install/.gitignore delete mode 100644 programs/test/cmake_package_install/CMakeLists.txt delete mode 100644 programs/test/cmake_package_install/cmake_package_install.c delete mode 100644 programs/test/cmake_subproject/.gitignore delete mode 100644 programs/test/cmake_subproject/CMakeLists.txt delete mode 100644 programs/test/cmake_subproject/cmake_subproject.c delete mode 100644 programs/test/dlopen.c delete mode 100755 programs/test/generate_cpp_dummy_build.sh delete mode 100644 programs/test/selftest.c delete mode 100644 programs/test/udp_proxy.c delete mode 100755 programs/test/udp_proxy_wrapper.sh delete mode 100644 programs/util/CMakeLists.txt delete mode 100644 programs/util/pem2der.c delete mode 100644 programs/util/strerror.c delete mode 100644 programs/x509/CMakeLists.txt delete mode 100644 programs/x509/cert_app.c delete mode 100644 programs/x509/cert_req.c delete mode 100644 programs/x509/cert_write.c delete mode 100644 programs/x509/crl_app.c delete mode 100644 programs/x509/load_roots.c delete mode 100644 programs/x509/req_app.c delete mode 100644 scripts/basic.requirements.txt delete mode 100755 scripts/bump_version.sh delete mode 100644 scripts/ci.requirements.txt delete mode 100755 scripts/code_size_compare.py delete mode 100644 scripts/common.make delete mode 100755 scripts/config.py delete mode 100644 scripts/data_files/error.fmt delete mode 100644 scripts/data_files/query_config.fmt delete mode 100644 scripts/data_files/version_features.fmt delete mode 100644 scripts/data_files/vs2017-app-template.vcxproj delete mode 100644 scripts/data_files/vs2017-main-template.vcxproj delete mode 100644 scripts/data_files/vs2017-sln-template.sln delete mode 100644 scripts/driver.requirements.txt delete mode 100755 scripts/ecp_comb_table.py delete mode 100755 scripts/footprint.sh delete mode 100644 scripts/framework_scripts_path.py delete mode 100755 scripts/generate_config_checks.py delete mode 100755 scripts/generate_errors.pl delete mode 100755 scripts/generate_features.pl delete mode 100755 scripts/generate_query_config.pl delete mode 100644 scripts/legacy.make delete mode 100644 scripts/maintainer.requirements.txt delete mode 100644 scripts/make_generated_files.bat delete mode 100755 scripts/massif_max.pl rename scripts/{ => mbedtls_framework}/abi_check.py (100%) delete mode 100755 scripts/memory.sh delete mode 100755 scripts/min_requirements.py delete mode 100755 scripts/prepare_release.sh delete mode 100644 scripts/project_name.txt delete mode 100644 scripts/sbom.cdx.json delete mode 100755 scripts/tmp_ignore_makefiles.sh delete mode 100644 tests/.gitignore delete mode 100644 tests/.jenkins/Jenkinsfile delete mode 100644 tests/CMakeLists.txt delete mode 100644 tests/Descriptions.txt delete mode 100644 tests/Makefile delete mode 100755 tests/compat-in-docker.sh delete mode 100755 tests/compat.sh delete mode 100644 tests/configs/tls13-only.h delete mode 100644 tests/configs/user-config-malloc-0-null.h delete mode 100755 tests/context-info.sh delete mode 100644 tests/git-scripts/README.md delete mode 100755 tests/git-scripts/pre-push.sh delete mode 100644 tests/include/alt-dummy/platform_alt.h delete mode 100644 tests/include/alt-dummy/threading_alt.h delete mode 100644 tests/include/alt-dummy/timing_alt.h delete mode 100644 tests/include/test/certs.h delete mode 100644 tests/include/test/ssl_helpers.h delete mode 100755 tests/make-in-docker.sh delete mode 100644 tests/opt-testcases/sample.sh delete mode 100644 tests/opt-testcases/tls13-kex-modes.sh delete mode 100644 tests/opt-testcases/tls13-misc.sh delete mode 100644 tests/psa-client-server/README.md delete mode 100644 tests/psa-client-server/psasim/.gitignore delete mode 100644 tests/psa-client-server/psasim/Makefile delete mode 100644 tests/psa-client-server/psasim/README.md delete mode 100644 tests/psa-client-server/psasim/include/client.h delete mode 100644 tests/psa-client-server/psasim/include/common.h delete mode 100644 tests/psa-client-server/psasim/include/error_ext.h delete mode 100644 tests/psa-client-server/psasim/include/init.h delete mode 100644 tests/psa-client-server/psasim/include/lifecycle.h delete mode 100644 tests/psa-client-server/psasim/include/service.h delete mode 100644 tests/psa-client-server/psasim/include/util.h delete mode 100644 tests/psa-client-server/psasim/src/aut_main.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash_compute.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hkdf.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_key_agreement.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_mac.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_random.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_sign_verify.c delete mode 100644 tests/psa-client-server/psasim/src/client.c delete mode 100644 tests/psa-client-server/psasim/src/manifest.json delete mode 100644 tests/psa-client-server/psasim/src/psa_ff_client.c delete mode 100644 tests/psa-client-server/psasim/src/psa_ff_server.c delete mode 100644 tests/psa-client-server/psasim/src/psa_functions_codes.h delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_client.c delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_server.c delete mode 100755 tests/psa-client-server/psasim/src/psa_sim_generate.pl delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.c delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.h delete mode 100755 tests/psa-client-server/psasim/src/psa_sim_serialise.pl delete mode 100644 tests/psa-client-server/psasim/src/server.c delete mode 100755 tests/psa-client-server/psasim/test/kill_servers.sh delete mode 100755 tests/psa-client-server/psasim/test/run_test.sh delete mode 100755 tests/psa-client-server/psasim/test/start_server.sh delete mode 100755 tests/psa-client-server/psasim/tools/psa_autogen.py delete mode 100755 tests/scripts/all.sh delete mode 100755 tests/scripts/analyze_outcomes.py delete mode 100755 tests/scripts/audit-validity-dates.py delete mode 100755 tests/scripts/basic-build-test.sh delete mode 100644 tests/scripts/components-basic-checks.sh delete mode 100644 tests/scripts/components-build-system.sh delete mode 100644 tests/scripts/components-compiler.sh delete mode 100644 tests/scripts/components-configuration-crypto.sh delete mode 100644 tests/scripts/components-configuration-platform.sh delete mode 100644 tests/scripts/components-configuration-tls.sh delete mode 100644 tests/scripts/components-configuration-x509.sh delete mode 100644 tests/scripts/components-configuration.sh delete mode 100644 tests/scripts/components-platform.sh delete mode 100644 tests/scripts/components-psasim.sh delete mode 100644 tests/scripts/components-sanitizers.sh delete mode 100755 tests/scripts/depends.py delete mode 100755 tests/scripts/gen_ctr_drbg.pl delete mode 100755 tests/scripts/gen_gcm_decrypt.pl delete mode 100755 tests/scripts/gen_gcm_encrypt.pl delete mode 100755 tests/scripts/gen_pkcs1_v21_sign_verify.pl delete mode 100755 tests/scripts/generate-afl-tests.sh delete mode 100755 tests/scripts/generate_server9_bad_saltlen.py delete mode 100755 tests/scripts/libtestdriver1_rewrite.pl delete mode 100755 tests/scripts/list-identifiers.sh delete mode 100755 tests/scripts/list_internal_identifiers.py delete mode 100755 tests/scripts/psa_collect_statuses.py delete mode 100755 tests/scripts/run-metatests.sh delete mode 100755 tests/scripts/run-test-suites.pl delete mode 100755 tests/scripts/run_demos.py delete mode 100644 tests/scripts/scripts_path.py delete mode 100755 tests/scripts/set_psa_test_dependencies.py delete mode 100755 tests/scripts/test_config_checks.py delete mode 100755 tests/scripts/test_config_script.py delete mode 100644 tests/src/certs.c delete mode 100644 tests/src/test_helpers/ssl_helpers.c delete mode 100755 tests/ssl-opt.sh delete mode 100644 tests/suites/test_suite_config.function delete mode 100644 tests/suites/test_suite_config.tls_combinations.data delete mode 100644 tests/suites/test_suite_constant_time_hmac.data delete mode 100644 tests/suites/test_suite_constant_time_hmac.function delete mode 100644 tests/suites/test_suite_debug.data delete mode 100644 tests/suites/test_suite_debug.function delete mode 100644 tests/suites/test_suite_error.data delete mode 100644 tests/suites/test_suite_error.function delete mode 100644 tests/suites/test_suite_mps.data delete mode 100644 tests/suites/test_suite_mps.function delete mode 100644 tests/suites/test_suite_net.data delete mode 100644 tests/suites/test_suite_net.function delete mode 100644 tests/suites/test_suite_pkcs7.data delete mode 100644 tests/suites/test_suite_pkcs7.function delete mode 100644 tests/suites/test_suite_ssl.data delete mode 100644 tests/suites/test_suite_ssl.function delete mode 100644 tests/suites/test_suite_ssl.records.data delete mode 100644 tests/suites/test_suite_ssl.tls-defrag.data delete mode 100644 tests/suites/test_suite_ssl_decrypt.function delete mode 100644 tests/suites/test_suite_ssl_decrypt.misc.data delete mode 100644 tests/suites/test_suite_test_helpers.data delete mode 100644 tests/suites/test_suite_test_helpers.function delete mode 100644 tests/suites/test_suite_timing.data delete mode 100644 tests/suites/test_suite_timing.function delete mode 100644 tests/suites/test_suite_version.data delete mode 100644 tests/suites/test_suite_version.function delete mode 100644 tests/suites/test_suite_x509_oid.data delete mode 100644 tests/suites/test_suite_x509_oid.function delete mode 100644 tests/suites/test_suite_x509parse.data delete mode 100644 tests/suites/test_suite_x509parse.function delete mode 100644 tests/suites/test_suite_x509write.data delete mode 100644 tests/suites/test_suite_x509write.function delete mode 160000 tf-psa-crypto diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index ceb59d7d03..0000000000 --- a/.gitattributes +++ /dev/null @@ -1,2 +0,0 @@ -# Classify all '.function' files as C for syntax highlighting purposes -*.function linguist-language=C diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 15f44aaa0b..0000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -name: Bug report -about: To report a bug, please fill this form. -title: '' -labels: '' -assignees: '' - ---- - -**WARNING:** if the bug you are reporting has or may have security implications, -we ask that you report it privately to - -so that we can prepare and release a fix before publishing the details. -See [SECURITY.md](https://github.com/Mbed-TLS/mbedtls/blob/development/SECURITY.md). - -### Summary - - - -### System information - -Mbed TLS version (number or commit id): -Operating system and version: -Configuration (if not default, please attach `mbedtls_config.h`): -Compiler and options (if you used a pre-built binary, please indicate how you obtained it): -Additional environment information: - -### Expected behavior - - - -### Actual behavior - -**WARNING:* if the actual behaviour suggests memory corruption (like a crash or an error -from a memory checker), then the bug should be assumed to have security -implications (until proven otherwise), and we ask what you report it privately, -see the note at the top of this template. - - -### Steps to reproduce - - - -### Additional information - diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index c1beccd86e..0000000000 --- a/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,8 +0,0 @@ -blank_issues_enabled: false -contact_links: - - name: Mbed TLS security team - url: mailto:mbed-tls-security@lists.trustedfirmware.org - about: Report a security vulnerability. - - name: Mbed TLS mailing list - url: https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org - about: Mbed TLS community support and general discussion. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 3b515137b2..0000000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Enhancement request -about: To request an enhancement, please fill this form. -title: '' -labels: '' -assignees: '' - ---- - -### Suggested enhancement - - - -### Justification - -Mbed TLS needs this because - diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index e48e44beda..0000000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,31 +0,0 @@ -## Description - -Please write a few sentences describing the overall goals of the pull request's commits. - - - -## PR checklist - -Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line. -If the provided content is part of the present PR remove the # symbol. - -- [ ] **changelog** provided | not required because: -- [ ] **development PR** provided # | not required because: -- [ ] **TF-PSA-Crypto PR** provided # | not required because: -- [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required -- [ ] **3.6 PR** provided # | not required because: -- **tests** provided | not required because: - - - -## Notes for the submitter - -Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the -checklist for PR contributors. - -Help make review efficient: -* Multiple simple commits - - please structure your PR into a series of small commits, each of which does one thing -* Avoid force-push - - please do not force-push to update your PR - just add new commit(s) -* See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process. diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 9226eecb4c..0000000000 --- a/.gitignore +++ /dev/null @@ -1,74 +0,0 @@ -# Random seed file created by test scripts and sample programs -seedfile -# Log files created by all.sh to reduce the logs in case a component runs -# successfully -quiet-make.* - -# CMake build artifacts: -CMakeCache.txt -CMakeFiles -CTestTestfile.cmake -cmake_install.cmake -Testing -# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: -*.dir/ -# MSVC files generated by CMake: -/*.sln -/*.vcxproj -/*.filters - -# Test coverage build artifacts: -Coverage -*.gcno -*.gcda -coverage-summary.txt - -# generated by scripts/memory.sh -massif-* - -# Eclipse project files -.cproject -.project -/.settings - -# Unix-like build artifacts: -*.o -*.s - -# MSVC build artifacts: -*.exe -*.pdb -*.ilk -*.lib - -# Python build artifacts: -*.pyc - -# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: -*.dir/ - -# Microsoft CMake extension for Visual Studio Code generates a build directory by default -/build/ - -# Generated documentation: -/apidoc - -# PSA Crypto compliance test repo, cloned by test_psa_compliance.py -/psa-arch-tests - -# Editor navigation files: -/GPATH -/GRTAGS -/GSYMS -/GTAGS -/TAGS -/cscope*.out -/tags - -# clangd compilation database -compile_commands.json -# clangd index files -/.cache/clangd/index/ - -# VScode folder to store local debug files and configurations -.vscode diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 4612b3d0c9..0000000000 --- a/.gitmodules +++ /dev/null @@ -1,6 +0,0 @@ -[submodule "framework"] - path = framework - url = https://github.com/Mbed-TLS/mbedtls-framework -[submodule "tf-psa-crypto"] - path = tf-psa-crypto - url = https://github.com/Mbed-TLS/TF-PSA-Crypto.git diff --git a/.globalrc b/.globalrc deleted file mode 100644 index 01b2ea5a31..0000000000 --- a/.globalrc +++ /dev/null @@ -1,3 +0,0 @@ -default:\ - :langmap=c\:.c.h.function:\ - diff --git a/.mypy.ini b/.mypy.ini deleted file mode 100644 index f727cc20e7..0000000000 --- a/.mypy.ini +++ /dev/null @@ -1,4 +0,0 @@ -[mypy] -mypy_path = framework/scripts:scripts -namespace_packages = True -warn_unused_configs = True diff --git a/.pylintrc b/.pylintrc deleted file mode 100644 index 4a1b6e555f..0000000000 --- a/.pylintrc +++ /dev/null @@ -1,91 +0,0 @@ -[MASTER] -init-hook='import sys; sys.path.append("scripts"); sys.path.append("framework/scripts")' -min-similarity-lines=10 - -[BASIC] -# We're ok with short funtion argument names. -# [invalid-name] -argument-rgx=[a-z_][a-z0-9_]*$ - -# Allow filter and map. -# [bad-builtin] -bad-functions=input - -# We prefer docstrings, but we don't require them on all functions. -# Require them only on long functions (for some value of long). -# [missing-docstring] -docstring-min-length=10 - -# No upper limit on method names. Pylint <2.1.0 has an upper limit of 30. -# [invalid-name] -method-rgx=[a-z_][a-z0-9_]{2,}$ - -# Allow module names containing a dash (but no underscore or uppercase letter). -# They are whole programs, not meant to be included by another module. -# [invalid-name] -module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$ - -# Some functions don't need docstrings. -# [missing-docstring] -no-docstring-rgx=(run_)?main$ - -# We're ok with short local or global variable names. -# [invalid-name] -variable-rgx=[a-z_][a-z0-9_]*$ - -[DESIGN] -# Allow more than the default 7 attributes. -# [too-many-instance-attributes] -max-attributes=15 - -[FORMAT] -# Allow longer modules than the default recommended maximum. -# [too-many-lines] -max-module-lines=2000 - -[MESSAGES CONTROL] -# * locally-disabled, locally-enabled: If we disable or enable a message -# locally, it's by design. There's no need to clutter the Pylint output -# with this information. -# * logging-format-interpolation: Pylint warns about things like -# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``. -# This is of minor utility (mainly a performance gain when there are -# many messages that use formatting and are below the log level). -# Some versions of Pylint (including 1.8, which is the version on -# Ubuntu 18.04) only recognize old-style format strings using '%', -# and complain about something like ``log.info('{}', foo)`` with -# logging-too-many-args (Pylint supports new-style formatting if -# declared globally with logging_format_style under [LOGGING] but -# this requires Pylint >=2.2). -# * no-else-return: Allow the perfectly reasonable idiom -# if condition1: -# return value1 -# else: -# return value2 -# * unnecessary-pass: If we take the trouble of adding a line with "pass", -# it's because we think the code is clearer that way. -disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass - -[REPORTS] -# Don't diplay statistics. Just the facts. -reports=no - -[STRING] -# Complain about -# ``` -# list_of_strings = [ -# 'foo' # <-- missing comma -# 'bar', -# 'corge', -# ] -# ``` -check-str-concat-over-line-jumps=yes - -[VARIABLES] -# Allow unused variables if their name starts with an underscore. -# [unused-argument] -dummy-variables-rgx=_.* - -[SIMILARITIES] -# Ignore imports when computing similarities. -ignore-imports=yes diff --git a/.readthedocs.yaml b/.readthedocs.yaml deleted file mode 100644 index 3cc34740bd..0000000000 --- a/.readthedocs.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# .readthedocs.yaml -# Read the Docs configuration file -# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details - -# Required -version: 2 - -# Include all submodules in the build -submodules: - include: all - recursive: true - -# Set the version of Python and other tools you might need -build: - os: ubuntu-20.04 - apt_packages: - - cmake - tools: - python: "3.9" - jobs: - pre_build: - - ./framework/scripts/apidoc_full.sh - - breathe-apidoc -o docs/api apidoc/xml - post_build: - - | - # Work around Readthedocs bug: Command parsing fails if the 'if' statement is on the first line - if [ "$READTHEDOCS_VERSION" = "development" ]; then - "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml - fi - -# Build documentation in the docs/ directory with Sphinx -sphinx: - builder: dirhtml - configuration: docs/conf.py - -# Optionally declare the Python requirements required to build your docs -python: - install: - - requirements: docs/requirements.txt diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3b4132e056..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Declare python as our language. This way we get our chosen Python version, -# and pip is available. Gcc and clang are available anyway. -dist: jammy -os: linux -language: python -python: 3.10 - -cache: ccache - -branches: - only: - coverity_scan - -install: - - $PYTHON scripts/min_requirements.py - -env: - global: - - SEED=1 - - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo=" -addons: - coverity_scan: - project: - name: "ARMmbed/mbedtls" - notification_email: support-mbedtls@arm.com - build_command_prepend: - build_command: make - branch_pattern: coverity_scan diff --git a/.uncrustify.cfg b/.uncrustify.cfg deleted file mode 100644 index 8dc9db0497..0000000000 --- a/.uncrustify.cfg +++ /dev/null @@ -1,240 +0,0 @@ -# Configuration options for Uncrustify specifying the Mbed TLS code style. -# -# Note: The code style represented by this file has not yet been introduced -# to Mbed TLS. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - - -# Wrap lines at 100 characters -code_width = 100 - -# Allow splitting long for statements between the condition statements -ls_for_split_full = true - -# Allow splitting function calls between arguments -ls_func_split_full = true - -input_tab_size = 4 - -# Spaces-only indentation -indent_with_tabs = 0 - -indent_columns = 4 - -# Indent 'case' 1 level from 'switch' -indent_switch_case = indent_columns - -# Line-up strings broken by '\' -indent_align_string = true - -# Braces on the same line (Egyptian-style braces) -nl_enum_brace = remove -nl_union_brace = remove -nl_struct_brace = remove -nl_do_brace = remove -nl_if_brace = remove -nl_for_brace = remove -nl_else_brace = remove -nl_while_brace = remove -nl_switch_brace = remove - -# Braces on same line as keywords that follow them - 'else' and the 'while' in 'do {} while ()'; -nl_brace_else = remove -nl_brace_while = remove -# Space before else on the same line -sp_brace_else = add -# If else is on the same line as '{', force exactly 1 space between them -sp_else_brace = force - -# Functions are the exception and have braces on the next line -nl_fcall_brace = add -nl_fdef_brace = add - -# Force exactly one space between ')' and '{' in statements -sp_sparen_brace = force - -# At least 1 space around assignment -sp_assign = add - -# Remove spaces around the preprocessor '##' token-concatenate -sp_pp_concat = ignore - -# At least 1 space around '||' and '&&' -sp_bool = add - -# But no space after the '!' operator -sp_not = remove - -# No space after the bitwise-not '~' operator -sp_inv = remove - -# No space after the addressof '&' operator -sp_addr = remove - -# No space around the member '.' and '->' operators -sp_member = remove - -# No space after the dereference '*' operator -sp_deref = remove - -# No space after a unary negation '-' -sp_sign = remove - -# No space between the '++'/'--' operator and its operand -sp_incdec = remove - -# At least 1 space around comparison operators -sp_compare = add - -# Remove spaces inside all kinds of parentheses: - -# Remove spaces inside parentheses -sp_inside_paren = remove - -# No spaces inside statement parentheses -sp_inside_sparen = remove - -# No spaces inside cast parentheses '( char )x' -> '(char)x' -sp_inside_paren_cast = remove - -# No spaces inside function parentheses -sp_inside_fparen = remove -# (The case where the function has no parameters/arguments) -sp_inside_fparens = remove - -# No spaces inside the first parentheses in a function type -sp_inside_tparen = remove - -# (Uncrustify >= 0.74.0) No spaces inside parens in for statements -sp_inside_for = remove - -# Remove spaces between nested parentheses '( (' -> '((' -sp_paren_paren = remove -# (Uncrustify >= 0.74.0) -sp_sparen_paren = remove - -# Remove spaces between ')' and adjacent '(' -sp_cparen_oparen = remove - -# (Uncrustify >= 0.73.0) space between 'do' and '{' -sp_do_brace_open = force - -# (Uncrustify >= 0.73.0) space between '}' and 'while' -sp_brace_close_while = force - -# At least 1 space before a '*' pointer star -sp_before_ptr_star = add - -# Remove spaces between pointer stars -sp_between_ptr_star = remove - -# No space after a pointer star -sp_after_ptr_star = remove - -# But allow a space in the case of e.g. char * const x; -sp_after_ptr_star_qualifier = ignore - -# Remove space after star in a function return type -sp_after_ptr_star_func = remove - -# At least 1 space after a type in variable definition etc -sp_after_type = add - -# Force exactly 1 space between a statement keyword (e.g. 'if') and an opening parenthesis -sp_before_sparen = force - -# Remove a space before a ';' -sp_before_semi = remove -# (Uncrustify >= 0.73.0) Remove space before a semi in a non-empty for -sp_before_semi_for = remove -# (Uncrustify >= 0.73.0) Remove space in empty first statement of a for -sp_before_semi_for_empty = remove -# (Uncrustify >= 0.74.0) Remove space in empty middle statement of a for -sp_between_semi_for_empty = remove - -# Add a space after a ';' (unless a comment follows) -sp_after_semi = add -# (Uncrustify >= 0.73.0) Add a space after a semi in non-empty for statements -sp_after_semi_for = add -# (Uncrustify >= 0.73.0) No space after final semi in empty for statements -sp_after_semi_for_empty = remove - -# Remove spaces on the inside of square brackets '[]' -sp_inside_square = remove - -# Must have at least 1 space after a comma -sp_after_comma = add - -# Must not have a space before a comma -sp_before_comma = remove - -# No space before the ':' in a case statement -sp_before_case_colon = remove - -# Must have space after a cast - '(char)x' -> '(char) x' -sp_after_cast = add - -# No space between 'sizeof' and '(' -sp_sizeof_paren = remove - -# At least 1 space inside '{ }' -sp_inside_braces = add - -# At least 1 space inside '{ }' in an enum -sp_inside_braces_enum = add - -# At least 1 space inside '{ }' in a struct -sp_inside_braces_struct = add - -# At least 1 space between a function return type and the function name -sp_type_func = add - -# No space between a function name and its arguments/parameters -sp_func_proto_paren = remove -sp_func_def_paren = remove -sp_func_call_paren = remove - -# No space between '__attribute__' and '(' -sp_attribute_paren = remove - -# No space between 'defined' and '(' in preprocessor conditions -sp_defined_paren = remove - -# At least 1 space between a macro's name and its definition -sp_macro = add -sp_macro_func = add - -# Force exactly 1 space between a '}' and the name of a typedef if on the same line -sp_brace_typedef = force - -# At least 1 space before a '\' line continuation -sp_before_nl_cont = add - -# At least 1 space around '?' and ':' in ternary statements -sp_cond_colon = add -sp_cond_question = add - -# Space between #else/#endif and comment afterwards -sp_endif_cmt = add - -# Remove newlines at the start of a file -nl_start_of_file = remove - -# At least 1 newline at the end of a file -nl_end_of_file = add -nl_end_of_file_min = 1 - -# Add braces in single-line statements -mod_full_brace_do = add -mod_full_brace_for = add -mod_full_brace_if = add -mod_full_brace_while = add - -# Remove parentheses from return statements -mod_paren_on_return = remove - -# Disable removal of leading spaces in a multi-line comment if the first and -# last lines are the same length -cmt_multi_check_last = false diff --git a/3rdparty/.gitignore b/3rdparty/.gitignore deleted file mode 100644 index 5fc607b9e2..0000000000 --- a/3rdparty/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/Makefile diff --git a/BRANCHES.md b/BRANCHES.md deleted file mode 100644 index c781704977..0000000000 --- a/BRANCHES.md +++ /dev/null @@ -1,92 +0,0 @@ -# Maintained branches - -At any point in time, we have a number of maintained branches, currently consisting of: - -- The [`main`](https://github.com/Mbed-TLS/mbedtls/tree/main) branch: - this always contains the latest release, including all publicly available - security fixes. -- The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch: - this is where the next minor version of Mbed TLS 4.x is prepared. It contains - new features, bug fixes, and security fixes. -- One or more long-time support (LTS) branches: these only get bug fixes and - security fixes. Currently, the supported LTS branches are: -- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6). - -We retain a number of historical branches, whose names are prefixed by `archive/`, -such as [`archive/mbedtls-2.7`](https://github.com/Mbed-TLS/mbedtls/tree/archive/mbedtls-2.7). -These branches will not receive any changes or updates. - -We use [Semantic Versioning](https://semver.org/). In particular, we maintain -API compatibility in the `main` branch across minor version changes (e.g. -the API of 4.(x+1) is backward compatible with 4.x). We only break API -compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain -ABI compatibility within LTS branches; see the next section for details. - -We will make regular LTS releases on an 18-month cycle, each of which will have -a 3 year support lifetime. On this basis, 3.6 LTS (released March 2024) will be -supported until March 2027. The next LTS release will be a 4.x release. Due to -the size and scope of the 4.0 release, the release date of the first 4.x LTS is -yet to be determined. - -## Backwards Compatibility for application code - -We maintain API compatibility in released versions of Mbed TLS. If you have -code that's working and secure with Mbed TLS x.y.z and does not rely on -undocumented features, then you should be able to re-compile it without -modification with any later release x.y'.z' with the same major version -number, and your code will still build, be secure, and work. - -Note that this guarantee only applies if you either use the default -compile-time configuration (`mbedtls/mbedtls_config.h`) or the same modified -compile-time configuration. Changing compile-time configuration options can -result in an incompatible API or ABI, although features will generally not -affect unrelated features (for example, enabling or disabling a -cryptographic algorithm does not break code that does not use that -algorithm). - -Note that new releases of Mbed TLS may extend the API. Here are some -examples of changes that are common in minor releases of Mbed TLS, and are -not considered API compatibility breaks: - -* Adding or reordering fields in a structure or union. -* Removing a field from a structure, unless the field is documented as public. -* Adding items to an enum. -* Returning an error code that was not previously documented for a function - when a new error condition arises. -* Changing which error code is returned in a case where multiple error - conditions apply. -* Changing the behavior of a function from failing to succeeding, when the - change is a reasonable extension of the current behavior, i.e. the - addition of a new feature. - -There are rare exceptions where we break API compatibility: code that was -relying on something that became insecure in the meantime (for example, -crypto that was found to be weak) may need to be changed. In case security -comes in conflict with backwards compatibility, we will put security first, -but always attempt to provide a compatibility option. - -## Long-time support branches - -For the LTS branches, additionally we try very hard to also maintain ABI -compatibility (same definition as API except with re-linking instead of -re-compiling) and to avoid any increase in code size or RAM usage, or in the -minimum version of tools needed to build the code. The only exception, as -before, is in case those goals would conflict with fixing a security issue, we -will put security first but provide a compatibility option. (So far we never -had to break ABI compatibility in an LTS branch, but we occasionally had to -increase code size for a security fix.) - -For contributors, see the [Backwards Compatibility section of -CONTRIBUTING](CONTRIBUTING.md#backwards-compatibility). - -## Current Branches - -The following branches are currently maintained: - -- [main](https://github.com/Mbed-TLS/mbedtls/tree/main) -- [`development`](https://github.com/Mbed-TLS/mbedtls/) -- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) - maintained until March 2027, see - . - -Users are urged to always use the latest version of a maintained branch. diff --git a/BUGS.md b/BUGS.md deleted file mode 100644 index a65c606de9..0000000000 --- a/BUGS.md +++ /dev/null @@ -1,20 +0,0 @@ -## Known issues - -Known issues in Mbed TLS are [tracked on GitHub](https://github.com/Mbed-TLS/mbedtls/issues). - -## Reporting a bug - -If you think you've found a bug in Mbed TLS, please follow these steps: - -1. Make sure you're using the latest version of a - [maintained branch](BRANCHES.md): `main`, `development`, - or a long-time support branch. -2. Check [GitHub](https://github.com/Mbed-TLS/mbedtls/issues) to see if - your issue has already been reported. If not, … -3. If the issue is a security risk (for example: buffer overflow, - data leak), please report it confidentially as described in - [`SECURITY.md`](SECURITY.md). If not, … -4. Please [create an issue on on GitHub](https://github.com/Mbed-TLS/mbedtls/issues). - -Please do not use GitHub for support questions. If you want to know -how to do something with Mbed TLS, please see [`SUPPORT.md`](SUPPORT.md) for available documentation and support channels. diff --git a/CMakeLists.txt b/CMakeLists.txt deleted file mode 100644 index 640a338b4d..0000000000 --- a/CMakeLists.txt +++ /dev/null @@ -1,550 +0,0 @@ -# -# CMake build system design considerations: -# -# - Include directories: -# + Do not define include directories globally using the include_directories -# command but rather at the target level using the -# target_include_directories command. That way, it is easier to guarantee -# that targets are built using the proper list of include directories. -# + Use the PUBLIC and PRIVATE keywords to specify the scope of include -# directories. That way, a target linking to a library (using the -# target_link_libraries command) inherits from the library PUBLIC include -# directories and not from the PRIVATE ones. -# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling -# CMake in order to avoid target name clashes, via the use of -# MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the -# mbedtls, mbedx509, tfpsacrypto and mbedtls-apidoc targets. -# - -# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here -# until our infrastructure catches up. -cmake_minimum_required(VERSION 3.5.1) - -include(CMakePackageConfigHelpers) - -# Include convenience functions for printing properties and variables, like -# cmake_print_properties(), cmake_print_variables(). -include(CMakePrintHelpers) - -# https://cmake.org/cmake/help/latest/policy/CMP0011.html -# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD -# policy setting is deprecated, and will be removed in future versions. -cmake_policy(SET CMP0011 NEW) -# https://cmake.org/cmake/help/latest/policy/CMP0012.html -# Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2 -# (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required -# for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting -# is deprecated and will be removed in future versions. -cmake_policy(SET CMP0012 NEW) - -set(MBEDTLS_VERSION 4.0.0) -set(MBEDTLS_CRYPTO_SOVERSION 17) -set(MBEDTLS_X509_SOVERSION 8) -set(MBEDTLS_TLS_SOVERSION 22) - -if(TEST_CPP) - project("Mbed TLS" - LANGUAGES C CXX - VERSION ${MBEDTLS_VERSION} - ) -else() - project("Mbed TLS" - LANGUAGES C - VERSION ${MBEDTLS_VERSION} - ) -endif() - -include(GNUInstallDirs) - -# Determine if Mbed TLS is being built as a subproject using add_subdirectory() -if(NOT DEFINED MBEDTLS_AS_SUBPROJECT) - set(MBEDTLS_AS_SUBPROJECT ON) - if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR) - set(MBEDTLS_AS_SUBPROJECT OFF) - endif() -endif() - -# Set the project and framework root directory. -set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}) -set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/framework) - -option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON) - -option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) -if(CMAKE_HOST_WIN32) - # N.B. The comment on the next line is significant! If you change it, - # edit the sed command in prepare_release.sh that modifies - # CMakeLists.txt. - option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development -else() - option(GEN_FILES "Generate the auto-generated files as needed" ON) -endif() - -option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT}) - -if (CMAKE_C_SIMULATE_ID) - set(COMPILER_ID ${CMAKE_C_SIMULATE_ID}) -else() - set(COMPILER_ID ${CMAKE_C_COMPILER_ID}) -endif(CMAKE_C_SIMULATE_ID) - -string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}") -string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}") -string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}") -string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}") - -# the test suites currently have compile errors with MSVC -if(CMAKE_COMPILER_IS_MSVC) - option(ENABLE_TESTING "Build Mbed TLS tests." OFF) -else() - option(ENABLE_TESTING "Build Mbed TLS tests." ON) -endif() - -option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON) -option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF) -option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF) -option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF) - -# Python 3 is only needed here to check for configuration warnings. -if(NOT CMAKE_VERSION VERSION_LESS 3.15.0) - set(Python3_FIND_STRATEGY LOCATION) - find_package(Python3 COMPONENTS Interpreter) - if(Python3_Interpreter_FOUND) - set(MBEDTLS_PYTHON_EXECUTABLE ${Python3_EXECUTABLE}) - endif() -else() - find_package(PythonInterp 3) - if(PYTHONINTERP_FOUND) - set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE}) - endif() -endif() - -# We now potentially need to link all executables against PThreads, if available -set(CMAKE_THREAD_PREFER_PTHREAD TRUE) -set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) - -# If this is the root project add longer list of available CMAKE_BUILD_TYPE values -if(NOT MBEDTLS_AS_SUBPROJECT) - set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg" - FORCE) -endif() - -# Make MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE into PATHs -set(MBEDTLS_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS config file (overrides default).") -set(MBEDTLS_USER_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS user config file (appended to default).") - -# Create a symbolic link from ${base_name} in the binary directory -# to the corresponding path in the source directory. -# Note: Copies the file(s) on Windows. -function(link_to_source base_name) - set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}") - set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}") - - # Linking to non-existent file is not desirable. At best you will have a - # dangling link, but when building in tree, this can create a symbolic link - # to itself. - if (EXISTS ${target} AND NOT EXISTS ${link}) - if (CMAKE_HOST_UNIX) - execute_process(COMMAND ln -s ${target} ${link} - RESULT_VARIABLE result - ERROR_VARIABLE output) - - if (NOT ${result} EQUAL 0) - message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}") - endif() - else() - if (IS_DIRECTORY ${target}) - file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*") - foreach(file IN LISTS files) - configure_file("${target}/${file}" "${link}/${file}" COPYONLY) - endforeach(file) - else() - configure_file(${target} ${link} COPYONLY) - endif() - endif() - endif() -endfunction(link_to_source) - -# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b") -function(get_name_without_last_ext dest_var full_name) - # Split into a list on '.' (but a cmake list is just a ';'-separated string) - string(REPLACE "." ";" ext_parts "${full_name}") - # Remove the last item if there are more than one - list(LENGTH ext_parts ext_parts_len) - if (${ext_parts_len} GREATER "1") - math(EXPR ext_parts_last_item "${ext_parts_len} - 1") - list(REMOVE_AT ext_parts ${ext_parts_last_item}) - endif() - # Convert back to a string by replacing separators with '.' - string(REPLACE ";" "." no_ext_name "${ext_parts}") - # Copy into the desired variable - set(${dest_var} ${no_ext_name} PARENT_SCOPE) -endfunction(get_name_without_last_ext) - -include(CheckCCompilerFlag) - -set(CMAKE_C_EXTENSIONS OFF) -set(CMAKE_C_STANDARD 99) - -function(set_base_compile_options target) - if(CMAKE_COMPILER_IS_GNU) - set_gnu_base_compile_options(${target}) - elseif(CMAKE_COMPILER_IS_CLANG) - set_clang_base_compile_options(${target}) - elseif(CMAKE_COMPILER_IS_IAR) - set_iar_base_compile_options(${target}) - elseif(CMAKE_COMPILER_IS_MSVC) - set_msvc_base_compile_options(${target}) - endif() -endfunction(set_base_compile_options) - -function(set_gnu_base_compile_options target) - # some warnings we want are not available with old GCC versions - # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION - execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion - OUTPUT_VARIABLE GCC_VERSION) - target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes) - if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) - target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral) - endif() - if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3) - target_compile_options(${target} PRIVATE -Wvla) - endif() - if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5) - target_compile_options(${target} PRIVATE -Wlogical-op) - endif() - if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - target_compile_options(${target} PRIVATE -Wshadow) - endif() - if (GCC_VERSION VERSION_GREATER 5.0) - CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) - if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) - target_compile_options(${target} PRIVATE -Wformat-signedness) - endif() - endif() - if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0) - target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation) - endif() - target_compile_options(${target} PRIVATE $<$:-O2>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") - # Old GCC versions hit a performance problem with test_suite_pkwrite - # "Private keey write check EC" tests when building with Asan+UBSan - # and -O3: those tests take more than 100x time than normal, with - # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on - # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64. - # GCC 7.5 and above on Ubuntu 18.04 appear fine. - # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0. - # It doesn't slow down much even with modern compiler versions. - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>) - if (GCC_VERSION VERSION_LESS 7.0) - target_compile_options(${target} PRIVATE $<$:-O2>) - else() - target_compile_options(${target} PRIVATE $<$:-O3>) - endif() - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-Os>) - target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_gnu_base_compile_options) - -function(set_clang_base_compile_options target) - target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral) - target_compile_options(${target} PRIVATE $<$:-O2>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3>) - target_compile_options(${target} PRIVATE $<$:-O0 -g3 --coverage>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage") - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined") - target_compile_options(${target} PRIVATE $<$:-fsanitize=memory>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory") - target_compile_options(${target} PRIVATE $<$:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O3>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>) - set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") - target_compile_options(${target} PRIVATE $<$:-Os>) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_clang_base_compile_options) - -function(set_iar_base_compile_options target) - target_compile_options(${target} PRIVATE --warn_about_c_style_casts) - target_compile_options(${target} PRIVATE $<$:-Ohz>) - target_compile_options(${target} PRIVATE $<$:--debug -On>) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE --warnings_are_errors) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_iar_base_compile_options) - -function(set_msvc_base_compile_options target) - # Strictest warnings, UTF-8 source and execution charset - target_compile_options(${target} PRIVATE /W3 /utf-8) - - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE /WX) - endif(MBEDTLS_FATAL_WARNINGS) -endfunction(set_msvc_base_compile_options) - -function(set_config_files_compile_definitions target) - # Pass-through MBEDTLS_CONFIG_FILE, MBEDTLS_USER_CONFIG_FILE, - # TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE - if(MBEDTLS_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") - endif() - if(MBEDTLS_USER_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") - endif() - if(TF_PSA_CRYPTO_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC TF_PSA_CRYPTO_CONFIG_FILE="${TF_PSA_CRYPTO_CONFIG_FILE}") - endif() - if(TF_PSA_CRYPTO_USER_CONFIG_FILE) - target_compile_definitions(${target} - PUBLIC TF_PSA_CRYPTO_USER_CONFIG_FILE="${TF_PSA_CRYPTO_USER_CONFIG_FILE}") - endif() -endfunction(set_config_files_compile_definitions) - -if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP) - set(CMAKE_CXX_STANDARD 11) - set(CMAKE_CXX_STANDARD_REQUIRED ON) - set(CMAKE_CXX_EXTENSIONS OFF) - if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pedantic") - endif() -endif() - -if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt") - if (EXISTS "${MBEDTLS_DIR}/.git") - message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents.") - else () - message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found (and does not appear to be a git checkout). Please ensure you have downloaded the right archive from the release page on GitHub.") - endif() -endif() -add_subdirectory(framework) - -add_subdirectory(include) - -set(TF_PSA_CRYPTO_TARGET_PREFIX ${MBEDTLS_TARGET_PREFIX} CACHE STRING "") -set(TF_PSA_CRYPTO_FATAL_WARNINGS ${MBEDTLS_FATAL_WARNINGS} CACHE BOOL "") -set(USE_STATIC_TF_PSA_CRYPTO_LIBRARY ${USE_STATIC_MBEDTLS_LIBRARY} CACHE BOOL "") -set(USE_SHARED_TF_PSA_CRYPTO_LIBRARY ${USE_SHARED_MBEDTLS_LIBRARY} CACHE BOOL "") -add_subdirectory(tf-psa-crypto) - -set(tfpsacrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto") -if (USE_STATIC_MBEDTLS_LIBRARY) - set(tfpsacrypto_static_target ${tfpsacrypto_target}) -endif() -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - string(APPEND tfpsacrypto_static_target "_static") -endif() - -set(tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto) - -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - list(APPEND tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static) -endif() - -foreach(target IN LISTS tf_psa_crypto_library_targets) - if(NOT TARGET ${target}) - message(FATAL_ERROR "TF-PSA-Crypto target ${target} does not exist.") - endif() -endforeach(target) - -add_subdirectory(library) - -add_subdirectory(pkgconfig) - -# -# The C files in framework/tests/src directory contain test code shared among test suites -# and programs. This shared test code is compiled and linked to test suites and -# programs objects as a set of compiled objects. The compiled objects are NOT -# built into a library that the test suite and program objects would link -# against as they link against the tfpsacrypto, mbedx509 and mbedtls libraries. -# The reason is that such library is expected to have mutual dependencies with -# the aforementioned libraries and that there is as of today no portable way of -# handling such dependencies (only toolchain specific solutions). -# -# Thus the below definition of the `mbedtls_test` CMake library of objects -# target. This library of objects is used by tests and programs CMake files -# to define the test executables. -# -if(ENABLE_TESTING OR ENABLE_PROGRAMS) - file(GLOB MBEDTLS_TEST_FILES - ${MBEDTLS_FRAMEWORK_DIR}/tests/src/*.c - ${MBEDTLS_FRAMEWORK_DIR}/tests/src/drivers/*.c) - add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) - set_base_compile_options(mbedtls_test) - if(GEN_FILES) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h - COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py" - "--output" - "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h" - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py - ) - add_custom_target(mbedtls_test_keys_header - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) - add_dependencies(mbedtls_test mbedtls_test_keys_header) - endif() - target_include_directories(mbedtls_test - PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include - PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include - PRIVATE tests/include - PRIVATE include - PRIVATE tf-psa-crypto/include - PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include - PRIVATE library - PRIVATE tf-psa-crypto/core - PRIVATE tf-psa-crypto/drivers/builtin/src) - # Request C11, needed for memory poisoning tests - set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11) - set_config_files_compile_definitions(mbedtls_test) - - file(GLOB MBEDTLS_TEST_HELPER_FILES - tests/src/*.c tests/src/test_helpers/*.c) - add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES}) - set_base_compile_options(mbedtls_test_helpers) - if(GEN_FILES) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h - COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py" - "--output" - "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h" - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py - ) - add_custom_target(mbedtls_test_certs_header - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h) - add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header) - endif() - target_include_directories(mbedtls_test_helpers - PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include - PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include - PRIVATE tests/include - PRIVATE include - PRIVATE tf-psa-crypto/include - PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE library - PRIVATE tf-psa-crypto/core - PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include) - - set_config_files_compile_definitions(mbedtls_test_helpers) -endif() - -if(ENABLE_PROGRAMS) - set(ssl_opt_target "${MBEDTLS_TARGET_PREFIX}ssl-opt") - add_custom_target(${ssl_opt_target}) - - add_subdirectory(programs) -endif() - -ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}mbedtls-apidoc - COMMAND doxygen mbedtls.doxyfile - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen) - -if(ENABLE_TESTING) - enable_testing() - - add_subdirectory(tests) - - # additional convenience targets for Unix only - if(UNIX AND (NOT MBEDTLS_AS_SUBPROJECT)) - # For coverage testing: - # 1. Build with: - # cmake -D CMAKE_BUILD_TYPE=Coverage /path/to/source && make - # 2. Run the relevant tests for the part of the code you're interested in. - # For the reference coverage measurement, see - # tests/scripts/basic-build-test.sh - # 3. Run ${MBEDTLS_FRAMEWORK_DIR}/scripts/lcov.sh to generate an HTML report. - ADD_CUSTOM_TARGET(lcov - COMMAND ${MBEDTLS_FRAMEWORK_DIR}/scripts/lcov.sh - ) - - ADD_CUSTOM_TARGET(memcheck - COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl - COMMAND ctest -O memcheck.log -D ExperimentalMemCheck - COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null - COMMAND rm -f memcheck.log - COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl - ) - endif() - - # Make scripts needed for testing available in an out-of-source build. - if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - link_to_source(scripts) - # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to - # keep things simple with the sed commands in the memcheck target. - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl - ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY) - endif() -endif() - -if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) - configure_package_config_file( - "cmake/MbedTLSConfig.cmake.in" - "cmake/MbedTLSConfig.cmake" - INSTALL_DESTINATION "cmake") - - write_basic_package_version_file( - "cmake/MbedTLSConfigVersion.cmake" - COMPATIBILITY SameMajorVersion - VERSION "${MBEDTLS_VERSION}") - - install( - FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" - "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake" - DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS") - - export( - EXPORT MbedTLSTargets - NAMESPACE MbedTLS:: - FILE "cmake/MbedTLSTargets.cmake") - - install( - EXPORT MbedTLSTargets - NAMESPACE MbedTLS:: - DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS" - FILE "MbedTLSTargets.cmake") - - if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15) - # Do not export the package by default - cmake_policy(SET CMP0090 NEW) - - # Make this package visible to the system - export(PACKAGE MbedTLS) - endif() -endif() diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 3b424f1107..0000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,97 +0,0 @@ -Contributing -============ -We gratefully accept bug reports and contributions from the community. All PRs are reviewed by the project team / community, and may need some modifications to -be accepted. - -Quick Checklist for PR contributors ------------------------------------ -More details on all of these points may be found in the sections below. - -- [Sign-off](#license-and-copyright): all commits must be signed off. -- [Tests](#tests): please ensure the PR includes adequate tests. -- [Changelog](#documentation): if needed, please provide a changelog entry. -- [Backports](#long-term-support-branches): provide a backport if needed (it's fine to wait until the main PR is accepted). - -Coding Standards ----------------- -- Contributions should include tests, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections. Please check that your contribution passes basic tests before submission, and check the CI results after making a pull request. -- The code should be written in a clean and readable style, and must follow [our coding standards](https://mbed-tls.readthedocs.io/en/latest/kb/development/mbedtls-coding-standards/). -- The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs. -- The code should be secure, and will be reviewed from a security point of view as well. - -Making a Contribution ---------------------- -1. [Check for open issues](https://github.com/Mbed-TLS/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug. -1. Fork the [Mbed TLS repository on GitHub](https://github.com/Mbed-TLS/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/Mbed-TLS/mbedtls/tree/development) as a basis. -1. Write a test which shows that the bug was fixed or that the feature works as expected. -1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. See our [review process guidelines](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/). -1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it. - -Backwards Compatibility ------------------------ - -The project aims to minimise the impact on users upgrading to newer versions of the library and it should not be necessary for a user to make any changes to their own code to work with a newer version of the library. Unless the user has made an active decision to use newer features, a newer generation of the library or a change has been necessary due to a security issue or other significant software defect, no modifications to their own code should be necessary. To achieve this, API compatibility is maintained between different versions of Mbed TLS on the main development branch and in LTS (Long Term Support) branches, as described in [BRANCHES.md](BRANCHES.md). - -To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change. If there is an API change, the contribution, if accepted, will be merged only when there is a major release. - -No changes are permitted to the definition of functions in the public interface which will change the API. Instead the interface can only be changed by its extension. Where changes to an existing interface are necessary, functions in the public interface which need to be changed are marked as 'deprecated'. If there is a strong reason to replace an existing function with one that has a slightly different interface (different prototype, or different documented behavior), create a new function with a new name with the desired interface. Keep the old function, but mark it as deprecated. - -Periodically, the library will remove deprecated functions from the library which will be a breaking change in the API, but such changes will be made only in a planned, structured way that gives sufficient notice to users of the library. - -Long Term Support Branches --------------------------- -Mbed TLS maintains several LTS (Long Term Support) branches, which are maintained continuously for a given period. The LTS branches are provided to allow users of the library to have a maintained, stable version of the library which contains only security fixes and fixes for other defects, without encountering additional features or API extensions which may introduce issues or change the code size or RAM usage, which can be significant considerations on some platforms. To allow users to take advantage of the LTS branches, these branches maintain backwards compatibility for both the public API and ABI. - -When backporting to these branches please observe the following rules: - -1. Any change to the library which changes the API or ABI cannot be backported. -1. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted. -1. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts. - -It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/Mbed-TLS/mbedtls/tree/development) by contributors. - -The list of maintained branches can be found in the [Current Branches section -of BRANCHES.md](BRANCHES.md#current-branches). - -Tests ------ -As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist. - -Mbed TLS includes a comprehensive set of test suites in the `tests/` directory that are dynamically generated to produce the actual test source files (e.g. `test_suite_ssl.c`). These files are generated from a `function file` (e.g. `suites/test_suite_ssl.function`) and a `data file` (e.g. `suites/test_suite_ssl.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function. - -[A Knowledge Base article describing how to add additional tests is available on the Mbed TLS website](https://mbed-tls.readthedocs.io/en/latest/kb/development/test_suites/). - -A test script `tests/scripts/basic-build-test.sh` is available to show test coverage of the library. New code contributions should provide a similar level of code coverage to that which already exists for the library. - -Sample applications, if needed, should be modified as well. - -Continuous Integration Tests ----------------------------- -Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. - -It is advised to enable the [githooks scripts](https://github.com/Mbed-TLS/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible. - -Documentation -------------- -Mbed TLS is well documented, but if you think documentation is needed, speak out! - -1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation. -1. Complex parts in the code should include comments. -1. If needed, a Readme file is advised. -1. If a [Knowledge Base (KB)](https://mbed-tls.readthedocs.io/en/latest/kb/) article should be added, write this as a comment in the PR description. -1. A [ChangeLog](https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution. - -License and Copyright ---------------------- - -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under. - -Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. - -All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later". - -The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors". - -When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and is submitted under both the Apache-2.0 AND GPL-2.0-or-later licenses. - -This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line. diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 4dc0941fee..0000000000 --- a/ChangeLog +++ /dev/null @@ -1,6366 +0,0 @@ -Mbed TLS ChangeLog (Sorted per branch, date) - -= Mbed TLS 4.0.0 branch released 2025-10-15 - -API changes - * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to - specify the AEAD for ticket protection. - * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() - functions can now return PSA_ERROR_xxx values. - There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes. - This will not affect most applications since the error values are - between -32767 and -1 as before. - * All API functions now use the PSA random generator psa_generate_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - docs/4.0-migration-guide.md. - * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared - as having const elements, reflecting the fact that the library will - not modify it - * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw - function to a const to align with the rest of the API. - * Change the signature of the runtime version information methods that took - a char* as an argument to take zero arguments and return a const char* - instead. This aligns us with the interface used in TF PSA Crypto 1.0. - If you need to support linking against both Mbed TLS 3.x and 4.x, please - use the build-time version macros or mbedtls_version_get_number() to - determine the correct signature for mbedtls_version_get_string() and - mbedtls_version_get_string_full() before calling them. - Fixes issue #10308. - * Make the following error codes aliases of their PSA equivalents, where - xxx is a module, e.g. X509 or SSL. - MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT - MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY - MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL - MBEDTLS_ERR_PKCS7_VERIFY_FAIL -> PSA_ERROR_INVALID_SIGNATURE - * Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables - TLS 1.2 ciphersuites without encryption and is disabled by default. - This new option replaces MBEDTLS_CIPHER_NULL_CIPHER. - -Default behavior changes - * The X.509 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. - * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, - mbedtls_ssl_handshake() now fails with - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if certificate-based authentication of the server is attempted. - This is because authenticating a server without knowing what name - to expect is usually insecure. - -Removals - * Remove support for the RSA-PSK key exchange in TLS 1.2. - * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseded by - mbedtls_x509write_crt_set_serial_raw(). - * Remove the function mbedtls_ssl_conf_curves() which had been deprecated - in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. - * Remove support for the DHE-PSK key exchange in TLS 1.2. - * Remove support for the DHE-RSA key exchange in TLS 1.2. - * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the - following SSL functions are removed: - - mbedtls_ssl_conf_dh_param_bin - - mbedtls_ssl_conf_dh_param_ctx - - mbedtls_ssl_conf_dhm_min_bitlen - * Remove support for the RSA key exchange in TLS 1.2. - * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), - since these concepts no longer exists. There is just mbedtls_strerror(). - * Sample programs for the legacy crypto API have been removed. - pkey/rsa_genkey.c - pkey/pk_decrypt.c - pkey/dh_genprime.c - pkey/rsa_verify.c - pkey/mpi_demo.c - pkey/rsa_decrypt.c - pkey/key_app.c - pkey/dh_server.c - pkey/ecdh_curve25519.c - pkey/pk_encrypt.c - pkey/rsa_sign.c - pkey/key_app_writer.c - pkey/dh_client.c - pkey/ecdsa.c - pkey/rsa_encrypt.c - wince_main.c - aes/crypt_and_hash.c - random/gen_random_ctr_drbg.c - random/gen_entropy.c - hash/md_hmac_demo.c - hash/hello.c - hash/generic_sum.c - cipher/cipher_aead_demo.c - * Remove compat-2-x.h header from mbedtls. - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. - * The header no longer exists. Including it - from a custom config file was no longer needed since Mbed TLS 3.0, - and could lead to spurious errors. The checks that it performed are - now done automatically when building the library. - * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is - removed from TLS. - * Remove mbedtls_pk_type_t from the public interface and replace it with - mbedtls_pk_sigalg_t. - * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the - standard version (defined in RFC 9146) of DTLS connection ID is supported. - * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and - the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and - MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and - mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. - Note that the new names of the new constants use the TLS protocol versions, - unlike the old constants whose names are based on internal encodings. - * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() - instead. - * Removed all public key sample programs from the programs/pkey - directory. - * Removed support for TLS 1.2 static ECDH key - exchanges (ECDH-ECDSA and ECDH-RSA). - * Drop support for the GNU Make and Microsoft Visual Studio build systems. - -Features - * Add the function mbedtls_ssl_export_keying_material() which allows the - client and server to extract additional shared symmetric keys from an SSL - session, according to the TLS-Exporter specification in RFC 8446 and 5705. - This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in - mbedtls_config.h. - -Security - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). - CVE-2024-45159 - * Note that TLS clients should generally call mbedtls_ssl_set_hostname() - if they use certificate authentication (i.e. not pre-shared keys). - Otherwise, in many scenarios, the server could be impersonated. - The library will now prevent the handshake and return - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if mbedtls_ssl_set_hostname() has not been called. - Reported by Daniel Stenberg. - CVE-2025-27809 - * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed - or there was a cryptographic hardware failure when calculating the - Finished message, it could be calculated incorrectly. This would break - the security guarantees of the TLS handshake. - CVE-2025-27810 - * Fix possible use-after-free or double-free in code calling - mbedtls_x509_string_to_names(). This was caused by the function calling - mbedtls_asn1_free_named_data_list() on its head argument, while the - documentation did no suggest it did, making it likely for callers relying - on the documented behaviour to still hold pointers to memory blocks after - they were free()d, resulting in high risk of use-after-free or double-free, - with consequences ranging up to arbitrary code execution. - In particular, the two sample programs x509/cert_write and x509/cert_req - were affected (use-after-free if the san string contains more than one DN). - Code that does not call mbedtls_string_to_names() directly is not affected. - Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-47917 - * Fix a bug in mbedtls_x509_string_to_names() and the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, - where some inputs would cause an inconsistent state to be reached, causing - a NULL dereference either in the function itself, or in subsequent - users of the output structure, such as mbedtls_x509_write_names(). This - only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-48965 - * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it - would sometimes leave an item in the output list in an inconsistent - state with val.p == NULL but val.len > 0. Affected functions used in X.509 - would then dereference a NULL pointer. Applications that do not - call this function (directly, or indirectly through X.509 writing) are not - affected. Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-48965 - -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. - * Fix Clang compilation error when finite-field Diffie-Hellman is disabled. - Reported by Michael Schuster in #9188. - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. - * Fix compilation on MS-DOS DJGPP. Fixes #9813. - * Support re-assembly of fragmented handshake messages in TLS (both - 1.2 and 1.3). The lack of support was causing handshake failures with - some servers, especially with TLS 1.3 in practice. There are a few - limitations, notably a fragmented ClientHello is only supported when - TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_handshake() for details. - * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that - occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013 or MinGW. - Fixes #10017. - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. - * Fix potential CMake parallel build failure when building both the static - and shared libraries. - * Fix a build error or incorrect TLS session - lifetime on platforms where mbedtls_time_t - is not time_t. Fixes #10236. - -Changes - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. - * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This makes it likely that existing risky uses of - this function (see the entry in the Security section) will be detected and - fixed. - -= Mbed TLS 3.6.0 branch released 2024-03-28 - -API changes - * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and - mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data - feature may not be TLS 1.3 specific in the future. Fixes #6909. - -Default behavior changes - * psa_import_key() now only accepts RSA keys in the PSA standard formats. - The undocumented ability to import other formats (PKCS#8, SubjectPublicKey, - PEM) accepted by the pkparse module has been removed. Applications that - need these formats can call mbedtls_pk_parse_{public,}key() followed by - mbedtls_pk_import_into_psa(). - -Requirement changes - * Drop support for Visual Studio 2013 and 2015, and Arm Compiler 5. - -New deprecations - * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to - MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still - be used, but are deprecated. - * In the PSA API, domain parameters are no longer used for anything. - They are deprecated and will be removed in a future version of the - library. - * mbedtls_ecp_write_key() is deprecated in favor of - mbedtls_ecp_write_key_ext(). - -Removals - * In the PSA API, the experimental way to encode the public exponent of - an RSA key as a domain parameter is no longer supported. Use - psa_generate_key_ext() instead. - * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the - same behavior mbedtls_pk_get_psa_attributes() and - mbedtls_pk_import_into_psa() can be used to import a PK key into PSA, - while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque - PK context. - -Features - * Added an example program showing how to hash with the PSA API. - * Support Armv8-A Crypto Extension acceleration for SHA-256 - when compiling for Thumb (T32) or 32-bit Arm (A32). - * AES-NI is now supported in Windows builds with clang and clang-cl. - Resolves #8372. - * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows - parsing unsupported certificate extensions via user provided callback. - * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit - the decryption direction of block ciphers (AES, ARIA, Camellia). - This affects both the low-level modules and the high-level APIs - (the cipher and PSA interfaces). This option is incompatible with modes - that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES. - * Support use of Armv8-A Cryptographic Extensions for hardware acclerated - AES when compiling for Thumb (T32) or 32-bit Arm (A32). - * If a cipher or AEAD mechanism has a PSA driver, you can now build the - library without the corresponding built-in implementation. Generally - speaking that requires both the key type and algorithm to be accelerated - or they'll both be built in. However, for CCM and GCM the built-in - implementation is able to take advantage of a driver that only - accelerates the key type (that is, the block cipher primitive). See - docs/driver-only-builds.md for full details and current limitations. - * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is - disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to - MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES. - * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code - size by disabling it in more circumstances. In particular, the CCM and - GCM modules no longer depend on MBEDTLS_CIPHER_C. Also, - MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all - unauthenticated (non-AEAD) ciphers are disabled, or if they're all - fully provided by drivers. See docs/driver-only-builds.md for full - details and current limitations; in particular, NIST_KW and PKCS5/PKCS12 - decryption still unconditionally depend on MBEDTLS_CIPHER_C. - * Add support for record size limit extension as defined by RFC 8449 - and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT. - Application data sent and received will be fragmented according to - Record size limits negotiated during handshake. - * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when - hardware accelerated AES is not present (around 13-23% on 64-bit Arm). - * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() - to convert between Mbed TLS and PSA curve identifiers. - * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling - gaps made by making its fields private: mbedtls_ecp_set_public_key(), - mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(), - mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652. - * Add functions mbedtls_md_psa_alg_from_type() and - mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and - psa_algorithm_t. - * Add partial platform support for z/OS. - * Improve performance for gcc (versions older than 9.3.0) and IAR. - * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to - convert ECDSA signatures between raw and DER (ASN.1) formats. - * Add support for using AES-CBC 128, 192, and 256 bit schemes - with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse. - * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus - in bits, i.e. the key size for an RSA key. - * Add pc files for pkg-config, e.g.: - pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) - * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access - `mbedtls_ssl_session.ticket_creation_time`. - * The new functions mbedtls_pk_get_psa_attributes() and - mbedtls_pk_import_into_psa() provide a uniform way to create a PSA - key from a PK key. - * The benchmark program now reports times for both ephemeral and static - ECDH in all ECDH configurations. - * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM - operations when hardware accelerated AES is not present. Improves - performance by around 30% on 64-bit Intel; 125% on Armv7-M. - * The new function psa_generate_key_ext() allows generating an RSA - key pair with a custom public exponent. - * The new function mbedtls_ecp_write_key_ext() is similar to - mbedtls_ecp_write_key(), but can be used without separately calculating - the output length. - * Add new accessor to expose the private group id member of - `mbedtls_ecdh_context` structure. - * Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of - `mbedtls_x509_crt` structure. This requires setting - the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's - ext_types field. - * mbedtls_psa_get_random() is always available as soon as - MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is - called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be - used as random number generator function (f_rng) and context (p_rng) in - legacy functions. - * The new functions mbedtls_pk_copy_from_psa() and - mbedtls_pk_copy_public_from_psa() provide ways to set up a PK context - with the same content as a PSA key. - * Add new accessors to expose the private session-id, - session-id length, and ciphersuite-id members of - `mbedtls_ssl_session` structure. - Add new accessor to expose the ciphersuite-id of - `mbedtls_ssl_ciphersuite_t` structure.Design ref: #8529 - * Mbed TLS now supports the writing and reading of TLS 1.3 early data (see - docs/tls13-early-data.md). The support enablement is controlled at build - time by the MBEDTLS_SSL_EARLY_DATA configuration option and at runtime by - the mbedtls_ssl_conf_early_data() API (by default disabled in both cases). - * Add protection for multithreaded access to the PSA keystore and protection - for multithreaded access to the the PSA global state, including - concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and - MBEDTLS_THREADING_PTHREAD are defined. See - docs/architecture/psa-thread-safety/psa-thread-safety.md for more details. - Resolves issues #3263 and #7945. - -Security - * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3 - ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A - malicious client could cause information disclosure or a denial of service. - Fixes CVE-2024-30166. - * Passing buffers that are stored in untrusted memory as arguments - to PSA functions is now secure by default. - The PSA core now protects against modification of inputs or exposure - of intermediate outputs during operations. This is currently implemented - by copying buffers. - This feature increases code size and memory usage. If buffers passed to - PSA functions are owned exclusively by the PSA core for the duration of - the function call (i.e. no buffer parameters are in shared memory), - copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. - Note that setting this option will cause input-output buffer overlap to - be only partially supported (#3266). - Fixes CVE-2024-28960. - * Restore the maximum TLS version to be negotiated to the configured one - when an SSL context is reset with the mbedtls_ssl_session_reset() API. - An attacker was able to prevent an Mbed TLS server from establishing any - TLS 1.3 connection potentially resulting in a Denial of Service or forced - version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. - Fixes CVE-2024-28755. - * When negotiating TLS version on server side, do not fall back to the - TLS 1.2 implementation of the protocol if it is disabled. - - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 - client could put the TLS 1.3-only server in an infinite loop processing - a TLS 1.2 ClientHello, resulting in a denial of service. Reported by - Matthias Mucha and Thomas Blattmann, SICK AG. - - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client - was able to successfully establish a TLS 1.2 connection with the server. - Reported by alluettiv on GitHub. - Fixes CVE-2024-28836. - -Bugfix - * Fix the build with CMake when Everest or P256-m is enabled through - a user configuration file or the compiler command line. Fixes #8165. - * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is - disabled. - * Fix possible NULL dereference issue in X509 cert_req program if an entry - in the san parameter is not separated by a colon. - * Fix possible NULL dereference issue in X509 cert_write program if an entry - in the san parameter is not separated by a colon. - * Fix an inconsistency between implementations and usages of `__cpuid`, - which mainly causes failures when building Windows target using - mingw or clang. Fixes #8334 & #8332. - * Fix build failure in conda-forge. Fixes #8422. - * Fix parsing of CSRs with critical extensions. - * Switch to milliseconds as the unit for ticket creation and reception time - instead of seconds. That avoids rounding errors when computing the age of - tickets compared to peer using a millisecond clock (observed with GnuTLS). - Fixes #6623. - * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2 - is disabled at runtime. Fixes #8593. - * Remove accidental introduction of RSA signature algorithms - in TLS Suite B Profile. Fixes #8221. - * Fix unsupported PSA asymmetric encryption and decryption - (psa_asymmetric_[en|de]crypt) with opaque keys. - Resolves #8461. - * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512 - acceleration detection when the libc headers do not define the - corresponding constant. Reported by valord577. - * Correct initial capacities for key derivation algorithms:TLS12_PRF, - TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC - * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a - multiple of 8. Fixes #868. - * Avoid segmentation fault caused by releasing not initialized - entropy resource in gen_key example. Fixes #8809. - * mbedtls_pem_read_buffer() now performs a check on the padding data of - decrypted keys and it rejects invalid ones. - * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and - mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in - the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the - RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify - functions performed a PKCS#1 v1.5 signature instead and the - encrypt/decrypt functions returned an error. Fixes #8824. - * Fix missing bitflags in SSL session serialization headers. Their absence - allowed SSL sessions saved in one configuration to be loaded in a - different, incompatible configuration. - * In TLS 1.3 clients, fix an interoperability problem due to the client - generating a new random after a HelloRetryRequest. Fixes #8669. - * Fix the restoration of the ALPN when loading serialized connection with - the mbedtls_ssl_context_load() API. - * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using - an opaque RSA context and specifying MBEDTLS_PK_RSASSA_PSS as key type. - * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the - primary algorithm of the wrapped PSA key. - * Fully support arbitrary overlap between inputs and outputs of PSA - functions. Note that overlap is still only partially supported when - MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266). - -Changes - * Use heap memory to allocate DER encoded public/private key. - This reduces stack usage significantly for writing a public/private - key to a PEM string. - * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and - they are now treated separately. This means that they should be - individually enabled in order to enable respective support; also the - corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case - acceleration is required. - * Moved declaration of functions mbedtls_ecc_group_to_psa and - mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h - * mbedtls_pk_sign_ext() is now always available, not just when - PSA (MBEDTLS_PSA_CRYPTO_C) is enabled. - * Extended PSA Crypto configurations options for FFDH by making it possible - to select only some of the parameters / groups, with the macros - PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro - for each size you want to support. Also, if you have an FFDH accelerator, - you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal - support for these domain parameters. - * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules, - saving code size when those are not otherwise enabled. - * mbedtls_mpi_exp_mod and code that uses it, notably RSA and DHM operations, - have changed their speed/memory compromise as part of a proactive security - improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly - preserves the current speed, at the expense of increasing memory - consumption. - * Rename directory containing Visual Studio files from visualc/VS2013 to - visualc/VS2017. - * The TLS 1.3 protocol is now enabled in the default configuration. - -= Mbed TLS 3.5.2 branch released 2024-01-26 - -Security - * Fix a timing side channel in private key RSA operations. This side channel - could be sufficient for an attacker to recover the plaintext. A local - attacker or a remote attacker who is close to the victim on the network - might have precise enough timing measurements to exploit this. It requires - the attacker to send a large number of messages for decryption. For - details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported - by Hubert Kario, Red Hat. - * Fix a failure to validate input when writing x509 extensions lengths which - could result in an integer overflow, causing a zero-length buffer to be - allocated to hold the extension. The extension would then be copied into - the buffer, causing a heap buffer overflow. - -= Mbed TLS 3.5.1 branch released 2023-11-06 - -Changes - * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later - license. Users may choose which license they take the code under. - -Bugfix - * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules - in CMake. - -= Mbed TLS 3.5.0 branch released 2023-10-05 - -API changes - * Mbed TLS 3.4 introduced support for omitting the built-in implementation - of ECDSA and/or EC J-PAKE when those are provided by a driver. However, - there was a flaw in the logic checking if the built-in implementation, in - that it failed to check if all the relevant curves were supported by the - accelerator. As a result, it was possible to declare no curves as - accelerated and still have the built-in implementation compiled out. - Starting with this release, it is necessary to declare which curves are - accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be - considered not accelerated, and the built-in implementation of the curves - and any algorithm possible using them will be included in the build. - * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()` - function, needed for TLS 1.3 ticket lifetimes. Alternative implementations - can be created using an ALT interface. - -Requirement changes - * Officially require Python 3.8 now that earlier versions are out of support. - * Minimum required Windows version is now Windows Vista, or - Windows Server 2008. - -New deprecations - * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA, - are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC, - IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about - the capabilities of the PSA side for either key. - * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of - MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests: - maximum size of any supported block cipher) or the new name - MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics: - maximum size of a block cipher supported by the CMAC module). - * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now - deprecated in favor of mbedtls_pkcs5_pbes2_ext() and - mbedtls_pkcs12_pbe_ext() as they offer more security by checking - for overflow of the output buffer and reporting the actual length - of the output. - -Features - * All modules that use hashes or HMAC can now take advantage of PSA Crypto - drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has - been called. Previously (in 3.3), this was restricted to a few modules, - and only in builds where MBEDTLS_MD_C was disabled; in particular the - entropy module was not covered which meant an external RNG had to be - provided - these limitations are lifted in this version. A new set of - feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used - to check for availability of hash algorithms, regardless of whether - they're provided by a built-in implementation, a driver or both. See - docs/driver-only-builds.md. - * When a PSA driver for ECDH is present, it is now possible to disable - MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2 - key exchanges based on ECDH(E) to work, this requires - MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in - TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet, - as PSA does not have an API for restartable ECDH yet. - * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by - a driver, it is possible to disable MBEDTLS_ECP_C (and MBEDTLS_BIGNUM_C - if not required by another module) and still get support for ECC keys and - algorithms in PSA, with some limitations. See docs/driver-only-builds.txt - for details. - * Add parsing of directoryName subtype for subjectAltName extension in - x509 certificates. - * Add support for server-side TLS version negotiation. If both TLS 1.2 and - TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or - TLS 1.3 depending on the capabilities and preferences of TLS clients. - Fixes #6867. - * X.509 hostname verification now supports IPAddress Subject Alternate Names. - * Add support for reading and writing X25519 and X448 - public and private keys in RFC 8410 format using the existing PK APIs. - * When parsing X.509 certificates, support the extensions - SignatureKeyIdentifier and AuthorityKeyIdentifier. - * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc) - if no PAKE algorithms are requested - * Add support for the FFDH algorithm and DH key types in PSA, with - parameters from RFC 7919. This includes a built-in implementation based - on MBEDTLS_BIGNUM_C, and a driver dispatch layer enabling alternative - implementations of FFDH through the driver entry points. - * It is now possible to generate certificates with SubjectAltNames. - Currently supported subtypes: DnsName, UniformResourceIdentifier, - IP address, OtherName, and DirectoryName, as defined in RFC 5280. - See mbedtls_x509write_crt_set_subject_alternative_name for - more information. - * X.509 hostname verification now partially supports URI Subject Alternate - Names. Only exact matching, without any normalization procedures - described in 7.4 of RFC5280, will result in a positive URI verification. - * Add function mbedtls_oid_from_numeric_string() to parse an OID from a - string to a DER-encoded mbedtls_asn1_buf. - * Add SHA-3 family hash functions. - * Add support to restrict AES to 128-bit keys in order to save code size. - A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be - used to enable this feature. - * AES performance improvements. Uplift varies by platform, - toolchain, optimisation flags and mode. - Aarch64, gcc -Os and CCM, GCM and XTS benefit the most. - On Aarch64, uplift is typically around 20 - 110%. - When compiling with gcc -Os on Aarch64, AES-XTS improves - by 4.5x. - * Add support for PBKDF2-HMAC through the PSA API. - * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and - MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA - or DH) were introduced in order to have finer accuracy in defining the - PSA capabilities for each key. These capabilities, named yyy above, can be - any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE. - - DERIVE is only available for ECC keys, not for RSA or DH ones. - - implementations are free to enable more than what it was strictly - requested. For example BASIC internally enables IMPORT and EXPORT - (useful for testing purposes), but this might change in the future. - * Add support for FFDH key exchange in TLS 1.3. - This is automatically enabled as soon as PSA_WANT_ALG_FFDH - and the ephemeral or psk-ephemeral key exchange mode are enabled. - By default, all groups are offered; the list of groups can be - configured using the existing API function mbedtls_ssl_conf_groups(). - * Improve mbedtls_x509_time performance and reduce memory use. - * Reduce syscalls to time() during certificate verification. - * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by - setting the CMake variable of the same name at configuration time. - * Add getter (mbedtls_ssl_cache_get_timeout()) to access - `mbedtls_ssl_cache_context.timeout`. - * Add getter (mbedtls_ssl_get_hostname()) to access - `mbedtls_ssl_context.hostname`. - * Add getter (mbedtls_ssl_conf_get_endpoint()) to access - `mbedtls_ssl_config.endpoint`. - * Support for "opaque" (PSA-held) ECC keys in the PK module has been - extended: it is now possible to use mbedtls_pk_write_key_der(), - mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and - mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes - allow it). - * The documentation of mbedtls_ecp_group now describes the optimized - representation of A for some curves. Fixes #8045. - * Add a possibility to generate CSR's with RCF822 and directoryName subtype - of subjectAltName extension in x509 certificates. - * Add support for PBKDF2-CMAC through the PSA API. - * New configuration option MBEDTLS_AES_USE_HARDWARE_ONLY introduced. When - using CPU-accelerated AES (e.g., Arm Crypto Extensions), this option - disables the plain C implementation and the run-time detection for the - CPU feature, which reduces code size and avoids the vulnerability of the - plain C implementation. - * Accept arbitrary AttributeType and AttributeValue in certificate - Distinguished Names using RFC 4514 syntax. - * Applications using ECC over secp256r1 through the PSA API can use a - new implementation with a much smaller footprint, but some minor - usage restrictions. See the documentation of the new configuration - option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details. - -Security - * Fix a case where potentially sensitive information held in memory would not - be completely zeroized during TLS 1.2 handshake, in both server and client - configurations. - * In configurations with ARIA or Camellia but not AES, the value of - MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might - suggest. This did not affect any library code, because this macro was - only used in relation with CMAC which does not support these ciphers. - This may affect application code that uses this macro. - * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should - review the size of the output buffer passed to this function, and note - that the output after decryption may include CBC padding. Consider moving - to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() - which checks for overflow of the output buffer and reports the actual - length of the output. - * Improve padding calculations in CBC decryption, NIST key unwrapping and - RSA OAEP decryption. With the previous implementation, some compilers - (notably recent versions of Clang and IAR) could produce non-constant - time code, which could allow a padding oracle attack if the attacker - has access to precise timing measurements. - * Updates to constant-time C code so that compilers are less likely to use - conditional instructions, which can have an observable difference in - timing. (Clang has been seen to do this.) Also introduce assembly - implementations for 32- and 64-bit Arm and for x86 and x86-64, which are - guaranteed not to use conditional instructions. - * Fix definition of MBEDTLS_MD_MAX_BLOCK_SIZE, which was too - small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was - undefined. Mbed TLS itself was unaffected by this, but user code - which used MBEDTLS_MD_MAX_BLOCK_SIZE could be affected. The only - release containing this bug was Mbed TLS 3.4.0. - * Fix a buffer overread when parsing short TLS application data records in - null-cipher cipher suites. Credit to OSS-Fuzz. - * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing. - In TLS 1.3, all configurations are affected except PSK-only ones, and - both clients and servers are affected. - In TLS 1.2, the affected configurations are those with - MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled, - and only servers are affected, not clients. - Credit to OSS-Fuzz. - -Bugfix - * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and - PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger - than all built-in ones and RSA is disabled. - Resolves #6622. - * Add missing md.h includes to some of the external programs from - the programs directory. Without this, even though the configuration - was sufficient for a particular program to work, it would only print - a message that one of the required defines is missing. - * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function - in the ecdsa.h header file. There was a build warning when the - configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined. - Resolves #7407. - * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not - MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498. - * Fix missing PSA initialization in sample programs when - MBEDTLS_USE_PSA_CRYPTO is enabled. - * Fix the J-PAKE driver interface for user and peer to accept any values - (previously accepted values were limited to "client" or "server"). - * Fix clang and armclang compilation error when targeting certain Arm - M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, - SecurCore SC000). Fixes #1077. - * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when - built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a - way to detect the crypto extensions required. A warning is still issued. - * Fixed an issue that caused compile errors when using CMake and the IAR - toolchain. - * Fix very high stack usage in SSL debug code. Reported by Maximilian - Gerhardt in #7804. - * Fix a compilation failure in the constant_time module when - building for arm64_32 (e.g., for watchos). Reported by Paulo - Coutinho in #7787. - * Fix crypt_and_hash decryption fail when used with a stream cipher - mode of operation due to the input not being multiple of block size. - Resolves #7417. - * Fix a bug in which mbedtls_x509_string_to_names() would return success - when given a invalid name string if it did not contain '=' or ','. - * Fix compilation warnings in aes.c, which prevented the - example TF-M configuration in configs/ from building cleanly: - tfm_mbedcrypto_config_profile_medium.h with - crypto_config_profile_medium.h. - * In TLS 1.3, fix handshake failure when a client in its ClientHello - proposes an handshake based on PSK only key exchange mode or at least - one of the key exchange modes using ephemeral keys to a server that - supports only the PSK key exchange mode. - * Fix CCM* with no tag being not supported in a build with CCM as the only - symmetric encryption algorithm and the PSA configuration enabled. - * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516. - * Fix a compilation error on some platforms when including mbedtls/ssl.h - with all TLS support disabled. Fixes #6628. - * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when - using ECC key. The certificate was rejected by some crypto frameworks. - Fixes #2924. - * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc() - is called with zero length and padlock is not enabled. - * Fix compile failure due to empty enum in cipher_wrap.c, when building - with a very minimal configuration. Fixes #7625. - * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA - signature can silently return an incorrect result in low memory conditions. - * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when - MBEDTLS_PSA_CRYPTO_CONFIG is disabled. - * Fix IAR compiler warnings. - * Fix an issue when parsing an otherName subject alternative name into a - mbedtls_x509_san_other_name struct. The type-id of the otherName was not - copied to the struct. This meant that the struct had incomplete - information about the otherName SAN and contained uninitialized memory. - * Fix the detection of HardwareModuleName otherName SANs. These were being - detected by comparing the wrong field and the check was erroneously - inverted. - * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG - enabled, where some low-level modules required by requested PSA crypto - features were not getting automatically enabled. Fixes #7420. - * Fix undefined symbols in some builds using TLS 1.3 with a custom - configuration file. - * Fix log level for the got supported group message. Fixes #6765 - * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx - error code on failure. Before, they returned 1 to indicate failure in - some cases involving a missing entry or a full cache. - * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys. - * Fix the build with CMake when Everest or P256-m is enabled through - a user configuration file or the compiler command line. Fixes #8165. - -Changes - * Enable Arm / Thumb bignum assembly for most Arm platforms when - compiling with gcc, clang or armclang and -O0. - * Enforce minimum RSA key size when generating a key - to avoid accidental misuse. - * Use heap memory to allocate DER encoded RSA private key. - This reduces stack usage significantly for RSA signature - operations when MBEDTLS_PSA_CRYPTO_C is defined. - * Update Windows code to use BCryptGenRandom and wcslen, and - ensure that conversions between size_t, ULONG, and int are - always done safely. Original contribution by Kevin Kane #635, #730 - followed by Simon Butcher #1453. - * Users integrating their own PSA drivers should be aware that - the file library/psa_crypto_driver_wrappers.c has been renamed - to psa_crypto_driver_wrappers_no_static.c. - * When using CBC with the cipher module, the requirement to call - mbedtls_cipher_set_padding_mode() is now enforced. Previously, omitting - this call accidentally applied a default padding mode chosen at compile - time. - -= Mbed TLS 3.4.1 branch released 2023-08-04 - -Bugfix - * Fix builds on Windows with clang - -Changes - * Update test data to avoid failures of unit tests after 2023-08-07. - -= Mbed TLS 3.4.0 branch released 2023-03-28 - -Default behavior changes - * The default priority order of TLS 1.3 cipher suites has been modified to - follow the same rules as the TLS 1.2 cipher suites (see - ssl_ciphersuites.c). The preferred cipher suite is now - TLS_CHACHA20_POLY1305_SHA256. - -New deprecations - * mbedtls_x509write_crt_set_serial() is now being deprecated in favor of - mbedtls_x509write_crt_set_serial_raw(). The goal here is to remove any - direct dependency of X509 on BIGNUM_C. - * PSA to mbedtls error translation is now unified in psa_util.h, - deprecating mbedtls_md_error_from_psa. Each file that performs error - translation should define its own version of PSA_TO_MBEDTLS_ERR, - optionally providing file-specific error pairs. Please see psa_util.h for - more details. - -Features - * Added partial support for parsing the PKCS #7 Cryptographic Message - Syntax, as defined in RFC 2315. Currently, support is limited to the - following: - - Only the signed-data content type, version 1 is supported. - - Only DER encoding is supported. - - Only a single digest algorithm per message is supported. - - Certificates must be in X.509 format. A message must have either 0 - or 1 certificates. - - There is no support for certificate revocation lists. - - The authenticated and unauthenticated attribute fields of SignerInfo - must be empty. - Many thanks to Daniel Axtens, Nayna Jain, and Nick Child from IBM for - contributing this feature, and to Demi-Marie Obenour for contributing - various improvements, tests and bug fixes. - * General performance improvements by accessing multiple bytes at a time. - Fixes #1666. - * Improvements to use of unaligned and byte-swapped memory, reducing code - size and improving performance (depending on compiler and target - architecture). - * Add support for reading points in compressed format - (MBEDTLS_ECP_PF_COMPRESSED) with mbedtls_ecp_point_read_binary() - (and callers) for Short Weierstrass curves with prime p where p = 3 mod 4 - (all mbedtls MBEDTLS_ECP_DP_SECP* and MBEDTLS_ECP_DP_BP* curves - except MBEDTLS_ECP_DP_SECP224R1 and MBEDTLS_ECP_DP_SECP224K1) - * SHA224_C/SHA384_C are now independent from SHA384_C/SHA512_C respectively. - This helps in saving code size when some of the above hashes are not - required. - * Add parsing of V3 extensions (key usage, Netscape cert-type, - Subject Alternative Names) in x509 Certificate Sign Requests. - * Use HOSTCC (if it is set) when compiling C code during generation of the - configuration-independent files. This allows them to be generated when - CC is set for cross compilation. - * Add parsing of uniformResourceIdentifier subtype for subjectAltName - extension in x509 certificates. - * Add an interruptible version of sign and verify hash to the PSA interface, - backed by internal library support for ECDSA signing and verification. - * Add parsing of rfc822Name subtype for subjectAltName - extension in x509 certificates. - * The configuration macros MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and - MBEDTLS_PSA_CRYPTO_STRUCT_FILE specify alternative locations for - the headers "psa/crypto_platform.h" and "psa/crypto_struct.h". - * When a PSA driver for ECDSA is present, it is now possible to disable - MBEDTLS_ECDSA_C in the build in order to save code size. For PK, X.509 - and TLS to fully work, this requires MBEDTLS_USE_PSA_CRYPTO to be enabled. - Restartable/interruptible ECDSA operations in PK, X.509 and TLS are not - supported in those builds yet, as driver support for interruptible ECDSA - operations is not present yet. - * Add a driver dispatch layer for EC J-PAKE, enabling alternative - implementations of EC J-PAKE through the driver entry points. - * Add new API mbedtls_ssl_cache_remove for cache entry removal by - its session id. - * Add support to include the SubjectAltName extension to a CSR. - * Add support for AES with the Armv8-A Cryptographic Extension on - 64-bit Arm. A new configuration option, MBEDTLS_AESCE_C, can - be used to enable this feature. Run-time detection is supported - under Linux only. - * When a PSA driver for EC J-PAKE is present, it is now possible to disable - MBEDTLS_ECJPAKE_C in the build in order to save code size. For the - corresponding TLS 1.2 key exchange to work, MBEDTLS_USE_PSA_CRYPTO needs - to be enabled. - * Add functions mbedtls_rsa_get_padding_mode() and mbedtls_rsa_get_md_alg() - to read non-public fields for padding mode and hash id from - an mbedtls_rsa_context, as requested in #6917. - * AES-NI is now supported with Visual Studio. - * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM - is disabled, when compiling with GCC or Clang or a compatible compiler - for a target CPU that supports the requisite instructions (for example - gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like - compilers still require MBEDTLS_HAVE_ASM and a 64-bit target.) - * It is now possible to use a PSA-held (opaque) password with the TLS 1.2 - ECJPAKE key exchange, using the new API function - mbedtls_ssl_set_hs_ecjpake_password_opaque(). - -Security - * Use platform-provided secure zeroization function where possible, such as - explicit_bzero(). - * Zeroize SSL cache entries when they are freed. - * Fix a potential heap buffer overread in TLS 1.3 client-side when - MBEDTLS_DEBUG_C is enabled. This may result in an application crash. - * Add support for AES with the Armv8-A Cryptographic Extension on 64-bit - Arm, so that these systems are no longer vulnerable to timing side-channel - attacks. This is configured by MBEDTLS_AESCE_C, which is on by default. - Reported by Demi Marie Obenour. - * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on - builds that couldn't compile the GCC-style assembly implementation - (most notably builds with Visual Studio), leaving them vulnerable to - timing side-channel attacks. There is now an intrinsics-based AES-NI - implementation as a fallback for when the assembly one cannot be used. - -Bugfix - * Fix possible integer overflow in mbedtls_timing_hardclock(), which - could cause a crash in programs/test/benchmark. - * Fix IAR compiler warnings. Fixes #6924. - * Fix a bug in the build where directory names containing spaces were - causing generate_errors.pl to error out resulting in a build failure. - Fixes issue #6879. - * In TLS 1.3, when using a ticket for session resumption, tweak its age - calculation on the client side. It prevents a server with more accurate - ticket timestamps (typically timestamps in milliseconds) compared to the - Mbed TLS ticket timestamps (in seconds) to compute a ticket age smaller - than the age computed and transmitted by the client and thus potentially - reject the ticket. Fix #6623. - * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are - defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174. - * List PSA_WANT_ALG_CCM_STAR_NO_TAG in psa/crypto_config.h so that it can - be toggled with config.py. - * The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be - used on a shared secret from a key agreement since its input must be - an ECC public key. Reject this properly. - * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers - whose binary representation is longer than 20 bytes. This was already - forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being - enforced also at code level. - * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by - Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by - Aaron Ucko under Valgrind. - * Fix behavior of certain sample programs which could, when run with no - arguments, access uninitialized memory in some cases. Fixes #6700 (which - was found by TrustInSoft Analyzer during REDOCS'22) and #1120. - * Fix parsing of X.509 SubjectAlternativeName extension. Previously, - malformed alternative name components were not caught during initial - certificate parsing, but only on subsequent calls to - mbedtls_x509_parse_subject_alt_name(). Fixes #2838. - * Make the fields of mbedtls_pk_rsassa_pss_options public. This makes it - possible to verify RSA PSS signatures with the pk module, which was - inadvertently broken since Mbed TLS 3.0. - * Fix bug in conversion from OID to string in - mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed - correctly. - * Reject OIDs with overlong-encoded subidentifiers when converting - them to a string. - * Reject OIDs with subidentifier values exceeding UINT_MAX. Such - subidentifiers can be valid, but Mbed TLS cannot currently handle them. - * Reject OIDs that have unterminated subidentifiers, or (equivalently) - have the most-significant bit set in their last byte. - * Silence warnings from clang -Wdocumentation about empty \retval - descriptions, which started appearing with Clang 15. Fixes #6960. - * Fix the handling of renegotiation attempts in TLS 1.3. They are now - systematically rejected. - * Fix an unused-variable warning in TLS 1.3-only builds if - MBEDTLS_SSL_RENEGOTIATION was enabled. Fixes #6200. - * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if - len argument is 0 and buffer is NULL. - * Allow setting user and peer identifiers for EC J-PAKE operation - instead of role in PAKE PSA Crypto API as described in the specification. - This is a partial fix that allows only "client" and "server" identifiers. - * Fix a compilation error when PSA Crypto is built with support for - TLS12_PRF but not TLS12_PSK_TO_MS. Reported by joerchan in #7125. - * In the TLS 1.3 server, select the preferred client cipher suite, not the - least preferred. The selection error was introduced in Mbed TLS 3.3.0. - * Fix TLS 1.3 session resumption when the established pre-shared key is - 384 bits long. That is the length of pre-shared keys created under a - session where the cipher suite is TLS_AES_256_GCM_SHA384. - * Fix an issue when compiling with MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - enabled, which required specifying compiler flags enabling SHA3 Crypto - Extensions, where some compilers would emit EOR3 instructions in other - modules, which would then fail if run on a CPU without the SHA3 - extensions. Fixes #5758. - -Changes - * Install the .cmake files into CMAKE_INSTALL_LIBDIR/cmake/MbedTLS, - typically /usr/lib/cmake/MbedTLS. - * Mixed-endian systems are explicitly not supported any more. - * When MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_ECDSA_DETERMINISTIC are both - defined, mbedtls_pk_sign() now use deterministic ECDSA for ECDSA - signatures. This aligns the behaviour with MBEDTLS_USE_PSA_CRYPTO to - the behaviour without it, where deterministic ECDSA was already used. - * Visual Studio: Rename the directory containing Visual Studio files from - visualc/VS2010 to visualc/VS2013 as we do not support building with versions - older than 2013. Update the solution file to specify VS2013 as a minimum. - * programs/x509/cert_write: - - now it accepts the serial number in 2 different formats: decimal and - hex. They cannot be used simultaneously - - "serial" is used for the decimal format and it's limted in size to - unsigned long long int - - "serial_hex" is used for the hex format; max length here is - MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN*2 - * The C code follows a new coding style. This is transparent for users but - affects contributors and maintainers of local patches. For more - information, see - https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/ - * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. - As tested in issue 6790, the correlation between this define and - RSA decryption performance has changed lately due to security fixes. - To fix the performance degradation when using default values the - window was reduced from 6 to 2, a value that gives the best or close - to best results when tested on Cortex-M4 and Intel i7. - * When enabling MBEDTLS_SHA256_USE_A64_CRYPTO_* or - MBEDTLS_SHA512_USE_A64_CRYPTO_*, it is no longer necessary to specify - compiler target flags on the command line; the library now sets target - options within the appropriate modules. - -= Mbed TLS 3.3.0 branch released 2022-12-14 - -Default behavior changes - * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05 - of the IETF draft, and was marked experimental and disabled by default. - It is now no longer experimental, and implements the final version from - RFC 9146, which is not interoperable with the draft-05 version. - If you need to communicate with peers that use earlier versions of - Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - to 1, but then you won't be able to communicate with peers that use the - standard (non-draft) version. - If you need to interoperate with both classes of peers with the - same build of Mbed TLS, please let us know about your situation on the - mailing list or GitHub. - -Requirement changes - * When building with PSA drivers using generate_driver_wrappers.py, or - when building the library from the development branch rather than - from a release, the Python module jsonschema is now necessary, in - addition to jinja2. The official list of required Python modules is - maintained in scripts/basic.requirements.txt and may change again - in the future. - -New deprecations - * Deprecate mbedtls_asn1_free_named_data(). - Use mbedtls_asn1_free_named_data_list() - or mbedtls_asn1_free_named_data_list_shallow(). - -Features - * Support rsa_pss_rsae_* signature algorithms in TLS 1.2. - * make: enable building unversioned shared library, with e.g.: - "SHARED=1 SOEXT_TLS=so SOEXT_X509=so SOEXT_CRYPTO=so make lib" - resulting in library names like "libmbedtls.so" rather than - "libmbedcrypto.so.11". - * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API. - Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm - are supported in this implementation. - * Some modules can now use PSA drivers for hashes, including with no - built-in implementation present, but only in some configurations. - - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use - hashes from PSA when (and only when) MBEDTLS_MD_C is disabled. - - PEM parsing of encrypted files now uses MD-5 from PSA when (and only - when) MBEDTLS_MD5_C is disabled. - See the documentation of the corresponding macros in mbedtls_config.h for - details. - Note that some modules are not able to use hashes from PSA yet, including - the entropy module. As a consequence, for now the only way to build with - all hashes only provided by drivers (no built-in hash) is to use - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. - * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now - properly negotiate/accept hashes based on their availability in PSA. - As a consequence, they now work in configurations where the built-in - implementations of (some) hashes are excluded and those hashes are only - provided by PSA drivers. (See previous entry for limitation on RSA-PSS - though: that module only use hashes from PSA when MBEDTLS_MD_C is off). - * Add support for opaque keys as the private keys associated to certificates - for authentication in TLS 1.3. - * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme. - Signature verification is production-ready, but generation is for testing - purposes only. This currently only supports one parameter set - (LMS_SHA256_M32_H10), meaning that each private key can be used to sign - 1024 messages. As such, it is not intended for use in TLS, but instead - for verification of assets transmitted over an insecure channel, - particularly firmware images. - * Add the LM-OTS post-quantum-safe one-time signature scheme, which is - required for LMS. This can be used independently, but each key can only - be used to sign one message so is impractical for most circumstances. - * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys. - The pre-shared keys can be provisioned externally or via the ticket - mechanism (session resumption). - The ticket mechanism is supported when the configuration option - MBEDTLS_SSL_SESSION_TICKETS is enabled. - New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED - control the support for the three possible TLS 1.3 key exchange modes. - * cert_write: support for setting extended key usage attributes. A - corresponding new public API call has been added in the library, - mbedtls_x509write_crt_set_ext_key_usage(). - * cert_write: support for writing certificate files in either PEM - or DER format. - * The PSA driver wrapper generator generate_driver_wrappers.py now - supports a subset of the driver description language, including - the following entry points: import_key, export_key, export_public_key, - get_builtin_key, copy_key. - * The new functions mbedtls_asn1_free_named_data_list() and - mbedtls_asn1_free_named_data_list_shallow() simplify the management - of memory in named data lists in X.509 structures. - * The TLS 1.2 EC J-PAKE key exchange can now use the PSA Crypto API. - Additional PSA key slots will be allocated in the process of such key - exchange for builds that enable MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED and - MBEDTLS_USE_PSA_CRYPTO. - * Add support for DTLS Connection ID as defined by RFC 9146, controlled by - MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with - mbedtls_ssl_set_cid(). - * Add a driver dispatch layer for raw key agreement, enabling alternative - implementations of raw key agreement through the key_agreement driver - entry point. This entry point is specified in the proposed PSA driver - interface, but had not yet been implemented. - * Add an ad-hoc key derivation function handling EC J-PAKE to PMS - calculation that can be used to derive the session secret in TLS 1.2, - as described in draft-cragie-tls-ecjpake-01. This can be achieved by - using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm. - -Security - * Fix potential heap buffer overread and overwrite in DTLS if - MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and - MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. - * Fix an issue where an adversary with access to precise enough information - about memory accesses (typically, an untrusted operating system attacking - a secure enclave) could recover an RSA private key after observing the - victim performing a single private-key operation if the window size used - for the exponentiation was 3 or smaller. Found and reported by Zili KOU, - Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks - and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation - and Test in Europe 2023. - -Bugfix - * Refactor mbedtls_aes_context to support shallow-copying. Fixes #2147. - * Fix an issue with in-tree CMake builds in releases with GEN_FILES - turned off: if a shipped file was missing from the working directory, - it could be turned into a symbolic link to itself. - * Fix a long-standing build failure when building x86 PIC code with old - gcc (4.x). The code will be slower, but will compile. We do however - recommend upgrading to a more recent compiler instead. Fixes #1910. - * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined. - Contributed by Kazuyuki Kimura to fix #2020. - * Use double quotes to include private header file psa_crypto_cipher.h. - Fixes 'file not found with include' error - when building with Xcode. - * Fix handling of broken symlinks when loading certificates using - mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a - broken link is encountered, skip the broken link and continue parsing - other certificate files. Contributed by Eduardo Silva in #2602. - * Fix an interoperability failure between an Mbed TLS client with both - TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports - rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS - advertised support for PSS in both TLS 1.2 and 1.3, but only - actually supported PSS in TLS 1.3. - * Fix a compilation error when using CMake with an IAR toolchain. - Fixes #5964. - * Fix a build error due to a missing prototype warning when - MBEDTLS_DEPRECATED_REMOVED is enabled. - * Fix mbedtls_ctr_drbg_free() on an initialized but unseeded context. When - MBEDTLS_AES_ALT is enabled, it could call mbedtls_aes_free() on an - uninitialized context. - * Fix a build issue on Windows using CMake where the source and build - directories could not be on different drives. Fixes #5751. - * Fix bugs and missing dependencies when building and testing - configurations with only one encryption type enabled in TLS 1.2. - * Provide the missing definition of mbedtls_setbuf() in some configurations - with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196. - * Fix compilation errors when trying to build with - PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). - * Fix memory leak in ssl_parse_certificate_request() caused by - mbedtls_x509_get_name() not freeing allocated objects in case of error. - Change mbedtls_x509_get_name() to clean up allocated objects on error. - * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not - MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. - * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not - MBEDTLS_PK_PARSE_C. Fixes #6409. - * Fix ECDSA verification, where it was not always validating the - public key. This bug meant that it was possible to verify a - signature with an invalid public key, in some cases. Reported by - Guido Vranken using Cryptofuzz in #4420. - * Fix a possible null pointer dereference if a memory allocation fails - in TLS PRF code. Reported by Michael Madsen in #6516. - * Fix TLS 1.3 session resumption. Fixes #6488. - * Add a configuration check to exclude optional client authentication - in TLS 1.3 (where it is forbidden). - * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable - bytes when parsing certificates containing a binary RFC 4108 - HardwareModuleName as a Subject Alternative Name extension. Hardware - serial numbers are now rendered in hex format. Fixes #6262. - * Fix bug in error reporting in dh_genprime.c where upon failure, - the error code returned by mbedtls_mpi_write_file() is overwritten - and therefore not printed. - * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A) - with A > 0 created an unintended representation of the value 0 which was - not processed correctly by some bignum operations. Fix this. This had no - consequence on cryptography code, but might affect applications that call - bignum directly and use negative numbers. - * Fix a bug whereby the list of signature algorithms sent as part of - the TLS 1.2 server certificate request would get corrupted, meaning the - first algorithm would not get sent and an entry consisting of two random - bytes would be sent instead. Found by Serban Bejan and Dudek Sebastian. - * Fix undefined behavior (typically harmless in practice) of - mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() - when both operands are 0 and the left operand is represented with 0 limbs. - * Fix undefined behavior (typically harmless in practice) when some bignum - functions receive the most negative value of mbedtls_mpi_sint. Credit - to OSS-Fuzz. Fixes #6597. - * Fix undefined behavior (typically harmless in practice) in PSA ECB - encryption and decryption. - * Move some SSL-specific code out of libmbedcrypto where it had been placed - accidentally. - * Fix a build error when compiling the bignum module for some Arm platforms. - Fixes #6089, #6124, #6217. - -Changes - * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config. - * Calling AEAD tag-specific functions for non-AEAD algorithms (which - should not be done - they are documented for use only by AES-GCM and - ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - instead of success (0). - -= Mbed TLS 3.2.1 branch released 2022-07-12 - -Bugfix - * Re-add missing generated file library/psa_crypto_driver_wrappers.c - -= Mbed TLS 3.2.0 branch released 2022-07-11 - -Default behavior changes - * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305 - for IV lengths other than 12. The library was silently overwriting this - length with 12, but did not inform the caller about it. Fixes #4301. - -Requirement changes - * The library will no longer compile out of the box on a platform without - setbuf(). If your platform does not have setbuf(), you can configure an - alternative function by enabling MBEDTLS_PLATFORM_SETBUF_ALT or - MBEDTLS_PLATFORM_SETBUF_MACRO. - -New deprecations - * Deprecate mbedtls_ssl_conf_max_version() and - mbedtls_ssl_conf_min_version() in favor of - mbedtls_ssl_conf_max_tls_version() and - mbedtls_ssl_conf_min_tls_version(). - * Deprecate mbedtls_cipher_setup_psa(). Use psa_aead_xxx() or - psa_cipher_xxx() directly instead. - * Secure element drivers enabled by MBEDTLS_PSA_CRYPTO_SE_C are deprecated. - This was intended as an experimental feature, but had not been explicitly - documented as such. Use opaque drivers with the interface enabled by - MBEDTLS_PSA_CRYPTO_DRIVERS instead. - * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic - mbedtls_ssl_conf_sig_algs(). Signature algorithms for the TLS 1.2 and - TLS 1.3 handshake should now be configured with - mbedtls_ssl_conf_sig_algs(). - -Features - * Add accessor to obtain ciphersuite id from ssl context. - * Add accessors to get members from ciphersuite info. - * Add mbedtls_ssl_ticket_rotate() for external ticket rotation. - * Add accessor to get the raw buffer pointer from a PEM context. - * The structures mbedtls_ssl_config and mbedtls_ssl_context now store - a piece of user data which is reserved for the application. The user - data can be either a pointer or an integer. - * Add an accessor function to get the configuration associated with - an SSL context. - * Add a function to access the protocol version from an SSL context in a - form that's easy to compare. Fixes #5407. - * Add function mbedtls_md_info_from_ctx() to recall the message digest - information that was used to set up a message digest context. - * Add ALPN support in TLS 1.3 clients. - * Add server certificate selection callback near end of Client Hello. - Register callback with mbedtls_ssl_conf_cert_cb(). - * Provide mechanism to reset handshake cert list by calling - mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param. - * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within - cert callback (mbedtls_ssl_conf_cert_cb()) during handshake. - * The X.509 module now uses PSA hash acceleration if present. - * Add support for psa crypto key derivation for elliptic curve - keys. Fixes #3260. - * Add function mbedtls_timing_get_final_delay() to access the private - final delay field in an mbedtls_timing_delay_context, as requested in - #5183. - * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when - PSA Crypto is enabled. - * Add function mbedtls_ecp_export() to export ECP key pair parameters. - Fixes #4838. - * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL - Handshake has completed or not, and thus whether to continue calling - mbedtls_ssl_handshake_step(), requested in #4383. - * Add the function mbedtls_ssl_get_own_cid() to access our own connection id - within mbedtls_ssl_context, as requested in #5184. - * Introduce mbedtls_ssl_hs_cb_t typedef for use with - mbedtls_ssl_conf_cert_cb() and perhaps future callbacks - during TLS handshake. - * Add functions mbedtls_ssl_conf_max_tls_version() and - mbedtls_ssl_conf_min_tls_version() that use a single value to specify - the protocol version. - * Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support - mixed-PSK. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET - holding the other secret. - * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto - feature requirements in the file named by the new macro - MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. - Furthermore you may name an additional file to include after the main - file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. - * Add the function mbedtls_x509_crt_has_ext_type() to access the ext types - field within mbedtls_x509_crt context, as requested in #5585. - * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API. - * Add support for the ARMv8 SHA-2 acceleration instructions when building - for Aarch64. - * Add support for authentication of TLS 1.3 clients by TLS 1.3 servers. - * Add support for server HelloRetryRequest message. The TLS 1.3 client is - now capable of negotiating another shared secret if the one sent in its - first ClientHello was not suitable to the server. - * Add support for client-side TLS version negotiation. If both TLS 1.2 and - TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now - negotiates TLS 1.3 or TLS 1.2 with TLS servers. - * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS - 1.2 protocol support. - * Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key - establishment only). See docs/architecture/tls13-support.md for a - description of the support. The MBEDTLS_SSL_PROTO_TLS1_3 and - MBEDTLS_SSL_SRV_C configuration options control this. - * Add accessors to configure DN hints for certificate request: - mbedtls_ssl_conf_dn_hints() and mbedtls_ssl_set_hs_dn_hints() - * The configuration option MBEDTLS_USE_PSA_CRYPTO, which previously - affected only a limited subset of crypto operations in TLS, X.509 and PK, - now causes most of them to be done using PSA Crypto; see - docs/use-psa-crypto.md for the list of exceptions. - * The function mbedtls_pk_setup_opaque() now supports RSA key pairs as well. - Opaque keys can now be used everywhere a private key is expected in the - TLS and X.509 modules. - * Opaque pre-shared keys for TLS, provisioned with - mbedtls_ssl_conf_psk_opaque() or mbedtls_ssl_set_hs_psk_opaque(), which - previously only worked for "pure" PSK key exchange, now can also be used - for the "mixed" PSK key exchanges as well: ECDHE-PSK, DHE-PSK, RSA-PSK. - * cmake now detects if it is being built as a sub-project, and in that case - disables the target export/installation and package configuration. - * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259. - * Add example programs cipher_aead_demo.c, md_hmac_demo.c, aead_demo.c - and hmac_demo.c, which use PSA and the md/cipher interfaces side - by side in order to illustrate how the operation is performed in PSA. - Addresses #5208. - -Security - * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage - module before freeing them. These buffers contain secret key material, and - could thus potentially leak the key through freed heap. - * Fix potential memory leak inside mbedtls_ssl_cache_set() with - an invalid session id length. - * Add the platform function mbedtls_setbuf() to allow buffering to be - disabled on stdio files, to stop secrets loaded from said files being - potentially left in memory after file operations. Reported by - Glenn Strauss. - * Fix a potential heap buffer overread in TLS 1.2 server-side when - MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with - mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite - is selected. This may result in an application crash or potentially an - information leak. - * Fix a buffer overread in DTLS ClientHello parsing in servers with - MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client - or a man-in-the-middle could cause a DTLS server to read up to 255 bytes - after the end of the SSL input buffer. The buffer overread only happens - when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on - the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), - and possibly up to 571 bytes with a custom cookie check function. - Reported by the Cybeats PSI Team. - * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated - client or server could cause an MbedTLS server or client to overread up - to 64 kBytes of data and potentially overread the input buffer by that - amount minus the size of the input buffer. As overread data undergoes - various checks, the likelihood of reaching the boundary of the input - buffer is rather small but increases as its size - MBEDTLS_SSL_IN_CONTENT_LEN decreases. - * Fix check of certificate key usage in TLS 1.3. The usage of the public key - provided by a client or server certificate for authentication was not - checked properly when validating the certificate. This could cause a - client or server to be able to authenticate itself through a certificate - to an Mbed TLS TLS 1.3 server or client while it does not own a proper - certificate to do so. - -Bugfix - * Declare or use PSA_WANT_ALG_CCM_STAR_NO_TAG following the general - pattern for PSA_WANT_xxx symbols. Previously you had to specify - PSA_WANT_ALG_CCM for PSA_ALG_CCM_STAR_NO_TAG. - * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice. - * Fixed swap of client and server random bytes when exporting them alongside - TLS 1.3 handshake and application traffic secret. - * Fix several bugs (warnings, compiler and linker errors, test failures) - in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled. - * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was - enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the - client would fail to check that the curve selected by the server for - ECDHE was indeed one that was offered. As a result, the client would - accept any curve that it supported, even if that curve was not allowed - according to its configuration. Fixes #5291. - * The TLS 1.3 implementation is now compatible with the - MBEDTLS_USE_PSA_CRYPTO configuration option. - * Fix unit tests that used 0 as the file UID. This failed on some - implementations of PSA ITS. Fixes #3838. - * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406. - * Fix API violation in mbedtls_md_process() test by adding a call to - mbedtls_md_starts(). Fixes #2227. - * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests - to catch bad uses of time.h. - * Fix a race condition in out-of-source builds with CMake when generated data - files are already present. Fixes #5374. - * Fix the library search path when building a shared library with CMake - on Windows. - * Fix bug in the alert sending function mbedtls_ssl_send_alert_message() - potentially leading to corrupted alert messages being sent in case - the function needs to be re-called after initially returning - MBEDTLS_SSL_WANT_WRITE. Fixes #1916. - * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not - MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null - pointer dereference. Fix this. Fixes #3998. - The fix was released, but not announced, in Mbed TLS 3.1.0. - * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous - documentation stated that the `allowed_pks` field applies to signatures - only, but in fact it does apply to the public key type of the end entity - certificate, too. Fixes #1992. - * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is - not NULL and val_len is zero. - * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211. - * Fix compilation error when using C++ Builder on Windows. Reported by - Miroslav Mastny in #4015. - * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when - applicable. Fixes #5735. - * Fix a bug in the x25519 example program where the removal of - MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and - #3191. - * Fix a TLS 1.3 handshake failure when the peer Finished message has not - been received yet when we first try to fetch it. - * Encode X.509 dates before 1/1/2000 as UTCTime rather than - GeneralizedTime. Fixes #5465. - * Add mbedtls_x509_dn_get_next function to return the next relative DN in - an X509 name, to allow walking the name list. Fixes #5431. - * Fix order value of curve x448. - * Fix string representation of DNs when outputting values containing commas - and other special characters, conforming to RFC 1779. Fixes #769. - * Silence a warning from GCC 12 in the selftest program. Fixes #5974. - * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other - dependencies explicit in the documentation. Fixes #5610. - * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0. - * Fix a TLS 1.3 handshake failure when the first attempt to send the client - Finished message on the network cannot be satisfied. Fixes #5499. - * Fix resource leaks in mbedtls_pk_parse_public_key() in low - memory conditions. - * Fix server connection identifier setting for outgoing encrypted records - on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with - connection identifier, the Mbed TLS client now properly sends the server - connection identifier in encrypted record headers. Fix #5872. - * Fix a null pointer dereference when performing some operations on zero - represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing - by 2, and mbedtls_mpi_write_string() in base 2). - * Fix record sizes larger than 16384 being sometimes accepted despite being - non-compliant. This could not lead to a buffer overflow. In particular, - application data size was already checked correctly. - * Fix MBEDTLS_SVC_KEY_ID_GET_KEY_ID() and MBEDTLS_SVC_KEY_ID_GET_OWNER_ID() - which have been broken, resulting in compilation errors, since Mbed TLS - 3.0. - * Ensure that TLS 1.2 ciphersuite/certificate and key selection takes into - account not just the type of the key (RSA vs EC) but also what it can - actually do. Resolves #5831. - * Fix CMake windows host detection, especially when cross compiling. - * Fix an error in make where the absence of a generated file caused - make to break on a clean checkout. Fixes #5340. - * Work around an MSVC ARM64 compiler bug causing incorrect behaviour - in mbedtls_mpi_exp_mod(). Reported by Tautvydas Žilys in #5467. - * Removed the prompt to exit from all windows build programs, which was causing - issues in CI/CD environments. - -Changes - * The file library/psa_crypto_driver_wrappers.c is now generated - from a template. In the future, the generation will support - driver descriptions. For the time being, to customize this file, - see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md - * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to one-shot - AEAD functions is not an AEAD algorithm. This aligns them with the - multipart functions, and the PSA Crypto API 1.1 specification. - * In mbedtls_pk_parse_key(), if no password is provided, don't allocate a - temporary variable on the heap. Suggested by Sergey Kanatov in #5304. - * Assume source files are in UTF-8 when using MSVC with CMake. - * Fix runtime library install location when building with CMake and MinGW. - DLLs are now installed in the bin directory instead of lib. - * cmake: Use GnuInstallDirs to customize install directories - Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR - variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if - LIB_INSTALL_DIR is set. - * Add a CMake option that enables static linking of the runtime library - in Microsoft Visual C++ compiler. Contributed by Microplankton. - * In CMake builds, add aliases for libraries so that the normal MbedTLS::* - targets work when MbedTLS is built as a subdirectory. This allows the - use of FetchContent, as requested in #5688. - -= mbed TLS 3.1.0 branch released 2021-12-17 - -API changes - * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL. - Alternative GCM implementations are expected to verify - the length of the provided output buffers and to return the - MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. - * You can configure groups for a TLS key exchange with the new function - mbedtls_ssl_conf_groups(). It extends mbedtls_ssl_conf_curves(). - * Declare a number of structure fields as public: the fields of - mbedtls_ecp_curve_info, the fields describing the result of ASN.1 and - X.509 parsing, and finally the field fd of mbedtls_net_context on - POSIX/Unix-like platforms. - -Requirement changes - * Sign-magnitude and one's complement representations for signed integers are - not supported. Two's complement is the only supported representation. - -New deprecations - * Deprecate mbedtls_ssl_conf_curves() in favor of the more generic - mbedtls_ssl_conf_groups(). - -Removals - * Remove the partial support for running unit tests via Greentea on Mbed OS, - which had been unmaintained since 2018. - -Features - * Enable support for Curve448 via the PSA API. Contributed by - Archana Madhavan in #4626. Fixes #3399 and #4249. - * The identifier of the CID TLS extension can be configured by defining - MBEDTLS_TLS_EXT_CID at compile time. - * Implement the PSA multipart AEAD interface, currently supporting - ChaChaPoly and GCM. - * Warn if errors from certain functions are ignored. This is currently - supported on GCC-like compilers and on MSVC and can be configured through - the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled - (where supported) for critical functions where ignoring the return - value is almost always a bug. Enable the new configuration option - MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This - is currently implemented in the AES, DES and md modules, and will be - extended to other modules in the future. - * Add missing PSA macros declared by PSA Crypto API 1.0.0: - PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. - * Add support for CCM*-no-tag cipher to the PSA. - Currently only 13-byte long IV's are supported. - For decryption a minimum of 16-byte long input is expected. - These restrictions may be subject to change. - * Add new API mbedtls_ct_memcmp for constant time buffer comparison. - * Add functions to get the IV and block size from cipher_info structs. - * Add functions to check if a cipher supports variable IV or key size. - * Add the internal implementation of and support for CCM to the PSA multipart - AEAD interface. - * Mbed TLS provides a minimum viable implementation of the TLS 1.3 - protocol. See docs/architecture/tls13-support.md for the definition of - the TLS 1.3 Minimum Viable Product (MVP). The MBEDTLS_SSL_PROTO_TLS1_3 - configuration option controls the enablement of the support. The APIs - mbedtls_ssl_conf_min_version() and mbedtls_ssl_conf_max_version() allow - to select the 1.3 version of the protocol to establish a TLS connection. - * Add PSA API definition for ARIA. - -Security - * Zeroize several intermediate variables used to calculate the expected - value when verifying a MAC or AEAD tag. This hardens the library in - case the value leaks through a memory disclosure vulnerability. For - example, a memory disclosure vulnerability could have allowed a - man-in-the-middle to inject fake ciphertext into a DTLS connection. - * In psa_aead_generate_nonce(), do not read back from the output buffer. - This fixes a potential policy bypass or decryption oracle vulnerability - if the output buffer is in memory that is shared with an untrusted - application. - * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back - from the output buffer. This fixes a potential policy bypass or decryption - oracle vulnerability if the output buffer is in memory that is shared with - an untrusted application. - * Fix a double-free that happened after mbedtls_ssl_set_session() or - mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED - (out of memory). After that, calling mbedtls_ssl_session_free() - and mbedtls_ssl_free() would cause an internal session buffer to - be free()'d twice. - -Bugfix - * Stop using reserved identifiers as local variables. Fixes #4630. - * The GNU makefiles invoke python3 in preference to python except on Windows. - The check was accidentally not performed when cross-compiling for Windows - on Linux. Fix this. Fixes #4774. - * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or - PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type. - * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. - * Don't use the obsolete header path sys/fcntl.h in unit tests. - These header files cause compilation errors in musl. - Fixes #4969. - * Fix missing constraints on x86_64 and aarch64 assembly code - for bignum multiplication that broke some bignum operations with - (at least) Clang 12. - Fixes #4116, #4786, #4917, #4962. - * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. - * Failures of alternative implementations of AES or DES single-block - functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, - MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. - This does not concern the implementation provided with Mbed TLS, - where this function cannot fail, or full-module replacements with - MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. - * Some failures of HMAC operations were ignored. These failures could only - happen with an alternative implementation of the underlying hash module. - * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. - * Fix compile-time or run-time errors in PSA - AEAD functions when ChachaPoly is disabled. Fixes #5065. - * Remove PSA'a AEAD finish/verify output buffer limitation for GCM. - The requirement of minimum 15 bytes for output buffer in - psa_aead_finish() and psa_aead_verify() does not apply to the built-in - implementation of GCM. - * Move GCM's update output buffer length verification from PSA AEAD to - the built-in implementation of the GCM. - The requirement for output buffer size to be equal or greater then - input buffer size is valid only for the built-in implementation of GCM. - Alternative GCM implementations can process whole blocks only. - * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor - MBEDTLS_ERROR_STRERROR_DUMMY is enabled. - * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. - This algorithm now accepts only the same salt length for verification - that it produces when signing, as documented. Use the new algorithm - PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. - * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved - for algorithm values that fully encode the hashing step, as per the PSA - Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and - PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers - all algorithms that can be used with psa_{sign,verify}_hash(), including - these two. - * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries - not to list other shared libraries they need. - * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv - exceeds 2^32. Fixes #4884. - * Fix an uninitialized variable warning in test_suite_ssl.function with GCC - version 11. - * Fix the build when no SHA2 module is included. Fixes #4930. - * Fix the build when only the bignum module is included. Fixes #4929. - * Fix a potential invalid pointer dereference and infinite loop bugs in - pkcs12 functions when the password is empty. Fix the documentation to - better describe the inputs to these functions and their possible values. - Fixes #5136. - * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC - operations psa_mac_compute() and psa_mac_sign_setup(). - * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC - operations psa_mac_verify() and psa_mac_verify_setup(). - -Changes - * Explicitly mark the fields mbedtls_ssl_session.exported and - mbedtls_ssl_config.respect_cli_pref as private. This was an - oversight during the run-up to the release of Mbed TLS 3.0. - The fields were never intended to be public. - * Implement multi-part CCM API. - The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(), - mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish() - were introduced in mbedTLS 3.0 release, however their implementation was - postponed until now. - Implemented functions support chunked data input for both CCM and CCM* - algorithms. - * Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the - code size by about 80B on an M0 build. This option only gated an ability - to set a callback, but was deemed unnecessary as it was yet another define - to remember when writing tests, or test configurations. Fixes #4653. - * Improve the performance of base64 constant-flow code. The result is still - slower than the original non-constant-flow implementation, but much faster - than the previous constant-flow implementation. Fixes #4814. - * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations. - For CCM* encryption/decryption without authentication, input - length will be ignored. - * Indicate in the error returned if the nonce length used with - ChaCha20-Poly1305 is invalid, and not just unsupported. - * The mbedcrypto library includes a new source code module constant_time.c, - containing various functions meant to resist timing side channel attacks. - This module does not have a separate configuration option, and functions - from this module will be included in the build as required. Currently - most of the interface of this module is private and may change at any - time. - * The generated configuration-independent files are now automatically - generated by the CMake build system on Unix-like systems. This is not - yet supported when cross-compiling. - -= Mbed TLS 3.0.0 branch released 2021-07-07 - -API changes - * Remove HAVEGE module. - The design of HAVEGE makes it unsuitable for microcontrollers. Platforms - with a more complex CPU usually have an operating system interface that - provides better randomness. Instead of HAVEGE, declare OS or hardware RNG - interfaces with mbedtls_entropy_add_source() and/or use an entropy seed - file created securely during device provisioning. See - https://mbed-tls.readthedocs.io/en/latest/kb/how-to/add-entropy-sources-to-entropy-pool/ for - more information. - * Add missing const attributes to API functions. - * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the - header compat-1.3.h and the script rename.pl. - * Remove certs module from the API. - Transfer keys and certificates embedded in the library to the test - component. This contributes to minimizing library API and discourages - users from using unsafe keys in production. - * Move alt helpers and definitions. - Various helpers and definitions available for use in alt implementations - have been moved out of the include/ directory and into the library/ - directory. The files concerned are ecp_internal.h and rsa_internal.h - which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h - respectively. - * Move internal headers. - Header files that were only meant for the library's internal use and - were not meant to be used in application code have been moved out of - the include/ directory. The headers concerned are bn_mul.h, aesni.h, - padlock.h, entropy_poll.h and *_internal.h. - * Drop support for parsing SSLv2 ClientHello - (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO). - * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3). - * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT). - * Drop support for RC4 TLS ciphersuites. - * Drop support for single-DES ciphersuites. - * Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL. - * Update AEAD output size macros to bring them in line with the PSA Crypto - API version 1.0 spec. This version of the spec parameterizes them on the - key type used, as well as the key bit-size in the case of - PSA_AEAD_TAG_LENGTH. - * Add configuration option MBEDTLS_X509_REMOVE_INFO which - removes the mbedtls_x509_*_info(), mbedtls_debug_print_crt() - as well as other functions and constants only used by - those functions. This reduces the code footprint by - several kB. - * Remove SSL error codes `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` - and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` which are never - returned from the public SSL API. - * Remove `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` and return - `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead. - * The output parameter of mbedtls_sha512_finish, mbedtls_sha512, - mbedtls_sha256_finish and mbedtls_sha256 now has a pointer type - rather than array type. This removes spurious warnings in some compilers - when outputting a SHA-384 or SHA-224 hash into a buffer of exactly - the hash size. - * Remove the MBEDTLS_TEST_NULL_ENTROPY config option. Fixes #4388. - * The interface of the GCM module has changed to remove restrictions on - how the input to multipart operations is broken down. mbedtls_gcm_finish() - now takes extra output parameters for the last partial output block. - mbedtls_gcm_update() now takes extra parameters for the output length. - The software implementation always produces the full output at each - call to mbedtls_gcm_update(), but alternative implementations activated - by MBEDTLS_GCM_ALT may delay partial blocks to the next call to - mbedtls_gcm_update() or mbedtls_gcm_finish(). Furthermore, applications - no longer pass the associated data to mbedtls_gcm_starts(), but to the - new function mbedtls_gcm_update_ad(). - These changes are backward compatible for users of the cipher API. - * Replace MBEDTLS_SHA512_NO_SHA384 config option with MBEDTLS_SHA384_C. - This separates config option enabling the SHA384 algorithm from option - enabling the SHA512 algorithm. Fixes #4034. - * Introduce MBEDTLS_SHA224_C. - This separates config option enabling the SHA224 algorithm from option - enabling SHA256. - * The getter and setter API of the SSL session cache (used for - session-ID based session resumption) has changed to that of - a key-value store with keys being session IDs and values - being opaque instances of `mbedtls_ssl_session`. - * Remove the mode parameter from RSA operation functions. Signature and - decryption functions now always use the private key and verification and - encryption use the public key. Verification functions also no longer have - RNG parameters. - * Modify semantics of `mbedtls_ssl_conf_[opaque_]psk()`: - In Mbed TLS 2.X, the API prescribes that later calls overwrite - the effect of earlier calls. In Mbed TLS 3.0, calling - `mbedtls_ssl_conf_[opaque_]psk()` more than once will fail, - leaving the PSK that was configured first intact. - Support for more than one PSK may be added in 3.X. - * The function mbedtls_x509write_csr_set_extension() has an extra parameter - which allows to mark an extension as critical. Fixes #4055. - * For multi-part AEAD operations with the cipher module, calling - mbedtls_cipher_finish() is now mandatory. Previously the documentation - was unclear on this point, and this function happened to never do - anything with the currently implemented AEADs, so in practice it was - possible to skip calling it, which is no longer supported. - * The option MBEDTLS_ECP_FIXED_POINT_OPTIM use pre-computed comb tables - instead of computing tables in runtime. Thus, this option now increase - code size, and it does not increase RAM usage in runtime anymore. - * Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and - mbedtls_ssl_get_output_max_frag_len(), and add a new API - mbedtls_ssl_get_max_in_record_payload(), complementing the existing - mbedtls_ssl_get_max_out_record_payload(). - Uses of mbedtls_ssl_get_input_max_frag_len() and - mbedtls_ssl_get_input_max_frag_len() should be replaced by - mbedtls_ssl_get_max_in_record_payload() and - mbedtls_ssl_get_max_out_record_payload(), respectively. - * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA - key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding() - after initializing the context. mbedtls_rsa_set_padding() now returns an - error if its parameters are invalid. - * Replace MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE by a runtime - configuration function mbedtls_ssl_conf_preference_order(). Fixes #4398. - * Instead of accessing the len field of a DHM context, which is no longer - supported, use the new function mbedtls_dhm_get_len() . - * In modules that implement cryptographic hash functions, many functions - mbedtls_xxx() now return int instead of void, and the corresponding - function mbedtls_xxx_ret() which was identical except for returning int - has been removed. This also concerns mbedtls_xxx_drbg_update(). See the - migration guide for more information. Fixes #4212. - * For all functions that take a random number generator (RNG) as a - parameter, this parameter is now mandatory (that is, NULL is not an - acceptable value). Functions which previously accepted NULL and now - reject it are: the X.509 CRT and CSR writing functions; the PK and RSA - sign and decrypt function; mbedtls_rsa_private(); the functions - in DHM and ECDH that compute the shared secret; the scalar multiplication - functions in ECP. - * The following functions now require an RNG parameter: - mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(), - mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile(). - * mbedtls_ssl_conf_export_keys_ext_cb() and - mbedtls_ssl_conf_export_keys_cb() have been removed and - replaced by a new API mbedtls_ssl_set_export_keys_cb(). - Raw keys and IVs are no longer passed to the callback. - Further, callbacks now receive an additional parameter - indicating the type of secret that's being exported, - paving the way for the larger number of secrets - in TLS 1.3. Finally, the key export callback and - context are now connection-specific. - * Signature functions in the RSA and PK modules now require the hash - length parameter to be the size of the hash input. For RSA signatures - other than raw PKCS#1 v1.5, this must match the output size of the - specified hash algorithm. - * The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), - mbedtls_ecdsa_write_signature() and - mbedtls_ecdsa_write_signature_restartable() now take an extra parameter - indicating the size of the output buffer for the signature. - * Implement one-shot cipher functions, psa_cipher_encrypt and - psa_cipher_decrypt, according to the PSA Crypto API 1.0.0 - specification. - * Direct access to fields of structures declared in public headers is no - longer supported except for fields that are documented public. Use accessor - functions instead. For more information, see the migration guide entry - "Most structure fields are now private". - * mbedtls_ssl_get_session_pointer() has been removed, and - mbedtls_ssl_{set,get}_session() may now only be called once for any given - SSL context. - -Default behavior changes - * Enable by default the functionalities which have no reason to be disabled. - They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and - Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036. - * Some default policies for X.509 certificate verification and TLS have - changed: curves and hashes weaker than 255 bits are no longer accepted - by default. The default order in TLS now favors faster curves over larger - curves. - -Requirement changes - * The library now uses the %zu format specifier with the printf() family of - functions, so requires a toolchain that supports it. This change does not - affect the maintained LTS branches, so when contributing changes please - bear this in mind and do not add them to backported code. - * If you build the development version of Mbed TLS, rather than an official - release, some configuration-independent files are now generated at build - time rather than checked into source control. This includes some library - source files as well as the Visual Studio solution. Perl, Python 3 and a - C compiler for the host platform are required. See “Generated source files - in the development branch” in README.md for more information. - * Refresh the minimum supported versions of tools to build the - library. CMake versions older than 3.10.2 and Python older - than 3.6 are no longer supported. - -Removals - * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - compile-time option, which was off by default. Users should not trust - certificates signed with SHA-1 due to the known attacks against SHA-1. - If needed, SHA-1 certificates can still be verified by using a custom - verification profile. - * Removed deprecated things in psa/crypto_compat.h. Fixes #4284 - * Removed deprecated functions from hashing modules. Fixes #4280. - * Remove PKCS#11 library wrapper. PKCS#11 has limited functionality, - lacks automated tests and has scarce documentation. Also, PSA Crypto - provides a more flexible private key management. - More details on PCKS#11 wrapper removal can be found in the mailing list - https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html - * Remove deprecated error codes. Fix #4283 - * Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option. Fixes #4416. - * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - compile-time option. This option has been inactive for a long time. - Please use the `lifetime` parameter of `mbedtls_ssl_ticket_setup()` - instead. - * Remove the following deprecated functions and constants of hex-encoded - primes based on RFC 5114 and RFC 3526 from library code and tests: - mbedtls_aes_encrypt(), mbedtls_aes_decrypt(), mbedtls_mpi_is_prime(), - mbedtls_cipher_auth_encrypt(), mbedtls_cipher_auth_decrypt(), - mbedtls_ctr_drbg_update(), mbedtls_hmac_drbg_update(), - mbedtls_ecdsa_write_signature_det(), mbedtls_ecdsa_sign_det(), - mbedtls_ssl_conf_dh_param(), mbedtls_ssl_get_max_frag_len(), - MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC5114_MODP_2048_G, - MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_G, - MBEDTLS_DHM_RFC3526_MODP_3072_P, MBEDTLS_DHM_RFC3526_MODP_3072_G, - MBEDTLS_DHM_RFC3526_MODP_4096_P, MBEDTLS_DHM_RFC3526_MODP_4096_G. - Remove the deprecated file: include/mbedtls/net.h. Fixes #4282. - * Remove MBEDTLS_SSL_MAX_CONTENT_LEN configuration option, since - MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN replace - it. Fixes #4362. - * Remove the MBEDTLS_SSL_RECORD_CHECKING option and enable by default its - previous action. Fixes #4361. - * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for - CBC record splitting, fallback SCSV, and the ability to configure - ciphersuites per version, which are no longer relevant. This removes the - configuration options MBEDTLS_SSL_PROTO_TLS1, - MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING and - MBEDTLS_SSL_FALLBACK_SCSV as well as the functions - mbedtls_ssl_conf_cbc_record_splitting(), - mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(), - and mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286. - * The RSA module no longer supports private-key operations with the public - key and vice versa. - * Remove the MBEDTLS_SSL_DTLS_BADMAC_LIMIT config.h option. Fixes #4403. - * Remove all the 3DES ciphersuites: - MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA. Remove the - MBEDTLS_REMOVE_3DES_CIPHERSUITES option which is no longer relevant. - Fixes #4367. - * Remove the MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option and let the code - behave as if it was always disabled. Fixes #4386. - * Remove MBEDTLS_ECDH_LEGACY_CONTEXT config option since this was purely for - backward compatibility which is no longer supported. Addresses #4404. - * Remove the following macros: MBEDTLS_CHECK_PARAMS, - MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED, - MBEDTLS_PARAM_FAILED_ALT. Fixes #4313. - * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h - option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for - migration path. Fixes #4378. - * Remove the MBEDTLS_X509_CHECK_KEY_USAGE and - MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE config.h options and let the code - behave as if they were always enabled. Fixes #4405. - * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is - now determined automatically based on supported curves. - * Remove the following functions: mbedtls_timing_self_test(), - mbedtls_hardclock_poll(), mbedtls_timing_hardclock() and - mbedtls_set_alarm(). Fixes #4083. - * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as - it no longer had any effect. - * Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the - corresponding modules and all their APIs and related configuration - options. Fixes #4084. - * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove - MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by - using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC. - See issue #4341 for more details. - * Remove the compile-time option - MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE. - -Features - * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a - signature with a specific salt length. This function allows to validate - test cases provided in the NIST's CAVP test suite. Contributed by Cédric - Meuter in PR #3183. - * Added support for built-in driver keys through the PSA opaque crypto - driver interface. Refer to the documentation of - MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information. - * Implement psa_sign_message() and psa_verify_message(). - * The multi-part GCM interface (mbedtls_gcm_update() or - mbedtls_cipher_update()) no longer requires the size of partial inputs to - be a multiple of 16. - * The multi-part GCM interface now supports chunked associated data through - multiple calls to mbedtls_gcm_update_ad(). - * The new function mbedtls_mpi_random() generates a random value in a - given range uniformly. - * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing - modules had undocumented constraints on their context types. These - constraints have been relaxed. - See docs/architecture/alternative-implementations.md for the remaining - constraints. - * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() - query the size of the modulus in a Diffie-Hellman context. - * The new function mbedtls_dhm_get_value() copy a field out of a - Diffie-Hellman context. - * Use the new function mbedtls_ecjpake_set_point_format() to select the - point format for ECJPAKE instead of accessing the point_format field - directly, which is no longer supported. - * Implement psa_mac_compute() and psa_mac_verify() as defined in the - PSA Cryptograpy API 1.0.0 specification. - -Security - * Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM) - private keys and of blinding values for DHM and elliptic curves (ECP) - computations. Reported by FlorianF89 in #4245. - * Fix a potential side channel vulnerability in ECDSA ephemeral key generation. - An adversary who is capable of very precise timing measurements could - learn partial information about the leading bits of the nonce used for the - signature, allowing the recovery of the private key after observing a - large number of signature operations. This completes a partial fix in - Mbed TLS 2.20.0. - * Fix an issue where an adversary with access to precise enough information - about memory accesses (typically, an untrusted operating system attacking - a secure enclave) could recover an RSA private key after observing the - victim performing a single private-key operation. Found and reported by - Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. - * Fix an issue where an adversary with access to precise enough timing - information (typically, a co-located process) could recover a Curve25519 - or Curve448 static ECDH key after inputting a chosen public key and - observing the victim performing the corresponding private-key operation. - Found and reported by Leila Batina, Lukas Chmielewski, Björn Haase, Niels - Samwel and Peter Schwabe. - -Bugfix - * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may - lead to the seed file corruption in case if the path to the seed file is - equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor - Krasnoshchok in #3616. - * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather - than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key - to create is not valid, bringing them in line with version 1.0.0 of the - specification. Fix #4271. - * Add printf function attributes to mbedtls_debug_print_msg to ensure we - get printf format specifier warnings. - * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE - rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them - in line with version 1.0.0 of the specification. Fix #4162. - * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits - zero. Fixes #1792 - * Fix some cases in the bignum module where the library constructed an - unintended representation of the value 0 which was not processed - correctly by some bignum operations. This could happen when - mbedtls_mpi_read_string() was called on "-0", or when - mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of - the arguments being negative and the other being 0. Fixes #4643. - * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is - defined. Fixes #4217. - * Fix an incorrect error code when parsing a PKCS#8 private key. - * In a TLS client, enforce the Diffie-Hellman minimum parameter size - set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the - minimum size was rounded down to the nearest multiple of 8. - * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are - defined to specific values. If the code is used in a context - where these are already defined, this can result in a compilation - error. Instead, assume that if they are defined, the values will - be adequate to build Mbed TLS. - * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built - nonetheless, resulting in undefined reference errors when building a - shared library. Reported by Guillermo Garcia M. in #4411. - * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available - when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384 - was disabled. Fix the dependency. Fixes #4472. - * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499. - * Fix test suite code on platforms where int32_t is not int, such as - Arm Cortex-M. Fixes #4530. - * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced - directive in a header and a missing initialization in the self-test. - * Fix a missing initialization in the Camellia self-test, affecting - MBEDTLS_CAMELLIA_ALT implementations. - * Restore the ability to configure PSA via Mbed TLS options to support RSA - key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME - is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key(). - Fixes #4512. - * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites - (when the encrypt-then-MAC extension is not in use) with some ALT - implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing - the affected side to wrongly reject valid messages. Fixes #4118. - * Remove outdated check-config.h check that prevented implementing the - timing module on Mbed OS. Fixes #4633. - * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive - about missing inputs. - * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with - MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465. - * Fix a resource leak in a test suite with an alternative AES - implementation. Fixes #4176. - * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This - could notably be triggered by setting the TLS debug level to 3 or above - and using a Montgomery curve for the key exchange. Reported by lhuang04 - in #4578. Fixes #4608. - * psa_verify_hash() was relying on implementation-specific behavior of - mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT - implementations. This reliance is now removed. Fixes #3990. - * Disallow inputs of length different from the corresponding hash when - signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates - that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.) - * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with - A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug - could not be triggered by code that constructed A with one of the - mbedtls_mpi_read_xxx functions (including in particular TLS code) since - those always built an mpi object with at least one limb. - Credit to OSS-Fuzz. Fixes #4641. - * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no - effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect - applications that call mbedtls_mpi_gcd() directly. Fixes #4642. - * The PSA API no longer allows the creation or destruction of keys with a - read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY - can now only be used as intended, for keys that cannot be modified through - normal use of the API. - * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included - in all the right places. Include it from crypto_platform.h, which is - the natural place. Fixes #4649. - * Fix which alert is sent in some cases to conform to the - applicable RFC: on an invalid Finished message value, an - invalid max_fragment_length extension, or an - unsupported extension used by the server. - * Correct (change from 12 to 13 bytes) the value of the macro describing the - maximum nonce length returned by psa_aead_generate_nonce(). - -Changes - * Fix the setting of the read timeout in the DTLS sample programs. - * Add extra printf compiler warning flags to builds. - * Fix memsan build false positive in x509_crt.c with clang 11 - * Alternative implementations of CMAC may now opt to not support 3DES as a - CMAC block cipher, and still pass the CMAC self test. - * Remove the AES sample application programs/aes/aescrypt2 which shows - bad cryptographic practice. Fix #1906. - * Remove configs/config-psa-crypto.h, which no longer had any intended - differences from the default configuration, but had accidentally diverged. - * When building the test suites with GNU make, invoke python3 or python, not - python2, which is no longer supported upstream. - * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on. - When that flag is on, standard GNU C printf format specifiers - should be used. - * Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and - MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335. - * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage - during ECC operations at a negligible performance cost. - * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and - mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs - when their input has length 0. Note that this is an implementation detail - and can change at any time, so this change should be transparent, but it - may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string() - now writing an empty string where it previously wrote one or more - zero digits when operating from values constructed with an mpi_read - function and some mpi operations. - * Add CMake package config generation for CMake projects consuming Mbed TLS. - * config.h has been split into build_info.h and mbedtls_config.h - build_info.h is intended to be included from C code directly, while - mbedtls_config.h is intended to be edited by end users wishing to - change the build configuration, and should generally only be included from - build_info.h. - * The handling of MBEDTLS_CONFIG_FILE has been moved into build_info.h. - * A config file version symbol, MBEDTLS_CONFIG_VERSION was introduced. - Defining it to a particular value will ensure that Mbed TLS interprets - the config file in a way that's compatible with the config file format - used by the Mbed TLS release whose MBEDTLS_VERSION_NUMBER has the same - value. - The only value supported by Mbed TLS 3.0.0 is 0x03000000. - * Various changes to which alert and/or error code may be returned - * during the TLS handshake. - * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when - PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag - when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension - is also applied when loading a key from storage. - -= mbed TLS 2.26.0 branch released 2021-03-08 - -API changes - * Renamed the PSA Crypto API output buffer size macros to bring them in line - with version 1.0.0 of the specification. - * The API glue function mbedtls_ecc_group_of_psa() now takes the curve size - in bits rather than bytes, with an additional flag to indicate if the - size may have been rounded up to a whole number of bytes. - * Renamed the PSA Crypto API AEAD tag length macros to bring them in line - with version 1.0.0 of the specification. - -Default behavior changes - * In mbedtls_rsa_context objects, the ver field was formerly documented - as always 0. It is now reserved for internal purposes and may take - different values. - -New deprecations - * PSA_KEY_EXPORT_MAX_SIZE, PSA_HASH_SIZE, PSA_MAC_FINAL_SIZE, - PSA_BLOCK_CIPHER_BLOCK_SIZE, PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE and - PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN have been renamed, and the old names - deprecated. - * PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH and PSA_ALG_AEAD_WITH_TAG_LENGTH - have been renamed, and the old names deprecated. - -Features - * The PSA crypto subsystem can now use HMAC_DRBG instead of CTR_DRBG. - CTR_DRBG is used by default if it is available, but you can override - this choice by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE at compile time. - Fix #3354. - * Automatic fallback to a software implementation of ECP when - MBEDTLS_ECP_xxx_ALT accelerator hooks are in use can now be turned off - through setting the new configuration flag MBEDTLS_ECP_NO_FALLBACK. - * The PSA crypto subsystem can now be configured to use less static RAM by - tweaking the setting for the maximum amount of keys simultaneously in RAM. - MBEDTLS_PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that - can exist simultaneously. It has a sensible default if not overridden. - * Partial implementation of the PSA crypto driver interface: Mbed TLS can - now use an external random generator instead of the library's own - entropy collection and DRBG code. Enable MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - and see the documentation of mbedtls_psa_external_get_random() for details. - * Applications using both mbedtls_xxx and psa_xxx functions (for example, - applications using TLS and MBEDTLS_USE_PSA_CRYPTO) can now use the PSA - random generator with mbedtls_xxx functions. See the documentation of - mbedtls_psa_get_random() for details. - * In the PSA API, the policy for a MAC or AEAD algorithm can specify a - minimum MAC or tag length thanks to the new wildcards - PSA_ALG_AT_LEAST_THIS_LENGTH_MAC and - PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG. - -Security - * Fix a security reduction in CTR_DRBG when the initial seeding obtained a - nonce from entropy. Applications were affected if they called - mbedtls_ctr_drbg_set_nonce_len(), if they called - mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key - length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256. - In such cases, a random nonce was necessary to achieve the advertised - security strength, but the code incorrectly used a constant instead of - entropy from the nonce. - Found by John Stroebel in #3819 and fixed in #3973. - * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating - |A| - |B| where |B| is larger than |A| and has more limbs (so the - function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only - applications calling mbedtls_mpi_sub_abs() directly are affected: - all calls inside the library were safe since this function is - only called with |A| >= |B|. Reported by Guido Vranken in #4042. - * Fix an errorneous estimation for an internal buffer in - mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd - value the function might fail to write a private RSA keys of the largest - supported size. - Found by Daniel Otte, reported in #4093 and fixed in #4094. - * Fix a stack buffer overflow with mbedtls_net_poll() and - mbedtls_net_recv_timeout() when given a file descriptor that is - beyond FD_SETSIZE. Reported by FigBug in #4169. - * Guard against strong local side channel attack against base64 tables by - making access aceess to them use constant flow code. - -Bugfix - * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c - * Fix memory leak that occured when calling psa_close_key() on a - wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined. - * Fix an incorrect error code if an RSA private operation glitched. - * Fix a memory leak in an error case in psa_generate_derived_key_internal(). - * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C - is enabled, on platforms where initializing a mutex allocates resources. - This was a regression introduced in the previous release. Reported in - #4017, #4045 and #4071. - * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free() - twice is safe. This happens for RSA when some Mbed TLS library functions - fail. Such a double-free was not safe when MBEDTLS_THREADING_C was - enabled on platforms where freeing a mutex twice is not safe. - * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key() - when MBEDTLS_THREADING_C is enabled on platforms where initializing - a mutex allocates resources. - * Fixes a bug where, if the library was configured to include support for - both the old SE interface and the new PSA driver interface, external keys were - not loaded from storage. This was fixed by #3996. - * This change makes 'mbedtls_x509write_crt_set_basic_constraints' - consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST - include this extension in all CA certificates that contain public keys - used to validate digital signatures on certificates and MUST mark the - extension as critical in such certificates." Previous to this change, - the extension was always marked as non-critical. This was fixed by - #3698. - -Changes - * A new library C file psa_crypto_client.c has been created to contain - the PSA code needed by a PSA crypto client when the PSA crypto - implementation is not included into the library. - * On recent enough versions of FreeBSD and DragonFlyBSD, the entropy module - now uses the getrandom syscall instead of reading from /dev/urandom. - -= mbed TLS 2.25.0 branch released 2020-12-11 - -API changes - * The numerical values of the PSA Crypto API macros have been updated to - conform to version 1.0.0 of the specification. - * PSA_ALG_STREAM_CIPHER replaces PSA_ALG_CHACHA20 and PSA_ALG_ARC4. - The underlying stream cipher is determined by the key type - (PSA_KEY_TYPE_CHACHA20 or PSA_KEY_TYPE_ARC4). - * The functions mbedtls_cipher_auth_encrypt() and - mbedtls_cipher_auth_decrypt() no longer accept NIST_KW contexts, - as they have no way to check if the output buffer is large enough. - Please use mbedtls_cipher_auth_encrypt_ext() and - mbedtls_cipher_auth_decrypt_ext() instead. Credit to OSS-Fuzz and - Cryptofuzz. Fixes #3665. - -Requirement changes - * Update the minimum required CMake version to 2.8.12. This silences a - warning on CMake 3.19.0. #3801 - -New deprecations - * PSA_ALG_CHACHA20 and PSA_ALG_ARC4 have been deprecated. - Use PSA_ALG_STREAM_CIPHER instead. - * The functions mbedtls_cipher_auth_encrypt() and - mbedtls_cipher_auth_decrypt() are deprecated in favour of the new - functions mbedtls_cipher_auth_encrypt_ext() and - mbedtls_cipher_auth_decrypt_ext(). Please note that with AEAD ciphers, - these new functions always append the tag to the ciphertext, and include - the tag in the ciphertext length. - -Features - * Partial implementation of the new PSA Crypto accelerator APIs. (Symmetric - ciphers, asymmetric signing/verification and key generation, validate_key - entry point, and export_public_key interface.) - * Add support for ECB to the PSA cipher API. - * In PSA, allow using a key declared with a base key agreement algorithm - in combined key agreement and derivation operations, as long as the key - agreement algorithm in use matches the algorithm the key was declared with. - This is currently non-standard behaviour, but expected to make it into a - future revision of the PSA Crypto standard. - * Add MBEDTLS_TARGET_PREFIX CMake variable, which is prefixed to the mbedtls, - mbedcrypto, mbedx509 and apidoc CMake target names. This can be used by - external CMake projects that include this one to avoid CMake target name - clashes. The default value of this variable is "", so default target names - are unchanged. - * Add support for DTLS-SRTP as defined in RFC 5764. Contributed by Johan - Pascal, improved by Ron Eldor. - * In the PSA API, it is no longer necessary to open persistent keys: - operations now accept the key identifier. The type psa_key_handle_t is now - identical to psa_key_id_t instead of being platform-defined. This bridges - the last major gap to compliance with the PSA Cryptography specification - version 1.0.0. Opening persistent keys is still supported for backward - compatibility, but will be deprecated and later removed in future - releases. - * PSA_AEAD_NONCE_LENGTH, PSA_AEAD_NONCE_MAX_SIZE, PSA_CIPHER_IV_LENGTH and - PSA_CIPHER_IV_MAX_SIZE macros have been added as defined in version - 1.0.0 of the PSA Crypto API specification. - -Security - * The functions mbedtls_cipher_auth_encrypt() and - mbedtls_cipher_auth_decrypt() would write past the minimum documented - size of the output buffer when used with NIST_KW. As a result, code using - those functions as documented with NIST_KW could have a buffer overwrite - of up to 15 bytes, with consequences ranging up to arbitrary code - execution depending on the location of the output buffer. - * Limit the size of calculations performed by mbedtls_mpi_exp_mod to - MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when - generating Diffie-Hellman key pairs. Credit to OSS-Fuzz. - * A failure of the random generator was ignored in mbedtls_mpi_fill_random(), - which is how most uses of randomization in asymmetric cryptography - (including key generation, intermediate value randomization and blinding) - are implemented. This could cause failures or the silent use of non-random - values. A random generator can fail if it needs reseeding and cannot not - obtain entropy, or due to an internal failure (which, for Mbed TLS's own - CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration). - * Fix a compliance issue whereby we were not checking the tag on the - algorithm parameters (only the size) when comparing the signature in the - description part of the cert to the real signature. This meant that a - NULL algorithm parameters entry would look identical to an array of REAL - (size zero) to the library and thus the certificate would be considered - valid. However, if the parameters do not match in *any* way then the - certificate should be considered invalid, and indeed OpenSSL marks these - certs as invalid when mbedtls did not. - Many thanks to guidovranken who found this issue via differential fuzzing - and reported it in #3629. - * Zeroising of local buffers and variables which are used for calculations - in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(), - mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process() - functions to erase sensitive data from memory. Reported by - Johan Malmgren and Johan Uppman Bruce from Sectra. - -Bugfix - * Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey() - when the input has trailing garbage. Fixes #2512. - * Fix build failure in configurations where MBEDTLS_USE_PSA_CRYPTO is - enabled but ECDSA is disabled. Contributed by jdurkop. Fixes #3294. - * Include the psa_constant_names generated source code in the source tree - instead of generating it at build time. Fixes #3524. - * Fix rsa_prepare_blinding() to retry when the blinding value is not - invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This - addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)). - Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin). - Fixes #3647. - * Use socklen_t on Android and other POSIX-compliant system - * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value. - Fix #3432. - * Consistently return PSA_ERROR_INVALID_ARGUMENT on invalid cipher input - sizes (instead of PSA_ERROR_BAD_STATE in some cases) to make the - psa_cipher_* functions compliant with the PSA Crypto API specification. - * mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names - "x25519" and "x448". These curves support ECDH but not ECDSA. If you need - only the curves that support ECDSA, filter the list with - mbedtls_ecdsa_can_do(). - * Fix psa_generate_key() returning an error when asked to generate - an ECC key pair on Curve25519 or secp244k1. - * Fix psa_key_derivation_output_key() to allow the output of a combined key - agreement and subsequent key derivation operation to be used as a key - inside of the PSA Crypto core. - * Fix handling of EOF against 0xff bytes and on platforms with unsigned - chars. Fixes a build failure on platforms where char is unsigned. Fixes - #3794. - * Fix an off-by-one error in the additional data length check for - CCM, which allowed encryption with a non-standard length field. - Fixes #3719. - * Correct the default IV size for mbedtls_cipher_info_t structures using - MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs. - * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is - defined. Fix contributed in #3571. - * Fix conditions for including string.h in error.c. Fixes #3866. - * psa_set_key_id() now also sets the lifetime to persistent for keys located - in a secure element. - * Attempting to create a volatile key with a non-zero key identifier now - fails. Previously the key identifier was just ignored when creating a - volatile key. - * Attempting to create or register a key with a key identifier in the vendor - range now fails. - * Fix build failures on GCC 11. Fixes #3782. - * Add missing arguments of debug message in mbedtls_ssl_decrypt_buf. - * Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative - (an error condition) and the second operand was aliased to the result. - * Fix a case in elliptic curve arithmetic where an out-of-memory condition - could go undetected, resulting in an incorrect result. - * In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed(). - Fixes #2927. - * In PEM writing functions, fill the trailing part of the buffer with null - bytes. This guarantees that the corresponding parsing function can read - the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem - until this property was inadvertently broken in Mbed TLS 2.19.0. - Fixes #3682. - * Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT - option on. In this configuration key management methods that are required - for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail. - Fixes #3818. Reported by John Stroebel. - -Changes - * Reduce stack usage significantly during sliding window exponentiation. - Reported in #3591 and fix contributed in #3592 by Daniel Otte. - * The PSA persistent storage format is updated to always store the key bits - attribute. No automatic upgrade path is provided. Previously stored keys - must be erased, or manually upgraded based on the key storage format - specification (docs/architecture/mbed-crypto-storage-specification.md). - Fixes #3740. - * Remove the zeroization of a pointer variable in AES rounds. It was valid - but spurious and misleading since it looked like a mistaken attempt to - zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA - Leti, France. - -= mbed TLS 2.24.0 branch released 2020-09-01 - -API changes - * In the PSA API, rename the types of elliptic curve and Diffie-Hellman - group families to psa_ecc_family_t and psa_dh_family_t, in line with the - PSA Crypto API specification version 1.0.0. - Rename associated macros as well: - PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx - PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx - PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY - PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY - -Default behavior changes - * Stop storing persistent information about externally stored keys created - through PSA Crypto with a volatile lifetime. Reported in #3288 and - contributed by Steven Cooreman in #3382. - -Features - * The new function mbedtls_ecp_write_key() exports private ECC keys back to - a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key(). - * Support building on e2k (Elbrus) architecture: correctly enable - -Wformat-signedness, and fix the code that causes signed-one-bit-field - and sign-compare warnings. Contributed by makise-homura (Igor Molchanov) - . - -Security - * Fix a vulnerability in the verification of X.509 certificates when - matching the expected common name (the cn argument of - mbedtls_x509_crt_verify()) with the actual certificate name: when the - subjecAltName extension is present, the expected name was compared to any - name in that extension regardless of its type. This means that an - attacker could for example impersonate a 4-bytes or 16-byte domain by - getting a certificate for the corresponding IPv4 or IPv6 (this would - require the attacker to control that IP address, though). Similar attacks - using other subjectAltName name types might be possible. Found and - reported by kFYatek in #3498. - * When checking X.509 CRLs, a certificate was only considered as revoked if - its revocationDate was in the past according to the local clock if - available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, - certificates were never considered as revoked. On builds with - MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for - example, an untrusted OS attacking a secure enclave) could prevent - revocation of certificates via CRLs. Fixed by no longer checking the - revocationDate field, in accordance with RFC 5280. Reported by - yuemonangong in #3340. Reported independently and fixed by - Raoul Strackx and Jethro Beekman in #3433. - * In (D)TLS record decryption, when using a CBC ciphersuites without the - Encrypt-then-Mac extension, use constant code flow memory access patterns - to extract and check the MAC. This is an improvement to the existing - countermeasure against Lucky 13 attacks. The previous countermeasure was - effective against network-based attackers, but less so against local - attackers. The new countermeasure defends against local attackers, even - if they have access to fine-grained measurements. In particular, this - fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, - Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler - (University of Florida) and Dave Tian (Purdue University). - * Fix side channel in RSA private key operations and static (finite-field) - Diffie-Hellman. An adversary with precise enough timing and memory access - information (typically an untrusted operating system attacking a secure - enclave) could bypass an existing counter-measure (base blinding) and - potentially fully recover the private key. - * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). - Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine - for pinpointing the problematic code. - * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused - application data from memory. Reported in #689 by - Johan Uppman Bruce of Sectra. - -Bugfix - * Library files installed after a CMake build no longer have execute - permission. - * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol - redefinition if the function is inlined. - Reported in #3451 and fix contributed in #3452 by okhowang. - * Fix the endianness of Curve25519 keys imported/exported through the PSA - APIs. psa_import_key and psa_export_key will now correctly expect/output - Montgomery keys in little-endian as defined by RFC7748. Contributed by - Steven Cooreman in #3425. - * Fix build errors when the only enabled elliptic curves are Montgomery - curves. Raised by signpainter in #941 and by Taiki-San in #1412. This - also fixes missing declarations reported by Steven Cooreman in #1147. - * Fix self-test failure when the only enabled short Weierstrass elliptic - curve is secp192k1. Fixes #2017. - * PSA key import will now correctly import a Curve25519/Curve448 public key - instead of erroring out. Contributed by Steven Cooreman in #3492. - * Use arc4random_buf on NetBSD instead of rand implementation with cyclical - lower bits. Fix contributed in #3540. - * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory - conditions. Reported and fix suggested by Guido Vranken in #3486. - * Fix bug in redirection of unit test outputs on platforms where stdout is - defined as a macro. First reported in #2311 and fix contributed in #3528. - -Changes - * Only pass -Wformat-signedness to versions of GCC that support it. Reported - in #3478 and fix contributed in #3479 by okhowang. - * Reduce the stack consumption of mbedtls_x509write_csr_der() which - previously could lead to stack overflow on constrained devices. - Contributed by Doru Gucea and Simon Leet in #3464. - * Undefine the ASSERT macro before defining it locally, in case it is defined - in a platform header. Contributed by Abdelatif Guettouche in #3557. - * Update copyright notices to use Linux Foundation guidance. As a result, - the copyright of contributors other than Arm is now acknowledged, and the - years of publishing are no longer tracked in the source files. This also - eliminates the need for the lines declaring the files to be part of - MbedTLS. Fixes #3457. - * Add the command line parameter key_pwd to the ssl_client2 and ssl_server2 - example applications which allows to provide a password for the key file - specified through the existing key_file argument. This allows the use of - these applications with password-protected key files. Analogously but for - ssl_server2 only, add the command line parameter key_pwd2 which allows to - set a password for the key file provided through the existing key_file2 - argument. - -= mbed TLS 2.23.0 branch released 2020-07-01 - -Default behavior changes - * In the experimental PSA secure element interface, change the encoding of - key lifetimes to encode a persistence level and the location. Although C - prototypes do not effectively change, code calling - psa_register_se_driver() must be modified to pass the driver's location - instead of the keys' lifetime. If the library is upgraded on an existing - device, keys created with the old lifetime value will not be readable or - removable through Mbed TLS after the upgrade. - -Features - * New functions in the error module return constant strings for - high- and low-level error codes, complementing mbedtls_strerror() - which constructs a string for any error code, including compound - ones, but requires a writable buffer. Contributed by Gaurav Aggarwal - in #3176. - * The new utility programs/ssl/ssl_context_info prints a human-readable - dump of an SSL context saved with mbedtls_ssl_context_save(). - * Add support for midipix, a POSIX layer for Microsoft Windows. - * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows - parsing unsupported certificate extensions via user provided callback. - Contributed by Nicola Di Lieto in #3243 as - a solution to #3241. - * Pass the "certificate policies" extension to the callback supplied to - mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported - policies (#3419). - * Added support to entropy_poll for the kern.arandom syscall supported on - some BSD systems. Contributed by Nia Alarie in #3423. - * Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239 - -Security - * Fix a side channel vulnerability in modular exponentiation that could - reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, - Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute - of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul - Strackx (Fortanix) in #3394. - * Fix side channel in mbedtls_ecp_check_pub_priv() and - mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a - private key that didn't include the uncompressed public key), as well as - mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL - f_rng argument. An attacker with access to precise enough timing and - memory access information (typically an untrusted operating system - attacking a secure enclave) could fully recover the ECC private key. - Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. - * Fix issue in Lucky 13 counter-measure that could make it ineffective when - hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT - macros). This would cause the original Lucky 13 attack to be possible in - those configurations, allowing an active network attacker to recover - plaintext after repeated timing measurements under some conditions. - Reported and fix suggested by Luc Perneel in #3246. - -Bugfix - * Fix the Visual Studio Release x64 build configuration for mbedtls itself. - Completes a previous fix in Mbed TLS 2.19 that only fixed the build for - the example programs. Reported in #1430 and fix contributed by irwir. - * Fix undefined behavior in X.509 certificate parsing if the - pathLenConstraint basic constraint value is equal to INT_MAX. - The actual effect with almost every compiler is the intended - behavior, so this is unlikely to be exploitable anywhere. #3192 - * Fix issue with a detected HW accelerated record error not being exposed - due to shadowed variable. Contributed by Sander Visser in #3310. - * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a - NULL pointer argument. Contributed by Sander Visser in #3312. - * Fix potential linker errors on dual world platforms by inlining - mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately - from psa_crypto.c. Fixes #3300. - * Remove dead code in X.509 certificate parsing. Contributed by irwir in - #2855. - * Include asn1.h in error.c. Fixes #3328 reported by David Hu. - * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() - when PRNG function fails. Contributed by Jonas Lejeune in #3318. - * Remove unused macros from MSVC projects. Reported in #3297 and fix - submitted in #3333 by irwir. - * Add additional bounds checks in ssl_write_client_hello() preventing - output buffer overflow if the configuration declared a buffer that was - too small. - * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and - fix submitted in #3421 by Nia Alarie. - * Fix building library/net_sockets.c and the ssl_mail_client program on - NetBSD. Contributed by Nia Alarie in #3422. - * Fix false positive uninitialised variable reported by cpp-check. - Contributed by Sander Visser in #3311. - * Update iv and len context pointers manually when reallocating buffers - using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues - when receiving a connection with CID, when these fields were shifted - in ssl_parse_record_header(). - -Changes - * Fix warnings about signedness issues in format strings. The build is now - clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen - in #3153. - * Fix minor performance issue in operations on Curve25519 caused by using a - suboptimal modular reduction in one place. Found and fix contributed by - Aurelien Jarno in #3209. - * Combine identical cases in switch statements in md.c. Contributed - by irwir in #3208. - * Simplify a bounds check in ssl_write_certificate_request(). Contributed - by irwir in #3150. - * Unify the example programs termination to call mbedtls_exit() instead of - using a return command. This has been done to enable customization of the - behavior in bare metal environments. - * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". - Contributed by Koh M. Nakagawa in #3326. - * Use FindPython3 when cmake version >= 3.15.0 - * Abort the ClientHello writing function as soon as some extension doesn't - fit into the record buffer. Previously, such extensions were silently - dropped. As a consequence, the TLS handshake now fails when the output - buffer is not large enough to hold the ClientHello. - * The unit tests now rely on header files in framework/tests/include/test and source - files in framework/tests/src. When building with make or cmake, the files in - framework/tests/src are compiled and the resulting object linked into each test - executable. - * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on - `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel - coutermeasures. If side channels are not a concern, this dependency can - be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. - * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes - Martinho. #3147 - * Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported - in #3182 and fix submitted by irwir. #3217 - * Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319 - -= mbed TLS 2.22.0 branch released 2020-04-14 - -New deprecations - * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the - SSL module for hardware acceleration of individual records. - * Deprecate mbedtls_ssl_get_max_frag_len() in favour of - mbedtls_ssl_get_output_max_frag_len() and - mbedtls_ssl_get_input_max_frag_len() to be more precise about which max - fragment length is desired. - -Security - * Fix issue in DTLS handling of new associations with the same parameters - (RFC 6347 section 4.2.8): an attacker able to send forged UDP packets to - the server could cause it to drop established associations with - legitimate clients, resulting in a Denial of Service. This could only - happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h - (which it is by default). - * Fix side channel in ECC code that allowed an adversary with access to - precise enough timing and memory access information (typically an - untrusted operating system attacking a secure enclave) to fully recover - an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya, - Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932 - * Fix a potentially remotely exploitable buffer overread in a - DTLS client when parsing the Hello Verify Request message. - -Features - * The new build option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH automatically - resizes the I/O buffers before and after handshakes, reducing the memory - consumption during application data transfer. - -Bugfix - * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and - MBEDTLS_SSL_HW_RECORD_ACCEL are enabled. - * Remove a spurious check in ssl_parse_client_psk_identity that triggered - a warning with some compilers. Fix contributed by irwir in #2856. - * Fix a function name in a debug message. Contributed by Ercan Ozturk in - #3013. - -Changes - * Mbed Crypto is no longer a Git submodule. The crypto part of the library - is back directly in the present repository. - * Split mbedtls_ssl_get_max_frag_len() into - mbedtls_ssl_get_output_max_frag_len() and - mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input - buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - is defined), regardless of what MFL was configured for it. - -= mbed TLS 2.21.0 branch released 2020-02-20 - -New deprecations - * Deprecate MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO that enables parsing - SSLv2 ClientHello messages. - * Deprecate MBEDTLS_SSL_PROTO_SSL3 that enables support for SSLv3. - * Deprecate for MBEDTLS_PKCS11_C, the wrapper around the pkcs11-helper - library which allows TLS authentication to use keys stored in a - PKCS#11 token such as a smartcard. - -Security - * Fix potential memory overread when performing an ECDSA signature - operation. The overread only happens with cryptographically low - probability (of the order of 2^-n where n is the bitsize of the curve) - unless the RNG is broken, and could result in information disclosure or - denial of service (application crash or extra resource consumption). - Found by Auke Zeilstra and Peter Schwabe, using static analysis. - * To avoid a side channel vulnerability when parsing an RSA private key, - read all the CRT parameters from the DER structure rather than - reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob - Brumley. Reported and fix contributed by Jack Lloyd. - ARMmbed/mbed-crypto#352 - -Features - * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512 - support without SHA-384. - -API changes - * Change the encoding of key types and curves in the PSA API. The new - values are aligned with the upcoming release of the PSA Crypto API - specification version 1.0.0. The main change which may break some - existing code is that elliptic curve key types no longer encode the - exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes - a curve family and the key size determines the exact curve (for example, - PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330 - -Bugfix - * Fix an unchecked call to mbedtls_md() in the x509write module. - * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by - Jack Lloyd in #2859. Fix submitted by jiblime in #2963. - * Fix some false-positive uninitialized variable warnings in X.509. Fix - contributed by apple-ihack-geek in #2663. - * Fix a possible error code mangling in psa_mac_verify_finish() when - a cryptographic accelerator fails. ARMmbed/mbed-crypto#345 - * Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some - RSA keys that would later be rejected by functions expecting private - keys. Found by Catena cyber using oss-fuzz (issue 20467). - * Fix a bug in mbedtls_pk_parse_key() that would cause it to - accept some RSA keys with invalid values by silently fixing those values. - -= mbed TLS 2.20.0 branch released 2020-01-15 - -Default behavior changes - * The initial seeding of a CTR_DRBG instance makes a second call to the - entropy function to obtain entropy for a nonce if the entropy size is less - than 3/2 times the key size. In case you want to disable the extra call to - grab entropy, you can call mbedtls_ctr_drbg_set_nonce_len() to force the - nonce length to 0. - -Security - * Enforce that mbedtls_entropy_func() gathers a total of - MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the - default configuration, on a platform with a single entropy source, the - entropy module formerly only grabbed 32 bytes, which is good enough for - security if the source is genuinely strong, but less than the expected 64 - bytes (size of the entropy accumulator). - * Zeroize local variables in mbedtls_internal_aes_encrypt() and - mbedtls_internal_aes_decrypt() before exiting the function. The value of - these variables can be used to recover the last round key. To follow best - practice and to limit the impact of buffer overread vulnerabilities (like - Heartbleed) we need to zeroize them before exiting the function. - Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai, - Grant Hernandez, and Kevin Butler (University of Florida) and - Dave Tian (Purdue University). - * Fix side channel vulnerability in ECDSA. Our bignum implementation is not - constant time/constant trace, so side channel attacks can retrieve the - blinded value, factor it (as it is smaller than RSA keys and not guaranteed - to have only large prime factors), and then, by brute force, recover the - key. Reported by Alejandro Cabrera Aldaya and Billy Brumley. - * Fix side channel vulnerability in ECDSA key generation. Obtaining precise - timings on the comparison in the key generation enabled the attacker to - learn leading bits of the ephemeral key used during ECDSA signatures and to - recover the private key. Reported by Jeremy Dubeuf. - * Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught - failures could happen with alternative implementations of AES. Bug - reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri, - Sectra. - -Features - * Key derivation inputs in the PSA API can now either come from a key object - or from a buffer regardless of the step type. - * The CTR_DRBG module can grab a nonce from the entropy source during the - initial seeding. The default nonce length is chosen based on the key size - to achieve the security strength defined by NIST SP 800-90A. You can - change it with mbedtls_ctr_drbg_set_nonce_len(). - * Add ENUMERATED tag support to the ASN.1 module. Contributed by - msopiha-linaro in ARMmbed/mbed-crypto#307. - -API changes - * In the PSA API, forbid zero-length keys. To pass a zero-length input to a - key derivation function, use a buffer instead (this is now always - possible). - * Rename psa_asymmetric_sign() to psa_sign_hash() and - psa_asymmetric_verify() to psa_verify_hash(). - -Bugfix - * Fix an incorrect size in a debugging message. Reported and fix - submitted by irwir. Fixes #2717. - * Fix an unused variable warning when compiling without DTLS. - Reported and fix submitted by irwir. Fixes #2800. - * Remove a useless assignment. Reported and fix submitted by irwir. - Fixes #2801. - * Fix a buffer overflow in the PSA HMAC code when using a long key with an - unsupported algorithm. Fixes ARMmbed/mbed-crypto#254. - * Fix mbedtls_asn1_get_int to support any number of leading zeros. Credit - to OSS-Fuzz for finding a bug in an intermediate version of the fix. - * Fix mbedtls_asn1_get_bitstring_null to correctly parse bitstrings of at - most 2 bytes. - * mbedtls_ctr_drbg_set_entropy_len() and - mbedtls_hmac_drbg_set_entropy_len() now work if you call them before - mbedtls_ctr_drbg_seed() or mbedtls_hmac_drbg_seed(). - -Changes - * Remove the technical possibility to define custom mbedtls_md_info - structures, which was exposed only in an internal header. - * psa_close_key(0) and psa_destroy_key(0) now succeed (doing nothing, as - before). - * Variables containing error codes are now initialized to an error code - rather than success, so that coding mistakes or memory corruption tends to - cause functions to return this error code rather than a success. There are - no known instances where this changes the behavior of the library: this is - merely a robustness improvement. ARMmbed/mbed-crypto#323 - * Remove a useless call to mbedtls_ecp_group_free(). Contributed by - Alexander Krizhanovsky in ARMmbed/mbed-crypto#210. - * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack - Lloyd and Fortanix Inc in ARMmbed/mbed-crypto#277. - * Small performance improvement of mbedtls_mpi_div_mpi(). Contributed by - Alexander Krizhanovsky in ARMmbed/mbed-crypto#308. - -= mbed TLS 2.19.1 branch released 2019-09-16 - -Features - * Declare include headers as PUBLIC to propagate to CMake project consumers - Contributed by Zachary J. Fields in PR #2949. - * Add nss_keylog to ssl_client2 and ssl_server2, enabling easier analysis of - TLS sessions with tools like Wireshark. - -API Changes - * Make client_random and server_random const in - mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged - from modifying the client/server hello. - -Bugfix - * Fix some false-positive uninitialized variable warnings in crypto. Fix - contributed by apple-ihack-geek in #2663. - -= mbed TLS 2.19.0 branch released 2019-09-06 - -Security - * Fix a missing error detection in ECJPAKE. This could have caused a - predictable shared secret if a hardware accelerator failed and the other - side of the key exchange had a similar bug. - * When writing a private EC key, use a constant size for the private - value, as specified in RFC 5915. Previously, the value was written - as an ASN.1 INTEGER, which caused the size of the key to leak - about 1 bit of information on average and could cause the value to be - 1 byte too large for the output buffer. - * The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to - implement blinding. Because of this for the same key and message the same - blinding value was generated. This reduced the effectiveness of the - countermeasure and leaked information about the private key through side - channels. Reported by Jack Lloyd. - -Features - * Add new API functions mbedtls_ssl_session_save() and - mbedtls_ssl_session_load() to allow serializing a session, for example to - store it in non-volatile storage, and later using it for TLS session - resumption. - * Add a new API function mbedtls_ssl_check_record() to allow checking that - an incoming record is valid, authentic and has not been seen before. This - feature can be used alongside Connection ID and SSL context serialisation. - The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING - option. - * New implementation of X25519 (ECDH using Curve25519) from Project Everest - (https://project-everest.github.io/). It can be enabled at compile time - with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED. This implementation is formally - verified and significantly faster, but is only supported on x86 platforms - (32-bit and 64-bit) using GCC, Clang or Visual Studio. Contributed by - Christoph Wintersteiger from Microsoft Research. - * Add mbedtls_net_close(), enabling the building of forking servers where - the parent process closes the client socket and continue accepting, and - the child process closes the listening socket and handles the client - socket. Contributed by Robert Larsen in #2803. - -API Changes - * Add DER-encoded test CRTs to library/certs.c, allowing - the example programs ssl_server2 and ssl_client2 to be run - if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254. - * The HAVEGE state type now uses uint32_t elements instead of int. - * The functions mbedtls_ecp_curve_list() and mbedtls_ecp_grp_id_list() now - list all curves for which at least one of ECDH or ECDSA is supported, not - just curves for which both are supported. Call mbedtls_ecdsa_can_do() or - mbedtls_ecdh_can_do() on each result to check whether each algorithm is - supported. - * The new function mbedtls_ecdsa_sign_det_ext() is similar to - mbedtls_ecdsa_sign_det() but allows passing an external RNG for the - purpose of blinding. - -New deprecations - * Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an - RNG function as an input. - * Calling mbedtls_ecdsa_write_signature() with NULL as the f_rng argument - is now deprecated. - -Bugfix - * Fix missing bounds checks in X.509 parsing functions that could - lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437. - * Fix multiple X.509 functions previously returning ASN.1 low-level error - codes to always wrap these codes into X.509 high level error codes before - returning. Fixes #2431. - * Fix to allow building test suites with any warning that detects unused - functions. Fixes #1628. - * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture. - * Remove redundant include file in timing.c. Fixes #2640 reported by irwir. - * Fix build failure when building with mingw on Windows by including - stdarg.h where needed. Fixes #2656. - * Fix Visual Studio Release x64 build configuration by inheriting - PlatformToolset from the project configuration. Fixes #1430 reported by - irwir. - * Enable Suite B with subset of ECP curves. Make sure the code compiles even - if some curves are not defined. Fixes #1591 reported by dbedev. - * Fix misuse of signed arithmetic in the HAVEGE module. #2598 - * Avoid use of statically sized stack buffers for certificate writing. - This previously limited the maximum size of DER encoded certificates - in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631. - * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716. - * Update test certificates that were about to expire. Reported by - Bernhard M. Wiedemann in #2357. - * Fix the build on ARMv5TE in ARM mode to not use assembly instructions - that are only available in Thumb mode. Fix contributed by Aurelien Jarno - in #2169. - * Fix propagation of restart contexts in restartable EC operations. - This could previously lead to segmentation faults in builds using an - address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE. - * Fix memory leak in in mpi_miller_rabin(). Contributed by - Jens Wiklander in #2363 - * Improve code clarity in x509_crt module, removing false-positive - uninitialized variable warnings on some recent toolchains (GCC8, etc). - Discovered and fixed by Andy Gross (Linaro), #2392. - * Fix bug in endianness conversion in bignum module. This lead to - functionally incorrect code on bigendian systems which don't have - __BYTE_ORDER__ defined. Reported by Brendan Shanks. Fixes #2622. - -Changes - * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821. - * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h - suggests). #2671 - * Make `make clean` clean all programs always. Fixes #1862. - * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh, - docker-env.sh) to simplify running test suites on a Linux host. Contributed - by Peter Kolbus (Garmin). - * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable - test runs without variability. Contributed by Philippe Antoine (Catena - cyber) in #2681. - * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi. - * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz. - Contributed by Philippe Antoine (Catena cyber). - * Remove the crypto part of the library from Mbed TLS. The crypto - code and tests are now only available via Mbed Crypto, which - Mbed TLS references as a Git submodule. - -= mbed TLS 2.18.1 branch released 2019-07-12 - -Bugfix - * Fix build failure when building with mingw on Windows by including - stdarg.h where needed. Fixes #2656. - -Changes - * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by - Ashley Duncan in #2609. - -= mbed TLS 2.18.0 branch released 2019-06-11 - -Features - * Add the Any Policy certificate policy oid, as defined in - rfc 5280 section 4.2.1.4. - * It is now possible to use NIST key wrap mode via the mbedtls_cipher API. - Contributed by Jack Lloyd and Fortanix Inc. - * Add the Wi-SUN Field Area Network (FAN) device extended key usage. - * Add the oid certificate policy x509 extension. - * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest. - Contributed by Jack Lloyd and Fortanix Inc. - * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, - and the used tls-prf. - * Add public API for tls-prf function, according to requested enum. - * Add support for parsing otherName entries in the Subject Alternative Name - X.509 certificate extension, specifically type hardware module name, - as defined in RFC 4108 section 5. - * Add support for parsing certificate policies extension, as defined in - RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is - supported. - * List all SAN types in the subject_alt_names field of the certificate. - Resolves #459. - * Add support for draft-05 of the Connection ID extension, as specified - in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05. - The Connection ID extension allows to keep DTLS connections beyond the - lifetime of the underlying transport by adding a connection identifier - to the DTLS record header. This identifier can be used to associated an - incoming record with the correct connection data even after the peer has - changed its IP or port. The feature is enabled at compile-time by setting - MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time - through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid(). - - -API Changes - * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, - and the used tls-prf. - * Add public API for tls-prf function, according to requested enum. - -Bugfix - * Fix private key DER output in the key_app_writer example. File contents - were shifted by one byte, creating an invalid ASN.1 tag. Fixed by - Christian Walther in #2239. - * Fix potential memory leak in X.509 self test. Found and fixed by - Junhwan Park, #2106. - * Reduce stack usage of hkdf tests. Fixes #2195. - * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when - used with negative inputs. Found by Guido Vranken in #2404. Credit to - OSS-Fuzz. - * Fix bugs in the AEAD test suite which would be exposed by ciphers which - either used both encrypt and decrypt key schedules, or which perform padding. - GCM and CCM were not affected. Fixed by Jack Lloyd. - * Fix incorrect default port number in ssl_mail_client example's usage. - Found and fixed by irwir. #2337 - * Add psa_util.h to test/cpp_dummy_build to fix build_default_make_gcc_and_cxx. - Fixed by Peter Kolbus (Garmin). #2579 - * Add missing parentheses around parameters in the definition of the - public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation - in case operators binding less strongly than subtraction were used - for the parameter. - * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl - sni entry parameter. Reported by inestlerode in #560. - * Set the next sequence of the subject_alt_name to NULL when deleting - sequence on failure. Found and fix suggested by Philippe Antoine. - Credit to OSS-Fuzz. - -Changes - * Server's RSA certificate in certs.c was SHA-1 signed. In the default - mbedTLS configuration only SHA-2 signed certificates are accepted. - This certificate is used in the demo server programs, which lead the - client programs to fail at the peer's certificate verification - due to an unacceptable hash signature. The certificate has been - updated to one that is SHA-256 signed. Fix contributed by - Illya Gerasymchuk. - * Return from various debugging routines immediately if the - provided SSL context is unset. - * Remove dead code from bignum.c in the default configuration. - Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309. - * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. - Contributed by Peter Kolbus (Garmin). - * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to - improve clarity. Fixes #2258. - -= mbed TLS 2.17.0 branch released 2019-03-19 - -Features - * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()` - which allows copy-less parsing of DER encoded X.509 CRTs, - at the cost of additional lifetime constraints on the input - buffer, but at the benefit of reduced RAM consumption. - * Add a new function mbedtls_asn1_write_named_bitstring() to write ASN.1 - named bitstring in DER as required by RFC 5280 Appendix B. - * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites - from the default list (enabled by default). See - https://sweet32.info/SWEET32_CCS16.pdf. - -API Changes - * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. - See the Features section for more information. - * Allow to opt in to the removal the API mbedtls_ssl_get_peer_cert() - for the benefit of saving RAM, by disabling the new compile-time - option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (enabled by default for - API stability). Disabling this option makes mbedtls_ssl_get_peer_cert() - always return NULL, and removes the peer_cert field from the - mbedtls_ssl_session structure which otherwise stores the peer's - certificate. - -Security - * Make mbedtls_ecdh_get_params return an error if the second key - belongs to a different group from the first. Before, if an application - passed keys that belonged to different group, the first key's data was - interpreted according to the second group, which could lead to either - an error or a meaningless output from mbedtls_ecdh_get_params. In the - latter case, this could expose at most 5 bits of the private key. - -Bugfix - * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined - when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242. - * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. - Raised as a comment in #1996. - * Reduce the stack consumption of mbedtls_mpi_fill_random() which could - previously lead to a stack overflow on constrained targets. - * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions - in the header files, which missed the precompilation check. #971 - * Fix returning the value 1 when mbedtls_ecdsa_genkey failed. - * Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326. - * Remove the mbedtls namespacing from the header file, to fix a "file not found" - build error. Fixed by Haijun Gu #2319. - * Fix signed-to-unsigned integer conversion warning - in X.509 module. Fixes #2212. - * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion. - Fixes #2190. - * Fix false failure in all.sh when backup files exist in include/mbedtls - (e.g. config.h.bak). Fixed by Peter Kolbus (Garmin) #2407. - * Ensure that unused bits are zero when writing ASN.1 bitstrings when using - mbedtls_asn1_write_bitstring(). - * Fix issue when writing the named bitstrings in KeyUsage and NsCertType - extensions in CSRs and CRTs that caused these bitstrings to not be encoded - correctly as trailing zeroes were not accounted for as unused bits in the - leading content octet. Fixes #1610. - -Changes - * Reduce RAM consumption during session renegotiation by not storing - the peer CRT chain and session ticket twice. - * Include configuration file in all header files that use configuration, - instead of relying on other header files that they include. - Inserted as an enhancement for #1371 - * Add support for alternative CSR headers, as used by Microsoft and defined - in RFC 7468. Found by Michael Ernst. Fixes #767. - * Correct many misspellings. Fixed by MisterDA #2371. - * Provide an abstraction of vsnprintf to allow alternative implementations - for platforms that don't provide it. Based on contributions by Joris Aerts - and Nathaniel Wesley Filardo. - * Fix clobber list in MIPS assembly for large integer multiplication. - Previously, this could lead to functionally incorrect assembly being - produced by some optimizing compilers, showing up as failures in - e.g. RSA or ECC signature operations. Reported in #1722, fix suggested - by Aurelien Jarno and submitted by Jeffrey Martin. - * Reduce the complexity of the timing tests. They were assuming more than the - underlying OS actually guarantees. - * Fix configuration queries in ssl-opt.h. #2030 - * Ensure that ssl-opt.h can be run in OS X. #2029 - * Re-enable certain interoperability tests in ssl-opt.sh which had previously - been disabled for lack of a sufficiently recent version of GnuTLS on the CI. - * Ciphersuites based on 3DES now have the lowest priority by default when - they are enabled. - -= mbed TLS 2.16.0 branch released 2018-12-21 - -Features - * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation - of parameters in the API. This allows detection of obvious misuses of the - API, such as passing NULL pointers. The API of existing functions hasn't - changed, but requirements on parameters have been made more explicit in - the documentation. See the corresponding API documentation for each - function to see for which parameter values it is defined. This feature is - disabled by default. See its API documentation in config.h for additional - steps you have to take when enabling it. - -API Changes - * The following functions in the random generator modules have been - deprecated and replaced as shown below. The new functions change - the return type from void to int to allow returning error codes when - using MBEDTLS__ALT for the underlying AES or message digest - primitive. Fixes #1798. - mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() - mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() - * Extend ECDH interface to enable alternative implementations. - * Deprecate error codes of the form MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH for - ARIA, CAMELLIA and Blowfish. These error codes will be replaced by - the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA. - * Additional parameter validation checks have been added for the following - modules - AES, ARIA, Blowfish, CAMELLIA, CCM, GCM, DHM, ECP, ECDSA, ECDH, - ECJPAKE, SHA, Chacha20 and Poly1305, cipher, pk, RSA, and MPI. - Where modules have had parameter validation added, existing parameter - checks may have changed. Some modules, such as Chacha20 had existing - parameter validation whereas other modules had little. This has now been - changed so that the same level of validation is present in all modules, and - that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default - is off. That means that checks which were previously present by default - will no longer be. - -New deprecations - * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update - in favor of functions that can return an error code. - -Bugfix - * Fix for Clang, which was reporting a warning for the bignum.c inline - assembly for AMD64 targets creating string literals greater than those - permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482. - * Fix runtime error in `mbedtls_platform_entropy_poll()` when run - through qemu user emulation. Reported and fix suggested by randombit - in #1212. Fixes #1212. - * Fix an unsafe bounds check when restoring an SSL session from a ticket. - This could lead to a buffer overflow, but only in case ticket authentication - was broken. Reported and fix suggested by Guido Vranken in #659. - * Add explicit integer to enumeration type casts to example program - programs/pkey/gen_key which previously led to compilation failure - on some toolchains. Reported by phoenixmcallister. Fixes #2170. - * Fix double initialization of ECC hardware that made some accelerators - hang. - * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence - of check for certificate/key matching. Reported by Attila Molnar, #507. - - = mbed TLS 2.15.1 branch released 2018-11-30 - - Changes - * Update the Mbed Crypto submodule to version 0.1.0b2. - - = mbed TLS 2.15.0 branch released 2018-11-23 - - Features - * Add an experimental build option, USE_CRYPTO_SUBMODULE, to enable use of - Mbed Crypto as the source of the cryptography implementation. - * Add an experimental configuration option, MBEDTLS_PSA_CRYPTO_C, to enable - the PSA Crypto API from Mbed Crypto when additionally used with the - USE_CRYPTO_SUBMODULE build option. - - Changes - * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx() - from the cipher abstraction layer. Fixes #2198. - -= mbed TLS 2.14.1 branch released 2018-11-30 - -Security - * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 - decryption that could lead to a Bleichenbacher-style padding oracle - attack. In TLS, this affects servers that accept ciphersuites based on - RSA decryption (i.e. ciphersuites whose name contains RSA but not - (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham - (University of Adelaide), Daniel Genkin (University of Michigan), - Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom - (University of Adelaide, Data61). The attack is described in more detail - in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 - * In mbedtls_mpi_write_binary(), don't leak the exact size of the number - via branching and memory access patterns. An attacker who could submit - a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing - of the decryption and not its result could nonetheless decrypt RSA - plaintexts and forge RSA signatures. Other asymmetric algorithms may - have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham, - Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. - * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG - modules. - -API Changes - * The new functions mbedtls_ctr_drbg_update_ret() and - mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update() - and mbedtls_hmac_drbg_update() respectively, but the new functions - report errors whereas the old functions return void. We recommend that - applications use the new functions. - -= mbed TLS 2.14.0 branch released 2018-11-19 - -Security - * Fix overly strict DN comparison when looking for CRLs belonging to a - particular CA. This previously led to ignoring CRLs when the CRL's issuer - name and the CA's subject name differed in their string encoding (e.g., - one using PrintableString and the other UTF8String) or in the choice of - upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue - #1784. - * Fix a flawed bounds check in server PSK hint parsing. In case the - incoming message buffer was placed within the first 64KiB of address - space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker - to trigger a memory access up to 64KiB beyond the incoming message buffer, - potentially leading to an application crash or information disclosure. - * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The - previous settings for the number of rounds made it practical for an - adversary to construct non-primes that would be erroneously accepted as - primes with high probability. This does not have an impact on the - security of TLS, but can matter in other contexts with numbers chosen - potentially by an adversary that should be prime and can be validated. - For example, the number of rounds was enough to securely generate RSA key - pairs or Diffie-Hellman parameters, but was insufficient to validate - Diffie-Hellman parameters properly. - See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and - Kenneth G. Paterson and Juraj Somorovsky. - -Features - * Add support for temporarily suspending expensive ECC computations after - some configurable amount of operations. This is intended to be used in - constrained, single-threaded systems where ECC is time consuming and can - block other operations until they complete. This is disabled by default, - but can be enabled by MBEDTLS_ECP_RESTARTABLE at compile time and - configured by mbedtls_ecp_set_max_ops() at runtime. It applies to the new - xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported - yet), and to existing functions in ECDH and SSL (currently only - implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2, - including client authentication). - * Add support for Arm CPU DSP extensions to accelerate asymmetric key - operations. On CPUs where the extensions are available, they can accelerate - MPI multiplications used in ECC and RSA cryptography. Contributed by - Aurelien Jarno. - * Extend RSASSA-PSS signature to allow a smaller salt size. Previously, PSS - signature always used a salt with the same length as the hash, and returned - an error if this was not possible. Now the salt size may be up to two bytes - shorter. This allows the library to support all hash and signature sizes - that comply with FIPS 186-4, including SHA-512 with a 1024-bit key. - * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter - than 256 bits limits the security of generated material to 128 bits. - -API Changes - * Add a common error code of `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for - a feature that is not supported by underlying alternative - implementations implementing cryptographic primitives. This is useful for - hardware accelerators that don't implement all options or features. - -New deprecations - * All module specific errors following the form - MBEDTLS_ERR_XXX_FEATURE_UNAVAILABLE that indicate a feature is not - supported are deprecated and are now replaced by the new equivalent - platform error. - * All module specific generic hardware acceleration errors following the - form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced - by the equivalent plaform error. - * Deprecate the function mbedtls_mpi_is_prime() in favor of - mbedtls_mpi_is_prime_ext() which allows specifying the number of - Miller-Rabin rounds. - -Bugfix - * Fix wrong order of freeing in programs/ssl/ssl_server2 example - application leading to a memory leak in case both - MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set. - Fixes #2069. - * Fix a bug in the update function for SSL ticket keys which previously - invalidated keys of a lifetime of less than a 1s. Fixes #1968. - * Fix failure in hmac_drbg in the benchmark sample application, when - MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095 - * Fix a bug in the record decryption routine ssl_decrypt_buf() - which lead to accepting properly authenticated but improperly - padded records in case of CBC ciphersuites using Encrypt-then-MAC. - * Fix memory leak and freeing without initialization in the example - program programs/x509/cert_write. Fixes #1422. - * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is - MBEDTLS_MODE_ECB. Found by ezdevelop. Fixes #1091. - * Zeroize memory used for buffering or reassembling handshake messages - after use. - * Use `mbedtls_platform_zeroize()` instead of `memset()` for zeroization - of sensitive data in the example programs aescrypt2 and crypt_and_hash. - * Change the default string format used for various X.509 DN attributes to - UTF8String. Previously, the use of the PrintableString format led to - wildcards and non-ASCII characters being unusable in some DN attributes. - Reported by raprepo in #1860 and by kevinpt in #468. Fix contributed by - Thomas-Dee. - * Fix compilation failure for configurations which use compile time - replacements of standard calloc/free functions through the macros - MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO. - Reported by ole-de and ddhome2006. Fixes #882, #1642 and #1706. - -Changes - * Removed support for Yotta as a build tool. - * Add tests for session resumption in DTLS. - * Close a test gap in (D)TLS between the client side and the server side: - test the handling of large packets and small packets on the client side - in the same way as on the server side. - * Change the dtls_client and dtls_server samples to work by default over - IPv6 and optionally by a build option over IPv4. - * Change the use of Windows threading to use Microsoft Visual C++ runtime - calls, rather than Win32 API calls directly. This is necessary to avoid - conflict with C runtime usage. Found and fixed by irwir. - * Remember the string format of X.509 DN attributes when replicating - X.509 DNs. Previously, DN attributes were always written in their default - string format (mostly PrintableString), which could lead to CRTs being - created which used PrintableStrings in the issuer field even though the - signing CA used UTF8Strings in its subject field; while X.509 compliant, - such CRTs were rejected in some applications, e.g. some versions of - Firefox, curl and GnuTLS. Reported in #1033 by Moschn. Fix contributed by - Thomas-Dee. - * Improve documentation of mbedtls_ssl_get_verify_result(). - Fixes #517 reported by github-monoculture. - * Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and - use it to reduce error probability in RSA key generation to levels mandated - by FIPS-186-4. - -= mbed TLS 2.13.1 branch released 2018-09-06 - -API Changes - * Extend the platform module with an abstraction mbedtls_platform_gmtime_r() - whose implementation should behave as a thread-safe version of gmtime(). - This allows users to configure such an implementation at compile time when - the target system cannot be deduced automatically, by setting the option - MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to - automatically select implementations for Windows and POSIX C libraries. - -Bugfix - * Fix build failures on platforms where only gmtime() is available but - neither gmtime_r() nor gmtime_s() are present. Fixes #1907. - -= mbed TLS 2.13.0 branch released 2018-08-31 - -Security - * Fix an issue in the X.509 module which could lead to a buffer overread - during certificate extensions parsing. In case of receiving malformed - input (extensions length field equal to 0), an illegal read of one byte - beyond the input buffer is made. Found and analyzed by Nathan Crandall. - -Features - * Add support for fragmentation of outgoing DTLS handshake messages. This - is controlled by the maximum fragment length as set locally or negotiated - with the peer, as well as by a new per-connection MTU option, set using - mbedtls_ssl_set_mtu(). - * Add support for auto-adjustment of MTU to a safe value during the - handshake when flights do not get through (RFC 6347, section 4.1.1.1, - last paragraph). - * Add support for packing multiple records within a single datagram, - enabled by default. - * Add support for buffering out-of-order handshake messages in DTLS. - The maximum amount of RAM used for this can be controlled by the - compile-time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING defined - in mbedtls/config.h. - -API Changes - * Add function mbedtls_ssl_set_datagram_packing() to configure - the use of datagram packing (enabled by default). - -Bugfix - * Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation - failure in the function could lead to other buffers being leaked. - * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if - MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 - * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails. - Fix contributed by Espressif Systems. - * Add ecc extensions only if an ecc based ciphersuite is used. - This improves compliance to RFC 4492, and as a result, solves - interoperability issues with BouncyCastle. Raised by milenamil in #1157. - * Replace printf with mbedtls_printf in the ARIA module. Found by - TrinityTonic in #1908. - * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len() - and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941. - * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake - with TLS versions 1.1 and earlier when the server requested authentication - without providing a list of CAs. This was due to an overly strict bounds - check in parsing the CertificateRequest message, - introduced in Mbed TLS 2.12.0. Fixes #1954. - * Fix a miscalculation of the maximum record expansion in - mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites, - or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914. - * Fix undefined shifts with negative values in certificates parsing - (found by Catena cyber using oss-fuzz) - * Fix memory leak and free without initialization in pk_encrypt - and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128. - * Remove redundant else statement. Raised by irwir. Fixes #1776. - -Changes - * Copy headers preserving timestamps when doing a "make install". - Contributed by xueruini. - * Allow the forward declaration of public structs. Contributed by Dawid - Drozd. Fixes #1215 raised by randombit. - * Improve compatibility with some alternative CCM implementations by using - CCM test vectors from RAM. - * Add support for buffering of out-of-order handshake messages. - * Add warnings to the documentation of the HKDF module to reduce the risk - of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand() - functions. Fixes #1775. Reported by Brian J. Murray. - -= mbed TLS 2.12.0 branch released 2018-07-25 - -Security - * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384, - in (D)TLS 1.0 to 1.2, that allowed an active network attacker to - partially recover the plaintext of messages under some conditions by - exploiting timing measurements. With DTLS, the attacker could perform - this recovery by sending many messages in the same connection. With TLS - or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only - worked if the same secret (for example a HTTP Cookie) has been repeatedly - sent over connections manipulated by the attacker. Connections using GCM - or CCM instead of CBC, using hash sizes other than SHA-384, or using - Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was - caused by a miscalculation (for SHA-384) in a countermeasure to the - original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi - Shamir. - * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to - 1.2, that allowed a local attacker, able to execute code on the local - machine as well as manipulate network packets, to partially recover the - plaintext of messages under some conditions by using a cache attack - targeting an internal MD/SHA buffer. With TLS or if - mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if - the same secret (for example a HTTP Cookie) has been repeatedly sent over - connections manipulated by the attacker. Connections using GCM or CCM - instead of CBC or using Encrypt-then-Mac (RFC 7366) were not affected. - Found by Kenny Paterson, Eyal Ronen and Adi Shamir. - * Add a counter-measure against a vulnerability in TLS ciphersuites based - on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to - execute code on the local machine as well as manipulate network packets, - to partially recover the plaintext of messages under some conditions (see - previous entry) by using a cache attack targeting the SSL input record - buffer. Connections using GCM or CCM instead of CBC or using - Encrypt-then-Mac (RFC 7366) were not affected. Found by Kenny Paterson, - Eyal Ronen and Adi Shamir. - -Features - * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time - authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed - by Daniel King. - * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905. - * Add platform support for the Haiku OS. (https://www.haiku-os.org). - Contributed by Augustin Cavalier. - * Make the receive and transmit buffers independent sizes, for situations - where the outgoing buffer can be fixed at a smaller size than the incoming - buffer, which can save some RAM. If buffer lengths are kept equal, there - is no functional difference. Contributed by Angus Gratton, and also - independently contributed again by Paul Sokolovsky. - * Add support for key wrapping modes based on AES as defined by - NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649. - -Bugfix - * Fix the key_app_writer example which was writing a leading zero byte which - was creating an invalid ASN.1 tag. Found by Aryeh R. Fixes #1257. - * Fix compilation error on C++, because of a variable named new. - Found and fixed by Hirotaka Niisato in #1783. - * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix - contributed by tabascoeye. - * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid - return value. Found by @davidwu2000. #839 - * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber, - Philippe Antoine. Fixes #1623. - * Remove unused headers included in x509.c. Found by Chris Hanson and fixed - by Brendan Shanks. Part of a fix for #992. - * Fix compilation error when MBEDTLS_ARC4_C is disabled and - MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719. - * Added length checks to some TLS parsing functions. Found and fixed by - Philippe Antoine from Catena cyber. #1663. - * Fix the inline assembly for the MPI multiply helper function for i386 and - i386 with SSE2. Found by László Langó. Fixes #1550 - * Fix namespacing in header files. Remove the `mbedtls` namespacing in - the `#include` in the header files. Resolves #857 - * Fix compiler warning of 'use before initialisation' in - mbedtls_pk_parse_key(). Found by Martin Boye Petersen and fixed by Dawid - Drozd. #1098 - * Fix decryption for zero length messages (which contain all padding) when a - CBC based ciphersuite is used together with Encrypt-then-MAC. Previously, - such a message was wrongly reported as an invalid record and therefore lead - to the connection being terminated. Seen most often with OpenSSL using - TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix - contributed by Espressif Systems. Fixes #1632 - * Fix ssl_client2 example to send application data with 0-length content - when the request_size argument is set to 0 as stated in the documentation. - Fixes #1833. - * Correct the documentation for `mbedtls_ssl_get_session()`. This API has - deep copy of the session, and the peer certificate is not lost. Fixes #926. - * Fix build using -std=c99. Fixed by Nick Wilson. - -Changes - * Fail when receiving a TLS alert message with an invalid length, or invalid - zero-length messages when using TLS 1.2. Contributed by Espressif Systems. - * Change the default behaviour of mbedtls_hkdf_extract() to return an error - when calling with a NULL salt and non-zero salt_len. Contributed by - Brian J Murray - * Change the shebang line in Perl scripts to look up perl in the PATH. - Contributed by fbrosson. - * Allow overriding the time on Windows via the platform-time abstraction. - Fixed by Nick Wilson. - * Use gmtime_r/gmtime_s for thread-safety. Fixed by Nick Wilson. - -= mbed TLS 2.11.0 branch released 2018-06-18 - -Features - * Add additional block mode, OFB (Output Feedback), to the AES module and - cipher abstraction module. - * Implement the HMAC-based extract-and-expand key derivation function - (HKDF) per RFC 5869. Contributed by Thomas Fossati. - * Add support for the CCM* block cipher mode as defined in IEEE Std. 802.15.4. - * Add support for the XTS block cipher mode with AES (AES-XTS). - Contributed by Aorimn in pull request #414. - * In TLS servers, support offloading private key operations to an external - cryptoprocessor. Private key operations can be asynchronous to allow - non-blocking operation of the TLS server stack. - -Bugfix - * Fix the cert_write example to handle certificates signed with elliptic - curves as well as RSA. Fixes #777 found by dbedev. - * Fix for redefinition of _WIN32_WINNT to avoid overriding a definition - used by user applications. Found and fixed by Fabio Alessandrelli. - * Fix compilation warnings with IAR toolchain, on 32 bit platform. - Reported by rahmanih in #683 - * Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552. - -Changes - * Changed CMake defaults for IAR to treat all compiler warnings as errors. - * Changed the Clang parameters used in the CMake build files to work for - versions later than 3.6. Versions of Clang earlier than this may no longer - work. Fixes #1072 - -= mbed TLS 2.10.0 branch released 2018-06-06 - -Features - * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites - (RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h - -API Changes - * Extend the platform module with a util component that contains - functionality shared by multiple Mbed TLS modules. At this stage - platform_util.h (and its associated platform_util.c) only contain - mbedtls_platform_zeroize(), which is a critical function from a security - point of view. mbedtls_platform_zeroize() needs to be regularly tested - against compilers to ensure that calls to it are not removed from the - output binary as part of redundant code elimination optimizations. - Therefore, mbedtls_platform_zeroize() is moved to the platform module to - facilitate testing and maintenance. - -Bugfix - * Fix an issue with MicroBlaze support in bn_mul.h which was causing the - build to fail. Found by zv-io. Fixes #1651. - -Changes - * Support TLS testing in out-of-source builds using cmake. Fixes #1193. - * Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by - TrinityTonic. #1359. - -= mbed TLS 2.9.0 branch released 2018-04-30 - -Security - * Fix an issue in the X.509 module which could lead to a buffer overread - during certificate validation. Additionally, the issue could also lead to - unnecessary callback checks being made or to some validation checks to be - omitted. The overread could be triggered remotely, while the other issues - would require a non DER-compliant certificate to be correctly signed by a - trusted CA, or a trusted CA with a non DER-compliant certificate. Found by - luocm. Fixes #825. - * Fix the buffer length assertion in the ssl_parse_certificate_request() - function which led to an arbitrary overread of the message buffer. The - overreads could be caused by receiving a malformed message at the point - where an optional signature algorithms list is expected when the signature - algorithms section is too short. In builds with debug output, the overread - data is output with the debug data. - * Fix a client-side bug in the validation of the server's ciphersuite choice - which could potentially lead to the client accepting a ciphersuite it didn't - offer or a ciphersuite that cannot be used with the TLS or DTLS version - chosen by the server. This could lead to corruption of internal data - structures for some configurations. - -Features - * Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES - tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB. - Suggested and contributed by jkivilin in pull request #394. - * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and - ECDH primitive functions (mbedtls_ecdh_gen_public(), - mbedtls_ecdh_compute_shared()) are supported for now. Contributed by - Nicholas Wilson in pull request #348. - -API Changes - * Extend the public API with the function of mbedtls_net_poll() to allow user - applications to wait for a network context to become ready before reading - or writing. - * Add function mbedtls_ssl_check_pending() to the public API to allow - a check for whether more more data is pending to be processed in the - internal message buffers. - This function is necessary to determine when it is safe to idle on the - underlying transport in case event-driven IO is used. - -Bugfix - * Fix a spurious uninitialized variable warning in cmac.c. Fix independently - contributed by Brian J Murray and David Brown. - * Add missing dependencies in test suites that led to build failures - in configurations that omit certain hashes or public-key algorithms. - Fixes #1040. - * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks. - #1353 - * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and - MBEDTLS_VERSION_FEATURES in some test suites. Contributed by - Deomid Ryabkov. Fixes #1299, #1475. - * Fix the Makefile build process for building shared libraries on Mac OS X. - Fixed by mnacamura. - * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was - unable to parse keys which had only the optional parameters field of the - ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379. - * Return the plaintext data more quickly on unpadded CBC decryption, as - stated in the mbedtls_cipher_update() documentation. Contributed by - Andy Leiserson. - * Fix overriding and ignoring return values when parsing and writing to - a file in pk_sign program. Found by kevlut in #1142. - * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations - where data needs to be fetched from the underlying transport in order - to make progress. Previously, this error code was also occasionally - returned when unexpected messages were being discarded, ignoring that - further messages could potentially already be pending to be processed - in the internal buffers; these cases led to deadlocks when event-driven - I/O was used. Found and reported by Hubert Mis in #772. - * Fix buffer length assertions in the ssl_parse_certificate_request() - function which leads to a potential one byte overread of the message - buffer. - * Fix invalid buffer sizes passed to zlib during record compression and - decompression. - * Fix the soversion of libmbedcrypto to match the soversion of the - maintained 2.7 branch. The soversion was increased in Mbed TLS - version 2.7.1 to reflect breaking changes in that release, but the - increment was missed in 2.8.0 and later releases outside of the 2.7 branch. - -Changes - * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub. - * Support cmake builds where Mbed TLS is a subproject. Fix contributed - independently by Matthieu Volat and Arne Schwabe. - * Improve testing in configurations that omit certain hashes or - public-key algorithms. Includes contributions by Gert van Dijk. - * Improve negative testing of X.509 parsing. - * Do not define global mutexes around readdir() and gmtime() in - configurations where the feature is disabled. Found and fixed by Gergely - Budai. - * Harden the function mbedtls_ssl_config_free() against misuse, so that it - doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and - instead incorrectly manipulates the configuration structure directly. - Found and fix submitted by junyeonLEE in #1220. - * Provide an empty implementation of mbedtls_pkcs5_pbes2() when - MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 - without PBES2. Fixed by Marcos Del Sol Vives. - * Add the order of the base point as N in the mbedtls_ecp_group structure - for Curve25519 (other curves had it already). Contributed by Nicholas - Wilson #481 - * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan - Krylov. - * Improve the documentation of mbedtls_ssl_write(). Suggested by - Paul Sokolovsky in #1356. - * Add an option in the Makefile to support ar utilities where the operation - letter must not be prefixed by '-', such as LLVM. Found and fixed by - Alex Hixon. - * Allow configuring the shared library extension by setting the DLEXT - environment variable when using the project makefiles. - * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution - by Alexey Skalozub in #405. - * In the SSL module, when f_send, f_recv or f_recv_timeout report - transmitting more than the required length, return an error. Raised by - Sam O'Connor in #1245. - * Improve robustness of mbedtls_ssl_derive_keys against the use of - HMAC functions with non-HMAC ciphersuites. Independently contributed - by Jiayuan Chen in #1377. Fixes #1437. - * Improve security of RSA key generation by including criteria from - FIPS 186-4. Contributed by Jethro Beekman. #1380 - * Declare functions in header files even when an alternative implementation - of the corresponding module is activated by defining the corresponding - MBEDTLS_XXX_ALT macro. This means that alternative implementations do - not need to copy the declarations, and ensures that they will have the - same API. - * Add platform setup and teardown calls in test suites. - -= mbed TLS 2.8.0 branch released 2018-03-16 - -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). - -Security - * Fix implementation of the truncated HMAC extension. The previous - implementation allowed an offline 2^80 brute force attack on the - HMAC key of a single, uninterrupted connection (with no - resumption of the session). - * Verify results of RSA private key operations to defend - against Bellcore glitch attack. - * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause - a crash on invalid input. - * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a - crash on invalid input. - * Fix CRL parsing to reject CRLs containing unsupported critical - extensions. Found by Falko Strenzke and Evangelos Karatsiolis. - -Features - * Extend PKCS#8 interface by introducing support for the entire SHA - algorithms family when encrypting private keys using PKCS#5 v2.0. - This allows reading encrypted PEM files produced by software that - uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli, - OpenVPN Inc. Fixes #1339 - * Add support for public keys encoded in PKCS#1 format. #1122 - -New deprecations - * Deprecate support for record compression (configuration option - MBEDTLS_ZLIB_SUPPORT). - -Bugfix - * Fix the name of a DHE parameter that was accidentally changed in 2.7.0. - Fixes #1358. - * Fix test_suite_pk to work on 64-bit ILP32 systems. #849 - * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates - with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. - In the context of SSL, this resulted in handshake failure. Reported by - daniel in the Mbed TLS forum. #1351 - * Fix Windows x64 builds with the included mbedTLS.sln file. #1347 - * Fix setting version TLSv1 as minimal version, even if TLS 1 - is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION - and MBEDTLS_SSL_MIN_MINOR_VERSION instead of - MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664 - * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE - only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and - Nick Wilson on issue #355 - * In test_suite_pk, pass valid parameters when testing for hash length - overflow. #1179 - * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found - by Guido Vranken. #639 - * Log correct number of ciphersuites used in Client Hello message. #918 - * Fix X509 CRT parsing that would potentially accept an invalid tag when - parsing the subject alternative names. - * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange() - that could cause a key exchange to fail on valid data. - * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that - could cause a key exchange to fail on valid data. - * Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under - MBEDTLS_DEPRECATED_REMOVED. #1388 - * Fix a 1-byte heap buffer overflow (read-only) during private key parsing. - Found through fuzz testing. - -Changes - * Fix tag lengths and value ranges in the documentation of CCM encryption. - Contributed by Mathieu Briand. - * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky. - * Remove support for the library reference configuration for picocoin. - * MD functions deprecated in 2.7.0 are no longer inline, to provide - a migration path for those depending on the library's ABI. - * Clarify the documentation of mbedtls_ssl_setup. - * Use (void) when defining functions with no parameters. Contributed by - Joris Aerts. #678 - -= mbed TLS 2.7.0 branch released 2018-02-03 - -Security - * Fix a heap corruption issue in the implementation of the truncated HMAC - extension. When the truncated HMAC extension is enabled and CBC is used, - sending a malicious application packet could be used to selectively corrupt - 6 bytes on the peer's heap, which could potentially lead to crash or remote - code execution. The issue could be triggered remotely from either side in - both TLS and DTLS. CVE-2018-0488 - * Fix a buffer overflow in RSA-PSS verification when the hash was too large - for the key size, which could potentially lead to crash or remote code - execution. Found by Seth Terashima, Qualcomm Product Security Initiative, - Qualcomm Technologies Inc. CVE-2018-0487 - * Fix buffer overflow in RSA-PSS verification when the unmasked data is all - zeros. - * Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding - 64 KiB to the address of the SSL buffer and causing a wrap around. - * Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by - default enabled) maximum fragment length extension is disabled in the - config and the application data buffer passed to mbedtls_ssl_write - is larger than the internal message buffer (16384 bytes by default), the - latter overflows. The exploitability of this issue depends on whether the - application layer can be forced into sending such large packets. The issue - was independently reported by Tim Nordell via e-mail and by Florin Petriuc - and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. - Fixes #707. - * Add a provision to prevent compiler optimizations breaking the time - constancy of mbedtls_ssl_safer_memcmp(). - * Ensure that buffers are cleared after use if they contain sensitive data. - Changes were introduced in multiple places in the library. - * Set PEM buffer to zero before freeing it, to avoid decoded private keys - being leaked to memory after release. - * Fix dhm_check_range() failing to detect trivial subgroups and potentially - leaking 1 bit of the private key. Reported by prashantkspatil. - * Make mbedtls_mpi_read_binary() constant-time with respect to the input - data. Previously, trailing zero bytes were detected and omitted for the - sake of saving memory, but potentially leading to slight timing - differences. Reported by Marco Macchetti, Kudelski Group. - * Wipe stack buffer temporarily holding EC private exponent - after keypair generation. - * Fix a potential heap buffer over-read in ALPN extension parsing - (server-side). Could result in application crash, but only if an ALPN - name larger than 16 bytes had been configured on the server. - * Change default choice of DHE parameters from untrustworthy RFC 5114 - to RFC 3526 containing parameters generated in a nothing-up-my-sleeve - manner. - -Features - * Allow comments in test data files. - * The selftest program can execute a subset of the tests based on command - line arguments. - * New unit tests for timing. Improve the self-test to be more robust - when run on a heavily-loaded machine. - * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, - MBEDTLS_CMAC_ALT). Submitted by Steven Cooreman, Silicon Labs. - * Add support for alternative implementations of GCM, selected by the - configuration flag MBEDTLS_GCM_ALT. - * Add support for alternative implementations for ECDSA, controlled by new - configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and - MBEDTLS_ECDSDA_GENKEY_AT in config.h. - The following functions from the ECDSA module can be replaced - with alternative implementation: - mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). - * Add support for alternative implementation of ECDH, controlled by the - new configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and - MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h. - The following functions from the ECDH module can be replaced - with an alternative implementation: - mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). - * Add support for alternative implementation of ECJPAKE, controlled by - the new configuration flag MBEDTLS_ECJPAKE_ALT. - * Add mechanism to provide alternative implementation of the DHM module. - -API Changes - * Extend RSA interface by multiple functions allowing structure- - independent setup and export of RSA contexts. Most notably, - mbedtls_rsa_import() and mbedtls_rsa_complete() are introduced for setting - up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup private RSA - contexts from keys consisting of N,D,E only, even if P,Q are needed for the - purpose or CRT and/or blinding. - * The configuration option MBEDTLS_RSA_ALT can be used to define alternative - implementations of the RSA interface declared in rsa.h. - * The following functions in the message digest modules (MD2, MD4, MD5, - SHA1, SHA256, SHA512) have been deprecated and replaced as shown below. - The new functions change the return type from void to int to allow - returning error codes when using MBEDTLS__ALT. - mbedtls__starts() -> mbedtls__starts_ret() - mbedtls__update() -> mbedtls__update_ret() - mbedtls__finish() -> mbedtls__finish_ret() - mbedtls__process() -> mbedtls_internal__process() - -New deprecations - * Deprecate usage of RSA primitives with non-matching key-type - (e.g. signing with a public key). - * Direct manipulation of structure fields of RSA contexts is deprecated. - Users are advised to use the extended RSA API instead. - * Deprecate usage of message digest functions that return void - (mbedtls__starts, mbedtls__update, - mbedtls__finish and mbedtls__process where is - any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions - that can return an error code. - * Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by - parameters from RFC 3526 or the newly added parameters from RFC 7919. - * Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc. - Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN - etc. - * Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters - from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() - accepting DHM parameters in binary form, matching the new constants. - -Bugfix - * Fix ssl_parse_record_header() to silently discard invalid DTLS records - as recommended in RFC 6347 Section 4.1.2.7. - * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by projectgus and Jethro Beekman, #836. - * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. - * Parse signature algorithm extension when renegotiating. Previously, - renegotiated handshakes would only accept signatures using SHA-1 - regardless of the peer's preferences, or fail if SHA-1 was disabled. - * Fix leap year calculation in x509_date_is_valid() to ensure that invalid - dates on leap years with 100 and 400 intervals are handled correctly. Found - by Nicholas Wilson. #694 - * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were - accepted. Generating these signatures required the private key. - * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys. - Found independently by Florian in the mbed TLS forum and by Mishamax. - #878, #1019. - * Fix variable used before assignment compilation warnings with IAR - toolchain. Found by gkerrien38. - * Fix unchecked return codes from AES, DES and 3DES functions in - pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively. - If a call to one of the functions of the cryptographic primitive modules - failed, the error may not be noticed by the function - mbedtls_pem_read_buffer() causing it to return invalid values. Found by - Guido Vranken. #756 - * Include configuration file in md.h, to fix compilation warnings. - Reported by aaronmdjones in #1001 - * Correct extraction of signature-type from PK instance in X.509 CRT and CSR - writing routines that prevented these functions to work with alternative - RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011. - * Don't print X.509 version tag for v1 CRT's, and omit extensions for - non-v3 CRT's. - * Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024 - * Fix net_would_block() to avoid modification by errno through fcntl() call. - Found by nkolban. Fixes #845. - * Fix handling of handshake messages in mbedtls_ssl_read() in case - MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp. - * Add a check for invalid private parameters in mbedtls_ecdsa_sign(). - Reported by Yolan Romailler. - * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64. - * Fix incorrect unit in benchmark output. #850 - * Add size-checks for record and handshake message content, securing - fragile yet non-exploitable code-paths. - * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by - MilenkoMitrovic, #1104 - * Fix mbedtls_timing_alarm(0) on Unix and MinGW. - * Fix use of uninitialized memory in mbedtls_timing_get_timer() when reset=1. - * Fix possible memory leaks in mbedtls_gcm_self_test(). - * Added missing return code checks in mbedtls_aes_self_test(). - * Fix issues in RSA key generation program programs/x509/rsa_genkey and the - RSA test suite where the failure of CTR DRBG initialization lead to - freeing an RSA context and several MPI's without proper initialization - beforehand. - * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue. - * Fix programs/pkey/dh_server.c so that it actually works with dh_client.c. - Found and fixed by Martijn de Milliano. - * Fix an issue in the cipher decryption with the mode - MBEDTLS_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding. - Note, this padding mode is not used by the TLS protocol. Found and fixed by - Micha Kraus. - * Fix the entropy.c module to not call mbedtls_sha256_starts() or - mbedtls_sha512_starts() in the mbedtls_entropy_init() function. - * Fix the entropy.c module to ensure that mbedtls_sha256_init() or - mbedtls_sha512_init() is called before operating on the relevant context - structure. Do not assume that zeroizing a context is a correct way to - reset it. Found independently by ccli8 on Github. - * In mbedtls_entropy_free(), properly free the message digest context. - * Fix status handshake status message in programs/ssl/dtls_client.c. Found - and fixed by muddog. - -Changes - * Extend cert_write example program by options to set the certificate version - and the message digest. Further, allow enabling/disabling of authority - identifier, subject identifier and basic constraints extensions. - * Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In - particular, don't require P,Q if neither CRT nor blinding are - used. Reported and fix proposed independently by satur9nine and sliai - on GitHub. - * Only run AES-192 self-test if AES-192 is available. Fixes #963. - * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the - undeclared dependency of the RSA module on the ASN.1 module. - * Update all internal usage of deprecated message digest functions to the - new ones with return codes. In particular, this modifies the - mbedtls_md_info_t structure. Propagate errors from these functions - everywhere except some locations in the ssl_tls.c module. - * Improve CTR_DRBG error handling by propagating underlying AES errors. - * Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography - modules where the software implementation can be replaced by a hardware - implementation. - * Add explicit warnings for the use of MD2, MD4, MD5, SHA-1, DES and ARC4 - throughout the library. - -= mbed TLS 2.6.0 branch released 2017-08-10 - -Security - * Fix authentication bypass in SSL/TLS: when authmode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. This could be - triggered remotely from either side. (With authmode set to 'required' - (the default), the handshake was correctly aborted). - * Reliably wipe sensitive data after use in the AES example applications - programs/aes/aescrypt2 and programs/aes/crypt_and_hash. - Found by Laurent Simon. - -Features - * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - and the context struct mbedtls_platform_context to perform - platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden - by the user in a platform_alt.h file. These new functions are required in - some embedded environments to provide a means of initialising underlying - cryptographic acceleration hardware. - -API Changes - * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the - API consistent with mbed TLS 2.5.0. Specifically removed the inline - qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found - by James Cowgill. #978 - * Certificate verification functions now set flags to -1 in case the full - chain was not verified due to an internal error (including in the verify - callback) or chain length limitations. - * With authmode set to optional, the TLS handshake is now aborted if the - verification of the peer's certificate failed due to an overlong chain or - a fatal error in the verify callback. - -Bugfix - * Add a check if iv_len is zero in GCM, and return an error if it is zero. - Reported by roberto. #716 - * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. #696 - * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(), - in the case of an error. Found by redplait. #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken. #740 - * Fix conditional preprocessor directives in bignum.h to enable 64-bit - compilation when using ARM Compiler 6. - * Fix a potential integer overflow in the version verification for DER - encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - * Fix potential integer overflow in the version verification for DER - encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - * Fix a potential integer overflow in the version verification for DER - encoded X.509 certificates. The overflow could enable maliciously - constructed certificates to bypass the certificate verification check. - * Fix a call to the libc function time() to call the platform abstraction - function mbedtls_time() instead. Found by wairua. #666 - * Avoid shadowing of time and index functions through mbed TLS function - arguments. Found by inestlerode. #557. - -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. This is useful on embedded platforms where 64-bit division - created a dependency on external libraries. #708 - * Removed mutexes from ECP hardware accelerator code. Now all hardware - accelerator code in the library leaves concurrency handling to the - platform. Reported by Steven Cooreman. #863 - * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file - config-no-entropy.h to reduce the RAM footprint. - * Added a test script that can be hooked into git that verifies commits - before they are pushed. - * Improve documentation of PKCS1 decryption functions. - -= mbed TLS 2.5.1 released 2017-06-21 - -Security - * Fixed unlimited overread of heap-based buffer in mbedtls_ssl_read(). - The issue could only happen client-side with renegotiation enabled. - Could result in DoS (application crash) or information leak - (if the application layer sent data read from mbedtls_ssl_read() - back to the server or to a third party). Can be triggered remotely. - * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for - certificate verification. SHA-1 can be turned back on with a compile-time - option if needed. - * Fixed offset in FALLBACK_SCSV parsing that caused TLS server to fail to - detect it sometimes. Reported by Hugo Leisink. #810 - * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a - potential Bleichenbacher/BERserk-style attack. - -Bugfix - * Remove size zero arrays from ECJPAKE test suite. Size zero arrays are not - valid C and they prevented the test from compiling in Visual Studio 2015 - and with GCC using the -Wpedantic compilation option. - * Fix insufficient support for signature-hash-algorithm extension, - resulting in compatibility problems with Chrome. Found by hfloyrd. #823 - * Fix behaviour that hid the original cause of fatal alerts in some cases - when sending the alert failed. The fix makes sure not to hide the error - that triggered the alert. - * Fix SSLv3 renegotiation behaviour and stop processing data received from - peer after sending a fatal alert to refuse a renegotiation attempt. - Previous behaviour was to keep processing data even after the alert has - been sent. - * Accept empty trusted CA chain in authentication mode - MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864 - * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate - fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to - reflect bad EC curves within verification result. - * Fix bug that caused the modular inversion function to accept the invalid - modulus 1 and therefore to hang. Found by blaufish. #641. - * Fix incorrect sign computation in modular exponentiation when the base is - a negative MPI. Previously the result was always negative. Found by Guido - Vranken. - * Fix a numerical underflow leading to stack overflow in mpi_read_file() - that was triggered uppon reading an empty line. Found by Guido Vranken. - -Changes - * Send fatal alerts in more cases. The previous behaviour was to skip - sending the fatal alert and just drop the connection. - * Clarify ECDSA documentation and improve the sample code to avoid - misunderstanding and potentially dangerous use of the API. Pointed out - by Jean-Philippe Aumasson. - -= mbed TLS 2.5.0 branch released 2017-05-17 - -Security - * Wipe stack buffers in RSA private key operations - (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). Found by Laurent - Simon. - * Add exponent blinding to RSA private operations as a countermeasure - against side-channel attacks like the cache attack described in - https://arxiv.org/abs/1702.08719v2. - Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss, - Clémentine Maurice and Stefan Mangard. - -Features - * Add hardware acceleration support for the Elliptic Curve Point module. - This involved exposing parts of the internal interface to enable - replacing the core functions and adding and alternative, module level - replacement support for enabling the extension of the interface. - * Add a new configuration option to 'mbedtls_ssl_config' to enable - suppressing the CA list in Certificate Request messages. The default - behaviour has not changed, namely every configured CAs name is included. - -API Changes - * The following functions in the AES module have been deprecated and replaced - by the functions shown below. The new functions change the return type from - void to int to allow returning error codes when using MBEDTLS_AES_ALT, - MBEDTLS_AES_DECRYPT_ALT or MBEDTLS_AES_ENCRYPT_ALT. - mbedtls_aes_decrypt() -> mbedtls_internal_aes_decrypt() - mbedtls_aes_encrypt() -> mbedtls_internal_aes_encrypt() - -Bugfix - * Remove macros from compat-1.3.h that correspond to deleted items from most - recent versions of the library. Found by Kyle Keen. - * Fixed issue in the Threading module that prevented mutexes from - initialising. Found by sznaider. #667 #843 - * Add checks in the PK module for the RSA functions on 64-bit systems. - The PK and RSA modules use different types for passing hash length and - without these checks the type cast could lead to data loss. Found by Guido - Vranken. - -= mbed TLS 2.4.2 branch released 2017-03-08 - -Security - * Add checks to prevent signature forgeries for very large messages while - using RSA through the PK module in 64-bit systems. The issue was caused by - some data loss when casting a size_t to an unsigned int value in the - functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and - mbedtls_pk_sign(). Found by Jean-Philippe Aumasson. - * Fixed potential livelock during the parsing of a CRL in PEM format in - mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing - characters after the footer could result in the execution of an infinite - loop. The issue can be triggered remotely. Found by Greg Zaverucha, - Microsoft. - * Removed MD5 from the allowed hash algorithms for CertificateRequest and - CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. - Introduced by interoperability fix for #513. - * Fixed a bug that caused freeing a buffer that was allocated on the stack, - when verifying the validity of a key on secp224k1. This could be - triggered remotely for example with a maliciously constructed certificate - and potentially could lead to remote code execution on some platforms. - Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos - team. #569 CVE-2017-2784 - -Bugfix - * Fix output certificate verification flags set by x509_crt_verify_top() when - traversing a chain of trusted CA. The issue would cause both flags, - MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be - set when the verification conditions are not met regardless of the cause. - Found by Harm Verhagen and inestlerode. #665 #561 - * Fix the redefinition of macro ssl_set_bio to an undefined symbol - mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it. - Found by omlib-lin. #673 - * Fix unused variable/function compilation warnings in pem.c, x509_crt.c and - x509_csr.c that are reported when building mbed TLS with a config.h that - does not define MBEDTLS_PEM_PARSE_C. Found by omnium21. #562 - * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that - would compare 64 bits of the record counter instead of 48 bits as indicated - in RFC 6347 Section 4.3.1. This could cause the execution of the - renegotiation routines at unexpected times when the protocol is DTLS. Found - by wariua. #687 - * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing - the input string in PEM format to extract the different components. Found - by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_ctr_drbg_reseed() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflows in mbedtls_cipher_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_md2_update() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed potential arithmetic overflow in mbedtls_base64_decode() that could - cause buffer bound checks to be bypassed. Found by Eyal Itkin. - * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng - Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America. - * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused - by missing calls to mbedtls_pem_free() in cases when a - MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered. Found and - fix proposed by Guido Vranken. #722 - * Fixed the templates used to generate project and solution files for Visual - Studio 2015 as well as the files themselves, to remove a build warning - generated in Visual Studio 2015. Reported by Steve Valliere. #742 - * Fix a resource leak in ssl_cookie, when using MBEDTLS_THREADING_C. - Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771 - * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI - number to write in hexadecimal is negative and requires an odd number of - digits. Found and fixed by Guido Vranken. - * Fix unlisted DES configuration dependency in some pkparse test cases. Found - by inestlerode. #555 - -= mbed TLS 2.4.1 branch released 2016-12-13 - -Changes - * Update to CMAC test data, taken from - NIST Special Publication 800-38B - - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for - Authentication – October 2016 - -= mbed TLS 2.4.0 branch released 2016-10-17 - -Security - * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant - with RFC-5116 and could lead to session key recovery in very long TLS - sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in - TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic. - https://eprint.iacr.org/2016/475.pdf - * Fixed potential stack corruption in mbedtls_x509write_crt_der() and - mbedtls_x509write_csr_der() when the signature is copied to the buffer - without checking whether there is enough space in the destination. The - issue cannot be triggered remotely. Found by Jethro Beekman. - -Features - * Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by - NIST SP 800-38B, RFC-4493 and RFC-4615. - * Added hardware entropy selftest to verify that the hardware entropy source - is functioning correctly. - * Added a script to print build environment info for diagnostic use in test - scripts, which is also now called by all.sh. - * Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to - configure the maximum length of a file path that can be buffered when - calling mbedtls_x509_crt_parse_path(). - * Added a configuration file config-no-entropy.h that configures the subset of - library features that do not require an entropy source. - * Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users - to configure the minimum number of bytes for entropy sources using the - mbedtls_hardware_poll() function. - -Bugfix - * Fix for platform time abstraction to avoid dependency issues where a build - may need time but not the standard C library abstraction, and added - configuration consistency checks to check_config.h - * Fix dependency issue in Makefile to allow parallel builds. - * Fix incorrect handling of block lengths in crypt_and_hash.c sample program, - when GCM is used. Found by udf2457. #441 - * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't - enabled unless others were also present. Found by David Fernandez. #428 - * Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on - a contribution from Tobias Tangemann. #541 - * Fixed cert_app.c sample program for debug output and for use when no root - certificates are provided. - * Fix conditional statement that would cause a 1 byte overread in - mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 - * Fixed pthread implementation to avoid unintended double initialisations - and double frees. Found by Niklas Amnebratt. - * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for - builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found - by inestlerode. #559. - * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf - data structure until after error checks are successful. Found by - subramanyam-c. #622 - * Fix documentation and implementation missmatch for function arguments of - mbedtls_gcm_finish(). Found by cmiatpaar. #602 - * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 - * Fix potential byte overread when verifying malformed SERVER_HELLO in - ssl_parse_hello_verify_request() for DTLS. Found by Guido Vranken. - * Fix check for validity of date when parsing in mbedtls_x509_get_time(). - Found by subramanyam-c. #626 - * Fix compatibility issue with Internet Explorer client authentication, - where the limited hash choices prevented the client from sending its - certificate. Found by teumas. #513 - * Fix compilation without MBEDTLS_SELF_TEST enabled. - -Changes - * Extended test coverage of special cases, and added new timing test suite. - * Removed self-tests from the basic-built-test.sh script, and added all - missing self-tests to the test suites, to ensure self-tests are only - executed once. - * Added support for 3 and 4 byte lengths to mbedtls_asn1_write_len(). - * Added support for a Yotta specific configuration file - - through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE. - * Added optimization for code space for X.509/OID based on configured - features. Contributed by Aviv Palivoda. - * Renamed source file library/net.c to library/net_sockets.c to avoid - naming collision in projects which also have files with the common name - net.c. For consistency, the corresponding header file, net.h, is marked as - deprecated, and its contents moved to net_sockets.h. - * Changed the strategy for X.509 certificate parsing and validation, to no - longer disregard certificates with unrecognised fields. - -= mbed TLS 2.3.0 branch released 2016-06-28 - -Security - * Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt - required by PKCS1 v2.2 - * Fix potential integer overflow to buffer overflow in - mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt - (not triggerable remotely in (D)TLS). - * Fix a potential integer underflow to buffer overread in - mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in - SSL/TLS. - -Features - * Support for platform abstraction of the standard C library time() - function. - -Bugfix - * Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three - arguments where the same (in-place doubling). Found and fixed by Janos - Follath. #309 - * Fix potential build failures related to the 'apidoc' target, introduced - in the previous patch release. Found by Robert Scheck. #390 #391 - * Fix issue in Makefile that prevented building using armar. #386 - * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and - ECDSA was disabled in config.h . The leak didn't occur by default. - * Fix an issue that caused valid certificates to be rejected whenever an - expired or not yet valid certificate was parsed before a valid certificate - in the trusted certificate list. - * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the - buffer after DER certificates to be included in the raw representation. - * Fix issue that caused a hang when generating RSA keys of odd bitlength - * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer - dereference possible. - * Fix issue that caused a crash if invalid curves were passed to - mbedtls_ssl_conf_curves. #373 - * Fix issue in ssl_fork_server which was preventing it from functioning. #429 - * Fix memory leaks in test framework - * Fix test in ssl-opt.sh that does not run properly with valgrind - * Fix unchecked calls to mmbedtls_md_setup(). Fix by Brian Murray. #502 - -Changes - * On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, - don't use the optimized assembly for bignum multiplication. This removes - the need to pass -fomit-frame-pointer to avoid a build error with -O0. - * Disabled SSLv3 in the default configuration. - * Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey - Skalozub). - * Fix non-compliance server extension handling. Extensions for SSLv3 are now - ignored, as required by RFC6101. - -= mbed TLS 2.2.1 released 2016-01-05 - -Security - * Fix potential double free when mbedtls_asn1_store_named_data() fails to - allocate memory. Only used for certificate generation, not triggerable - remotely in SSL/TLS. Found by Rafał Przywara. #367 - * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the - SLOTH attack on TLS 1.2 server authentication (other attacks from the - SLOTH paper do not apply to any version of mbed TLS or PolarSSL). - https://www.mitls.org/pages/attacks/SLOTH - -Bugfix - * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362 - * Fix bug in certificate validation that caused valid chains to be rejected - when the first intermediate certificate has pathLenConstraint=0. Found by - Nicholas Wilson. Introduced in mbed TLS 2.2.0. #280 - * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by - JayaraghavendranK. #372 - * Fix suboptimal handling of unexpected records that caused interop issues - with some peers over unreliable links. Avoid dropping an entire DTLS - datagram if a single record in a datagram is unexpected, instead only - drop the record and look at subsequent records (if any are present) in - the same datagram. Found by jeannotlapin. #345 - -= mbed TLS 2.2.0 released 2015-11-04 - -Security - * Fix potential double free if mbedtls_ssl_conf_psk() is called more than - once and some allocation fails. Cannot be forced remotely. Found by Guido - Vranken, Intelworks. - * Fix potential heap corruption on Windows when - mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. Cannot be - triggered remotely. Found by Guido Vranken, Intelworks. - * Fix potential buffer overflow in some asn1_write_xxx() functions. - Cannot be triggered remotely unless you create X.509 certificates based - on untrusted input or write keys of untrusted origin. Found by Guido - Vranken, Intelworks. - * The X509 max_pathlen constraint was not enforced on intermediate - certificates. Found by Nicholas Wilson, fix and tests provided by - Janos Follath. #280 and #319 - -Features - * Experimental support for EC J-PAKE as defined in Thread 1.0.0. - Disabled by default as the specification might still change. - * Added a key extraction callback to accees the master secret and key - block. (Potential uses include EAP-TLS and Thread.) - -Bugfix - * Self-signed certificates were not excluded from pathlen counting, - resulting in some valid X.509 being incorrectly rejected. Found and fix - provided by Janos Follath. #319 - * Fix build error with configurations where ECDHE-PSK is the only key - exchange. Found and fix provided by Chris Hammond. #270 - * Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or - ECHD-ECDSA if the only key exchange. Multiple reports. #310 - * Fixed a bug causing some handshakes to fail due to some non-fatal alerts - not being properly ignored. Found by mancha and Kasom Koht-arsa, #308 - * mbedtls_x509_crt_verify(_with_profile)() now also checks the key type and - size/curve against the profile. Before that, there was no way to set a - minimum key size for end-entity certificates with RSA keys. Found by - Matthew Page of Scannex Electronics Ltd. - * Fix failures in MPI on Sparc(64) due to use of bad assembly code. - Found by Kurt Danielson. #292 - * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314 - * Fix bug in ASN.1 encoding of booleans that caused generated CA - certificates to be rejected by some applications, including OS X - Keychain. Found and fixed by Jonathan Leroy, Inikup. - -Changes - * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1 - or -1. - -= mbed TLS 2.1.2 released 2015-10-06 - -Security - * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer - overflow of the hostname or session ticket. Found by Guido Vranken, - Intelworks. - * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than - once in the same handhake and mbedtls_ssl_conf_psk() was used. - Found and patch provided by Guido Vranken, Intelworks. Cannot be forced - remotely. - * Fix stack buffer overflow in pkcs12 decryption (used by - mbedtls_pk_parse_key(file)() when the password is > 129 bytes. - Found by Guido Vranken, Intelworks. Not triggerable remotely. - * Fix potential buffer overflow in mbedtls_mpi_read_string(). - Found by Guido Vranken, Intelworks. Not exploitable remotely in the context - of TLS, but might be in other uses. On 32 bit machines, requires reading a - string of close to or larger than 1GB to exploit; on 64 bit machines, would - require reading a string of close to or larger than 2^62 bytes. - * Fix potential random memory allocation in mbedtls_pem_read_buffer() - on crafted PEM input data. Found and fix provided by Guido Vranken, - Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you - accept PEM data from an untrusted source. - * Fix possible heap buffer overflow in base64_encoded() when the input - buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken, - Intelworks. Not trigerrable remotely in TLS. - * Fix potential double-free if mbedtls_conf_psk() is called repeatedly on - the same mbedtls_ssl_config object and memory allocation fails. Found by - Guido Vranken, Intelworks. Cannot be forced remotely. - * Fix potential heap buffer overflow in servers that perform client - authentication against a crafted CA cert. Cannot be triggered remotely - unless you allow third parties to pick trust CAs for client auth. - Found by Guido Vranken, Intelworks. - -Bugfix - * Fix compile error in net.c with musl libc. Found and patch provided by - zhasha (#278). - * Fix macroization of 'inline' keyword when building as C++. (#279) - -Changes - * Added checking of hostname length in mbedtls_ssl_set_hostname() to ensure - domain names are compliant with RFC 1035. - * Fixed paths for check_config.h in example config files. (Found by bachp) - (#291) - -= mbed TLS 2.1.1 released 2015-09-17 - -Security - * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5 - signatures. (Found by Florian Weimer, Red Hat.) - https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ - * Fix possible client-side NULL pointer dereference (read) when the client - tries to continue the handshake after it failed (a misuse of the API). - (Found and patch provided by Fabian Foerg, Gotham Digital Science using - afl-fuzz.) - -Bugfix - * Fix warning when using a 64bit platform. (found by embedthis) (#275) - * Fix off-by-one error in parsing Supported Point Format extension that - caused some handshakes to fail. - -Changes - * Made X509 profile pointer const in mbedtls_ssl_conf_cert_profile() to allow - use of mbedtls_x509_crt_profile_next. (found by NWilson) - * When a client initiates a reconnect from the same port as a live - connection, if cookie verification is available - (MBEDTLS_SSL_DTLS_HELLO_VERIFY defined in config.h, and usable cookie - callbacks set with mbedtls_ssl_conf_dtls_cookies()), this will be - detected and mbedtls_ssl_read() will return - MBEDTLS_ERR_SSL_CLIENT_RECONNECT - it is then possible to start a new - handshake with the same context. (See RFC 6347 section 4.2.8.) - -= mbed TLS 2.1.0 released 2015-09-04 - -Features - * Added support for yotta as a build system. - * Primary open source license changed to Apache 2.0 license. - -Bugfix - * Fix segfault in the benchmark program when benchmarking DHM. - * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo - Leisink). - * Fix bug when parsing a ServerHello without extensions (found by David - Sears). - * Fix bug in CMake lists that caused libmbedcrypto.a not to be installed - (found by Benoit Lecocq). - * Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be - installed (found by Rawi666). - * Fix compile error with armcc 5 with --gnu option. - * Fix bug in Makefile that caused programs not to be installed correctly - (found by robotanarchy) (#232). - * Fix bug in Makefile that prevented from installing without building the - tests (found by robotanarchy) (#232). - * Fix missing -static-libgcc when building shared libraries for Windows - with make. - * Fix link error when building shared libraries for Windows with make. - * Fix error when loading libmbedtls.so. - * Fix bug in mbedtls_ssl_conf_default() that caused the default preset to - be always used (found by dcb314) (#235) - * Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could - result trying to unlock an unlocked mutex on invalid input (found by - Fredrik Axelsson) (#257) - * Fix -Wshadow warnings (found by hnrkp) (#240) - * Fix memory corruption on client with overlong PSK identity, around - SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by - Aleksandrs Saveljevs) (#238) - * Fix unused function warning when using MBEDTLS_MDx_ALT or - MBEDTLS_SHAxxx_ALT (found by Henrik) (#239) - * Fix memory corruption in pkey programs (found by yankuncheng) (#210) - -Changes - * The PEM parser now accepts a trailing space at end of lines (#226). - * It is now possible to #include a user-provided configuration file at the - end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the - compiler's command line. - * When verifying a certificate chain, if an intermediate certificate is - trusted, no later cert is checked. (suggested by hannes-landeholm) - (#220). - * Prepend a "thread identifier" to debug messages (issue pointed out by - Hugo Leisink) (#210). - * Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment - length. - -= mbed TLS 2.0.0 released 2015-07-13 - -Features - * Support for DTLS 1.0 and 1.2 (RFC 6347). - * Ability to override core functions from MDx, SHAx, AES and DES modules - with custom implementation (eg hardware accelerated), complementing the - ability to override the whole module. - * New server-side implementation of session tickets that rotate keys to - preserve forward secrecy, and allows sharing across multiple contexts. - * Added a concept of X.509 cerificate verification profile that controls - which algorithms and key sizes (curves for ECDSA) are acceptable. - * Expanded configurability of security parameters in the SSL module with - mbedtls_ssl_conf_dhm_min_bitlen() and mbedtls_ssl_conf_sig_hashes(). - * Introduced a concept of presets for SSL security-relevant configuration - parameters. - -API Changes - * The library has been split into libmbedcrypto, libmbedx509, libmbedtls. - You now need to link to all of them if you use TLS for example. - * All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace. - Some names have been further changed to make them more consistent. - Migration helpers scripts/rename.pl and include/mbedtls/compat-1.3.h are - provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt - * Renamings of fields inside structures, not covered by the previous list: - mbedtls_cipher_info_t.key_length -> key_bitlen - mbedtls_cipher_context_t.key_length -> key_bitlen - mbedtls_ecp_curve_info.size -> bit_size - * Headers are now found in the 'mbedtls' directory (previously 'polarssl'). - * The following _init() functions that could return errors have - been split into an _init() that returns void and another function that - should generally be the first function called on this context after init: - mbedtls_ssl_init() -> mbedtls_ssl_setup() - mbedtls_ccm_init() -> mbedtls_ccm_setkey() - mbedtls_gcm_init() -> mbedtls_gcm_setkey() - mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)() - mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_seed() - Note that for mbedtls_ssl_setup(), you need to be done setting up the - ssl_config structure before calling it. - * Most ssl_set_xxx() functions (all except ssl_set_bio(), ssl_set_hostname(), - ssl_set_session() and ssl_set_client_transport_id(), plus - ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx() - (see rename.pl and compat-1.3.h above) and their first argument's type - changed from ssl_context to ssl_config. - * ssl_set_bio() changed signature (contexts merged, order switched, one - additional callback for read-with-timeout). - * The following functions have been introduced and must be used in callback - implementations (SNI, PSK) instead of their *conf counterparts: - mbedtls_ssl_set_hs_own_cert() - mbedtls_ssl_set_hs_ca_chain() - mbedtls_ssl_set_hs_psk() - * mbedtls_ssl_conf_ca_chain() lost its last argument (peer_cn), now set - using mbedtls_ssl_set_hostname(). - * mbedtls_ssl_conf_session_cache() changed prototype (only one context - pointer, parameters reordered). - * On server, mbedtls_ssl_conf_session_tickets_cb() must now be used in - place of mbedtls_ssl_conf_session_tickets() to enable session tickets. - * The SSL debug callback gained two new arguments (file name, line number). - * Debug modes were removed. - * mbedtls_ssl_conf_truncated_hmac() now returns void. - * mbedtls_memory_buffer_alloc_init() now returns void. - * X.509 verification flags are now an uint32_t. Affect the signature of: - mbedtls_ssl_get_verify_result() - mbedtls_x509_ctr_verify_info() - mbedtls_x509_crt_verify() (flags, f_vrfy -> needs to be updated) - mbedtls_ssl_conf_verify() (f_vrfy -> needs to be updated) - * The following functions changed prototype to avoid an in-out length - parameter: - mbedtls_base64_encode() - mbedtls_base64_decode() - mbedtls_mpi_write_string() - mbedtls_dhm_calc_secret() - * In the NET module, all "int" and "int *" arguments for file descriptors - changed type to "mbedtls_net_context *". - * net_accept() gained new arguments for the size of the client_ip buffer. - * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now - return void. - * ecdsa_write_signature() gained an additional md_alg argument and - ecdsa_write_signature_det() was deprecated. - * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. - * Last argument of x509_crt_check_key_usage() and - mbedtls_x509write_crt_set_key_usage() changed from int to unsigned. - * test_ca_list (from certs.h) is renamed to test_cas_pem and is only - available if POLARSSL_PEM_PARSE_C is defined (it never worked without). - * Test certificates in certs.c are no longer guaranteed to be nul-terminated - strings; use the new *_len variables instead of strlen(). - * Functions mbedtls_x509_xxx_parse(), mbedtls_pk_parse_key(), - mbedtls_pk_parse_public_key() and mbedtls_dhm_parse_dhm() now expect the - length parameter to include the terminating null byte for PEM input. - * Signature of mpi_mul_mpi() changed to make the last argument unsigned - * calloc() is now used instead of malloc() everywhere. API of platform - layer and the memory_buffer_alloc module changed accordingly. - (Thanks to Mansour Moufid for helping with the replacement.) - * Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION - (support for renegotiation now needs explicit enabling in config.h). - * Split MBEDTLS_HAVE_TIME into MBEDTLS_HAVE_TIME and MBEDTLS_HAVE_TIME_DATE - in config.h - * net_connect() and net_bind() have a new 'proto' argument to choose - between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP. - Their 'port' argument type is changed to a string. - * Some constness fixes - -Removals - * Removed mbedtls_ecp_group_read_string(). Only named groups are supported. - * Removed mbedtls_ecp_sub() and mbedtls_ecp_add(), use - mbedtls_ecp_muladd(). - * Removed individual mdX_hmac, shaX_hmac, mdX_file and shaX_file functions - (use generic functions from md.h) - * Removed mbedtls_timing_msleep(). Use mbedtls_net_usleep() or a custom - waiting function. - * Removed test DHM parameters from the test certs module. - * Removed the PBKDF2 module (use PKCS5). - * Removed POLARSSL_ERROR_STRERROR_BC (use mbedtls_strerror()). - * Removed compat-1.2.h (helper for migrating from 1.2 to 1.3). - * Removed openssl.h (very partial OpenSSL compatibility layer). - * Configuration options POLARSSL_HAVE_LONGLONG was removed (now always on). - * Configuration options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 have - been removed (compiler is required to support 32-bit operations). - * Configuration option POLARSSL_HAVE_IPV6 was removed (always enabled). - * Removed test program o_p_test, the script compat.sh does more. - * Removed test program ssl_test, superseded by ssl-opt.sh. - * Removed helper script active-config.pl - -New deprecations - * md_init_ctx() is deprecated in favour of md_setup(), that adds a third - argument (allowing memory savings if HMAC is not used) - -Semi-API changes (technically public, morally private) - * Renamed a few headers to include _internal in the name. Those headers are - not supposed to be included by users. - * Changed md_info_t into an opaque structure (use md_get_xxx() accessors). - * Changed pk_info_t into an opaque structure. - * Changed cipher_base_t into an opaque structure. - * Removed sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl. - * x509_crt.key_usage changed from unsigned char to unsigned int. - * Removed r and s from ecdsa_context - * Removed mode from des_context and des3_context - -Default behavior changes - * The default minimum TLS version is now TLS 1.0. - * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the - default ciphersuite list returned by ssl_list_ciphersuites() - * Support for receiving SSLv2 ClientHello is now disabled by default at - compile time. - * The default authmode for SSL/TLS clients is now REQUIRED. - * Support for RSA_ALT contexts in the PK layer is now optional. Since is is - enabled in the default configuration, this is only noticeable if using a - custom config.h - * Default DHM parameters server-side upgraded from 1024 to 2048 bits. - * A minimum RSA key size of 2048 bits is now enforced during ceritificate - chain verification. - * Negotiation of truncated HMAC is now disabled by default on server too. - * The following functions are now case-sensitive: - mbedtls_cipher_info_from_string() - mbedtls_ecp_curve_info_from_name() - mbedtls_md_info_from_string() - mbedtls_ssl_ciphersuite_from_string() - mbedtls_version_check_feature() - -Requirement changes - * The minimum MSVC version required is now 2010 (better C99 support). - * The NET layer now unconditionnaly relies on getaddrinfo() and select(). - * Compiler is required to support C99 types such as long long and uint32_t. - -API changes from the 1.4 preview branch - * ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with - new prototype, and mbedtls_ssl_set_read_timeout(). - * The following functions now return void: - mbedtls_ssl_conf_transport() - mbedtls_ssl_conf_max_version() - mbedtls_ssl_conf_min_version() - * DTLS no longer hard-depends on TIMING_C, but uses a callback interface - instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing - an example implementation, see mbedtls_timing_delay_context and - mbedtls_timing_set/get_delay(). - * With UDP sockets, it is no longer necessary to call net_bind() again - after a successful net_accept(). - -Changes - * mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now - thread-safe if MBEDTLS_THREADING_C is enabled. - * Reduced ROM fooprint of SHA-256 and added an option to reduce it even - more (at the expense of performance) MBEDTLS_SHA256_SMALLER. - -= mbed TLS 1.3 branch - -Security - * With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and - extendedKeyUsage on the leaf certificate was lost (results not accessible - via ssl_get_verify_results()). - * Add countermeasure against "Lucky 13 strikes back" cache-based attack, - https://dl.acm.org/citation.cfm?id=2714625 - -Features - * Improve ECC performance by using more efficient doubling formulas - (contributed by Peter Dettman). - * Add x509_crt_verify_info() to display certificate verification results. - * Add support for reading DH parameters with privateValueLength included - (contributed by Daniel Kahn Gillmor). - * Add support for bit strings in X.509 names (request by Fredrik Axelsson). - * Add support for id-at-uniqueIdentifier in X.509 names. - * Add support for overriding snprintf() (except on Windows) and exit() in - the platform layer. - * Add an option to use macros instead of function pointers in the platform - layer (helps get rid of unwanted references). - * Improved Makefiles for Windows targets by fixing library targets and making - cross-compilation easier (thanks to Alon Bar-Lev). - * The benchmark program also prints heap usage for public-key primitives - if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined. - * New script ecc-heap.sh helps measuring the impact of ECC parameters on - speed and RAM (heap only for now) usage. - * New script memory.sh helps measuring the ROM and RAM requirements of two - reduced configurations (PSK-CCM and NSA suite B). - * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce - warnings on use of deprecated functions (with GCC and Clang only). - * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce - errors on use of deprecated functions. - -Bugfix - * Fix compile errors with PLATFORM_NO_STD_FUNCTIONS. - * Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara). - * Fix bug in entropy.c when THREADING_C is also enabled that caused - entropy_free() to crash (thanks to Rafał Przywara). - * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than - once on the same context. - * Fix bug in ssl_mail_client when password is longer that username (found - by Bruno Pape). - * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules - (detected by Clang's 3.6 UBSan). - * mpi_size() and mpi_msb() would segfault when called on an mpi that is - initialized but not set (found by pravic). - * Fix detection of support for getrandom() on Linux (reported by syzzer) by - doing it at runtime (using uname) rather that compile time. - * Fix handling of symlinks by "make install" (found by Gaël PORTAY). - * Fix potential NULL pointer dereference (not trigerrable remotely) when - ssl_write() is called before the handshake is finished (introduced in - 1.3.10) (first reported by Martin Blumenstingl). - * Fix bug in pk_parse_key() that caused some valid private EC keys to be - rejected. - * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). - * Fix thread safety bug in RSA operations (found by Fredrik Axelsson). - * Fix hardclock() (only used in the benchmarking program) with some - versions of mingw64 (found by kxjhlele). - * Fix warnings from mingw64 in timing.c (found by kxjklele). - * Fix potential unintended sign extension in asn1_get_len() on 64-bit - platforms. - * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid). - * Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and - POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced - in 1.3.10). - * Add missing extern "C" guard in aesni.h (reported by amir zamani). - * Add missing dependency on SHA-256 in some x509 programs (reported by - Gergely Budai). - * Fix bug related to ssl_set_curves(): the client didn't check that the - curve picked by the server was actually allowed. - -Changes - * Remove bias in mpi_gen_prime (contributed by Pascal Junod). - * Remove potential sources of timing variations (some contributed by Pascal - Junod). - * Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated. - * Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated. - * compat-1.2.h and openssl.h are deprecated. - * Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now - more flexible (warning: OFLAGS is not used any more) (see the README) - (contributed by Alon Bar-Lev). - * ssl_set_own_cert() no longer calls pk_check_pair() since the - performance impact was bad for some users (this was introduced in 1.3.10). - * Move from SHA-1 to SHA-256 in example programs using signatures - (suggested by Thorsten Mühlfelder). - * Remove some unneeded inclusions of header files from the standard library - "minimize" others (eg use stddef.h if only size_t is needed). - * Change #include lines in test files to use double quotes instead of angle - brackets for uniformity with the rest of the code. - * Remove dependency on sscanf() in X.509 parsing modules. - -= mbed TLS 1.3.10 released 2015-02-09 -Security - * NULL pointer dereference in the buffer-based allocator when the buffer is - full and polarssl_free() is called (found by Mark Hasemeyer) - (only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is - not by default). - * Fix remotely-triggerable uninitialised pointer dereference caused by - crafted X.509 certificate (TLS server is not affected if it doesn't ask for a - client certificate) (found using Codenomicon Defensics). - * Fix remotely-triggerable memory leak caused by crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Fix potential stack overflow while parsing crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Fix timing difference that could theoretically lead to a - Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges - (reported by Sebastian Schinzel). - -Features - * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv). - * Add support for Extended Master Secret (draft-ietf-tls-session-hash). - * Add support for Encrypt-then-MAC (RFC 7366). - * Add function pk_check_pair() to test if public and private keys match. - * Add x509_crl_parse_der(). - * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the - length of an X.509 verification chain. - * Support for renegotiation can now be disabled at compile-time - * Support for 1/n-1 record splitting, a countermeasure against BEAST. - * Certificate selection based on signature hash, preferring SHA-1 over SHA-2 - for pre-1.2 clients when multiple certificates are available. - * Add support for getrandom() syscall on recent Linux kernels with Glibc or - a compatible enough libc (eg uClibc). - * Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime - while using the default ciphersuite list. - * Added new error codes and debug messages about selection of - ciphersuite/certificate. - -Bugfix - * Stack buffer overflow if ctr_drbg_update() is called with too large - add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). - * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE - if memory_buffer_alloc_init() was called with buf not aligned and len not - a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely). - * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found - by Julian Ospald). - * Fix potential undefined behaviour in Camellia. - * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a - multiple of 8 (found by Gergely Budai). - * Fix unchecked return code in x509_crt_parse_path() on Windows (found by - Peter Vaskovic). - * Fix assembly selection for MIPS64 (thanks to James Cowgill). - * ssl_get_verify_result() now works even if the handshake was aborted due - to a failed verification (found by Fredrik Axelsson). - * Skip writing and parsing signature_algorithm extension if none of the - key exchanges enabled needs certificates. This fixes a possible interop - issue with some servers when a zero-length extension was sent. (Reported - by Peter Dettman.) - * On a 0-length input, base64_encode() did not correctly set output length - (found by Hendrik van den Boogaard). - -Changes - * Use deterministic nonces for AEAD ciphers in TLS by default (possible to - switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h). - * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. - * ssl_set_own_cert() now returns an error on key-certificate mismatch. - * Forbid repeated extensions in X.509 certificates. - * debug_print_buf() now prints a text view in addition to hexadecimal. - * A specific error is now returned when there are ciphersuites in common - but none of them is usable due to external factors such as no certificate - with a suitable (extended)KeyUsage or curve or no PSK set. - * It is now possible to disable negotiation of truncated HMAC server-side - at runtime with ssl_set_truncated_hmac(). - * Example programs for SSL client and server now disable SSLv3 by default. - * Example programs for SSL client and server now disable RC4 by default. - * Use platform.h in all test suites and programs. - -= PolarSSL 1.3.9 released 2014-10-20 -Security - * Lowest common hash was selected from signature_algorithms extension in - TLS 1.2 (found by Darren Bane) (introduced in 1.3.8). - * Remotely-triggerable memory leak when parsing some X.509 certificates - (server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Remotely-triggerable memory leak when parsing crafted ClientHello - (not affected if ECC support was compiled out) (found using Codenomicon - Defensics). - -Bugfix - * Support escaping of commas in x509_string_to_names() - * Fix compile error in ssl_pthread_server (found by Julian Ospald). - * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce). - * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel). - * Fix warnings from Clang's scan-build (contributed by Alfred Klomp). - * Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST - are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito). - * Remove non-existent file from VS projects (found by Peter Vaskovic). - * ssl_read() could return non-application data records on server while - renegotation was pending, and on client when a HelloRequest was received. - * Server-initiated renegotiation would fail with non-blocking I/O if the - write callback returned WANT_WRITE when requesting renegotiation. - * ssl_close_notify() could send more than one message in some circumstances - with non-blocking I/O. - * Fix compiler warnings on iOS (found by Sander Niemeijer). - * x509_crt_parse() did not increase total_failed on PEM error - * Fix compile error with armcc in mpi_is_prime() - * Fix potential bad read in parsing ServerHello (found by Adrien - Vialletelle). - -Changes - * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no - standard defining how to use SHA-2 with SSL 3.0). - * Ciphersuites using RSA-PSK key exchange new require TLS 1.x (the spec is - ambiguous on how to encode some packets with SSL 3.0). - * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if - RSA is disabled, larger if POLARSSL_MPI_MAX_SIZE is larger. - * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than - POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts. - * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits - RSA keys. - * Accept spaces at end of line or end of buffer in base64_decode(). - * X.509 certificates with more than one AttributeTypeAndValue per - RelativeDistinguishedName are not accepted any more. - -= PolarSSL 1.3.8 released 2014-07-11 -Security - * Fix length checking for AEAD ciphersuites (found by Codenomicon). - It was possible to crash the server (and client) using crafted messages - when a GCM suite was chosen. - -Features - * Add CCM module and cipher mode to Cipher Layer - * Support for CCM and CCM_8 ciphersuites - * Support for parsing and verifying RSASSA-PSS signatures in the X.509 - modules (certificates, CRLs and CSRs). - * Blowfish in the cipher layer now supports variable length keys. - * Add example config.h for PSK with CCM, optimized for low RAM usage. - * Optimize for RAM usage in example config.h for NSA Suite B profile. - * Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites - from the default list (inactive by default). - * Add server-side enforcement of sent renegotiation requests - (ssl_set_renegotiation_enforced()) - * Add SSL_CIPHERSUITES config.h flag to allow specifying a list of - ciphersuites to use and save some memory if the list is small. - -Changes - * Add LINK_WITH_PTHREAD option in CMake for explicit linking that is - required on some platforms (e.g. OpenBSD) - * Migrate zeroizing of data to polarssl_zeroize() instead of memset() - against unwanted compiler optimizations - * md_list() now returns hashes strongest first - * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks - strongest offered by client. - * All public contexts have _init() and _free() functions now for simpler - usage pattern - -Bugfix - * Fix in debug_print_msg() - * Enforce alignment in the buffer allocator even if buffer is not aligned - * Remove less-than-zero checks on unsigned numbers - * Stricter check on SSL ClientHello internal sizes compared to actual packet - size (found by TrustInSoft) - * Fix WSAStartup() return value check (found by Peter Vaskovic) - * Other minor issues (found by Peter Vaskovic) - * Fix symlink command for cross compiling with CMake (found by Andre - Heinecke) - * Fix DER output of gen_key app (found by Gergely Budai) - * Very small records were incorrectly rejected when truncated HMAC was in - use with some ciphersuites and versions (RC4 in all versions, CBC with - versions < TLS 1.1). - * Very large records using more than 224 bytes of padding were incorrectly - rejected with CBC-based ciphersuites and TLS >= 1.1 - * Very large records using less padding could cause a buffer overread of up - to 32 bytes with CBC-based ciphersuites and TLS >= 1.1 - * Restore ability to use a v1 cert as a CA if trusted locally. (This had - been removed in 1.3.6.) - * Restore ability to locally trust a self-signed cert that is not a proper - CA for use as an end entity certificate. (This had been removed in - 1.3.6.) - * Fix preprocessor checks for bn_mul PPC asm (found by Barry K. Nathan). - * Use \n\t rather than semicolons for bn_mul asm, since some assemblers - interpret semicolons as comment delimiters (found by Barry K. Nathan). - * Fix off-by-one error in parsing Supported Point Format extension that - caused some handshakes to fail. - * Fix possible miscomputation of the premaster secret with DHE-PSK key - exchange that caused some handshakes to fail with other implementations. - (Failure rate <= 1/255 with common DHM moduli.) - * Disable broken Sparc64 bn_mul assembly (found by Florian Obser). - * Fix base64_decode() to return and check length correctly (in case of - tight buffers) - * Fix mpi_write_string() to write "00" as hex output for empty MPI (found - by Hui Dong) - -= PolarSSL 1.3.7 released on 2014-05-02 -Features - * debug_set_log_mode() added to determine raw or full logging - * debug_set_threshold() added to ignore messages over threshold level - * version_check_feature() added to check for compile-time options at - run-time - -Changes - * POLARSSL_CONFIG_OPTIONS has been removed. All values are individually - checked and filled in the relevant module headers - * Debug module only outputs full lines instead of parts - * Better support for the different Attribute Types from IETF PKIX (RFC 5280) - * AES-NI now compiles with "old" assemblers too - * Ciphersuites based on RC4 now have the lowest priority by default - -Bugfix - * Only iterate over actual certificates in ssl_write_certificate_request() - (found by Matthew Page) - * Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan - Karger) - * cert_write app should use subject of issuer certificate as issuer of cert - * Fix false reject in padding check in ssl_decrypt_buf() for CBC - ciphersuites, for full SSL frames of data. - * Improve interoperability by not writing extension length in ClientHello / - ServerHello when no extensions are present (found by Matthew Page) - * rsa_check_pubkey() now allows an E up to N - * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings - * mpi_fill_random() was creating numbers larger than requested on - big-endian platform when size was not an integer number of limbs - * Fix dependencies issues in X.509 test suite. - * Some parts of ssl_tls.c were compiled even when the module was disabled. - * Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer) - * Fix detection of Clang on some Apple platforms with CMake - (found by Barry K. Nathan) - -= PolarSSL 1.3.6 released on 2014-04-11 - -Features - * Support for the ALPN SSL extension - * Add option 'use_dev_random' to gen_key application - * Enable verification of the keyUsage extension for CA and leaf - certificates (POLARSSL_X509_CHECK_KEY_USAGE) - * Enable verification of the extendedKeyUsage extension - (POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) - -Changes - * x509_crt_info() now prints information about parsed extensions as well - * pk_verify() now returns a specific error code when the signature is valid - but shorter than the supplied length. - * Use UTC time to check certificate validity. - * Reject certificates with times not in UTC, per RFC 5280. - -Security - * Avoid potential timing leak in ecdsa_sign() by blinding modular division. - (Found by Watson Ladd.) - * The notAfter date of some certificates was no longer checked since 1.3.5. - This affects certificates in the user-supplied chain except the top - certificate. If the user-supplied chain contains only one certificates, - it is not affected (ie, its notAfter date is properly checked). - * Prevent potential NULL pointer dereference in ssl_read_record() (found by - TrustInSoft) - -Bugfix - * The length of various ClientKeyExchange messages was not properly checked. - * Some example server programs were not sending the close_notify alert. - * Potential memory leak in mpi_exp_mod() when error occurs during - calculation of RR. - * Fixed malloc/free default #define in platform.c (found by Gergely Budai). - * Fixed type which made POLARSSL_ENTROPY_FORCE_SHA256 uneffective (found by - Gergely Budai). - * Fix #include path in ecdsa.h which wasn't accepted by some compilers. - (found by Gergely Budai) - * Fix compile errors when POLARSSL_ERROR_STRERROR_BC is undefined (found by - Shuo Chen). - * oid_get_numeric_string() used to truncate the output without returning an - error if the output buffer was just 1 byte too small. - * dhm_parse_dhm() (hence dhm_parse_dhmfile()) did not set dhm->len. - * Calling pk_debug() on an RSA-alt key would segfault. - * pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys. - * Potential buffer overwrite in pem_write_buffer() because of low length - indication (found by Thijs Alkemade) - * EC curves constants, which should be only in ROM since 1.3.3, were also - stored in RAM due to missing 'const's (found by Gergely Budai). - -= PolarSSL 1.3.5 released on 2014-03-26 -Features - * HMAC-DRBG as a separate module - * Option to set the Curve preference order (disabled by default) - * Single Platform compatilibity layer (for memory / printf / fprintf) - * Ability to provide alternate timing implementation - * Ability to force the entropy module to use SHA-256 as its basis - (POLARSSL_ENTROPY_FORCE_SHA256) - * Testing script ssl-opt.sh added for testing 'live' ssl option - interoperability against OpenSSL and PolarSSL - * Support for reading EC keys that use SpecifiedECDomain in some cases. - * Entropy module now supports seed writing and reading - -Changes - * Deprecated the Memory layer - * entropy_add_source(), entropy_update_manual() and entropy_gather() - now thread-safe if POLARSSL_THREADING_C defined - * Improvements to the CMake build system, contributed by Julian Ospald. - * Work around a bug of the version of Clang shipped by Apple with Mavericks - that prevented bignum.c from compiling. (Reported by Rafael Baptista.) - * Revamped the compat.sh interoperatibility script to include support for - testing against GnuTLS - * Deprecated ssl_set_own_cert_rsa() and ssl_set_own_cert_rsa_alt() - * Improvements to tests/Makefile, contributed by Oden Eriksson. - -Security - * Forbid change of server certificate during renegotiation to prevent - "triple handshake" attack when authentication mode is 'optional' (the - attack was already impossible when authentication is required). - * Check notBefore timestamp of certificates and CRLs from the future. - * Forbid sequence number wrapping - * Fixed possible buffer overflow with overlong PSK - * Possible remotely-triggered out-of-bounds memory access fixed (found by - TrustInSoft) - -Bugfix - * ecp_gen_keypair() does more tries to prevent failure because of - statistics - * Fixed bug in RSA PKCS#1 v1.5 "reversed" operations - * Fixed testing with out-of-source builds using cmake - * Fixed version-major intolerance in server - * Fixed CMake symlinking on out-of-source builds - * Fixed dependency issues in test suite - * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0 - * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by - Alex Wilson.) - * ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled. - * m_sleep() was sleeping twice too long on most Unix platforms. - * Fixed bug with session tickets and non-blocking I/O in the unlikely case - send() would return an EAGAIN error when sending the ticket. - * ssl_cache was leaking memory when reusing a timed out entry containing a - client certificate. - * ssl_srv was leaking memory when client presented a timed out ticket - containing a client certificate - * ssl_init() was leaving a dirty pointer in ssl_context if malloc of - out_ctr failed - * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc - of one of them failed - * Fix typo in rsa_copy() that impacted PKCS#1 v2 contexts - * x509_get_current_time() uses localtime_r() to prevent thread issues - -= PolarSSL 1.3.4 released on 2014-01-27 -Features - * Support for the Koblitz curves: secp192k1, secp224k1, secp256k1 - * Support for RIPEMD-160 - * Support for AES CFB8 mode - * Support for deterministic ECDSA (RFC 6979) - -Bugfix - * Potential memory leak in bignum_selftest() - * Replaced expired test certificate - * ssl_mail_client now terminates lines with CRLF, instead of LF - * net module handles timeouts on blocking sockets better (found by Tilman - Sauerbeck) - * Assembly format fixes in bn_mul.h - -Security - * Missing MPI_CHK calls added around unguarded mpi calls (found by - TrustInSoft) - -= PolarSSL 1.3.3 released on 2013-12-31 -Features - * EC key generation support in gen_key app - * Support for adhering to client ciphersuite order preference - (POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - * Support for Curve25519 - * Support for ECDH-RSA and ECDH-ECDSA key exchanges and ciphersuites - * Support for IPv6 in the NET module - * AES-NI support for AES, AES-GCM and AES key scheduling - * SSL Pthread-based server example added (ssl_pthread_server) - -Changes - * gen_prime() speedup - * Speedup of ECP multiplication operation - * Relaxed some SHA2 ciphersuite's version requirements - * Dropped use of readdir_r() instead of readdir() with threading support - * More constant-time checks in the RSA module - * Split off curves from ecp.c into ecp_curves.c - * Curves are now stored fully in ROM - * Memory usage optimizations in ECP module - * Removed POLARSSL_THREADING_DUMMY - -Bugfix - * Fixed bug in mpi_set_bit() on platforms where t_uint is wider than int - * Fixed X.509 hostname comparison (with non-regular characters) - * SSL now gracefully handles missing RNG - * Missing defines / cases for RSA_PSK key exchange - * crypt_and_hash app checks MAC before final decryption - * Potential memory leak in ssl_ticket_keys_init() - * Memory leak in benchmark application - * Fixed x509_crt_parse_path() bug on Windows platforms - * Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by - TrustInSoft) - * Fixed potential overflow in certificate size verification in - ssl_write_certificate() (found by TrustInSoft) - -Security - * Possible remotely-triggered out-of-bounds memory access fixed (found by - TrustInSoft) - -= PolarSSL 1.3.2 released on 2013-11-04 -Features - * PK tests added to test framework - * Added optional optimization for NIST MODP curves (POLARSSL_ECP_NIST_OPTIM) - * Support for Camellia-GCM mode and ciphersuites - -Changes - * Padding checks in cipher layer are now constant-time - * Value comparisons in SSL layer are now constant-time - * Support for serialNumber, postalAddress and postalCode in X509 names - * SSL Renegotiation was refactored - -Bugfix - * More stringent checks in cipher layer - * Server does not send out extensions not advertised by client - * Prevent possible alignment warnings on casting from char * to 'aligned *' - * Misc fixes and additions to dependency checks - * Const correctness - * cert_write with selfsign should use issuer_name as subject_name - * Fix ECDSA corner case: missing reduction mod N (found by DualTachyon) - * Defines to handle UEFI environment under MSVC - * Server-side initiated renegotiations send HelloRequest - -= PolarSSL 1.3.1 released on 2013-10-15 -Features - * Support for Brainpool curves and TLS ciphersuites (RFC 7027) - * Support for ECDHE-PSK key-exchange and ciphersuites - * Support for RSA-PSK key-exchange and ciphersuites - -Changes - * RSA blinding locks for a smaller amount of time - * TLS compression only allocates working buffer once - * Introduced POLARSSL_HAVE_READDIR_R for systems without it - * config.h is more script-friendly - -Bugfix - * Missing MSVC defines added - * Compile errors with POLARSSL_RSA_NO_CRT - * Header files with 'polarssl/' - * Const correctness - * Possible naming collision in dhm_context - * Better support for MSVC - * threading_set_alt() name - * Added missing x509write_crt_set_version() - -= PolarSSL 1.3.0 released on 2013-10-01 -Features - * Elliptic Curve Cryptography module added - * Elliptic Curve Diffie Hellman module added - * Ephemeral Elliptic Curve Diffie Hellman support for SSL/TLS - (ECDHE-based ciphersuites) - * Ephemeral Elliptic Curve Digital Signature Algorithm support for SSL/TLS - (ECDSA-based ciphersuites) - * Ability to specify allowed ciphersuites based on the protocol version. - * PSK and DHE-PSK based ciphersuites added - * Memory allocation abstraction layer added - * Buffer-based memory allocator added (no malloc() / free() / HEAP usage) - * Threading abstraction layer added (dummy / pthread / alternate) - * Public Key abstraction layer added - * Parsing Elliptic Curve keys - * Parsing Elliptic Curve certificates - * Support for max_fragment_length extension (RFC 6066) - * Support for truncated_hmac extension (RFC 6066) - * Support for zeros-and-length (ANSI X.923) padding, one-and-zeros - (ISO/IEC 7816-4) padding and zero padding in the cipher layer - * Support for session tickets (RFC 5077) - * Certificate Request (CSR) generation with extensions (key_usage, - ns_cert_type) - * X509 Certificate writing with extensions (basic_constraints, - issuer_key_identifier, etc) - * Optional blinding for RSA, DHM and EC - * Support for multiple active certificate / key pairs in SSL servers for - the same host (Not to be confused with SNI!) - -Changes - * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 - individually - * Introduced separate SSL Ciphersuites module that is based on - Cipher and MD information - * Internals for SSL module adapted to have separate IV pointer that is - dynamically set (Better support for hardware acceleration) - * Moved all OID functionality to a separate module. RSA function - prototypes for the RSA sign and verify functions changed as a result - * Split up the GCM module into a starts/update/finish cycle - * Client and server now filter sent and accepted ciphersuites on minimum - and maximum protocol version - * Ability to disable server_name extension (RFC 6066) - * Renamed error_strerror() to the less conflicting polarssl_strerror() - (Ability to keep old as well with POLARSSL_ERROR_STRERROR_BC) - * SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly - * All RSA operations require a random generator for blinding purposes - * X509 core refactored - * x509_crt_verify() now case insensitive for cn (RFC 6125 6.4) - * Also compiles / runs without time-based functions (!POLARSSL_HAVE_TIME) - * Support faulty X509 v1 certificates with extensions - (POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3) - -Bugfix - * Fixed parse error in ssl_parse_certificate_request() - * zlib compression/decompression skipped on empty blocks - * Support for AIX header locations in net.c module - * Fixed file descriptor leaks - -Security - * RSA blinding on CRT operations to counter timing attacks - (found by Cyril Arnaud and Pierre-Alain Fouque) - - -= Version 1.2.14 released 2015-05-?? - -Security - * Fix potential invalid memory read in the server, that allows a client to - crash it remotely (found by Caj Larsson). - * Fix potential invalid memory read in certificate parsing, that allows a - client to crash the server remotely if client authentication is enabled - (found using Codenomicon Defensics). - * Add countermeasure against "Lucky 13 strikes back" cache-based attack, - https://dl.acm.org/citation.cfm?id=2714625 - -Bugfix - * Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos). - * Fix hardclock() (only used in the benchmarking program) with some - versions of mingw64 (found by kxjhlele). - * Fix warnings from mingw64 in timing.c (found by kxjklele). - * Fix potential unintended sign extension in asn1_get_len() on 64-bit - platforms (found with Coverity Scan). - -= Version 1.2.13 released 2015-02-16 -Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting - this will be made in the 1.2 branch at this point. - -Security - * Fix remotely-triggerable uninitialised pointer dereference caused by - crafted X.509 certificate (TLS server is not affected if it doesn't ask - for a client certificate) (found using Codenomicon Defensics). - * Fix remotely-triggerable memory leak caused by crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - (found using Codenomicon Defensics). - * Fix potential stack overflow while parsing crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate) - found using Codenomicon Defensics). - * Fix buffer overread of size 1 when parsing crafted X.509 certificates - (TLS server is not affected if it doesn't ask for a client certificate). - -Bugfix - * Fix potential undefined behaviour in Camellia. - * Fix memory leaks in PKCS#5 and PKCS#12. - * Stack buffer overflow if ctr_drbg_update() is called with too large - add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). - * Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced - in 1.2.12). - * Fix unchecked return code in x509_crt_parse_path() on Windows (found by - Peter Vaskovic). - * Fix assembly selection for MIPS64 (thanks to James Cowgill). - * ssl_get_verify_result() now works even if the handshake was aborted due - to a failed verification (found by Fredrik Axelsson). - * Skip writing and parsing signature_algorithm extension if none of the - key exchanges enabled needs certificates. This fixes a possible interop - issue with some servers when a zero-length extension was sent. (Reported - by Peter Dettman.) - * On a 0-length input, base64_encode() did not correctly set output length - (found by Hendrik van den Boogaard). - -Changes - * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. - * Forbid repeated extensions in X.509 certificates. - * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the - length of an X.509 verification chain (default = 8). -= Version 1.2.12 released 2014-10-24 - -Security - * Remotely-triggerable memory leak when parsing some X.509 certificates - (server is not affected if it doesn't ask for a client certificate). - (Found using Codenomicon Defensics.) - -Bugfix - * Fix potential bad read in parsing ServerHello (found by Adrien - Vialletelle). - * ssl_close_notify() could send more than one message in some circumstances - with non-blocking I/O. - * x509_crt_parse() did not increase total_failed on PEM error - * Fix compiler warnings on iOS (found by Sander Niemeijer). - * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel). - * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce). - * ssl_read() could return non-application data records on server while - renegotation was pending, and on client when a HelloRequest was received. - * Fix warnings from Clang's scan-build (contributed by Alfred Klomp). - -Changes - * X.509 certificates with more than one AttributeTypeAndValue per - RelativeDistinguishedName are not accepted any more. - * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than - POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts. - * Accept spaces at end of line or end of buffer in base64_decode(). - -= Version 1.2.11 released 2014-07-11 -Features - * Entropy module now supports seed writing and reading - -Changes - * Introduced POLARSSL_HAVE_READDIR_R for systems without it - * Improvements to the CMake build system, contributed by Julian Ospald. - * Work around a bug of the version of Clang shipped by Apple with Mavericks - that prevented bignum.c from compiling. (Reported by Rafael Baptista.) - * Improvements to tests/Makefile, contributed by Oden Eriksson. - * Use UTC time to check certificate validity. - * Reject certificates with times not in UTC, per RFC 5280. - * Migrate zeroizing of data to polarssl_zeroize() instead of memset() - against unwanted compiler optimizations - -Security - * Forbid change of server certificate during renegotiation to prevent - "triple handshake" attack when authentication mode is optional (the - attack was already impossible when authentication is required). - * Check notBefore timestamp of certificates and CRLs from the future. - * Forbid sequence number wrapping - * Prevent potential NULL pointer dereference in ssl_read_record() (found by - TrustInSoft) - * Fix length checking for AEAD ciphersuites (found by Codenomicon). - It was possible to crash the server (and client) using crafted messages - when a GCM suite was chosen. - -Bugfix - * Fixed X.509 hostname comparison (with non-regular characters) - * SSL now gracefully handles missing RNG - * crypt_and_hash app checks MAC before final decryption - * Fixed x509_crt_parse_path() bug on Windows platforms - * Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by - TrustInSoft) - * Fixed potential overflow in certificate size verification in - ssl_write_certificate() (found by TrustInSoft) - * Fix ASM format in bn_mul.h - * Potential memory leak in bignum_selftest() - * Replaced expired test certificate - * ssl_mail_client now terminates lines with CRLF, instead of LF - * Fix bug in RSA PKCS#1 v1.5 "reversed" operations - * Fixed testing with out-of-source builds using cmake - * Fixed version-major intolerance in server - * Fixed CMake symlinking on out-of-source builds - * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by - Alex Wilson.) - * ssl_init() was leaving a dirty pointer in ssl_context if malloc of - out_ctr failed - * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc - of one of them failed - * x509_get_current_time() uses localtime_r() to prevent thread issues - * Some example server programs were not sending the close_notify alert. - * Potential memory leak in mpi_exp_mod() when error occurs during - calculation of RR. - * Improve interoperability by not writing extension length in ClientHello - when no extensions are present (found by Matthew Page) - * rsa_check_pubkey() now allows an E up to N - * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings - * mpi_fill_random() was creating numbers larger than requested on - big-endian platform when size was not an integer number of limbs - * Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer) - * Stricter check on SSL ClientHello internal sizes compared to actual packet - size (found by TrustInSoft) - * Fix preprocessor checks for bn_mul PPC asm (found by Barry K. Nathan). - * Use \n\t rather than semicolons for bn_mul asm, since some assemblers - interpret semicolons as comment delimiters (found by Barry K. Nathan). - * Disable broken Sparc64 bn_mul assembly (found by Florian Obser). - * Fix base64_decode() to return and check length correctly (in case of - tight buffers) - -= Version 1.2.10 released 2013-10-07 -Changes - * Changed RSA blinding to a slower but thread-safe version - -Bugfix - * Fixed memory leak in RSA as a result of introduction of blinding - * Fixed ssl_pkcs11_decrypt() prototype - * Fixed MSVC project files - -= Version 1.2.9 released 2013-10-01 -Changes - * x509_verify() now case insensitive for cn (RFC 6125 6.4) - -Bugfix - * Fixed potential memory leak when failing to resume a session - * Fixed potential file descriptor leaks (found by Remi Gacogne) - * Minor fixes - -Security - * Fixed potential heap buffer overflow on large hostname setting - * Fixed potential negative value misinterpretation in load_file() - * RSA blinding on CRT operations to counter timing attacks - (found by Cyril Arnaud and Pierre-Alain Fouque) - -= Version 1.2.8 released 2013-06-19 -Features - * Parsing of PKCS#8 encrypted private key files - * PKCS#12 PBE and derivation functions - * Centralized module option values in config.h to allow user-defined - settings without editing header files by using POLARSSL_CONFIG_OPTIONS - -Changes - * HAVEGE random generator disabled by default - * Internally split up x509parse_key() into a (PEM) handler function - and specific DER parser functions for the PKCS#1 and unencrypted - PKCS#8 private key formats - * Added mechanism to provide alternative implementations for all - symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in - config.h) - * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated - old PBKDF2 module - -Bugfix - * Secure renegotiation extension should only be sent in case client - supports secure renegotiation - * Fixed offset for cert_type list in ssl_parse_certificate_request() - * Fixed const correctness issues that have no impact on the ABI - * x509parse_crt() now better handles PEM error situations - * ssl_parse_certificate() now calls x509parse_crt_der() directly - instead of the x509parse_crt() wrapper that can also parse PEM - certificates - * x509parse_crtpath() is now reentrant and uses more portable stat() - * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler - * Fixed values for 2-key Triple DES in cipher layer - * ssl_write_certificate_request() can handle empty ca_chain - -Security - * A possible DoS during the SSL Handshake, due to faulty parsing of - PEM-encoded certificates has been fixed (found by Jack Lloyd) - -= Version 1.2.7 released 2013-04-13 -Features - * Ability to specify allowed ciphersuites based on the protocol version. - -Changes - * Default Blowfish keysize is now 128-bits - * Test suites made smaller to accommodate Raspberry Pi - -Bugfix - * Fix for MPI assembly for ARM - * GCM adapted to support sizes > 2^29 - -= Version 1.2.6 released 2013-03-11 -Bugfix - * Fixed memory leak in ssl_free() and ssl_reset() for active session - * Corrected GCM counter incrementation to use only 32-bits instead of - 128-bits (found by Yawning Angel) - * Fixes for 64-bit compilation with MS Visual Studio - * Fixed net_bind() for specified IP addresses on little endian systems - * Fixed assembly code for ARM (Thumb and regular) for some compilers - -Changes - * Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(), - rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and - PKCS#1 v2.1 functions - * Added support for custom labels when using rsa_rsaes_oaep_encrypt() - or rsa_rsaes_oaep_decrypt() - * Re-added handling for SSLv2 Client Hello when the define - POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set - * The SSL session cache module (ssl_cache) now also retains peer_cert - information (not the entire chain) - -Security - * Removed further timing differences during SSL message decryption in - ssl_decrypt_buf() - * Removed timing differences due to bad padding from - rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5 - operations - -= Version 1.2.5 released 2013-02-02 -Changes - * Allow enabling of dummy error_strerror() to support some use-cases - * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL - * Sending of security-relevant alert messages that do not break - interoperability can be switched on/off with the flag - POLARSSL_SSL_ALL_ALERT_MESSAGES - -Security - * Removed timing differences during SSL message decryption in - ssl_decrypt_buf() due to badly formatted padding - -= Version 1.2.4 released 2013-01-25 -Changes - * More advanced SSL ciphersuite representation and moved to more dynamic - SSL core - * Added ssl_handshake_step() to allow single stepping the handshake process - -Bugfix - * Memory leak when using RSA_PKCS_V21 operations fixed - * Handle future version properly in ssl_write_certificate_request() - * Correctly handle CertificateRequest message in client for <= TLS 1.1 - without DN list - -= Version 1.2.3 released 2012-11-26 -Bugfix - * Server not always sending correct CertificateRequest message - -= Version 1.2.2 released 2012-11-24 -Changes - * Added p_hw_data to ssl_context for context specific hardware acceleration - data - * During verify trust-CA is only checked for expiration and CRL presence - -Bugfixes - * Fixed client authentication compatibility - * Fixed dependency on POLARSSL_SHA4_C in SSL modules - -= Version 1.2.1 released 2012-11-20 -Changes - * Depth that the certificate verify callback receives is now numbered - bottom-up (Peer cert depth is 0) - -Bugfixes - * Fixes for MSVC6 - * Moved mpi_inv_mod() outside POLARSSL_GENPRIME - * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel - Pégourié-Gonnard) - * Fixed possible segfault in mpi_shift_r() (found by Manuel - Pégourié-Gonnard) - * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 - -= Version 1.2.0 released 2012-10-31 -Features - * Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak - ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by - default! - * Added support for wildcard certificates - * Added support for multi-domain certificates through the X509 Subject - Alternative Name extension - * Added preliminary ASN.1 buffer writing support - * Added preliminary X509 Certificate Request writing support - * Added key_app_writer example application - * Added cert_req example application - * Added base Galois Counter Mode (GCM) for AES - * Added TLS 1.2 support (RFC 5246) - * Added GCM suites to TLS 1.2 (RFC 5288) - * Added commandline error code convertor (util/strerror) - * Added support for Hardware Acceleration hooking in SSL/TLS - * Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and - example application (programs/ssl/o_p_test) (requires OpenSSL) - * Added X509 CA Path support - * Added Thumb assembly optimizations - * Added DEFLATE compression support as per RFC3749 (requires zlib) - * Added blowfish algorithm (Generic and cipher layer) - * Added PKCS#5 PBKDF2 key derivation function - * Added Secure Renegotiation (RFC 5746) - * Added predefined DHM groups from RFC 5114 - * Added simple SSL session cache implementation - * Added ServerName extension parsing (SNI) at server side - * Added option to add minimum accepted SSL/TLS protocol version - -Changes - * Removed redundant POLARSSL_DEBUG_MSG define - * AES code only check for Padlock once - * Fixed const-correctness mpi_get_bit() - * Documentation for mpi_lsb() and mpi_msb() - * Moved out_msg to out_hdr + 32 to support hardware acceleration - * Changed certificate verify behaviour to comply with RFC 6125 section 6.3 - to not match CN if subjectAltName extension is present (Closes ticket #56) - * Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to - POLARSSL_MODE_CFB, to also handle different block size CFB modes. - * Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation) - * Revamped session resumption handling - * Generalized external private key implementation handling (like PKCS#11) - in SSL/TLS - * Revamped x509_verify() and the SSL f_vrfy callback implementations - * Moved from unsigned long to fixed width uint32_t types throughout code - * Renamed ciphersuites naming scheme to IANA reserved names - -Bugfix - * Fixed handling error in mpi_cmp_mpi() on longer B values (found by - Hui Dong) - * Fixed potential heap corruption in x509_name allocation - * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54) - * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket - #52) - * Handle encryption with private key and decryption with public key as per - RFC 2313 - * Handle empty certificate subject names - * Prevent reading over buffer boundaries on X509 certificate parsing - * mpi_add_abs() now correctly handles adding short numbers to long numbers - with carry rollover (found by Ruslan Yushchenko) - * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob - * Fixed MPI assembly for SPARC64 platform - -Security - * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi - Vanderbeken) - -= Version 1.1.8 released on 2013-10-01 -Bugfix - * Fixed potential memory leak when failing to resume a session - * Fixed potential file descriptor leaks - -Security - * Potential buffer-overflow for ssl_read_record() (independently found by - both TrustInSoft and Paul Brodeur of Leviathan Security Group) - * Potential negative value misinterpretation in load_file() - * Potential heap buffer overflow on large hostname setting - -= Version 1.1.7 released on 2013-06-19 -Changes - * HAVEGE random generator disabled by default - -Bugfix - * x509parse_crt() now better handles PEM error situations - * ssl_parse_certificate() now calls x509parse_crt_der() directly - instead of the x509parse_crt() wrapper that can also parse PEM - certificates - * Fixed values for 2-key Triple DES in cipher layer - * ssl_write_certificate_request() can handle empty ca_chain - -Security - * A possible DoS during the SSL Handshake, due to faulty parsing of - PEM-encoded certificates has been fixed (found by Jack Lloyd) - -= Version 1.1.6 released on 2013-03-11 -Bugfix - * Fixed net_bind() for specified IP addresses on little endian systems - -Changes - * Allow enabling of dummy error_strerror() to support some use-cases - * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL - -Security - * Removed timing differences during SSL message decryption in - ssl_decrypt_buf() - * Removed timing differences due to bad padding from - rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5 - operations - -= Version 1.1.5 released on 2013-01-16 -Bugfix - * Fixed MPI assembly for SPARC64 platform - * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob - * mpi_add_abs() now correctly handles adding short numbers to long numbers - with carry rollover - * Moved mpi_inv_mod() outside POLARSSL_GENPRIME - * Prevent reading over buffer boundaries on X509 certificate parsing - * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket - #52) - * Fixed possible segfault in mpi_shift_r() (found by Manuel - Pégourié-Gonnard) - * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel - Pégourié-Gonnard) - * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 - * Memory leak when using RSA_PKCS_V21 operations fixed - * Handle encryption with private key and decryption with public key as per - RFC 2313 - * Fixes for MSVC6 - -Security - * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi - Vanderbeken) - -= Version 1.1.4 released on 2012-05-31 -Bugfix - * Correctly handle empty SSL/TLS packets (Found by James Yonan) - * Fixed potential heap corruption in x509_name allocation - * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54) - -= Version 1.1.3 released on 2012-04-29 -Bugfix - * Fixed random MPI generation to not generate more size than requested. - -= Version 1.1.2 released on 2012-04-26 -Bugfix - * Fixed handling error in mpi_cmp_mpi() on longer B values (found by - Hui Dong) - -Security - * Fixed potential memory corruption on miscrafted client messages (found by - Frama-C team at CEA LIST) - * Fixed generation of DHM parameters to correct length (found by Ruslan - Yushchenko) - -= Version 1.1.1 released on 2012-01-23 -Bugfix - * Check for failed malloc() in ssl_set_hostname() and x509_get_entries() - (Closes ticket #47, found by Hugo Leisink) - * Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50) - * Fixed multiple compiler warnings for VS6 and armcc - * Fixed bug in CTR_CRBG selftest - -= Version 1.1.0 released on 2011-12-22 -Features - * Added ssl_session_reset() to allow better multi-connection pools of - SSL contexts without needing to set all non-connection-specific - data and pointers again. Adapted ssl_server to use this functionality. - * Added ssl_set_max_version() to allow clients to offer a lower maximum - supported version to a server to help buggy server implementations. - (Closes ticket #36) - * Added cipher_get_cipher_mode() and cipher_get_cipher_operation() - introspection functions (Closes ticket #40) - * Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator - * Added a generic entropy accumulator that provides support for adding - custom entropy sources and added some generic and platform dependent - entropy sources - -Changes - * Documentation for AES and Camellia in modes CTR and CFB128 clarified. - * Fixed rsa_encrypt and rsa_decrypt examples to use public key for - encryption and private key for decryption. (Closes ticket #34) - * Inceased maximum size of ASN1 length reads to 32-bits. - * Added an EXPLICIT tag number parameter to x509_get_ext() - * Added a separate CRL entry extension parsing function - * Separated the ASN.1 parsing code from the X.509 specific parsing code. - So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C. - * Changed the defined key-length of DES ciphers in cipher.h to include the - parity bits, to prevent mistakes in copying data. (Closes ticket #33) - * Loads of minimal changes to better support WINCE as a build target - (Credits go to Marco Lizza) - * Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory - trade-off - * Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size - management (Closes ticket #44) - * Changed the used random function pointer to more flexible format. Renamed - havege_rand() to havege_random() to prevent mistakes. Lots of changes as - a consequence in library code and programs - * Moved all examples programs to use the new entropy and CTR_DRBG - * Added permissive certificate parsing to x509parse_crt() and - x509parse_crtfile(). With permissive parsing the parsing does not stop on - encountering a parse-error. Beware that the meaning of return values has - changed! - * All error codes are now negative. Even on mermory failures and IO errors. - -Bugfix - * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes - ticket #37) - * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag - before version numbers - * Allowed X509 key usage parsing to accept 4 byte values instead of the - standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) - * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length - smaller than the hash length. (Closes ticket #41) - * If certificate serial is longer than 32 octets, serial number is now - appended with '....' after first 28 octets - * Improved build support for s390x and sparc64 in bignum.h - * Fixed MS Visual C++ name clash with int64 in sha4.h - * Corrected removal of leading "00:" in printing serial numbers in - certificates and CRLs - -= Version 1.0.0 released on 2011-07-27 -Features - * Expanded cipher layer with support for CFB128 and CTR mode - * Added rsa_encrypt and rsa_decrypt simple example programs. - -Changes - * The generic cipher and message digest layer now have normal error - codes instead of integers - -Bugfix - * Undid faulty bug fix in ssl_write() when flushing old data (Ticket - #18) - -= Version 0.99-pre5 released on 2011-05-26 -Features - * Added additional Cipher Block Modes to symmetric ciphers - (AES CTR, Camellia CTR, XTEA CBC) including the option to - enable and disable individual modes when needed - * Functions requiring File System functions can now be disabled - by undefining POLARSSL_FS_IO - * A error_strerror function() has been added to translate between - error codes and their description. - * Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter - functions. - * Added ssl_mail_client and ssl_fork_server as example programs. - -Changes - * Major argument / variable rewrite. Introduced use of size_t - instead of int for buffer lengths and loop variables for - better unsigned / signed use. Renamed internal bigint types - t_int and t_dbl to t_uint and t_udbl in the process - * mpi_init() and mpi_free() now only accept a single MPI - argument and do not accept variable argument lists anymore. - * The error codes have been remapped and combining error codes - is now done with a PLUS instead of an OR as error codes - used are negative. - * Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv(). - net_recv() now returns 0 on EOF instead of - POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns - POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. - ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received - after the handshake. - * Network functions now return POLARSSL_ERR_NET_WANT_READ or - POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous - POLARSSL_ERR_NET_TRY_AGAIN - -= Version 0.99-pre4 released on 2011-04-01 -Features - * Added support for PKCS#1 v2.1 encoding and thus support - for the RSAES-OAEP and RSASSA-PSS operations. - * Reading of Public Key files incorporated into default x509 - functionality as well. - * Added mpi_fill_random() for centralized filling of big numbers - with random data (Fixed ticket #10) - -Changes - * Debug print of MPI now removes leading zero octets and - displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) - does not zeroize memory in advance anymore. Use rsa_init() - before parsing a key or keyfile! - -Bugfix - * Debug output of MPI's now the same independent of underlying - platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads - Kiilerich and Mihai Militaru) - * Fixed bug in ssl_write() when flushing old data (Fixed ticket - #18, found by Nikolay Epifanov) - * Fixed proper handling of RSASSA-PSS verification with variable - length salt lengths - -= Version 0.99-pre3 released on 2011-02-28 -This release replaces version 0.99-pre2 which had possible copyright issues. -Features - * Parsing PEM private keys encrypted with DES and AES - are now supported as well (Fixes ticket #5) - * Added crl_app program to allow easy reading and - printing of X509 CRLs from file - -Changes - * Parsing of PEM files moved to separate module (Fixes - ticket #13). Also possible to remove PEM support for - systems only using DER encoding - -Bugfixes - * Corrected parsing of UTCTime dates before 1990 and - after 1950 - * Support more exotic OID's when parsing certificates - (found by Mads Kiilerich) - * Support more exotic name representations when parsing - certificates (found by Mads Kiilerich) - * Replaced the expired test certificates - * Do not bail out if no client certificate specified. Try - to negotiate anonymous connection (Fixes ticket #12, - found by Boris Krasnovskiy) - -Security fixes - * Fixed a possible Man-in-the-Middle attack on the - Diffie Hellman key exchange (thanks to Larry Highsmith, - Subreption LLC) - -= Version 0.99-pre1 released on 2011-01-30 -Features -Note: Most of these features have been donated by Fox-IT - * Added Doxygen source code documentation parts - * Added reading of DHM context from memory and file - * Improved X509 certificate parsing to include extended - certificate fields, including Key Usage - * Improved certificate verification and verification - against the available CRLs - * Detection for DES weak keys and parity bits added - * Improvements to support integration in other - applications: - + Added generic message digest and cipher wrapper - + Improved information about current capabilities, - status, objects and configuration - + Added verification callback on certificate chain - verification to allow external blacklisting - + Additional example programs to show usage - * Added support for PKCS#11 through the use of the - libpkcs11-helper library - -Changes - * x509parse_time_expired() checks time in addition to - the existing date check - * The ciphers member of ssl_context and the cipher member - of ssl_session have been renamed to ciphersuites and - ciphersuite respectively. This clarifies the difference - with the generic cipher layer and is better naming - altogether - -= Version 0.14.0 released on 2010-08-16 -Features - * Added support for SSL_EDH_RSA_AES_128_SHA and - SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites - * Added compile-time and run-time version information - * Expanded ssl_client2 arguments for more flexibility - * Added support for TLS v1.1 - -Changes - * Made Makefile cleaner - * Removed dependency on rand() in rsa_pkcs1_encrypt(). - Now using random fuction provided to function and - changed the prototype of rsa_pkcs1_encrypt(), - rsa_init() and rsa_gen_key(). - * Some SSL defines were renamed in order to avoid - future confusion - -Bug fixes - * Fixed CMake out of source build for tests (found by - kkert) - * rsa_check_private() now supports PKCS1v2 keys as well - * Fixed deadlock in rsa_pkcs1_encrypt() on failing random - generator - -= Version 0.13.1 released on 2010-03-24 -Bug fixes - * Fixed Makefile in library that was mistakenly merged - * Added missing const string fixes - -= Version 0.13.0 released on 2010-03-21 -Features - * Added option parsing for host and port selection to - ssl_client2 - * Added support for GeneralizedTime in X509 parsing - * Added cert_app program to allow easy reading and - printing of X509 certificates from file or SSL - connection. - -Changes - * Added const correctness for main code base - * X509 signature algorithm determination is now - in a function to allow easy future expansion - * Changed symmetric cipher functions to - identical interface (returning int result values) - * Changed ARC4 to use separate input/output buffer - * Added reset function for HMAC context as speed-up - for specific use-cases - -Bug fixes - * Fixed bug resulting in failure to send the last - certificate in the chain in ssl_write_certificate() and - ssl_write_certificate_request() (found by fatbob) - * Added small fixes for compiler warnings on a Mac - (found by Frank de Brabander) - * Fixed algorithmic bug in mpi_is_prime() (found by - Smbat Tonoyan) - -= Version 0.12.1 released on 2009-10-04 -Changes - * Coverage test definitions now support 'depends_on' - tagging system. - * Tests requiring specific hashing algorithms now honor - the defines. - -Bug fixes - * Changed typo in #ifdef in x509parse.c (found - by Eduardo) - -= Version 0.12.0 released on 2009-07-28 -Features - * Added CMake makefiles as alternative to regular Makefiles. - * Added preliminary Code Coverage tests for AES, ARC4, - Base64, MPI, SHA-family, MD-family, HMAC-SHA-family, - Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman - and X509parse. - -Changes - * Error codes are not (necessarily) negative. Keep - this is mind when checking for errors. - * RSA_RAW renamed to SIG_RSA_RAW for consistency. - * Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. - * Changed interface for AES and Camellia setkey functions - to indicate invalid key lengths. - -Bug fixes - * Fixed include location of endian.h on FreeBSD (found by - Gabriel) - * Fixed include location of endian.h and name clash on - Apples (found by Martin van Hensbergen) - * Fixed HMAC-MD2 by modifying md2_starts(), so that the - required HMAC ipad and opad variables are not cleared. - (found by code coverage tests) - * Prevented use of long long in bignum if - POLARSSL_HAVE_LONGLONG not defined (found by Giles - Bathgate). - * Fixed incorrect handling of negative strings in - mpi_read_string() (found by code coverage tests). - * Fixed segfault on handling empty rsa_context in - rsa_check_pubkey() and rsa_check_privkey() (found by - code coverage tests). - * Fixed incorrect handling of one single negative input - value in mpi_add_abs() (found by code coverage tests). - * Fixed incorrect handling of negative first input - value in mpi_sub_abs() (found by code coverage tests). - * Fixed incorrect handling of negative first input - value in mpi_mod_mpi() and mpi_mod_int(). Resulting - change also affects mpi_write_string() (found by code - coverage tests). - * Corrected is_prime() results for 0, 1 and 2 (found by - code coverage tests). - * Fixed Camellia and XTEA for 64-bit Windows systems. - -= Version 0.11.1 released on 2009-05-17 - * Fixed missing functionality for SHA-224, SHA-256, SHA384, - SHA-512 in rsa_pkcs1_sign() - -= Version 0.11.0 released on 2009-05-03 - * Fixed a bug in mpi_gcd() so that it also works when both - input numbers are even and added testcases to check - (found by Pierre Habouzit). - * Added support for SHA-224, SHA-256, SHA-384 and SHA-512 - one way hash functions with the PKCS#1 v1.5 signing and - verification. - * Fixed minor bug regarding mpi_gcd located within the - POLARSSL_GENPRIME block. - * Fixed minor memory leak in x509parse_crt() and added better - handling of 'full' certificate chains (found by Mathias - Olsson). - * Centralized file opening and reading for x509 files into - load_file() - * Made definition of net_htons() endian-clean for big endian - systems (Found by Gernot). - * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. - * Fixed an off-by-one buffer allocation in ssl_set_hostname() - responsible for crashes and unwanted behaviour. - * Added support for Certificate Revocation List (CRL) parsing. - * Added support for CRL revocation to x509parse_verify() and - SSL/TLS code. - * Fixed compatibility of XTEA and Camellia on a 64-bit system - (found by Felix von Leitner). - -= Version 0.10.0 released on 2009-01-12 - * Migrated XySSL to PolarSSL - * Added XTEA symmetric cipher - * Added Camellia symmetric cipher - * Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA, - SSL_RSA_CAMELLIA_256_SHA and SSL_EDH_RSA_CAMELLIA_256_SHA - * Fixed dangerous bug that can cause a heap overflow in - rsa_pkcs1_decrypt (found by Christophe Devine) - -================================================================ -XySSL ChangeLog - -= Version 0.9 released on 2008-03-16 - - * Added support for ciphersuite: SSL_RSA_AES_128_SHA - * Enabled support for large files by default in aescrypt2.c - * Preliminary openssl wrapper contributed by David Barrett - * Fixed a bug in ssl_write() that caused the same payload to - be sent twice in non-blocking mode when send returns EAGAIN - * Fixed ssl_parse_client_hello(): session id and challenge must - not be swapped in the SSLv2 ClientHello (found by Greg Robson) - * Added user-defined callback debug function (Krystian Kolodziej) - * Before freeing a certificate, properly zero out all cert. data - * Fixed the "mode" parameter so that encryption/decryption are - not swapped on PadLock; also fixed compilation on older versions - of gcc (bug reported by David Barrett) - * Correctly handle the case in padlock_xcryptcbc() when input or - output data is non-aligned by falling back to the software - implementation, as VIA Nehemiah cannot handle non-aligned buffers - * Fixed a memory leak in x509parse_crt() which was reported by Greg - Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to - Matthew Page who reported several bugs - * Fixed x509_get_ext() to accept some rare certificates which have - an INTEGER instead of a BOOLEAN for BasicConstraints::cA. - * Added support on the client side for the TLS "hostname" extension - (patch contributed by David Patino) - * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty - string is passed as the CN (bug reported by spoofy) - * Added an option to enable/disable the BN assembly code - * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1) - * Disabled obsolete hash functions by default (MD2, MD4); updated - selftest and benchmark to not test ciphers that have been disabled - * Updated x509parse_cert_info() to correctly display byte 0 of the - serial number, setup correct server port in the ssl client example - * Fixed a critical denial-of-service with X.509 cert. verification: - peer may cause xyssl to loop indefinitely by sending a certificate - for which the RSA signature check fails (bug reported by Benoit) - * Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC, - HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 - * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin) - * Modified ssl_parse_client_key_exchange() to protect against - Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well - as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack - * Updated rsa_gen_key() so that ctx->N is always nbits in size - * Fixed assembly PPC compilation errors on Mac OS X, thanks to - David Barrett and Dusan Semen - -= Version 0.8 released on 2007-10-20 - - * Modified the HMAC functions to handle keys larger - than 64 bytes, thanks to Stephane Desneux and gary ng - * Fixed ssl_read_record() to properly update the handshake - message digests, which fixes IE6/IE7 client authentication - * Cleaned up the XYSSL* #defines, suggested by Azriel Fasten - * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan - * Added user-defined callbacks for handling I/O and sessions - * Added lots of debugging output in the SSL/TLS functions - * Added preliminary X.509 cert. writing by Pascal Vizeli - * Added preliminary support for the VIA PadLock routines - * Added AES-CFB mode of operation, contributed by chmike - * Added an SSL/TLS stress testing program (ssl_test.c) - * Updated the RSA PKCS#1 code to allow choosing between - RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett - * Updated ssl_read() to skip 0-length records from OpenSSL - * Fixed the make install target to comply with *BSD make - * Fixed a bug in mpi_read_binary() on 64-bit platforms - * mpi_is_prime() speedups, thanks to Kevin McLaughlin - * Fixed a long standing memory leak in mpi_is_prime() - * Replaced realloc with malloc in mpi_grow(), and set - the sign of zero as positive in mpi_init() (reported - by Jonathan M. McCune) - -= Version 0.7 released on 2007-07-07 - - * Added support for the MicroBlaze soft-core processor - * Fixed a bug in ssl_tls.c which sometimes prevented SSL - connections from being established with non-blocking I/O - * Fixed a couple bugs in the VS6 and UNIX Makefiles - * Fixed the "PIC register ebx clobbered in asm" bug - * Added HMAC starts/update/finish support functions - * Added the SHA-224, SHA-384 and SHA-512 hash functions - * Fixed the net_set_*block routines, thanks to Andreas - * Added a few demonstration programs: md5sum, sha1sum, - dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify - * Added new bignum import and export helper functions - * Rewrote README.txt in program/ssl/ca to better explain - how to create a test PKI - -= Version 0.6 released on 2007-04-01 - - * Ciphers used in SSL/TLS can now be disabled at compile - time, to reduce the memory footprint on embedded systems - * Added multiply assembly code for the TriCore and modified - havege_struct for this processor, thanks to David Patiño - * Added multiply assembly code for 64-bit PowerPCs, - thanks to Peking University and the OSU Open Source Lab - * Added experimental support of Quantum Cryptography - * Added support for autoconf, contributed by Arnaud Cornet - * Fixed "long long" compilation issues on IA-64 and PPC64 - * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock - was not being correctly defined on ARM and MIPS - -= Version 0.5 released on 2007-03-01 - - * Added multiply assembly code for SPARC and Alpha - * Added (beta) support for non-blocking I/O operations - * Implemented session resuming and client authentication - * Fixed some portability issues on WinCE, MINIX 3, Plan9 - (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris - * Improved the performance of the EDH key exchange - * Fixed a bug that caused valid packets with a payload - size of 16384 bytes to be rejected - -= Version 0.4 released on 2007-02-01 - - * Added support for Ephemeral Diffie-Hellman key exchange - * Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K - * Various improvement to the modular exponentiation code - * Rewrote the headers to generate the API docs with doxygen - * Fixed a bug in ssl_encrypt_buf (incorrect padding was - generated) and in ssl_parse_client_hello (max. client - version was not properly set), thanks to Didier Rebeix - * Fixed another bug in ssl_parse_client_hello: clients with - cipherlists larger than 96 bytes were incorrectly rejected - * Fixed a couple memory leak in x509_read.c - -= Version 0.3 released on 2007-01-01 - - * Added server-side SSLv3 and TLSv1.0 support - * Multiple fixes to enhance the compatibility with g++, - thanks to Xosé Antón Otero Ferreira - * Fixed a bug in the CBC code, thanks to dowst; also, - the bignum code is no longer dependent on long long - * Updated rsa_pkcs1_sign to handle arbitrary large inputs - * Updated timing.c for improved compatibility with i386 - and 486 processors, thanks to Arnaud Cornet - -= Version 0.2 released on 2006-12-01 - - * Updated timing.c to support ARM and MIPS arch - * Updated the MPI code to support 8086 on MSVC 1.5 - * Added the copyright notice at the top of havege.h - * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang - * Fixed a bug reported by Adrian Rüegsegger in x509_read_key - * Fixed a bug reported by Torsten Lauter in ssl_read_record - * Fixed a bug in rsa_check_privkey that would wrongly cause - valid RSA keys to be dismissed (thanks to oldwolf) - * Fixed a bug in mpi_is_prime that caused some primes to fail - the Miller-Rabin primality test - - I'd also like to thank Younès Hafri for the CRUX linux port, - Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet - who maintains the Debian package :-) - -= Version 0.1 released on 2006-11-01 diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md deleted file mode 100644 index 321e88800e..0000000000 --- a/ChangeLog.d/00README.md +++ /dev/null @@ -1,91 +0,0 @@ -# Pending changelog entry directory - -This directory contains changelog entries that have not yet been merged -to the changelog file ([`../ChangeLog`](../ChangeLog)). - -## What requires a changelog entry? - -Write a changelog entry if there is a user-visible change. This includes: - -* Bug fixes in the library or in sample programs: fixing a security hole, - fixing broken behavior, fixing the build in some configuration or on some - platform, etc. -* New features in the library, new sample programs, or new platform support. -* Changes in existing behavior. These should be rare. Changes in features - that are documented as experimental may or may not be announced, depending - on the extent of the change and how widely we expect the feature to be used. - -We generally don't include changelog entries for: - -* Documentation improvements. -* Performance improvements, unless they are particularly significant. -* Changes to parts of the code base that users don't interact with directly, - such as test code and test data. -* Fixes for compiler warnings. Releases typically contain a number of fixes - of this kind, so we will only mention them in the Changelog if they are - particularly significant. - -Until Mbed TLS 2.24.0, we required changelog entries in more cases. -Looking at older changelog entries is good practice for how to write a -changelog entry, but not for deciding whether to write one. - -## Changelog entry file format - -A changelog entry file must have the extension `*.txt` and must have the -following format: - -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Security - * Change description. - * Another change description. - -Features - * Yet another change description. This is a long change description that - spans multiple lines. - * Yet again another change description. - -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The permitted changelog entry categories are as follows: - - - API changes - Default behavior changes - Requirement changes - New deprecations - Removals - Features - Security - Bugfix - Changes - -Use “Changes” for anything that doesn't fit in the other categories. - -## How to write a changelog entry - -Each entry starts with three spaces, an asterisk and a space. Continuation -lines start with 5 spaces. Lines wrap at 79 characters. - -Write full English sentences with proper capitalization and punctuation. Use -the present tense. Use the imperative where applicable. For example: “Fix a -bug in mbedtls_xxx() ….” - -Include GitHub issue numbers where relevant. Use the format “#1234” for an -Mbed TLS issue. Add other external references such as CVE numbers where -applicable. - -Credit bug reporters where applicable. - -**Explain why, not how**. Remember that the audience is the users of the -library, not its developers. In particular, for a bug fix, explain the -consequences of the bug, not how the bug was fixed. For a new feature, explain -why one might be interested in the feature. For an API change or a deprecation, -explain how to update existing applications. - -See [existing entries](../ChangeLog) for examples. - -## How `ChangeLog` is updated - -Run [`../framework/scripts/assemble_changelog.py`] -(../framework/scripts/assemble_changelog.py) from a Git working copy -to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file. diff --git a/ChangeLog.d/gnuinstalldirs_include.txt b/ChangeLog.d/gnuinstalldirs_include.txt deleted file mode 100644 index 7e0782d1e1..0000000000 --- a/ChangeLog.d/gnuinstalldirs_include.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * CMake now installs headers to `CMAKE_INSTALL_INCLUDEDIR` instead of the - hard-coded `include` directory. diff --git a/ChangeLog.d/iar-6.5fs.txt b/ChangeLog.d/iar-6.5fs.txt deleted file mode 100644 index 63e903b9c3..0000000000 --- a/ChangeLog.d/iar-6.5fs.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Add casts to some Enums to remove compiler errors thrown by IAR 6.5. - Removes Warning "mixed ENUM with other type". diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl deleted file mode 100644 index af0578a581..0000000000 --- a/DartConfiguration.tcl +++ /dev/null @@ -1,4 +0,0 @@ -Site: localhost -BuildName: Mbed TLS-test -CoverageCommand: /usr/bin/gcov -MemoryCheckCommand: /usr/bin/valgrind diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 776ac77eaf..0000000000 --- a/LICENSE +++ /dev/null @@ -1,553 +0,0 @@ -Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) -OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. -This means that users may choose which of these licenses they take the code -under. - -The full text of each of these licenses is given below. - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - -=============================================================================== - - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/README.md b/README.md deleted file mode 100644 index d3fb638802..0000000000 --- a/README.md +++ /dev/null @@ -1,256 +0,0 @@ -README for Mbed TLS -=================== - -Mbed TLS is a C library that implements X.509 certificate manipulation and the TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. -Mbed TLS includes the [TF-PSA-Crypto repository](https://github.com/Mbed-TLS/TF-PSA-Crypto) that provides an implementation of the [PSA Cryptography API](https://arm-software.github.io/psa-api). - -Configuration -------------- -Configuration options related to X.509 and TLS are available in `include/mbedtls/mbedtls_config.h`, while cryptography and platform options are located in the TF-PSA-Crypto configuration file `tf-psa-crypto/include/psa/crypto_config.h`. - -With the default platform options, Mbed TLS should build out of the box on most systems. - -These configuration files can be edited manually, or programmatically using the Python script `scripts/config.py` (run with --help for usage instructions). - -We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. - -Documentation -------------- - -The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls.readthedocs.io/). - -To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: - -1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. -1. Run `cmake -B /path/to/build_dir /path/to/mbedtls/source` -1. Run `cmake --build /path/to/build_dir --target mbedtls-apidoc` -1. Open one of the main generated HTML files: - * `apidoc/index.html` - * `apidoc/modules.html` or `apidoc/topics.html` - -For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. - -Compiling ---------- - -We use CMake to configure and drive our build process. Three libraries are built: `libtfpsacrypto`, `libmbedx509`, and `libmbedtls`. Note that `libmbedtls` depends on `libmbedx509` and `libtfpsacrypto`, and `libmbedx509` depends on `libtfpsacrypto`. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -ltfpsacrypto`. The cryptographic library `libtfpsacrypto` is also provided under its legacy name, `libmbedcrypto`. - -### Tool versions - -You need the following tools to build the library from the main branch with the provided CMake files. Mbed TLS minimum tool version requirements are set based on the versions shipped in the latest or penultimate (depending on the release cadence) long-term support releases of major Linux distributions, namely at time of writing: Ubuntu 22.04, RHEL 9, and SLES 15 SP4. - -* CMake 3.20.2 or later. -* A build system like Make or Ninja for which CMake can generate build files. -* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. -* Python 3.8 or later to generate the test code. Python is also needed to build the development branch (see next section). -* Perl to run the tests, and to generate some source files in the development branch. -* Doxygen 1.8.14 or later (if building the documentation; slightly older versions should work). - -### Git usage - -The supported branches (see [`BRANCHES.md`](BRANCHES.md)) use [Git submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules#_cloning_submodules). They contain two submodules: the [framework](https://github.com/Mbed-TLS/mbedtls-framework) submodule and the [tf-psa-crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto) submodule, except for the 3.6 LTS branch, which contains only the framework submodule. Release tags also use Git submodules. - -After cloning or checking out a branch or tag, run: - ``` - git submodule update --init --recursive - ``` - to initialize and update the submodules before building. - -However, the official source release tarballs (e.g. [mbedtls-4.0.0.tar.bz2](https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-4.0.0/mbedtls-4.0.0.tar.bz2)) include the contents of the submodules. - -### Generated source files in the development branch - -The source code of Mbed TLS includes some files that are automatically generated by scripts and whose content depends only on the Mbed TLS source, not on the platform or on the library configuration. These files are not included in the development branch of Mbed TLS, but the generated files are included in official releases. This section explains how to generate the missing files in the development branch. - -The following tools are required: - -* Perl, for some library source files. -* Python 3 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: - ``` - python3 -m pip install --user -r scripts/basic.requirements.txt - ``` - Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide or in a virtual environment, omit the `--user` option. -* A C compiler for the host platform, for some test data. - -The scripts that generate the configuration-independent files will look for a host C compiler in the following places (in order of preference): - -1. The `HOSTCC` environment variable. This can be used if `CC` is pointing to a cross-compiler. -2. The `CC` environment variable. -3. An executable called `cc` in the current path. - -Note: If you have multiple toolchains installed, it is recommended to set `CC` or `HOSTCC` to the intended host compiler before generating the files. - -Any of the following methods are available to generate the configuration-independent files: - -* On non-Windows systems, when not cross-compiling, CMake generates the required files automatically. -* Run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files. - -### CMake - -In order to build the libraries using CMake in a separate directory (recommended), just enter at the command line: - - mkdir /path/to/build_dir && cd /path/to/build_dir - cmake /path/to/mbedtls_source - cmake --build . - -In order to run the tests, enter: - - ctest - -The test suites need Python to be built. If you don't have Python installed, you'll want to disable the test suites with: - - cmake -DENABLE_TESTING=Off /path/to/mbedtls_source - -To configure CMake for building shared libraries, use: - - cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source - -There are many different build types available with CMake. Most of them are available for gcc and clang, though some are compiler-specific: - -- `Release`. This generates the default code without any unnecessary information in the binary files. -- `Debug`. This generates debug information and disables optimization of the code. -- `Coverage`. This generates code coverage information in addition to debug information. -- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) -- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces. -- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. -- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. -- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. -- `TSan`. This instruments the code with ThreadSanitizer to detect data races and other threading-related concurrency issues at runtime. -- `TSanDbg`. Same as TSan but slower, with debug information, better stack traces and origin tracking. - -Switching build types in CMake is simple. For debug mode, enter at the command line: - - cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source - -To list other available CMake options, use: - - cmake -LH - -Note that, with CMake, you can't adjust the compiler or its flags after the -initial invocation of cmake. This means that `CC=your_cc make` and `make -CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables). -These variables need to be adjusted when invoking cmake for the first time, -for example: - - CC=your_cc cmake /path/to/mbedtls_source - -If you already invoked cmake and want to change those settings, you need to -invoke the configuration phase of CMake again with the new settings. - -Note that it is possible to build in-place; this will however overwrite the -legacy Makefiles still used for testing purposes (see -`scripts/tmp_ignore_makefiles.sh` if you want to prevent `git status` from -showing them as modified). In order to do so, from the Mbed TLS source -directory, use: - - cmake . - cmake --build . - -If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the -CMake cache. This can be done with the following command using GNU find: - - find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - -You can now make the desired change: - - CC=your_cc cmake . - cmake --build . - -Regarding variables, also note that if you set CFLAGS when invoking cmake, -your value of CFLAGS doesn't override the content provided by CMake (depending -on the build mode as seen above), it's merely prepended to it. - -#### Consuming Mbed TLS - -Mbed TLS provides a CMake package configuration file for consumption as a -dependency in other CMake projects. You can load its CMake targets with: - - find_package(MbedTLS REQUIRED) - -You can help CMake find the package: - -- By setting the variable `MbedTLS_DIR` to `${YOUR_MBEDTLS_BUILD_DIR}/cmake`, - as shown in `programs/test/cmake_package/CMakeLists.txt`, or -- By adding the Mbed TLS installation prefix to `CMAKE_PREFIX_PATH`, - as shown in `programs/test/cmake_package_install/CMakeLists.txt`. - -After a successful `find_package(MbedTLS)`, the following imported targets are available: - -- `MbedTLS::tfpsacrypto`, the crypto library -- `MbedTLS::mbedtls`, the TLS library -- `MbedTLS::mbedx509`, the X.509 library - -You can then use these directly through `target_link_libraries()`: - - add_executable(xyz) - - target_link_libraries(xyz - PUBLIC MbedTLS::mbedtls - MbedTLS::tfpsacrypto - MbedTLS::mbedx509) - -This will link the Mbed TLS libraries to your library or application, and add -its include directories to your target (transitively, in the case of `PUBLIC` or -`INTERFACE` link libraries). - -#### Mbed TLS as a subproject - -Mbed TLS supports being built as a CMake subproject. One can -use `add_subdirectory()` from a parent CMake project to include Mbed TLS as a -subproject. - -Example programs ----------------- - -We've included example programs for a lot of different features and uses in [`programs/`](programs/README.md). -Please note that the goal of these sample programs is to demonstrate specific features of the library, and the code may need to be adapted to build a real-world application. - -Tests ------ - -Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test_suite_ssl.c`). These files are generated from a `function file` (e.g. `suites/test_suite_ssl.function`) and a `data file` (e.g. `suites/test_suite_ssl.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. - -For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: - -- `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. -- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. -- `tests/scripts/depends.py` tests builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. -- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc). - -Instead of manually installing the required versions of all tools required for testing, it is possible to use the Docker images from our CI systems, as explained in [our testing infrastructure repository](https://github.com/Mbed-TLS/mbedtls-test/blob/main/README.md#quick-start). - -Porting Mbed TLS ----------------- - -Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following Knowledge Base articles useful: - -- [Porting Mbed TLS to a new environment or OS](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS/) -- [What external dependencies does Mbed TLS rely on?](https://mbed-tls.readthedocs.io/en/latest/kb/development/what-external-dependencies-does-mbedtls-rely-on/) -- [How do I configure Mbed TLS](https://mbed-tls.readthedocs.io/en/latest/kb/compiling-and-building/how-do-i-configure-mbedtls/) - -Mbed TLS is mostly written in portable C99; however, it has a few platform requirements that go beyond the standard, but are met by most modern architectures: - -- Bytes must be 8 bits. -- All-bits-zero must be a valid representation of a null pointer. -- Signed integers must be represented using two's complement. -- `int` and `size_t` must be at least 32 bits wide. -- The types `uint8_t`, `uint16_t`, `uint32_t` and their signed equivalents must be available. -- Mixed-endian platforms are not supported. -- SIZE_MAX must be at least as big as INT_MAX and UINT_MAX. - -License -------- - -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. - -Contributing ------------- - -We gratefully accept bug reports and contributions from the community. Please see the [contributing guidelines](CONTRIBUTING.md) for details on how to do this. - -Contact -------- - -* To report a security vulnerability in Mbed TLS, please email . For more information, see [`SECURITY.md`](SECURITY.md). -* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/Mbed-TLS/mbedtls/issues/new/choose). -* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS. diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 4e7bb14316..0000000000 --- a/SECURITY.md +++ /dev/null @@ -1,128 +0,0 @@ -## Reporting Vulnerabilities - -If you think you have found an Mbed TLS security vulnerability, then please -send an email to the security team at -. - -## Security Incident Handling Process - -Our security process is detailed in our -[security -center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/). - -Its primary goal is to ensure fixes are ready to be deployed when the issue -goes public. - -## Maintained branches - -Only the maintained branches, as listed in [`BRANCHES.md`](BRANCHES.md), -get security fixes. -Users are urged to always use the latest version of a maintained branch. - -## Threat model - -We classify attacks based on the capabilities of the attacker. - -### Remote attacks - -In this section, we consider an attacker who can observe and modify data sent -over the network. This includes observing the content and timing of individual -packets, as well as suppressing or delaying legitimate messages, and injecting -messages. - -Mbed TLS aims to fully protect against remote attacks and to enable the user -application in providing full protection against remote attacks. Said -protection is limited to providing security guarantees offered by the protocol -being implemented. (For example Mbed TLS alone won't guarantee that the -messages will arrive without delay, as the TLS protocol doesn't guarantee that -either.) - -### Local attacks - -In this section, we consider an attacker who can run software on the same -machine. The attacker has insufficient privileges to directly access Mbed TLS -assets such as memory and files. - -#### Timing attacks - -The attacker is able to observe the timing of instructions executed by Mbed TLS -by leveraging shared hardware that both Mbed TLS and the attacker have access -to. Typical attack vectors include cache timings, memory bus contention and -branch prediction. - -Mbed TLS provides limited protection against timing attacks. The cost of -protecting against timing attacks widely varies depending on the granularity of -the measurements and the noise present. Therefore the protection in Mbed TLS is -limited. We are only aiming to provide protection against **publicly -documented attack techniques**. - -As attacks keep improving, so does Mbed TLS's protection. Mbed TLS is moving -towards a model of fully timing-invariant code, but has not reached this point -yet. - -**Remark:** Timing information can be observed over the network or through -physical side channels as well. Remote and physical timing attacks are covered -in the [Remote attacks](remote-attacks) and [Physical -attacks](physical-attacks) sections respectively. - -#### Local non-timing side channels - -The attacker code running on the platform has access to some sensor capable of -picking up information on the physical state of the hardware while Mbed TLS is -running. This could for example be an analogue-to-digital converter on the -platform that is located unfortunately enough to pick up the CPU noise. - -Mbed TLS doesn't make any security guarantees against local non-timing-based -side channel attacks. If local non-timing attacks are present in a use case or -a user application's threat model, they need to be mitigated by the platform. - -#### Local fault injection attacks - -Software running on the same hardware can affect the physical state of the -device and introduce faults. - -Mbed TLS doesn't make any security guarantees against local fault injection -attacks. If local fault injection attacks are present in a use case or a user -application's threat model, they need to be mitigated by the platform. - -### Physical attacks - -In this section, we consider an attacker who has access to physical information -about the hardware Mbed TLS is running on and/or can alter the physical state -of the hardware (e.g. power analysis, radio emissions or fault injection). - -Mbed TLS doesn't make any security guarantees against physical attacks. If -physical attacks are present in a use case or a user application's threat -model, they need to be mitigated by physical countermeasures. - -### Caveats - -#### Out-of-scope countermeasures - -Mbed TLS has evolved organically and a well defined threat model hasn't always -been present. Therefore, Mbed TLS might have countermeasures against attacks -outside the above defined threat model. - -The presence of such countermeasures don't mean that Mbed TLS provides -protection against a class of attacks outside of the above described threat -model. Neither does it mean that the failure of such a countermeasure is -considered a vulnerability. - -#### Formatting of X.509 certificates and certificate signing requests - -When parsing X.509 certificates and certificate signing requests (CSRs), -Mbed TLS does not check that they are strictly compliant with X.509 and other -relevant standards. In the case of signed certificates, the signing party is -assumed to have performed this validation (and the certificate is trusted to -be correctly formatted as long as the signature is correct). -Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. - -**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra -validation is performed separately to ensure that they are compliant to the -relevant specifications. This makes Mbed TLS on its own unsuitable for use in -a Certificate Authority (CA). - -However, Mbed TLS aims to protect against memory corruption and other -undefined behavior when parsing certificates and CSRs. If a CSR or signed -certificate causes undefined behavior when it is parsed by Mbed TLS, that -is considered a security vulnerability. diff --git a/SUPPORT.md b/SUPPORT.md deleted file mode 100644 index b550e08e5d..0000000000 --- a/SUPPORT.md +++ /dev/null @@ -1,16 +0,0 @@ -## Documentation - -Here are some useful sources of information about using Mbed TLS: - -- [ReadTheDocs](https://mbed-tls.readthedocs.io/); -- API documentation, see the [Documentation section of the - README](README.md#documentation); -- the `docs` directory in the source tree; -- the [Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/); -- the [Mbed TLS mailing-list - archives](https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/). - -## Asking Questions - -If you can't find your answer in the above sources, please use the [Mbed TLS -mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org). diff --git a/cmake/MbedTLSConfig.cmake.in b/cmake/MbedTLSConfig.cmake.in deleted file mode 100644 index b65bbaba57..0000000000 --- a/cmake/MbedTLSConfig.cmake.in +++ /dev/null @@ -1,3 +0,0 @@ -@PACKAGE_INIT@ - -include("${CMAKE_CURRENT_LIST_DIR}/MbedTLSTargets.cmake") diff --git a/configs/README.txt b/configs/README.txt deleted file mode 100644 index 38348dda0e..0000000000 --- a/configs/README.txt +++ /dev/null @@ -1,28 +0,0 @@ -This directory contains example configuration files. - -The examples are generally focused on a particular use case (eg, support for -a restricted set of ciphersuites) and aim to minimize resource usage for -the target. They can be used as a basis for custom configurations. - -These files come in pairs and are complete replacements for the default -mbedtls_config.h and crypto_config.h. The two files of a pair share the same or -very similar name, with the crypto file prefixed by "crypto-". Note -that some of the cryptography configuration files may be located in -tf-psa-crypto/configs. - -To use one of these pairs, you can pick one of the following methods: - -1. Replace the default files include/mbedtls/mbedtls_config.h and - tf-psa-crypto/include/psa/crypto_config.h with the chosen ones. - -2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE CMake options. For - example, to build out-of-tree with the config-ccm-psk-tls1_2.h and - crypto-config-ccm-psk-tls1_2.h configuration pair: - - cmake -DMBEDTLS_CONFIG_FILE="configs/config-ccm-psk-tls1_2.h" \ - -DTF_PSA_CRYPTO_CONFIG_FILE="configs/crypto-config-ccm-psk-tls1_2.h" - -B build-psktls12 . - cmake --build build-psktls12 - -The second method also works if you want to keep your custom configuration -files outside the Mbed TLS tree. diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h deleted file mode 100644 index 6712c331b0..0000000000 --- a/configs/config-ccm-psk-dtls1_2.h +++ /dev/null @@ -1,66 +0,0 @@ -/** - * \file config-ccm-psk-dtls1_2.h - * - * \brief Small configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites - * - * Distinguishing features: - * - Optimized for small code size, low bandwidth (on an unreliable transport), - * and low RAM usage. - * - No asymmetric cryptography (no certificates, no Diffie-Hellman key - * exchange). - * - Fully modern and secure (provided the pre-shared keys are generated and - * stored securely). - * - Very low record overhead with CCM-8. - * - Includes several optional DTLS features typically used in IoT. - * - * See README.txt for usage instructions. - */ - -/* Mbed TLS modules */ -#define MBEDTLS_NET_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_TIMING_C - -/* TLS protocol feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#define MBEDTLS_SSL_DTLS_CONNECTION_ID -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/* - * Use only CCM_8 ciphersuites, and - * save ROM and a few bytes of RAM by specifying our own ciphersuite list - */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ - MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The optimal size here depends on the typical size of records. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 256 -#define MBEDTLS_SSL_OUT_CONTENT_LEN 256 - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* Error messages and TLS debugging traces - * (huge code size increase, needed for tests/ssl-opt.sh) */ -//#define MBEDTLS_DEBUG_C -//#define MBEDTLS_ERROR_C diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h deleted file mode 100644 index 5fb67fe4b8..0000000000 --- a/configs/config-ccm-psk-tls1_2.h +++ /dev/null @@ -1,58 +0,0 @@ -/** - * \file config-ccm-psk-tls1_2.h - * - * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites - * - * Distinguishing features: - * - Optimized for small code size, low bandwidth (on a reliable transport), - * and low RAM usage. - * - No asymmetric cryptography (no certificates, no Diffie-Hellman key - * exchange). - * - Fully modern and secure (provided the pre-shared keys are generated and - * stored securely). - * - Very low record overhead with CCM-8. - * - * See README.txt for usage instructions. - */ - -/* Mbed TLS modules */ -#define MBEDTLS_NET_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - -/* TLS protocol feature support */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* - * Use only CCM_8 ciphersuites, and - * save ROM and a few bytes of RAM by specifying our own ciphersuite list - */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, \ - MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The optimal size here depends on the typical size of records. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 -#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 - - -/* Save some RAM by adjusting to your exact needs */ -#define MBEDTLS_PSK_MAX_LEN 16 /* 128-bits keys are generally enough */ - -/* Error messages and TLS debugging traces - * (huge code size increase, needed for tests/ssl-opt.sh) */ -//#define MBEDTLS_DEBUG_C -//#define MBEDTLS_ERROR_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h deleted file mode 100644 index c08d5d1a6c..0000000000 --- a/configs/config-suite-b.h +++ /dev/null @@ -1,53 +0,0 @@ -/** - * \file config-suite-b.h - * - * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460) - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - optimized for low RAM usage - * - * Possible improvements: - * - if 128-bit security is enough, disable secp384r1 and SHA-512 - * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C - * - * See README.txt for usage instructions. - */ - -/* Mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/* Mbed TLS modules */ -#define MBEDTLS_NET_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_USE_C - -/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ -#define MBEDTLS_SSL_CIPHERSUITES \ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* - * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See comments in "mbedtls/ssl.h".) - * The minimum size here depends on the certificate chain used as well as the - * typical size of records. - */ -#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 -#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 - -/* Error messages and TLS debugging traces - * (huge code size increase, needed for tests/ssl-opt.sh) */ -//#define MBEDTLS_DEBUG_C -//#define MBEDTLS_ERROR_C diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h deleted file mode 100644 index 606f4a1bf5..0000000000 --- a/configs/config-symmetric-only.h +++ /dev/null @@ -1,16 +0,0 @@ -/** - * \file config-symmetric-only.h - * - * \brief Configuration without any asymmetric cryptography. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Mbed TLS feature support */ -#define MBEDTLS_ERROR_STRERROR_DUMMY -#define MBEDTLS_VERSION_FEATURES - -#define MBEDTLS_TIMING_C -#define MBEDTLS_VERSION_C diff --git a/configs/config-tfm.h b/configs/config-tfm.h deleted file mode 100644 index 8733831b4e..0000000000 --- a/configs/config-tfm.h +++ /dev/null @@ -1,12 +0,0 @@ -/** - * \file config-tfm.h - * - * \brief TF-M medium profile, adapted to work on other platforms. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* TF-M medium profile: mbedtls legacy configuration */ -#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h" diff --git a/configs/config-thread.h b/configs/config-thread.h deleted file mode 100644 index 95f588eddf..0000000000 --- a/configs/config-thread.h +++ /dev/null @@ -1,43 +0,0 @@ -/** - * \file config-thread.h - * - * \brief Minimal configuration for using TLS as part of Thread - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * Minimal configuration for using TLS a part of Thread - * http://threadgroup.org/ - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - no X.509 - * - support for experimental EC J-PAKE key exchange - * - * To be used in conjunction with configs/crypto-config-thread.h. - * See README.txt for usage instructions. - */ - -/* Mbed TLS feature support */ -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/* Mbed TLS modules */ -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TLS_C - -/* For tests using ssl-opt.sh */ -#define MBEDTLS_NET_C -#define MBEDTLS_TIMING_C - -/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h deleted file mode 100644 index c2dabc28e8..0000000000 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ /dev/null @@ -1,38 +0,0 @@ -/** - * \file crypto-config-ccm-psk-tls1_2.h - * - * \brief Minimal crypto configuration for TLS 1.2 with - * PSK and AES-CCM ciphersuites - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * To be used in conjunction with configs/config-ccm-psk-tls1_2.h - * or configs/config-ccm-psk-dtls1_2.h. */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 - -#define PSA_WANT_KEY_TYPE_AES 1 - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ -/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ - -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h deleted file mode 100644 index 4bae5a45c6..0000000000 --- a/configs/crypto-config-suite-b.h +++ /dev/null @@ -1,72 +0,0 @@ -/** - * \file crypto-config-suite-b.h - * - * \brief \brief Minimal crypto configuration for - * TLS NSA Suite B Profile (RFC 6460). - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * Minimal crypto configuration for TLS NSA Suite B Profile (RFC 6460) - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - optimized for low RAM usage - * - * Possible improvements: - * - if 128-bit security is enough, disable secp384r1 and SHA-512 - * - * To be used in conjunction with configs/config-suite-b.h. */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ECC_SECP_R1_256 1 -#define PSA_WANT_ECC_SECP_R1_384 1 -#define PSA_WANT_ALG_TLS12_PRF 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME - -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY - -/* For test certificates */ -#define MBEDTLS_BASE64_C -#define MBEDTLS_PEM_PARSE_C - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes - -/* Save RAM at the expense of speed, see ecp.h */ -#define MBEDTLS_ECP_WINDOW_SIZE 2 -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 - -/* Significant speed benefit at the expense of some ROM */ -#define MBEDTLS_ECP_NIST_OPTIM - -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h deleted file mode 100644 index 1b2621cf58..0000000000 --- a/configs/crypto-config-thread.h +++ /dev/null @@ -1,69 +0,0 @@ -/** - * \file crypto-config-thread.h - * - * \brief Minimal crypto configuration for using TLS as part of Thread - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * Minimal crypto configuration for using TLS as part of Thread - * http://threadgroup.org/ - * - * Distinguishing features: - * - no RSA or classic DH, fully based on ECC - * - no X.509 - * - support for experimental EC J-PAKE key exchange - * - support for PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching - * algorithm. - * - * To be used in conjunction with configs/config-thread.h. - * See README.txt for usage instructions. - */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_JPAKE 1 -#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -#define PSA_WANT_ECC_SECP_R1_256 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -#define MBEDTLS_HAVE_ASM - -#define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_ECP_NIST_OPTIM - -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY - -/* Save RAM at the expense of ROM */ -#define MBEDTLS_AES_ROM_TABLES - -/* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/ext/README.md b/configs/ext/README.md deleted file mode 100644 index f679e32112..0000000000 --- a/configs/ext/README.md +++ /dev/null @@ -1,22 +0,0 @@ -Summary -------- - -The file: - -* tfm_mbedcrypto_config_profile_medium.h - -is copyright The Mbed TLS Contributors, and is distributed under the license normally -used by Mbed TLS: a dual Apache 2.0 or GPLv2-or-later license. - -Background ----------- - -The file tfm_mbedcrypto_config_profile_medium.h was derived from the file tfm_mbedcrypto_config_profile_medium.h taken from the TF-M source code here: - -https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/mbedcrypto/mbedcrypto_config - -It was derived according to the Mbed TLS configuration file split that occurred as part of the Mbed TLS repository split, see https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/config-split.md. - -In TF-M, the original file is distributed under a 3-Clause BSD license, as noted at the top of the file. - -In Mbed TLS, with permission from the TF-M project, tfm_mbedcrypto_config_profile_medium.h is distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors. diff --git a/configs/ext/config_tfm.h b/configs/ext/config_tfm.h deleted file mode 100644 index 60d855ed59..0000000000 --- a/configs/ext/config_tfm.h +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Empty placeholder - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * This file is intentionally empty. - * - * Having an empty file here allows us to build the TF-M config, which references this file, - * without making any changes to the TF-M config. - */ diff --git a/configs/ext/mbedtls_entropy_nv_seed_config.h b/configs/ext/mbedtls_entropy_nv_seed_config.h deleted file mode 100644 index 60d855ed59..0000000000 --- a/configs/ext/mbedtls_entropy_nv_seed_config.h +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Empty placeholder - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * This file is intentionally empty. - * - * Having an empty file here allows us to build the TF-M config, which references this file, - * without making any changes to the TF-M config. - */ diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h deleted file mode 100644 index ee62cf6e01..0000000000 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ /dev/null @@ -1,85 +0,0 @@ -/** - * \file config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef PROFILE_M_MBEDTLS_CONFIG_H -#define PROFILE_M_MBEDTLS_CONFIG_H - -#include "config_tfm.h" - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -/** - * \name SECTION: General configuration options - * - * This section contains Mbed TLS build settings that are not associated - * with a particular module. - * - * \{ - */ - -/** - * \def MBEDTLS_CONFIG_FILE - * - * If defined, this is a header which will be included instead of - * `"mbedtls/mbedtls_config.h"`. - * This header file specifies the compile-time configuration of Mbed TLS. - * Unlike other configuration options, this one must be defined on the - * compiler command line: a definition in `mbedtls_config.h` would have - * no effect. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" - -/** - * \def MBEDTLS_USER_CONFIG_FILE - * - * If defined, this is a header which will be included after - * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE. - * This allows you to modify the default configuration, including the ability - * to undefine options that are enabled by default. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" - -/** \} name SECTION: General configuration options */ - -#endif /* PROFILE_M_MBEDTLS_CONFIG_H */ diff --git a/dco.txt b/dco.txt deleted file mode 100644 index 8201f99215..0000000000 --- a/dco.txt +++ /dev/null @@ -1,37 +0,0 @@ -Developer Certificate of Origin -Version 1.1 - -Copyright (C) 2004, 2006 The Linux Foundation and its contributors. -1 Letterman Drive -Suite D4700 -San Francisco, CA, 94129 - -Everyone is permitted to copy and distribute verbatim copies of this -license document, but changing it is not allowed. - - -Developer's Certificate of Origin 1.1 - -By making a contribution to this project, I certify that: - -(a) The contribution was created in whole or in part by me and I - have the right to submit it under the open source license - indicated in the file; or - -(b) The contribution is based upon previous work that, to the best - of my knowledge, is covered under an appropriate open source - license and I have the right under that license to submit that - work with modifications, whether created in whole or in part - by me, under the same open source license (unless I am - permitted to submit under a different license), as indicated - in the file; or - -(c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified - it. - -(d) I understand and agree that this project and the contribution - are public and that a record of the contribution (including all - personal information I submit with it, including my sign-off) is - maintained indefinitely and may be redistributed consistent with - this project or the open source license(s) involved. diff --git a/docs/.gitignore b/docs/.gitignore deleted file mode 100644 index 11f197bc35..0000000000 --- a/docs/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.html -*.pdf -_build/ -api/ diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md deleted file mode 100644 index 956609810e..0000000000 --- a/docs/4.0-migration-guide.md +++ /dev/null @@ -1,622 +0,0 @@ -# Migrating from Mbed TLS 3.x to Mbed TLS 4.0 - -This guide details the steps required to migrate from Mbed TLS version 3.x to Mbed TLS version 4.0 or greater. Unlike normal releases, Mbed TLS 4.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 4.0. - -Here's the list of breaking changes; each entry should help you answer these two questions: (1) am I affected? (2) if yes, what's my migration path? - -The changes are detailed below. Here is a summary of the main points: - -- Mbed TLS has been split between two products: TF-PSA-Crypto for cryptography, and Mbed TLS for X.509 and (D)TLS. -- CMake is now the only supported build system. -- The cryptography API is now mostly the PSA API: most legacy cryptography APIs have been removed. This has led to adaptations in some X.509 and TLS APIs, notably because the library always uses the PSA random generator. -- Various deprecated or minor functionality has been removed. - -Please consult the [TF-PSA-Crypto migration guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/1.0-migration-guide.md) for all information related to the crytography part of the library. - -## CMake as the only build system -Mbed TLS now uses CMake exclusively to configure and drive its build process. -Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. - -The previous `.sln` and `.vcxproj` files are no longer distributed or generated. - -See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. -If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. - -### Translating Make commands to CMake - -With the removal of GNU Make support, all build, test, and installation operations must now be performed using CMake. -This section provides a quick reference for translating common `make` commands into their CMake equivalents. - -#### Basic build workflow - -Run `cmake -S . -B build` once before building to configure the build and generate native build files (e.g., Makefiles) in the `build` directory. -This sets up an out-of-tree build, which is recommended. - -| Make command | CMake equivalent | Description | -|----------------|------------------------------------------------|--------------------------------------------------------------------| -| `make` | `cmake --build build` | Build the libraries, programs, and tests in the `build` directory. | -| `make test` | `ctest --test-dir build` | Run the tests produced by the previous build. | -| `make clean` | `cmake --build build --target clean` | Remove build artifacts produced by the previous build. | -| `make install` | `cmake --install build --prefix build/install` | Install the built libraries, headers, and tests to `build/install`. | - -#### Building specific targets - -Unless otherwise specified, the CMake command in the table below should be preceded by a `cmake -S . -B build` call to configure the build and generate build files in the `build` directory. - -| Make command | CMake equivalent | Description | -|-----------------|---------------------------------------------------------------------|---------------------------| -| `make lib` | `cmake --build build --target lib` | Build only the libraries. | -| `make tests` | `cmake -S . -B build -DENABLE_PROGRAMS=Off && cmake --build build` | Build test suites. | -| `make programs` | `cmake --build build --target programs` | Build example programs. | -| `make apidoc` | `cmake --build build --target mbedtls-apidoc` | Build documentation. | - -Target names may differ slightly; use `cmake --build build --target help` to list all available CMake targets. - -There is no CMake equivalent for `make generated_files` or `make neat`. -Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. -If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. - -There is currently no equivalent for `make uninstall` in the Mbed TLS CMake build system. - -#### Common build options - -The following table illustrates the approximate CMake equivalents of common make commands. -Most CMake examples show only the configuration step, others (like installation) correspond to different stages of the build process. - -| Make usage | CMake usage | Description | -|----------------------------|-------------------------------------------------------|----------------------| -| `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | -| `make SHARED=1` | `cmake -S . -B build -DUSE_SHARED_MBEDTLS_LIBRARY=On` | Also build shared libraries. | -| `make GEN_FILES=""` | `cmake -S . -B build -DGEN_FILES=OFF` | Skip generating files (not a strict equivalent). | -| `make DESTDIR=install_dir` | `cmake --install build --prefix install_dir` | Specify installation path. | -| `make CC=clang` | `cmake -S . -B build -DCMAKE_C_COMPILER=clang` | Set the compiler. | -| `make CFLAGS='-O2 -Wall'` | `cmake -S . -B build -DCMAKE_C_FLAGS="-O2 -Wall"` | Set compiler flags. | - -## Repository split -In Mbed TLS 4.0, the project was split into two repositories: -- [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. -- [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. -Mbed TLS consumes TF-PSA-Crypto as a submodule. -You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the cryptography library. - -### File and directory relocations - -The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. -These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. - -| Original location | New location(s) | Notes | -|-----------------------------------------|--------------------------------------------------------------------------------------|-------| -| `library/*` () | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | -| `include/mbedtls/*` () | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | -| `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | -| `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | - -() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but now contain only TLS and X.509 components. - -### Configuration file split -Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. -See [Compile-time configuration](#compile-time-configuration). - -The header `include/mbedtls/mbedtls_config.h` still exists and now contains only the TLS and X.509 configuration options. - -If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. - -There have been significant changes in the configuration options, primarily affecting cryptography. - -#### Cryptography configuration -- See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). -- See also the following sections in the TF-PSA-Crypto 1.0 migration guide: - - *PSA as the Only Cryptography API* and its sub-section *Impact on the Library Configuration* - - *Random Number Generation Configuration* - -#### TLS configuration -For details about TLS-related changes, see [Changes to TLS options](#changes-to-tls-options). - -### Impact on some usages of the library - -#### Checking out a branch or a tag -After checking out a branch or tag of the Mbed TLS repository, you must now recursively update the submodules, as TF-PSA-Crypto contains itself a nested submodule: -``` -git submodule update --init --recursive -``` - -#### Linking directly to a built library - -The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -These libraries are still located in the `library` directory within the build tree. - -The cryptography libraries are also now provided as `libtfpsacrypto.`, consistent with the naming used in the TF-PSA-Crypto repository. - -You may need to update include paths to the public header files, see [File and Directory Relocations](#file-and-directory-relocations) for details. - -#### Using Mbed TLS as a CMake subproject - -The base name of the libraries are now `tfpsacrypto` (formely `mbedcrypto`), `mbedx509` and `mbedtls`. -As before, these base names are also the names of CMake targets to build each library. -If your CMake scripts reference a cryptography library target, you need to update its name accordingly. - -For example, the following CMake code: -``` -target_link_libraries(mytarget PRIVATE mbedcrypto) -``` -should be updated to: -``` -target_link_libraries(mytarget PRIVATE tfpsacrypto) -``` - -You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: -- `programs/test/cmake_subproject` - -#### Using Mbed TLS as a CMake package - -The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. - -For example, the following CMake code: -``` -find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::mbedcrypto) -``` -should be updated to: -``` -find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::tfpsacrypto) -``` -You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: -- `programs/test/cmake_package` -- `programs/test/cmake_package_install` - -#### Using the Mbed TLS Crypto pkg-config file - -The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. -Internally, it now references the tfpsacrypto library. - -A new pkg-config file, `tfpsacrypto.pc`, is also provided. -Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. - -#### Using Mbed TLS as an installed library - -The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -The cryptography library is also now provided as `libtfpsacrypto.`. - -Regarding the headers, the main change is the relocation of some headers to subdirectories called `private`. -These headers are installed primarily to satisfy compiler dependencies. -Others remain for historical reasons and may be cleaned up in later versions of the library. - -We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. -See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. - -Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-PSA-Crypto version and build-time configuration headers. - -### Audience-Specific Notes - -#### Application Developers using a distribution package -- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - - Linking against the cryptography library or CMake targets. - - Using the Mbed TLS Crypto pkg-config file. - - Using Mbed TLS as an installed library - -### Developer or package maintainers -If you build or distribute Mbed TLS: -- The build system is now CMake only, Makefiles and Visual Studio projects are removed. -- You may need to adapt packaging scripts to handle the TF-PSA-Crypto submodule. -- You should update submodules recursively after checkout. -- Review [File and directory relocations](#file-and-directory-relocations) for updated paths. -- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - - Linking against the cryptography library or CMake targets. - - Using the Mbed TLS Crypto pkg-config file (`mbedcrypto.pc` or `tfpsacrypto.pc`). - - Using Mbed TLS as an installed library -- Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). - -### Platform Integrators -If you integrate Mbed TLS with a platform or hardware drivers: -- TF-PSA-Crypto is now a submodule, update integration scripts to initialize submodules recursively. -- The PSA driver wrapper is now generated in TF-PSA-Crypto. -- Platform-specific configuration are now handled in `crypto_config.h`. -- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. - -## Compile-time configuration - -### Configuration file split - -All configuration options that are relevant to TF-PSA-Crypto must now be configured in one of its configuration files, namely: - -* `TF_PSA_CRYPTO_CONFIG_FILE`, if set on the preprocessor command line; -* otherwise ``; -* additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. - -Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, plus `MBEDTLS_USER_CONFIG_FILE` if it is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. - -Generally speaking, the options that must be configured in TF-PSA-Crypto are: - -* options related to platform settings; -* options related to the choice of cryptographic mechanisms included in the build; -* options related to the inner workings of cryptographic mechanisms, such as size/memory/performance compromises; -* options related to crypto-adjacent features, such as ASN.1 and Base64. - -See `include/psa/crypto_config.h` in TF-PSA-Crypto and `include/mbedtls/mbedtls_config.h` in Mbed TLS for details. - -Notably, `` is no longer limited to `PSA_WANT_xxx` options. - -Note that many options related to cryptography have changed; see the TF-PSA-Crypto migration guide for details. - -### Split of `build_info.h` and `version.h` - -The header file ``, which includes the configuration file and provides the adjusted configuration macros, now has an similar file `` in TF-PSA-Crypto. The Mbed TLS header includes the TF-PSA-Crypto header, so including `` remains sufficient to obtain information about the crypto configuration. - -TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. - -### Removal of `check_config.h` - -The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. - -### Changes to TLS options - -#### Enabling null cipher suites - -The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTLS_CIPHER_NULL_CIPHER` to `MBEDTLS_SSL_NULL_CIPHERSUITES`. It remains disabled in the default configuration. - -#### Removal of backward compatibility options - -The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. - -## PSA as the only cryptography API - -The PSA API is now the only API for cryptographic primitives. - -### Impact on application code - -The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. - -`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. - -A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. - -### No random generator instantiation - -Formerly, applications using TLS, asymmetric cryptography operations involving a private key, or other features needing random numbers, needed to provide a random generator, generally by instantiating an entropy context (`mbedtls_entropy_context`) and a DRBG context (`mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`). This is no longer necessary, or possible. All features that require a random generator (RNG) now use the one provided by the PSA subsystem. - -Instead, applications that use random generators or keys (even public keys) need to call `psa_crypto_init()` before any cryptographic operation or key management operation. - -See also [function prototype changes](#function-prototype-changes), many of which are related to the move from RNG callbacks to a global RNG. - -### Impact on the library configuration - -Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. - -## Private declarations - -Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. - -### Understanding private declarations in public headers - -In Mbed TLS 4.x, private elements in header files include: - -* Anything appearing in a header file whose path contains `/private` (unless re-exported and documented in another non-private header). -* Structure and union fields declared with `MBEDTLS_PRIVATE(field_name)` in the source code, and appearing as `private_field_name` in the rendered documentation. (This was already the case since Mbed TLS 3.0.) -* Any preprocessor macro that is not documented with a Doxygen comment. - In the source code, Doxygen comments start with `/**` or `/*!`. If a macro only has a comment above that starts with `/*`, the macro is considered private. - In the rendered documentation, private macros appear with only an automatically rendered parameter list, value and location, but no custom text. -* Any declaration that is guarded by the preprocessor macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`. - -### Usage of private declarations - -Some private declarations are present in public headers for technical reasons, because they need to be visible to the compiler. Others are present for historical reasons and may be cleaned up in later versions of the library. We strongly recommend against relying on these declarations, since they may be removed or may have their semantics changed without notice. - -Note that Mbed TLS 4.0 still relies on some private interfaces of TF-PSA-Crypto 1.0. We expect to remove this reliance gradually in future minor releases. - -Sample programs have not been fully updated yet and some of them might still -use APIs that are no longer public. You can recognize them by the fact that they -define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or -`MBEDTLS_ALLOW_PRIVATE_ACCESS`) at the very top (before including headers). When -you see one of these two macros in a sample program, be aware it has not been -updated and parts of it do not demonstrate current practice. - -We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or -`MBEDTLS_ALLOW_PRIVATE_ACCESS` in your own application. If you do so, your code -may not compile or work with future minor releases. If there's something you -want to do that you feel can only be achieved by using one of these two macros, -please reach out on github or the mailing list. - -## Error codes - -### Unified error code space - -The convention still applies that functions return 0 for success and a negative value between -32767 and -1 on error. PSA functions (`psa_xxx()` or `mbedtls_psa_xxx()`) still return a `PSA_ERROR_xxx` error codes. Non-PSA functions (`mbedtls_xxx()` excluding `mbedtls_psa_xxx()`) can return either `PSA_ERROR_xxx` or `MBEDTLS_ERR_xxx` error codes. - -There may be cases where an `MBEDTLS_ERR_xxx` constant has the same numerical value as a `PSA_ERROR_xxx`. In such cases, they have the same meaning: they are different names for the same error condition. - -### Simplified legacy error codes - -All values returned by a function to indicate an error now have a defined constant named `MBEDTLS_ERR_xxx` or `PSA_ERROR_xxx`. Functions no longer return the sum of a “low-level” and a “high-level” error code. - -Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. - -As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_level_strerr()` no longer exist. - -### Removed error code names - -Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. - -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | -|-----------------------------------------|---------------------------------| -| `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | -| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | -| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL` | `PSA_ERROR_INVALID_SIGNATURE` | -| `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | - -See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. - -## Removal of deprecated functions - -### Removal of deprecated X.509 functions - -The deprecated function `mbedtls_x509write_crt_set_serial()` has been removed. The function was superseded by `mbedtls_x509write_crt_set_serial_raw()`. - -### Removal of deprecated SSL functions - -The deprecated function `mbedtls_ssl_conf_curves()` has been removed. -The function was superseded by `mbedtls_ssl_conf_groups()`. - -### Removal of `compat-2.x.h` - -The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. - -## Removed features - -### Removal of obsolete key exchanges methods in (D)TLS 1.2 - -Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. - -Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). - -That is, the following key exchange types are no longer supported: - -* RSA-PSK; -* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); -* DHE-PSK (except in TLS 1.3); -* DHE-RSA (except in TLS 1.3). -* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported). - -The full list of removed cipher suites is: - -``` -TLS-DHE-PSK-WITH-AES-128-CBC-SHA -TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 -TLS-DHE-PSK-WITH-AES-128-CCM -TLS-DHE-PSK-WITH-AES-128-CCM-8 -TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 -TLS-DHE-PSK-WITH-AES-256-CBC-SHA -TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 -TLS-DHE-PSK-WITH-AES-256-CCM -TLS-DHE-PSK-WITH-AES-256-CCM-8 -TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 -TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 -TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 -TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 -TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 -TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 -TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 -TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 -TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 -TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 -TLS-DHE-PSK-WITH-NULL-SHA -TLS-DHE-PSK-WITH-NULL-SHA256 -TLS-DHE-PSK-WITH-NULL-SHA384 -TLS-DHE-RSA-WITH-AES-128-CBC-SHA -TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 -TLS-DHE-RSA-WITH-AES-128-CCM -TLS-DHE-RSA-WITH-AES-128-CCM-8 -TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 -TLS-DHE-RSA-WITH-AES-256-CBC-SHA -TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 -TLS-DHE-RSA-WITH-AES-256-CCM -TLS-DHE-RSA-WITH-AES-256-CCM-8 -TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 -TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA -TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA -TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-NULL-SHA -TLS-ECDH-RSA-WITH-AES-128-CBC-SHA -TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-AES-256-CBC-SHA -TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-NULL-SHA -TLS-RSA-PSK-WITH-AES-128-CBC-SHA -TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 -TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 -TLS-RSA-PSK-WITH-AES-256-CBC-SHA -TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 -TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 -TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 -TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 -TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 -TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 -TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 -TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 -TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 -TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 -TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 -TLS-RSA-PSK-WITH-NULL-SHA -TLS-RSA-PSK-WITH-NULL-SHA256 -TLS-RSA-PSK-WITH-NULL-SHA384 -TLS-RSA-WITH-AES-128-CBC-SHA -TLS-RSA-WITH-AES-128-CBC-SHA256 -TLS-RSA-WITH-AES-128-CCM -TLS-RSA-WITH-AES-128-CCM-8 -TLS-RSA-WITH-AES-128-GCM-SHA256 -TLS-RSA-WITH-AES-256-CBC-SHA -TLS-RSA-WITH-AES-256-CBC-SHA256 -TLS-RSA-WITH-AES-256-CCM -TLS-RSA-WITH-AES-256-CCM-8 -TLS-RSA-WITH-AES-256-GCM-SHA384 -TLS-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-RSA-WITH-CAMELLIA-128-CBC-SHA -TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-RSA-WITH-CAMELLIA-256-CBC-SHA -TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 -TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-RSA-WITH-NULL-MD5 -TLS-RSA-WITH-NULL-SHA -TLS-RSA-WITH-NULL-SHA256 -``` - -As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: - -``` -mbedtls_ssl_conf_dh_param_bin() -mbedtls_ssl_conf_dh_param_ctx() -mbedtls_ssl_conf_dhm_min_bitlen() -``` - -### Removal of elliptic curves - -Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS. - -### Removal of deprecated functions - -The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. - -The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. - -## Function prototype changes - -A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. - -### Public functions no longer take a RNG callback - -Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. - -### RNG removal in X.509 - -The following function prototypes have been changed in `mbedtls/x509_crt.h`: - -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); - -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -``` - -The following function prototypes have been changed in `mbedtls/x509_csr.h`: -```c -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); - -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); -``` - -### RNG removal in SSL - -The following function prototype has been changed in `mbedtls/ssl_cookie.h`: - -```c -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); -``` - -### Removal of `mbedtls_ssl_conf_rng` - -`mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. - -### Changes to mbedtls_ssl_ticket_setup - -In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments. - -The prototype in `mbedtls/ssl_ticket.h` has changed from - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - mbedtls_f_rng_t *f_rng, void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime); -``` - -to - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, - uint32_t lifetime); -``` - -## OID module - -The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. - -Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_()` and `mbedtls_oid_get_oid_by_()`). - -The header `` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509. diff --git a/docs/Makefile b/docs/Makefile deleted file mode 100644 index 47510f984d..0000000000 --- a/docs/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# Minimal makefile for Sphinx documentation -# - -# You can set these variables from the command line, and also -# from the environment for the first two. -SPHINXOPTS ?= -SPHINXBUILD ?= sphinx-build -SOURCEDIR = . -BUILDDIR = _build - -# Put it first so that "make" without argument is like "make help". -help: - @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) - -.PHONY: help clean apidoc breathe_apidoc Makefile - -# Intercept the 'clean' target so we can do the right thing for apidoc as well -clean: - @# Clean the apidoc - $(MAKE) -C .. apidoc_clean - @# Clean the breathe-apidoc generated files - rm -rf ./api - @# Clean the sphinx docs - @$(SPHINXBUILD) -M clean "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) - -apidoc: - @# Generate doxygen from source using the main Makefile - $(MAKE) -C .. apidoc - -breathe_apidoc: apidoc - @# Remove existing files - breathe-apidoc skips them if they're present - rm -rf ./api - @# Generate RST file structure with breathe-apidoc - breathe-apidoc -o ./api ../apidoc/xml - -# Catch-all target: route all unknown targets to Sphinx using the new -# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). -%: Makefile breathe_apidoc - @# Build the relevant target with sphinx - @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile deleted file mode 100644 index 5bee504c29..0000000000 --- a/docs/architecture/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -PANDOC = pandoc - -default: all - -all_markdown = $(wildcard *.md */*.md) - -html: $(all_markdown:.md=.html) -pdf: $(all_markdown:.md=.pdf) -all: html pdf - -.SUFFIXES: -.SUFFIXES: .md .html .pdf - -.md.html: - $(PANDOC) -o $@ $< -.md.pdf: - $(PANDOC) -o $@ $< - -clean: - rm -f *.html *.pdf - rm -f testing/*.html testing/*.pdf diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh deleted file mode 100755 index e1a5f0999d..0000000000 --- a/docs/architecture/psa-migration/outcome-analysis.sh +++ /dev/null @@ -1,139 +0,0 @@ -#!/bin/sh - -# This script runs tests before and after a PR and analyzes the results in -# order to highlight any difference in the set of tests skipped. -# -# It can be used to check for unintended consequences when making non-trivial -# changes to compile time guards: the sets of tests skipped in the default -# config and the full config must be the same before and after the PR. -# -# USAGE: -# - First, commit any uncommited changes. (Also, see warning below.) -# - Then launch --> [SKIP_SSL_OPT=1] docs/architecture/psa-migration/outcome-analysis.sh -# - SKIP_SSL_OPT=1 can optionally be set to skip ssl-opt.sh tests -# -# WARNING: this script checks out a commit other than the head of the current -# branch; it checks out the current branch again when running successfully, -# but while the script is running, or if it terminates early in error, you -# should be aware that you might be at a different commit than expected. -# -# NOTE: you can comment out parts that don't need to be re-done when -# re-running this script (for example "get numbers before this PR"). - -set -eu - -: ${SKIP_SSL_OPT:=0} - -cleanup() { - make clean - git checkout -- include/mbedtls/mbedtls_config.h tf-psa-crypto/include/psa/crypto_config.h -} - -record() { - export MBEDTLS_TEST_OUTCOME_FILE="$PWD/outcome-$1.csv" - rm -f $MBEDTLS_TEST_OUTCOME_FILE - - make check - - if [ $SKIP_SSL_OPT -eq 0 ]; then - make -C programs ssl/ssl_server2 ssl/ssl_client2 \ - test/udp_proxy test/query_compile_time_config - tests/ssl-opt.sh - fi -} - -# save current HEAD. -# Note: this can optionally be updated to -# HEAD=$(git branch --show-current) -# when using a Git version above 2.22 -HEAD=$(git rev-parse --abbrev-ref HEAD) - -# get the numbers before this PR for default and full -cleanup -git checkout $(git merge-base HEAD development) - -record "before-default" - -cleanup - -scripts/config.py full -record "before-full" - -# get the numbers now for default and full -cleanup -git checkout $HEAD - -record "after-default" - -cleanup - -scripts/config.py full -record "after-full" - -cleanup - -# analysis - -populate_suites () { - SUITES='' - make generated_files >/dev/null - data_files=$(cd tests/suites && echo *.data) - for data in $data_files; do - suite=${data%.data} - SUITES="$SUITES $suite" - done - make neat - - if [ $SKIP_SSL_OPT -eq 0 ]; then - SUITES="$SUITES ssl-opt" - extra_files=$(cd tests/opt-testcases && echo *.sh) - for extra in $extra_files; do - suite=${extra%.sh} - SUITES="$SUITES $suite" - done - fi -} - -compare_suite () { - ref="outcome-$1.csv" - new="outcome-$2.csv" - suite="$3" - - pattern_suite=";$suite;" - total=$(grep -c "$pattern_suite" "$ref") - sed_cmd="s/^.*$pattern_suite\(.*\);SKIP.*/\1/p" - sed -n "$sed_cmd" "$ref" > skipped-ref - sed -n "$sed_cmd" "$new" > skipped-new - nb_ref=$(wc -l %4d\n" \ - $name $total $nb_ref $nb_new - if diff skipped-ref skipped-new | grep '^> '; then - ret=1 - else - ret=0 - fi - rm skipped-ref skipped-new - return $ret -} - -compare_builds () { - printf "\n*** Comparing $1 -> $2 ***\n" - failed='' - for suite in $SUITES; do - if compare_suite "$1" "$2" "$suite"; then :; else - failed="$failed $suite" - fi - done - if [ -z "$failed" ]; then - printf "No coverage gap found.\n" - else - printf "Suites with less coverage:%s\n" "$failed" - fi -} - -populate_suites -compare_builds before-default after-default -compare_builds before-full after-full diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md deleted file mode 100644 index 8f6b606db6..0000000000 --- a/docs/architecture/psa-migration/psa-limitations.md +++ /dev/null @@ -1,338 +0,0 @@ -This document lists current limitations of the PSA Crypto API (as of version -1.1) that may impact our ability to (1) use it for all crypto operations in -TLS and X.509 and (2) support isolation of all long-term secrets in TLS (that -is, goals G1 and G2 in -[strategy.md](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/architecture/psa-migration/strategy.md)). - -This is supposed to be a complete list, based on a exhaustive review of crypto -operations done in TLS and X.509 code, but of course it's still possible that -subtle-but-important issues have been missed. The only way to be really sure -is, of course, to actually do the migration work. - -Limitations relevant for G1 (performing crypto operations) -========================================================== - -Restartable (aka interruptible) ECC operations ----------------------------------------------- - -Support for interruptible ECDSA sign/verify was added to PSA in Mbed TLS 3.4. -However, support for interruptible ECDH is not present yet. Also, PK, X.509 and -TLS have not yet been adapted to take advantage of the new PSA APIs. See: -- ; -- ; -- . - -Currently, when `MBEDTLS_ECP_RESTARTABLE` is enabled, some operations that -should be restartable are not (ECDH in TLS 1.2 clients using ECDHE-ECDSA), as -they are using PSA instead, and some operations that should use PSA do not -(signature generation & verification) as they use the legacy API instead, in -order to get restartable behaviour. - -Things that are in the API but not implemented yet --------------------------------------------------- - -PSA Crypto has an API for FFDH, but it's not implemented in Mbed TLS yet. -(Regarding FFDH, see the next section as well.) See issue [3261][ffdh] on -github. - -[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261 - -Arbitrary parameters for FFDH ------------------------------ - -(See also the first paragraph in the previous section.) - -Currently, the PSA Crypto API can only perform FFDH with a limited set of -well-known parameters (some of them defined in the spec, but implementations -are free to extend that set). - -TLS 1.2 (and earlier) on the other hand have the server send explicit -parameters (P and G) in its ServerKeyExchange message. This has been found to -be suboptimal for security, as it is prohibitively hard for the client to -verify the strength of these parameters. This led to the development of RFC -7919 which allows use of named groups in TLS 1.2 - however as this is only an -extension, servers can still send custom parameters if they don't support the -extension. - -In TLS 1.3 the situation will be simpler: named groups are the only -option, so the current PSA Crypto API is a good match for that. (Not -coincidentally, all the groups used by RFC 7919 and TLS 1.3 are included -in the PSA specification.) - -There are several options here: - -1. Implement support for custom FFDH parameters in PSA Crypto: this would pose - non-trivial API design problem, but most importantly seems backwards, as -the crypto community is moving away from custom FFDH parameters. (Could be -done any time.) -2. Drop the DHE-RSA and DHE-PSK key exchanges in TLS 1.2 when moving to PSA. - (For people who want some algorithmic variety in case ECC collapses, FFDH -would still be available in TLS 1.3, just not in 1.2.) (Can only be done in -4.0 or another major version.) -3. Variant of the precedent: only drop client-side support. Server-side is - easy to support in terms of API/protocol, as the server picks the -parameters: we just need remove the existing `mbedtls_ssl_conf_dh_param_xxx()` -APIs and tell people to use `mbedtls_ssl_conf_groups()` instead. (Can only be -done in 4.0 or another major version.) -4. Implement RFC 7919, support DHE-RSA and DHE-PSK only in conjunction with it - when moving to PSA. Server-side would work as above; unfortunately -client-side the only option is to offer named groups and break the handshake -if the server didn't take on our offer. This is not fully satisfying, but is -perhaps the least unsatisfying option in terms of result; it's also probably -the one that requires the most work, but it would deliver value beyond PSA -migration by implementing RFC 7919. (Implementing RFC 7919 could be done any -time; making it mandatory can only be done in 4.0 or another major version.) - -As of early 2023, the plan is to go with option 2 in Mbed TLS 4.0, which has -been announced on the mailing-list and got no push-back, see -. - -RSA-PSS parameters ------------------- - -RSA-PSS signatures are defined by PKCS#1 v2, re-published as RFC 8017 -(previously RFC 3447). - -As standardized, the signature scheme takes several parameters, in addition to -the hash algorithm potentially used to hash the message being signed: -- a hash algorithm used for the encoding function -- a mask generation function - - most commonly MGF1, which in turn is parametrized by a hash algorithm -- a salt length -- a trailer field - the value is fixed to 0xBC by PKCS#1 v2.1, but was left - configurable in the original scheme; 0xBC is used everywhere in practice. - -Both the existing `mbedtls_` API and the PSA API support only MGF1 as the -generation function (and only 0xBC as the trailer field), but there are -discrepancies in handling the salt length and which of the various hash -algorithms can differ from each other. - -### API comparison - -- RSA: - - signature: `mbedtls_rsa_rsassa_pss_sign()` - - message hashed externally - - encoding hash = MGF1 hash (from context, or argument = message hash) - - salt length: always using the maximum legal value - - signature: `mbedtls_rsa_rsassa_pss_sign_ext()` - - message hashed externally - - encoding hash = MGF1 hash (from context, or argument = message hash) - - salt length: specified explicitly - - verification: `mbedtls_rsassa_pss_verify()` - - message hashed externally - - encoding hash = MGF1 hash (from context, or argument = message hash) - - salt length: any valid length accepted - - verification: `mbedtls_rsassa_pss_verify_ext()` - - message hashed externally - - encoding hash = MGF1 hash from dedicated argument - - expected salt length: specified explicitly, can specify "ANY" -- PK: - - signature: not supported - - verification: `mbedtls_pk_verify_ext()` - - message hashed externally - - encoding hash = MGF1 hash, specified explicitly - - expected salt length: specified explicitly, can specify "ANY" -- PSA: - - algorithm specification: - - hash alg used for message hashing, encoding and MGF1 - - salt length can be either "standard" (<= hashlen, see note) or "any" - - signature generation: - - salt length: always <= hashlen (see note) and random salt - - verification: - - salt length: either <= hashlen (see note), or any depending on algorithm - -Note: above, "<= hashlen" means that hashlen is used if possible, but if it -doesn't fit because the key is too short, then the maximum length that fits is -used. - -The RSA/PK API is in principle more flexible than the PSA Crypto API. The -following sub-sections study whether and how this matters in practice. - -### Use in X.509 - -RFC 4055 Section 3.1 defines the encoding of RSA-PSS that's used in X.509. -It allows independently specifying the message hash (also used for encoding -hash), the MGF (and its hash if MGF1 is used), and the salt length (plus an -extra parameter "trailer field" that doesn't vary in practice"). These can be -encoded as part of the key, and of the signature. If both encoding are -presents, all values must match except possibly for the salt length, where the -value from the signature parameters is used. - -In Mbed TLS, RSA-PSS parameters can be parsed and displayed for various -objects (certificates, CRLs, CSRs). During parsing, the following properties -are enforced: -- the extra "trailer field" parameter must have its default value -- the mask generation function is MGF1 -- encoding hash = message hashing algorithm (may differ from MGF1 hash) - -When it comes to cryptographic operations, only two things are supported: -- verifying the signature on a certificate from its parent; -- verifying the signature on a CRL from the issuing CA. - -The verification is done using `mbedtls_pk_verify_ext()`. - -Note: since X.509 parsing ensures that message hash = encoding hash, and -`mbedtls_pk_verify_ext()` uses encoding hash = mgf1 hash, it looks like all -three hash algorithms must be equal, which would be good news as it would -match a limitation of the PSA API. - -It is unclear what parameters people use in practice. It looks like by default -OpenSSL picks saltlen = keylen - hashlen - 2 (tested with openssl 1.1.1f). -The `certtool` command provided by GnuTLS seems to be picking saltlen = hashlen -by default (tested with GnuTLS 3.6.13). FIPS 186-4 requires 0 <= saltlen <= -hashlen. - -### Use in TLS - -In TLS 1.2 (or lower), RSA-PSS signatures are never used, except via X.509. - -In TLS 1.3, RSA-PSS signatures can be used directly in the protocol (in -addition to indirect use via X.509). It has two sets of three signature -algorithm identifiers (for SHA-256, SHA-384 and SHA-512), depending of what -the OID of the public key is (rsaEncryption or RSASSA-PSS). - -In both cases, it specifies that: -- the mask generation function is MGF1 -- all three hashes are equal -- the length of the salt MUST be equal to the length of the digest algorithm - -When signing, the salt length picked by PSA is the one required by TLS 1.3 -(unless the key is unreasonably small). - -When verifying signatures, PSA will by default enforce the salt len is the one -required by TLS 1.3. - -### Current testing - X509 - -All test files use the default trailer field of 0xBC, as enforced by our -parser. (There's a negative test for that using the -`x509_parse_rsassa_pss_params` test function and hex data.) - -Files with "bad" in the name are expected to be invalid and rejected in tests. - -**Test certificates:** - -server9-bad-mgfhash.crt (announcing mgf1(sha224), signed with another mgf) - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0xDE -server9-bad-saltlen.crt (announcing saltlen = 0xDE, signed with another len) - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0xDE -server9-badsign.crt (one bit flipped in the signature) - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -server9-defaults.crt - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0x14 (default) -server9-sha224.crt - Hash Algorithm: sha224 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0xE2 -server9-sha256.crt - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0xDE -server9-sha384.crt - Hash Algorithm: sha384 - Mask Algorithm: mgf1 with sha384 - Salt Length: 0xCE -server9-sha512.crt - Hash Algorithm: sha512 - Mask Algorithm: mgf1 with sha512 - Salt Length: 0xBE -server9-with-ca.crt - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -server9.crt - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA - -These certificates are signed with a 2048-bit key. It appears that they are -all using saltlen = keylen - hashlen - 2, except for server9-defaults which is -using saltlen = hashlen. - -**Test CRLs:** - -crl-rsa-pss-sha1-badsign.pem - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -crl-rsa-pss-sha1.pem - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0xEA -crl-rsa-pss-sha224.pem - Hash Algorithm: sha224 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0xE2 -crl-rsa-pss-sha256.pem - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0xDE -crl-rsa-pss-sha384.pem - Hash Algorithm: sha384 - Mask Algorithm: mgf1 with sha384 - Salt Length: 0xCE -crl-rsa-pss-sha512.pem - Hash Algorithm: sha512 - Mask Algorithm: mgf1 with sha512 - Salt Length: 0xBE - -These CRLs are signed with a 2048-bit key. It appears that they are -all using saltlen = keylen - hashlen - 2. - -**Test CSRs:** - -server9.req.sha1 - Hash Algorithm: sha1 (default) - Mask Algorithm: mgf1 with sha1 (default) - Salt Length: 0x6A -server9.req.sha224 - Hash Algorithm: sha224 - Mask Algorithm: mgf1 with sha224 - Salt Length: 0x62 -server9.req.sha256 - Hash Algorithm: sha256 - Mask Algorithm: mgf1 with sha256 - Salt Length: 0x5E -server9.req.sha384 - Hash Algorithm: sha384 - Mask Algorithm: mgf1 with sha384 - Salt Length: 0x4E -server9.req.sha512 - Hash Algorithm: sha512 - Mask Algorithm: mgf1 with sha512 - Salt Length: 0x3E - -These CSRs are signed with a 2048-bit key. It appears that they are -all using saltlen = keylen - hashlen - 2. - -### Possible courses of action - -There's no question about what to do with TLS (any version); the only question -is about X.509 signature verification. Options include: - -1. Doing all verifications with `PSA_ALG_RSA_PSS_ANY_SALT` - while this - wouldn't cause a concrete security issue, this would be non-compliant. -2. Doing verifications with `PSA_ALG_RSA_PSS` when we're lucky and the encoded - saltlen happens to match hashlen, and falling back to `ANY_SALT` otherwise. -Same issue as with the previous point, except more contained. -3. Reject all certificates with saltlen != hashlen. This includes all - certificates generated with OpenSSL using the default parameters, so it's -probably not acceptable. -4. Request an extension to the PSA Crypto API and use one of the above options - in the meantime. Such an extension seems inconvenient and not motivated by -strong security arguments, so it's unclear whether it would be accepted. - -Since Mbed TLS 3.4, option 1 is implemented. - -Limitations relevant for G2 (isolation of long-term secrets) -============================================================ - -Currently none. diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh deleted file mode 100755 index 0fc55dd8cd..0000000000 --- a/docs/architecture/psa-migration/syms.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Show external links in built libraries (X509 or TLS) or modules. This is -# usually done to list Crypto dependencies or to check modules' -# interdependencies. -# -# Usage: -# - build the library with debug symbols and the config you're interested in -# (default, full, etc.) -# - launch this script with 1 or more arguments depending on the analysis' goal: -# - if only 1 argument is used (which is the name of the used config, -# ex: full), then the analysis is done on libmbedx509 and libmbedtls -# libraries by default -# - if multiple arguments are provided, then modules' names (ex: pk, -# pkparse, pkwrite, etc) are expected after the 1st one and the analysis -# will be done on those modules instead of the libraries. - -set -eu - -# list mbedtls_ symbols of a given type in a static library -syms() { - TYPE="$1" - FILE="$2" - - nm "$FILE" | sed -n "s/[0-9a-f ]*${TYPE} \(mbedtls_.*\)/\1/p" | sort -u -} - -# Check if the provided name refers to a module or library and return the -# same path with proper extension -get_file_with_extension() { - BASE=$1 - if [ -f $BASE.o ]; then - echo $BASE.o - elif [ -f $BASE.a ]; then - echo $BASE.a - fi -} - -# create listings for the given library -list() { - NAME="$1" - FILE=$(get_file_with_extension "library/${NAME}") - PREF="${CONFIG}-$NAME" - - syms '[TRrD]' $FILE > ${PREF}-defined - syms U $FILE > ${PREF}-unresolved - - diff ${PREF}-defined ${PREF}-unresolved \ - | sed -n 's/^> //p' > ${PREF}-external - sed 's/mbedtls_\([^_]*\).*/\1/' ${PREF}-external \ - | uniq -c | sort -rn > ${PREF}-modules - - rm ${PREF}-defined ${PREF}-unresolved -} - -CONFIG="${1:-unknown}" - -# List of modules to check is provided as parameters -if [ $# -gt 1 ]; then - shift 1 - ITEMS_TO_CHECK="$@" -else - ITEMS_TO_CHECK="libmbedx509 libmbedtls" -fi - -for ITEM in $ITEMS_TO_CHECK; do - list $ITEM -done diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md deleted file mode 100644 index bf8d631d79..0000000000 --- a/docs/architecture/testing/invasive-testing.md +++ /dev/null @@ -1,367 +0,0 @@ -# Mbed TLS invasive testing strategy - -## Introduction - -In Mbed TLS, we use black-box testing as much as possible: test the documented behavior of the product, in a realistic environment. However this is not always sufficient. - -The goal of this document is to identify areas where black-box testing is insufficient and to propose solutions. - -This is a test strategy document, not a test plan. A description of exactly what is tested is out of scope. - -This document is structured as follows: - -* [“Rules”](#rules) gives general rules and is written for brevity. -* [“Requirements”](#requirements) explores the reasons why invasive testing is needed and how it should be done. -* [“Possible approaches”](#possible-approaches) discusses some general methods for non-black-box testing. -* [“Solutions”](#solutions) explains how we currently solve, or intend to solve, specific problems. - -### TLS - -This document currently focuses on data structure manipulation and storage, which is what the crypto/keystore and X.509 parts of the library are about. More work is needed to fully take TLS into account. - -## Rules - -Always follow these rules unless you have a good reason not to. If you deviate, document the rationale somewhere. - -See the section [“Possible approaches”](#possible-approaches) for a rationale. - -### Interface design for testing - -Do not add test-specific interfaces if there's a practical way of doing it another way. All public interfaces should be useful in at least some configurations. Features with a significant impact on the code size or attack surface should have a compile-time guard. - -### Reliance on internal details - -In unit tests and in test programs, it's ok to include internal header files from `library/`. Do not define non-public interfaces in public headers. In contrast, sample programs must not include header files from `library/`. - -Sometimes it makes sense to have unit tests on functions that aren't part of the public API. Declare such functions in `library/*.h` and include the corresponding header in the test code. If the function should be `static` for optimization but can't be `static` for testing, declare it as `MBEDTLS_STATIC_TESTABLE`, and make the tests that use it depend on `MBEDTLS_TEST_HOOKS` (see [“rules for compile-time options”](#rules-for-compile-time-options)). - -If test code or test data depends on internal details of the library and not just on its documented behavior, add a comment in the code that explains the dependency. For example: - -> ``` -> /* This test file is specific to the ITS implementation in PSA Crypto -> * on top of stdio. It expects to know what the stdio name of a file is -> * based on its keystore name. -> */ -> ``` - -> ``` -> # This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes -> # and not expected to be raised any time soon) is less than the maximum -> # output from HKDF-SHA512 (255*64 = 16320 bytes). -> ``` - -### Rules for compile-time options - -If the most practical way to test something is to add code to the product that is only useful for testing, do so, but obey the following rules. For more information, see the [rationale](#guidelines-for-compile-time-options). - -* **Only use test-specific code when necessary.** Anything that can be tested through the documented API must be tested through the documented API. -* **Test-specific code must be guarded by `#if defined(MBEDTLS_TEST_HOOKS)`**. Do not create fine-grained guards for test-specific code. -* **Do not use `MBEDTLS_TEST_HOOKS` for security checks or assertions.** Security checks belong in the product. -* **Merely defining `MBEDTLS_TEST_HOOKS` must not change the behavior**. It may define extra functions. It may add fields to structures, but if so, make it very clear that these fields have no impact on non-test-specific fields. -* **Where tests must be able to change the behavior, do it by function substitution.** See [“rules for function substitution”](#rules-for-function-substitution) for more details. - -#### Rules for function substitution - -This section explains how to replace a library function `mbedtls_foo()` by alternative code for test purposes. That is, library code calls `mbedtls_foo()`, and there is a mechanism to arrange for these calls to invoke different code. - -Often `mbedtls_foo` is a macro which is defined to be a system function (like `mbedtls_calloc` or `mbedtls_fopen`), which we replace to mock or wrap the system function. This is useful to simulate I/O failure, for example. Note that if the macro can be replaced at compile time to support alternative platforms, the test code should be compatible with this compile-time configuration so that it works on these alternative platforms as well. - -Sometimes the substitutable function is a `static inline` function that does nothing (not a macro, to avoid accidentally skipping side effects in its parameters), to provide a hook for test code; such functions should have a name that starts with the prefix `mbedtls_test_hook_`. In such cases, the function should generally not modify its parameters, so any pointer argument should be const. The function should return void. - -With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in the `library` directory such as `psa_crypto_invasive.h`. This is similar to the platform function configuration mechanism with `MBEDTLS_PLATFORM_xxx_ALT`. - -In unit test code that needs to modify the internal behavior: - -* The test function (or the whole test file) must depend on `MBEDTLS_TEST_HOOKS`. -* At the beginning of the test function, set the global function pointers to the desired value. -* In the test function's cleanup code, restore the global function pointers to their default value. - -## Requirements - -### General goals - -We need to balance the following goals, which are sometimes contradictory. - -* Coverage: we need to test behaviors which are not easy to trigger by using the API or which cannot be triggered deterministically, for example I/O failures. -* Correctness: we want to test the actual product, not a modified version, since conclusions drawn from a test of a modified product may not apply to the real product. -* Effacement: the product should not include features that are solely present for test purposes, since these increase the attack surface and the code size. -* Portability: tests should work on every platform. Skipping tests on certain platforms may hide errors that are only apparent on such platforms. -* Maintainability: tests should only enforce the documented behavior of the product, to avoid extra work when the product's internal or implementation-specific behavior changes. We should also not give the impression that whatever the tests check is guaranteed behavior of the product which cannot change in future versions. - -Where those goals conflict, we should at least mitigate the goals that cannot be fulfilled, and document the architectural choices and their rationale. - -### Problem areas - -#### Allocation - -Resource allocation can fail, but rarely does so in a typical test environment. How does the product cope if some allocations fail? - -Resources include: - -* Memory. -* Files in storage (PSA API only — in the Mbed TLS API, black-box unit tests are sufficient). -* Key slots (PSA API only). -* Key slots in a secure element (PSA SE HAL). -* Communication handles (PSA crypto service only). - -#### Storage - -Storage can fail, either due to hardware errors or to active attacks on trusted storage. How does the code cope if some storage accesses fail? - -We also need to test resilience: if the system is reset during an operation, does it restart in a correct state? - -#### Cleanup - -When code should clean up resources, how do we know that they have truly been cleaned up? - -* Zeroization of confidential data after use. -* Freeing memory. -* Freeing key slots. -* Freeing key slots in a secure element. -* Deleting files in storage (PSA API only). - -#### Internal data - -Sometimes it is useful to peek or poke internal data. - -* Check consistency of internal data (e.g. output of key generation). -* Check the format of files (which matters so that the product can still read old files after an upgrade). -* Inject faults and test corruption checks inside the product. - -## Possible approaches - -Key to requirement tables: - -* ++ requirement is fully met -* \+ requirement is mostly met -* ~ requirement is partially met but there are limitations -* ! requirement is somewhat problematic -* !! requirement is very problematic - -### Fine-grained public interfaces - -We can include all the features we want to test in the public interface. Then the tests can be truly black-box. The limitation of this approach is that this requires adding a lot of interfaces that are not useful in production. These interfaces have costs: they increase the code size, the attack surface, and the testing burden (exponentially, because we need to test all these interfaces in combination). - -As a rule, we do not add public interfaces solely for testing purposes. We only add public interfaces if they are also useful in production, at least sometimes. For example, the main purpose of `mbedtls_psa_crypto_free` is to clean up all resources in tests, but this is also useful in production in some applications that only want to use PSA Crypto during part of their lifetime. - -Mbed TLS traditionally has very fine-grained public interfaces, with many platform functions that can be substituted (`MBEDTLS_PLATFORM_xxx` macros). PSA Crypto has more opacity and less platform substitution macros. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Many useful tests are not reasonably achievable | -| Correctness | ++ Ideal | -| Effacement | !! Requires adding many otherwise-useless interfaces | -| Portability | ++ Ideal; the additional interfaces may be useful for portability beyond testing | -| Maintainability | !! Combinatorial explosion on the testing burden | -| | ! Public interfaces must remain for backward compatibility even if the test architecture changes | - -### Fine-grained undocumented interfaces - -We can include all the features we want to test in undocumented interfaces. Undocumented interfaces are described in public headers for the sake of the C compiler, but are described as “do not use” in comments (or not described at all) and are not included in Doxygen-rendered documentation. This mitigates some of the downsides of [fine-grained public interfaces](#fine-grained-public-interfaces), but not all. In particular, the extra interfaces do increase the code size, the attack surface and the test surface. - -Mbed TLS traditionally has a few internal interfaces, mostly intended for cross-module abstraction leakage rather than for testing. For the PSA API, we favor [internal interfaces](#internal-interfaces). - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Many useful tests are not reasonably achievable | -| Correctness | ++ Ideal | -| Effacement | !! Requires adding many otherwise-useless interfaces | -| Portability | ++ Ideal; the additional interfaces may be useful for portability beyond testing | -| Maintainability | ! Combinatorial explosion on the testing burden | - -### Internal interfaces - -We can write tests that call internal functions that are not exposed in the public interfaces. This is nice when it works, because it lets us test the unchanged product without compromising the design of the public interface. - -A limitation is that these interfaces must exist in the first place. If they don't, this has mostly the same downside as public interfaces: the extra interfaces increase the code size and the attack surface for no direct benefit to the product. - -Another limitation is that internal interfaces need to be used correctly. We may accidentally rely on internal details in the tests that are not necessarily always true (for example that are platform-specific). We may accidentally use these internal interfaces in ways that don't correspond to the actual product. - -This approach is mostly portable since it only relies on C interfaces. A limitation is that the test-only interfaces must not be hidden at link time (but link-time hiding is not something we currently do). Another limitation is that this approach does not work for users who patch the library by replacing some modules; this is a secondary concern since we do not officially offer this as a feature. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Many useful tests require additional internal interfaces | -| Correctness | + Does not require a product change | -| | ~ The tests may call internal functions in a way that does not reflect actual usage inside the product | -| Effacement | ++ Fine as long as the internal interfaces aren't added solely for test purposes | -| Portability | + Fine as long as we control how the tests are linked | -| | ~ Doesn't work if the users rewrite an internal module | -| Maintainability | + Tests interfaces that are documented; dependencies in the tests are easily noticed when changing these interfaces | - -### Static analysis - -If we guarantee certain properties through static analysis, we don't need to test them. This puts some constraints on the properties: - -* We need to have confidence in the specification (but we can gain this confidence by evaluating the specification on test data). -* This does not work for platform-dependent properties unless we have a formal model of the platform. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ~ Good for platform-independent properties, if we can guarantee them statically | -| Correctness | + Good as long as we have confidence in the specification | -| Effacement | ++ Zero impact on the code | -| Portability | ++ Zero runtime burden | -| Maintainability | ~ Static analysis is hard, but it's also helpful | - -### Compile-time options - -If there's code that we want to have in the product for testing, but not in production, we can add a compile-time option to enable it. This is very powerful and usually easy to use, but comes with a major downside: we aren't testing the same code anymore. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ++ Most things can be tested that way | -| Correctness | ! Difficult to ensure that what we test is what we run | -| Effacement | ++ No impact on the product when built normally or on the documentation, if done right | -| | ! Risk of getting “no impact” wrong | -| Portability | ++ It's just C code so it works everywhere | -| | ~ Doesn't work if the users rewrite an internal module | -| Maintainability | + Test interfaces impact the product source code, but at least they're clearly marked as such in the code | - -#### Guidelines for compile-time options - -* **Minimize the number of compile-time options.**
- Either we're testing or we're not. Fine-grained options for testing would require more test builds, especially if combinatorics enters the play. -* **Merely enabling the compile-time option should not change the behavior.**
- When building in test mode, the code should have exactly the same behavior. Changing the behavior should require some action at runtime (calling a function or changing a variable). -* **Minimize the impact on code**.
- We should not have test-specific conditional compilation littered through the code, as that makes the code hard to read. - -### Runtime instrumentation - -Some properties can be tested through runtime instrumentation: have the compiler or a similar tool inject something into the binary. - -* Sanitizers check for certain bad usage patterns (ASan, MSan, UBSan, Valgrind). -* We can inject external libraries at link time. This can be a way to make system functions fail. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ! Limited scope | -| Correctness | + Instrumentation generally does not affect the program's functional behavior | -| Effacement | ++ Zero impact on the code | -| Portability | ~ Depends on the method | -| Maintainability | ~ Depending on the instrumentation, this may require additional builds and scripts | -| | + Many properties come for free, but some require effort (e.g. the test code itself must be leak-free to avoid false positives in a leak detector) | - -### Debugger-based testing - -If we want to do something in a test that the product isn't capable of doing, we can use a debugger to read or modify the memory, or hook into the code at arbitrary points. - -This is a very powerful approach, but it comes with limitations: - -* The debugger may introduce behavior changes (e.g. timing). If we modify data structures in memory, we may do so in a way that the code doesn't expect. -* Due to compiler optimizations, the memory may not have the layout that we expect. -* Writing reliable debugger scripts is hard. We need to have confidence that we're testing what we mean to test, even in the face of compiler optimizations. Languages such as gdb make it hard to automate even relatively simple things such as finding the place(s) in the binary corresponding to some place in the source code. -* Debugger scripts are very much non-portable. - -| Requirement | Analysis | -| ----------- | -------- | -| Coverage | ++ The sky is the limit | -| Correctness | ++ The code is unmodified, and tested as compiled (so we even detect compiler-induced bugs) | -| | ! Compiler optimizations may hinder | -| | ~ Modifying the execution may introduce divergence | -| Effacement | ++ Zero impact on the code | -| Portability | !! Not all environments have a debugger, and even if they do, we'd need completely different scripts for every debugger | -| Maintainability | ! Writing reliable debugger scripts is hard | -| | !! Very tight coupling with the details of the source code and even with the compiler | - -## Solutions - -This section lists some strategies that are currently used for invasive testing, or planned to be used. This list is not intended to be exhaustive. - -### Memory management - -#### Zeroization testing - -Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer. - -Solution ([debugger](#debugger-based-testing)): implemented in `framework/tests/programs/test_zeroize.gdb`. - -Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away. - -#### Memory cleanup - -Goal: test the absence of memory leaks. - -Solution ([instrumentation](#runtime-instrumentation)): run tests with ASan. (We also use Valgrind, but it's slower than ASan, so we favor ASan.) - -Since we run many test jobs with a memory leak detector, each test function or test program must clean up after itself. Use the cleanup code (after the `exit` label in test functions) to free any memory that the function may have allocated. - -#### Robustness against memory allocation failure - -Solution: TODO. We don't test this at all at this point. - -#### PSA key store memory cleanup - -Goal: test the absence of resource leaks in the PSA key store code, in particular that `psa_close_key` and `psa_destroy_key` work correctly. - -Solution ([internal interface](#internal-interfaces)): in most tests involving PSA functions, the cleanup code explicitly calls `PSA_DONE()` instead of `mbedtls_psa_crypto_free()`. `PSA_DONE` fails the test if the key store in memory is not empty. - -Note there must also be tests that call `mbedtls_psa_crypto_free` with keys still open, to verify that it does close all keys. - -`PSA_DONE` is a macro defined in `psa_crypto_helpers.h` which uses `mbedtls_psa_get_stats()` to get information about the keystore content before calling `mbedtls_psa_crypto_free()`. This feature is mostly but not exclusively useful for testing, and may be moved under `MBEDTLS_TEST_HOOKS`. - -### PSA storage - -#### PSA storage cleanup on success - -Goal: test that no stray files are left over in the key store after a test that succeeded. - -Solution: TODO. Currently the various test suites do it differently. - -#### PSA storage cleanup on failure - -Goal: ensure that no stray files are left over in the key store even if a test has failed (as that could cause other tests to fail). - -Solution: TODO. Currently the various test suites do it differently. - -#### PSA storage resilience - -Goal: test the resilience of PSA storage against power failures. - -Solution: TODO. - -See the [secure element driver interface test strategy](driver-interface-test-strategy.html) for more information. - -#### Corrupted storage - -Goal: test the robustness against corrupted storage. - -Solution ([internal interface](#internal-interfaces)): call `psa_its` functions to modify the storage. - -#### Storage read failure - -Goal: test the robustness against read errors. - -Solution: TODO - -#### Storage write failure - -Goal: test the robustness against write errors (`STORAGE_FAILURE` or `INSUFFICIENT_STORAGE`). - -Solution: TODO - -#### Storage format stability - -Goal: test that the storage format does not change between versions (or if it does, an upgrade path must be provided). - -Solution ([internal interface](#internal-interfaces)): call internal functions to inspect the content of the file. - -Note that the storage format is defined not only by the general layout, but also by the numerical values of encodings for key types and other metadata. For numerical values, there is a risk that we would accidentally modify a single value or a few values, so the tests should be exhaustive. This probably requires some compile-time analysis (perhaps the automation for `psa_constant_names` can be used here). TODO - -### Other fault injection - -#### PSA crypto init failure - -Goal: test the failure of `psa_crypto_init`. - -Solution ([compile-time option](#compile-time-options)): replace entropy initialization functions by functions that can fail. This is the only failure point for `psa_crypto_init` that is present in all builds. - -When we implement the PSA entropy driver interface, this should be reworked to use the entropy driver interface. - -#### PSA crypto data corruption - -The PSA crypto subsystem has a few checks to detect corrupted data in memory. We currently don't have a way to exercise those checks. - -Solution: TODO. To corrupt a multipart operation structure, we can do it by looking inside the structure content, but only when running without isolation. To corrupt the key store, we would need to add a function to the library or to use a debugger. - diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md deleted file mode 100644 index a9e3dac47e..0000000000 --- a/docs/architecture/testing/test-framework.md +++ /dev/null @@ -1,64 +0,0 @@ -# Mbed TLS test framework - -This document is an overview of the Mbed TLS test framework and test tools. - -This document is incomplete. You can help by expanding it. - -## Unit tests - -See - -### Unit test descriptions - -Each test case has a description which succinctly describes for a human audience what the test does. The first non-comment line of each paragraph in a `.data` file is the test description. The following rules and guidelines apply: - -* Test descriptions may not contain semicolons, line breaks and other control characters, or non-ASCII characters.
- Rationale: keep the tools that process test descriptions (`generate_test_code.py`, [outcome file](#outcome-file) tools) simple. -* Test descriptions must be unique within a `.data` file. If you can't think of a better description, the convention is to append `#1`, `#2`, etc.
- Rationale: make it easy to relate a failure log to the test data. Avoid confusion between cases in the [outcome file](#outcome-file). -* Test descriptions should be a maximum of **66 characters**.
- Rationale: 66 characters is what our various tools assume (leaving room for 14 more characters on an 80-column line). Longer descriptions may be truncated or may break a visual alignment.
- We have a lot of test cases with longer descriptions, but they should be avoided. At least please make sure that the first 66 characters describe the test uniquely. -* Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0_len` for the name of a variable used to compute the - length in bytes of the vector, where is the name of the - vector as defined in the TLS 1.3 specification. - - - Use `p__len` for the name of a variable intended to hold - the address of the first byte of the vector length. - - - Use `` for the name of a variable intended to hold the - address of the first byte of the vector value. - - - Use `_end` for the name of a variable intended to hold - the address of the first byte past the vector value. - - Those idioms should lower the risk of mis-using one of the address in place - of another one which could potentially lead to some nasty issues. - - Example: `cipher_suites` vector of ClientHello in - `ssl_tls13_write_client_hello_cipher_suites()` - ``` - size_t cipher_suites_len; - unsigned char *p_cipher_suites_len; - unsigned char *cipher_suites; - ``` - - - Where applicable, use: - - the macros to extract a byte from a multi-byte integer MBEDTLS_BYTE_{0-8}. - - the macros to write in memory in big-endian order a multi-byte integer - MBEDTLS_PUT_UINT{8|16|32|64}_BE. - - the macros to read from memory a multi-byte integer in big-endian order - MBEDTLS_GET_UINT{8|16|32|64}_BE. - - the macro to check for space when writing into an output buffer - `MBEDTLS_SSL_CHK_BUF_PTR`. - - the macro to check for data when reading from an input buffer - `MBEDTLS_SSL_CHK_BUF_READ_PTR`. - - The three first types, MBEDTLS_BYTE_{0-8}, MBEDTLS_PUT_UINT{8|16|32|64}_BE - and MBEDTLS_GET_UINT{8|16|32|64}_BE improve the readability of the code and - reduce the risk of writing or reading bytes in the wrong order. - - The two last types, `MBEDTLS_SSL_CHK_BUF_PTR` and - `MBEDTLS_SSL_CHK_BUF_READ_PTR`, improve the readability of the code and - reduce the risk of error in the non-completely-trivial arithmetic to - check that we do not write or read past the end of a data buffer. The - usage of those macros combined with the following rule mitigate the risk - to read/write past the end of a data buffer. - - Examples: - ``` - hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len ); - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); - ``` - - - To mitigate what happened here - (https://github.com/Mbed-TLS/mbedtls/pull/4882#discussion_r701704527) from - happening again, use always a local variable named `p` for the reading - pointer in functions parsing TLS 1.3 data, and for the writing pointer in - functions writing data into an output buffer and only that variable. The - name `p` has been chosen as it was already widely used in TLS code. - - - When an TLS 1.3 structure is written or read by a function or as part of - a function, provide as documentation the definition of the structure as - it is in the TLS 1.3 specification. - -General coding rules: - - - We prefer grouping "related statement lines" by not adding blank lines - between them. - - Example 1: - ``` - ret = ssl_tls13_write_client_hello_cipher_suites( ssl, buf, end, &output_len ); - if( ret != 0 ) - return( ret ); - buf += output_len; - ``` - - Example 2: - ``` - MBEDTLS_SSL_CHK_BUF_PTR( cipher_suites_iter, end, 2 ); - MBEDTLS_PUT_UINT16_BE( cipher_suite, cipher_suites_iter, 0 ); - cipher_suites_iter += 2; - ``` - - - Use macros for constants that are used in different functions, different - places in the code. When a constant is used only locally in a function - (like the length in bytes of the vector lengths in functions reading and - writing TLS handshake message) there is no need to define a macro for it. - - Example: `#define CLIENT_HELLO_RANDOM_LEN 32` - - - When declaring a pointer the dereferencing operator should be prepended to - the pointer name not appended to the pointer type: - - Example: `mbedtls_ssl_context *ssl;` - - - Maximum line length is 80 characters. - - Exceptions: - - - string literals can extend beyond 80 characters as we do not want to - split them to ease their search in the code base. - - - A line can be more than 80 characters by a few characters if just looking - at the 80 first characters is enough to fully understand the line. For - example it is generally fine if some closure characters like ";" or ")" - are beyond the 80 characters limit. - - If a line becomes too long due to a refactoring (for example renaming a - function to a longer name, or indenting a block more), avoid rewrapping - lines in the same commit: it makes the review harder. Make one commit with - the longer lines and another commit with just the rewrapping. - - - When in successive lines, functions and macros parameters should be aligned - vertically. - - Example: - ``` - int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buf_len ); - ``` - - - When a function's parameters span several lines, group related parameters - together if possible. - - For example, prefer: - - ``` - mbedtls_ssl_start_handshake_msg( ssl, hs_type, - buf, buf_len ); - ``` - over - ``` - mbedtls_ssl_start_handshake_msg( ssl, hs_type, buf, - buf_len ); - ``` - even if it fits. - - -Overview of handshake code organization ---------------------------------------- - -The TLS 1.3 handshake protocol is implemented as a state machine. The -functions `mbedtls_ssl_tls13_handshake_{client,server}_step` are the top level -functions of that implementation. They are implemented as a switch over all the -possible states of the state machine. - -Most of the states are either dedicated to the processing or writing of an -handshake message. - -The implementation does not go systematically through all states as this would -result in too many checks of whether something needs to be done or not in a -given state to be duplicated across several state handlers. For example, on -client side, the states related to certificate parsing and validation are -bypassed if the handshake is based on a pre-shared key and thus does not -involve certificates. - -On the contrary, the implementation goes systematically though some states -even if they could be bypassed if it helps in minimizing when and where inbound -and outbound keys are updated. The `MBEDTLS_SSL_CLIENT_CERTIFICATE` state on -client side is a example of that. - -The names of the handlers processing/writing an handshake message are -prefixed with `(mbedtls_)ssl_tls13_{process,write}`. To ease the maintenance and -reduce the risk of bugs, the code of the message processing and writing -handlers is split into a sequence of stages. - -The sending of data to the peer only occurs in `mbedtls_ssl_handshake_step` -between the calls to the handlers and as a consequence handlers do not have to -care about the MBEDTLS_ERR_SSL_WANT_WRITE error code. Furthermore, all pending -data are flushed before to call the next handler. That way, handlers do not -have to worry about pending data when changing outbound keys. - -### Message processing handlers -For message processing handlers, the stages are: - -* coordination stage: check if the state should be bypassed. This stage is -optional. The check is either purely based on the reading of the value of some -fields of the SSL context or based on the reading of the type of the next -message. The latter occurs when it is not known what the next handshake message -will be, an example of that on client side being if we are going to receive a -CertificateRequest message or not. The intent is, apart from the next record -reading to not modify the SSL context as this stage may be repeated if the -next handshake message has not been received yet. - -* fetching stage: at this stage we are sure of the type of the handshake -message we must receive next and we try to fetch it. If we did not go through -a coordination stage involving the next record type reading, the next -handshake message may not have been received yet, the handler returns with -`MBEDTLS_ERR_SSL_WANT_READ` without changing the current state and it will be -called again later. - -* pre-processing stage: prepare the SSL context for the message parsing. This -stage is optional. Any processing that must be done before the parsing of the -message or that can be done to simplify the parsing code. Some simple and -partial parsing of the handshake message may append at that stage like in the -ServerHello message pre-processing. - -* parsing stage: parse the message and restrict as much as possible any -update of the SSL context. The idea of the pre-processing/parsing/post-processing -organization is to concentrate solely on the parsing in the parsing function to -reduce the size of its code and to simplify it. - -* post-processing stage: following the parsing, further update of the SSL -context to prepare for the next incoming and outgoing messages. This stage is -optional. For example, secret and key computations occur at this stage, as well -as handshake messages checksum update. - -* state change: the state change is done in the main state handler to ease the -navigation of the state machine transitions. - - -### Message writing handlers -For message writing handlers, the stages are: - -* coordination stage: check if the state should be bypassed. This stage is -optional. The check is based on the value of some fields of the SSL context. - -* preparation stage: prepare for the message writing. This stage is optional. -Any processing that must be done before the writing of the message or that can -be done to simplify the writing code. - -* writing stage: write the message and restrict as much as possible any update -of the SSL context. The idea of the preparation/writing/finalization -organization is to concentrate solely on the writing in the writing function to -reduce the size of its code and simplify it. - -* finalization stage: following the writing, further update of the SSL -context to prepare for the next incoming and outgoing messages. This stage is -optional. For example, handshake secret and key computation occur at that -stage (ServerHello writing finalization), switching to handshake keys for -outbound message on server side as well. - -* state change: the state change is done in the main state handler to ease -the navigation of the state machine transitions. diff --git a/docs/conf.py b/docs/conf.py deleted file mode 100644 index 41c50c7f25..0000000000 --- a/docs/conf.py +++ /dev/null @@ -1,34 +0,0 @@ -# Configuration file for the Sphinx documentation builder. -# -# For the full list of built-in configuration values, see the documentation: -# https://www.sphinx-doc.org/en/master/usage/configuration.html - -# -- Project information ----------------------------------------------------- -# https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information -import glob - -project = 'Mbed TLS Versioned' -copyright = '2023, Mbed TLS Contributors' -author = 'Mbed TLS Contributors' - -# -- General configuration --------------------------------------------------- -# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration - -extensions = ['breathe', 'sphinx.ext.graphviz'] - -templates_path = ['_templates'] -exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] - -breathe_projects = { - 'mbedtls-versioned': '../apidoc/xml' -} -breathe_default_project = 'mbedtls-versioned' - -primary_domain = 'c' -highlight_language = 'c' - -# -- Options for HTML output ------------------------------------------------- -# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output - -html_theme = 'sphinx_rtd_theme' -html_static_path = ['_static'] diff --git a/docs/index.rst b/docs/index.rst deleted file mode 100644 index 33a97223d2..0000000000 --- a/docs/index.rst +++ /dev/null @@ -1,20 +0,0 @@ -.. Mbed TLS Versioned documentation master file, created by - sphinx-quickstart on Thu Feb 23 18:13:44 2023. - You can adapt this file completely to your liking, but it should at least - contain the root `toctree` directive. - -Mbed TLS API documentation -========================== - -.. doxygenpage:: index - :project: mbedtls-versioned - -.. toctree:: - :caption: Contents - :maxdepth: 1 - - Home - api/grouplist.rst - api/filelist.rst - api/structlist.rst - api/unionlist.rst diff --git a/docs/proposed/Makefile b/docs/proposed/Makefile deleted file mode 100644 index b9f6e24f7f..0000000000 --- a/docs/proposed/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -PANDOC = pandoc - -default: all - -all_markdown = \ - config-split.md \ - # This line is intentionally left blank - -html: $(all_markdown:.md=.html) -pdf: $(all_markdown:.md=.pdf) -all: html pdf - -.SUFFIXES: -.SUFFIXES: .md .html .pdf - -.md.html: - $(PANDOC) -o $@ $< -.md.pdf: - $(PANDOC) -o $@ $< - -clean: - rm -f *.html *.pdf diff --git a/docs/proposed/README b/docs/proposed/README deleted file mode 100644 index 09eae9aec6..0000000000 --- a/docs/proposed/README +++ /dev/null @@ -1,4 +0,0 @@ -The documents in this directory are proposed specifications for Mbed -TLS features. They are not implemented yet, or only partially -implemented. Please follow activity on the `development` branch of -Mbed TLS if you are interested in these features. diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md deleted file mode 100644 index 1baab356b2..0000000000 --- a/docs/proposed/config-split.md +++ /dev/null @@ -1,469 +0,0 @@ -Configuration file split -======================== - -## Why split the configuration file? - -The objective of the repository split is to reach the point where in Mbed TLS -all the cryptography code and its tests are located in a `tf-psa-crypto` -directory that just contains the TF-PSA-Crypto repository as a submodule. -The cryptography APIs exposed by Mbed TLS are just the TF-PSA-Crypto ones. -Mbed TLS relies solely on the TF-PSA-Crypto build system to build its -cryptography library and its tests. - -The TF-PSA-Crypto configuration file `tf_psa_crypto_config.h` configures -entirely the cryptography interface exposed by Mbed TLS through TF-PSA-Crypto. -Mbed TLS configuration is split in two files: `mbedtls_config.h` for TLS and -x509, `tf_psa_crypto_config.h` for the cryptography. - -## How do we split the configuration file? - -We extend the so-called PSA cryptographic configuration scheme based on -`mbedtls_config.h` and `crypto_config.h`. The configuration file `crypto_config.h` -is extended to become the TF-PSA-Crypto configuration file, `mbedtls_config.h` -becomes the configuration file for the TLS and x509 libraries. All the options -to select the cryptographic mechanisms and to configure their implementation -are moved from `mbedtls_config.h` to `(tf_psa_)crypto_config.h`. - -The configuration options that are relevant to both Mbed TLS and TF-PSA-Crypto -like platform or system ones are moved to `(tf_psa_)crypto_config.h`. That way -they are available in both repositories (as Mbed TLS includes -`tf_psa_crypto_config.h`) without duplication. Later, we may duplicate or -create aliases for some of them to align with the naming conventions of the -repositories. - -The cryptographic configuration options in `tf_psa_crypto_config.h` are -organized into sections that are different from the ones in the pre-split -`mbedtls_config.h` (see below). This is first to take into account the -specifics of TF-PSA-Crypto, for example a specific section for the -configuration of builtin drivers. We also get rid of the grouping of non -boolean options into a dedicated section: related boolean and non boolean -configuration options are rather grouped together into the same section. - -Finally, for consistency, the sections in `mbedtls_config.h` are reorganized -to be better aligned with the `tf_psa_crypto_config.h` ones. - - -## Configuration files and `config.py` - -Each repository contains a `config.py` script to create and modify -configurations. - -In Mbed TLS, `config.py` handles both `mbedtls_config.h` and -`tf_psa_crypto_config.h`. It can set or unset TLS, x509 and cryptographic -configuration options without having to specify the configuration file the -options belong to. Commands like full and baremetal affect both configuration -files. - -In TF-PSA-Crypto, `config.py` addresses only `tf_psa_crypto_config.h`. - -## Sections in `tf_psa_crypto_config.h` - -The `tf_psa_crypto_config.h` configuration file is organized into eight -sections. - -The pre-split `mbedtls_config.h` configuration file contains configuration -options that apply to the whole code base (TLS, x509, crypto and tests) mostly -related to the platform abstraction layer and testing. In -`tf_psa_crypto_config.h` these configurations options are organized into two -sections, one for the platform abstraction layer options and one for the others, -respectively named ["Platform abstraction layer"](#section-platform-abstraction-layer) -and ["General and test configuration options"](#section-general-and-test-configuration-options). - -Then, the ["Cryptographic mechanism selection (PSA API)"](#section-cryptographic-mechanism-selection-PSA-API) -section is the equivalent of the pre-split `crypto_config.h` configuration file -containing the PSA_WANT_ prefixed macros. - -The following section named -["Cryptographic mechanism selection (extended API)"](#section-cryptographic-mechanism-selection-extended-API) -contains the configuration options for the cryptography mechanisms that are not -yet part of the PSA cryptography API (like LMS or PK). - -It is followed by the ["Data format support"](#section-data-format-support) -section that contains configuration options of utilities related to various data -formats (like Base64 or ASN.1 APIs). These utilities aim to facilitate the -usage of the PSA cryptography API in other cryptography projects. - -Compared to Mbed TLS, the cryptography code in TF-PSA-Crypto is not located -in a single directory but split between the PSA core (core directory) and the -PSA builtin drivers (drivers/builtin/src directory). This is reflected in -`tf_psa_crypto_config.h` with two sections respectively named ["PSA core"](#section-psa-core) -and ["Builtin drivers"](#section-builtin-drivers). - -Finally, the last section named ["Legacy cryptography"](#section-legacy-cryptography) -contains the configuration options that will eventually be removed as duplicates -of PSA_WANT_\* and MBEDTLS_PSA_ACCEL_\* configuration options. - -## Sections in `mbedtls_config.h` - -The sections in `mbedtls_config.h` are reorganized to be better aligned with -the ones in `tf_psa_crypto_config.h`. The main change is the reorganization -of the "Mbed TLS modules", "Mbed TLS feature support" and -"Module configuration options" sections into the -["TLS feature selection"](#section-tls-feature-selection) and -["X.509 feature selection"](#section-x-509-feature-selection) sections. That -way all TLS/x509 options are grouped into one section and there is no -section dedicated to non boolean configuration options anymore. - - -## Repartition of the configuration options - -### In `tf_psa_crypto_config.h`, we have: -#### SECTION Platform abstraction layer -``` -#define MBEDTLS_FS_IO -#define MBEDTLS_HAVE_TIME -#define MBEDTLS_HAVE_TIME_DATE -//#define MBEDTLS_MEMORY_BACKTRACE -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -//#define MBEDTLS_MEMORY_DEBUG -#define MBEDTLS_PLATFORM_C -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT -//#define MBEDTLS_PLATFORM_MEMORY -//#define MBEDTLS_PLATFORM_MS_TIME_ALT -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SETBUF_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT -//#define MBEDTLS_THREADING_ALT -//#define MBEDTLS_THREADING_C -//#define MBEDTLS_THREADING_PTHREAD - -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit -//#define MBEDTLS_PLATFORM_FREE_MACRO free -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf -//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf -//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc -//#define MBEDTLS_PLATFORM_STD_EXIT exit -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf -//#define MBEDTLS_PLATFORM_STD_FREE free -//#define MBEDTLS_PLATFORM_STD_MEM_HDR -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write -//#define MBEDTLS_PLATFORM_STD_PRINTF printf -//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf -//#define MBEDTLS_PLATFORM_STD_TIME time -//#define MBEDTLS_PLATFORM_TIME_MACRO time -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t -//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf -//#define MBEDTLS_PRINTF_MS_TIME PRId64 -``` - -#### SECTION General and test configuration options -Note: for consistency with the configuration file name change from -`crypto_config.h` to `tf_psa_crypto_config.h`, the configuration options -`MBEDTLS_PSA_CRYPTO_CONFIG_FILE` and `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE` are -respectively renamed `TF_PSA_CRYPTO_CONFIG_FILE` and -`TF_PSA_CRYPTO_USER_CONFIG_FILE`. These are the only configuration options -renamed by this document. -``` -//#define MBEDTLS_CHECK_RETURN_WARNING -//#define MBEDTLS_DEPRECATED_REMOVED -//#define MBEDTLS_DEPRECATED_WARNING -#define MBEDTLS_SELF_TEST -//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN -//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND -//#define MBEDTLS_TEST_HOOKS - -//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) -//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) -//#define TF_PSA_CRYPTO_CONFIG_FILE "psa/tf_psa_crypto_config.h" -//#define TF_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" -``` - -#### SECTION Cryptographic mechanism selection (PSA API) -PSA_WANT_\* macros as in current `crypto_config.h`. - - -#### SECTION Cryptographic mechanism selection (extended API) -``` -#define MBEDTLS_LMS_C -//#define MBEDTLS_LMS_PRIVATE -#define MBEDTLS_MD_C -#define MBEDTLS_NIST_KW_C -#define MBEDTLS_PKCS5_C -#define MBEDTLS_PKCS12_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_PARSE_EC_COMPRESSED -#define MBEDTLS_PK_PARSE_EC_EXTENDED -#define MBEDTLS_PK_RSA_ALT_SUPPORT -#define MBEDTLS_PK_WRITE_C - -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 -//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 -``` - - -#### SECTION Data format support -``` -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_WRITE_C -``` - - -#### SECTION PSA core -``` -#define MBEDTLS_ENTROPY_C -//#define MBEDTLS_ENTROPY_FORCE_SHA256 -//#define MBEDTLS_ENTROPY_HARDWARE_ALT -//#define MBEDTLS_ENTROPY_NV_SEED -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -//#define MBEDTLS_NO_PLATFORM_ENTROPY -//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS -//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS -#define MBEDTLS_PSA_CRYPTO_C -//#define MBEDTLS_PSA_CRYPTO_CLIENT -//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG -//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER -//#define MBEDTLS_PSA_CRYPTO_SPM -#define MBEDTLS_PSA_CRYPTO_STORAGE_C -//#define MBEDTLS_PSA_INJECT_ENTROPY -#define MBEDTLS_PSA_ITS_FILE_C -#define MBEDTLS_PSA_KEY_STORE_DYNAMIC -//#define MBEDTLS_PSA_STATIC_KEY_SLOTS - -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 -//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 -//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" -//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" -//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 -//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 -``` - -#### SECTION Builtin drivers -``` -#define MBEDTLS_AESCE_C -#define MBEDTLS_AESNI_C -//#define MBEDTLS_AES_FEWER_TABLES -//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -//#define MBEDTLS_AES_ROM_TABLES -//#define MBEDTLS_AES_USE_HARDWARE_ONLY -//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY -//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED -#define MBEDTLS_ECP_NIST_OPTIM -//#define MBEDTLS_ECP_RESTARTABLE -//#define MBEDTLS_ECP_WITH_MPI_UINT -//#define MBEDTLS_GCM_LARGE_TABLE -#define MBEDTLS_HAVE_ASM -//#define MBEDTLS_HAVE_SSE2 -//#define MBEDTLS_NO_UDBL_DIVISION -//#define MBEDTLS_NO_64BIT_MULTIPLICATION -//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED -//#define MBEDTLS_RSA_NO_CRT -//#define MBEDTLS_SHA256_SMALLER -//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT -//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY -//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT -//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY -//#define MBEDTLS_SHA512_SMALLER -//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT -//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY - -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -//#define MBEDTLS_ECP_WINDOW_SIZE 4 -//#define MBEDTLS_MPI_MAX_SIZE 1024 -//#define MBEDTLS_MPI_WINDOW_SIZE 2 -//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 -``` - - -#### SECTION Legacy cryptography -``` -#define MBEDTLS_AES_C -#define MBEDTLS_ARIA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CAMELLIA_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CHACHA20_C -#define MBEDTLS_CHACHAPOLY_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_CIPHER_MODE_CFB -#define MBEDTLS_CIPHER_MODE_CTR -#define MBEDTLS_CIPHER_MODE_OFB -#define MBEDTLS_CIPHER_MODE_XTS -//#define MBEDTLS_CIPHER_NULL_CIPHER -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CMAC_C -#define MBEDTLS_CTR_DRBG_C -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -#define MBEDTLS_DES_C -#define MBEDTLS_DHM_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECDSA_C -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_ECJPAKE_C -#define MBEDTLS_GCM_C -#define MBEDTLS_GENPRIME -#define MBEDTLS_HKDF_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD5_C -#define MBEDTLS_PADLOCK_C -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_PKCS1_V21 -#define MBEDTLS_POLY1305_C -//#define MBEDTLS_PSA_CRYPTO_SE_C -#define MBEDTLS_RIPEMD160_C -#define MBEDTLS_RSA_C -#define MBEDTLS_SHA1_C -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA384_C -#define MBEDTLS_SHA3_C -#define MBEDTLS_SHA512_C -``` - - -### In `mbedtls_config.h`, we have: -#### SECTION Platform abstraction layer -``` -#define MBEDTLS_NET_C -//#define MBEDTLS_TIMING_ALT -#define MBEDTLS_TIMING_C -``` - - -#### SECTION General configuration options -``` -#define MBEDTLS_ERROR_C -#define MBEDTLS_ERROR_STRERROR_DUMMY -#define MBEDTLS_VERSION_C -#define MBEDTLS_VERSION_FEATURES - -//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" -//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" -``` - - -#### SECTION TLS feature selection -``` -#define MBEDTLS_DEBUG_C -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES -#define MBEDTLS_SSL_ALPN -//#define MBEDTLS_SSL_ASYNC_PRIVATE -#define MBEDTLS_SSL_CACHE_C -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_CONTEXT_SERIALIZATION -#define MBEDTLS_SSL_COOKIE_C -//#define MBEDTLS_SSL_DEBUG_ALL -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#define MBEDTLS_SSL_DTLS_CONNECTION_ID -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -//#define MBEDTLS_SSL_DTLS_SRTP -//#define MBEDTLS_SSL_EARLY_DATA -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_TLS1_3 -//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT -#define MBEDTLS_SSL_RENEGOTIATION -#define MBEDTLS_SSL_SERVER_NAME_INDICATION -#define MBEDTLS_SSL_SESSION_TICKETS -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_SSL_TICKET_C -#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#define MBEDTLS_SSL_TLS_C -//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - -//#define MBEDTLS_PSK_MAX_LEN 32 -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 -//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 -//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 -//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 -//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 -//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 -//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 -``` - - -#### SECTION X.509 feature selection -``` -#define MBEDTLS_PKCS7_C -#define MBEDTLS_X509_CREATE_C -#define MBEDTLS_X509_CRL_PARSE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CRT_WRITE_C -#define MBEDTLS_X509_CSR_PARSE_C -#define MBEDTLS_X509_CSR_WRITE_C -//#define MBEDTLS_X509_REMOVE_INFO -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT -//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -#define MBEDTLS_X509_USE_C - -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 -``` diff --git a/docs/redirects.yaml b/docs/redirects.yaml deleted file mode 100644 index 969ffe43cc..0000000000 --- a/docs/redirects.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Readthedocs redirects -# See https://docs.readthedocs.io/en/stable/user-defined-redirects.html -# -# Changes to this file do not take effect until they are merged into the -# 'development' branch. This is because the API token (RTD_TOKEN) is not -# made available in PR jobs - preventing bad actors from crafting PRs to -# expose it. - -- type: exact - from_url: /projects/api/en/latest/* - to_url: /projects/api/en/development/:splat diff --git a/docs/requirements.in b/docs/requirements.in deleted file mode 100644 index 14d618c793..0000000000 --- a/docs/requirements.in +++ /dev/null @@ -1,3 +0,0 @@ -breathe -readthedocs-cli -sphinx-rtd-theme diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index 38499f768c..0000000000 --- a/docs/requirements.txt +++ /dev/null @@ -1,83 +0,0 @@ -# -# This file is autogenerated by pip-compile with Python 3.9 -# by the following command: -# -# pip-compile docs/requirements.in -# -alabaster==0.7.16 - # via sphinx -babel==2.17.0 - # via sphinx -breathe==4.36.0 - # via -r docs/requirements.in -certifi==2025.8.3 - # via requests -charset-normalizer==3.4.3 - # via requests -click==8.1.8 - # via readthedocs-cli -docutils==0.21.2 - # via - # sphinx - # sphinx-rtd-theme -idna==3.10 - # via requests -imagesize==1.4.1 - # via sphinx -importlib-metadata==8.7.0 - # via sphinx -jinja2==3.1.6 - # via sphinx -markdown-it-py==3.0.0 - # via rich -markupsafe==3.0.2 - # via jinja2 -mdurl==0.1.2 - # via markdown-it-py -packaging==25.0 - # via sphinx -pygments==2.19.2 - # via - # rich - # sphinx -pyyaml==6.0.2 - # via readthedocs-cli -readthedocs-cli==5 - # via -r docs/requirements.in -requests==2.32.5 - # via - # readthedocs-cli - # sphinx -rich==14.1.0 - # via readthedocs-cli -snowballstemmer==3.0.1 - # via sphinx -sphinx==7.4.7 - # via - # breathe - # sphinx-rtd-theme - # sphinxcontrib-jquery -sphinx-rtd-theme==3.0.2 - # via -r docs/requirements.in -sphinxcontrib-applehelp==2.0.0 - # via sphinx -sphinxcontrib-devhelp==2.0.0 - # via sphinx -sphinxcontrib-htmlhelp==2.1.0 - # via sphinx -sphinxcontrib-jquery==4.1 - # via sphinx-rtd-theme -sphinxcontrib-jsmath==1.0.1 - # via sphinx -sphinxcontrib-qthelp==2.0.0 - # via sphinx -sphinxcontrib-serializinghtml==2.0.0 - # via sphinx -tomli==2.2.1 - # via sphinx -urllib3==2.5.0 - # via - # readthedocs-cli - # requests -zipp==3.23.0 - # via importlib-metadata diff --git a/docs/tls13-early-data.md b/docs/tls13-early-data.md deleted file mode 100644 index 4b6f5d305c..0000000000 --- a/docs/tls13-early-data.md +++ /dev/null @@ -1,192 +0,0 @@ - -Writing early data ------------------- - -An application function to write and send a buffer of data to a server through -TLS may plausibly look like: - -``` -int write_data(mbedtls_ssl_context *ssl, - const unsigned char *data_to_write, - size_t data_to_write_len, - size_t *data_written) -{ - int ret; - *data_written = 0; - - while (*data_written < data_to_write_len) { - ret = mbedtls_ssl_write(ssl, data_to_write + *data_written, - data_to_write_len - *data_written); - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - - *data_written += ret; - } - - return 0; -} -``` -where ssl is the SSL context to use, data_to_write the address of the data -buffer and data_to_write_len the number of data bytes. The handshake may -not be completed, not even started for the SSL context ssl when the function is -called and in that case the mbedtls_ssl_write() API takes care transparently of -completing the handshake before to write and send data to the server. The -mbedtls_ssl_write() may not be able to write and send all data in one go thus -the need for a loop calling it as long as there are still data to write and -send. - -An application function to write and send early data and only early data, -data sent during the first flight of client messages while the handshake is in -its initial phase, would look completely similar but the call to -mbedtls_ssl_write_early_data() instead of mbedtls_ssl_write(). -``` -int write_early_data(mbedtls_ssl_context *ssl, - const unsigned char *data_to_write, - size_t data_to_write_len, - size_t *data_written) -{ - int ret; - *data_written = 0; - - while (*data_written < data_to_write_len) { - ret = mbedtls_ssl_write_early_data(ssl, data_to_write + *data_written, - data_to_write_len - *data_written); - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - - *data_written += ret; - } - - return 0; -} -``` -Note that compared to write_data(), write_early_data() can also return -MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA and that should be handled -specifically by the user of write_early_data(). A fresh SSL context (typically -just after a call to mbedtls_ssl_setup() or mbedtls_ssl_session_reset()) would -be expected when calling `write_early_data`. - -All together, code to write and send a buffer of data as long as possible as -early data and then as standard post-handshake application data could -plausibly look like: - -``` -ret = write_early_data(ssl, - data_to_write, - data_to_write_len, - &early_data_written); -if (ret < 0 && - ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) { - goto error; -} - -ret = write_data(ssl, - data_to_write + early_data_written, - data_to_write_len - early_data_written, - &data_written); -if (ret < 0) { - goto error; -} - -data_written += early_data_written; -``` - -Finally, taking into account that the server may reject early data, application -code to write and send a buffer of data could plausibly look like: -``` -ret = write_early_data(ssl, - data_to_write, - data_to_write_len, - &early_data_written); -if (ret < 0 && - ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) { - goto error; -} - -/* - * Make sure the handshake is completed as it is a requisite of - * mbedtls_ssl_get_early_data_status(). - */ -while (!mbedtls_ssl_is_handshake_over(ssl)) { - ret = mbedtls_ssl_handshake(ssl); - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - goto error; - } -} - -ret = mbedtls_ssl_get_early_data_status(ssl); -if (ret < 0) { - goto error; -} - -if (ret == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { - early_data_written = 0; -} - -ret = write_data(ssl, - data_to_write + early_data_written, - data_to_write_len - early_data_written, - &data_written); -if (ret < 0) { - goto error; -} - -data_written += early_data_written; -``` - -Reading early data ------------------- -Mbed TLS provides the mbedtls_ssl_read_early_data() API to read the early data -that a TLS 1.3 server might receive during the TLS 1.3 handshake. - -While establishing a TLS 1.3 connection with a client using a combination -of the mbedtls_ssl_handshake(), mbedtls_ssl_read() and mbedtls_ssl_write() APIs, -the reception of early data is signaled by an API returning the -MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code. Early data can then be read -with the mbedtls_ssl_read_early_data() API. - -For example, a typical code to establish a TLS connection, where ssl is the SSL -context to use: -``` -while ((int ret = mbedtls_ssl_handshake(&ssl)) != 0) { - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } -} -``` -could be adapted to handle early data in the following way: -``` -size_t data_read_len = 0; -while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - - if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { - ret = mbedtls_ssl_read_early_data(&ssl, - buffer + data_read_len, - sizeof(buffer) - data_read_len); - if (ret < 0) { - break; - } - data_read_len += ret; - continue; - } - - if (ret < 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } -} -``` diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h deleted file mode 100644 index 068e716bf4..0000000000 --- a/doxygen/input/doc_encdec.h +++ /dev/null @@ -1,52 +0,0 @@ -/** - * \file doc_encdec.h - * - * \brief Encryption/decryption module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup encdec_module Encryption/decryption module - * - * The Encryption/decryption module provides encryption/decryption functions. - * One can differentiate between symmetric and asymmetric algorithms; the - * symmetric ones are mostly used for message confidentiality and the asymmetric - * ones for key exchange and message integrity. - * Some symmetric algorithms provide different block cipher modes, mainly - * Electronic Code Book (ECB) which is used for short (64-bit) messages and - * Cipher Block Chaining (CBC) which provides the structure needed for longer - * messages. In addition the Cipher Feedback Mode (CFB-128) stream cipher mode, - * Counter mode (CTR) and Galois Counter Mode (GCM) are implemented for - * specific algorithms. - * - * All symmetric encryption algorithms are accessible via the generic cipher layer - * (see \c mbedtls_cipher_setup()). - * - * The asymmetric encryption algorithms are accessible via the generic public - * key layer (see \c mbedtls_pk_init()). - * - * The following algorithms are provided: - * - Symmetric: - * - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and - * \c mbedtls_aes_crypt_ctr()). - * - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(), - * \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()). - * - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb() - * and \c mbedtls_des3_crypt_cbc()). - * - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init()) - * - Asymmetric: - * - RSA (see \c mbedtls_rsa_public() and \c mbedtls_rsa_private()). - * - Elliptic Curves over GF(p) (see \c mbedtls_ecp_point_init()). - * - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c mbedtls_ecdsa_init()). - * - Elliptic Curve Diffie Hellman (ECDH) (see \c mbedtls_ecdh_init()). - * - * This module provides encryption/decryption which can be used to provide - * secrecy. - * - * It also provides asymmetric key functions which can be used for - * confidentiality, integrity, authentication and non-repudiation. - */ diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h deleted file mode 100644 index 83613bfa92..0000000000 --- a/doxygen/input/doc_hashing.h +++ /dev/null @@ -1,30 +0,0 @@ -/** - * \file doc_hashing.h - * - * \brief Hashing module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup hashing_module Hashing module - * - * The Message Digest (MD) or Hashing module provides one-way hashing - * functions. Such functions can be used for creating a hash message - * authentication code (HMAC) when sending a message. Such a HMAC can be used - * in combination with a private key for authentication, which is a message - * integrity control. - * - * All hash algorithms can be accessed via the generic MD layer (see - * \c mbedtls_md_setup()) - * - * The following hashing-algorithms are provided: - * - MD5 128-bit one-way hash function by Ron Rivest. - * - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by - * NIST and NSA. - * - * This module provides one-way hashing which can be used for authentication. - */ diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h deleted file mode 100644 index 4eda5ba2aa..0000000000 --- a/doxygen/input/doc_mainpage.h +++ /dev/null @@ -1,52 +0,0 @@ -/** - * \file doc_mainpage.h - * - * \brief Main page documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @mainpage Mbed TLS v4.0.0 API Documentation - * - * This documentation describes the application programming interface (API) - * of Mbed TLS. - * It was automatically generated from specially formatted comment blocks in - * Mbed TLS's source code using [Doxygen](https://www.doxygen.nl). - * - * ## Main entry points - * - * You can explore the full API from the “Files” or “Files list” section. - * Locate the header file for the module that you are interested in and - * explore its contents. - * - * Some parts of the API are best explored from the “Topics” or - * “Group list” section. - * This is notably the case for the PSA Cryptography API. - * Note that many parts of the API are not classified under a topic and - * can only be seen through the file structure. - * - * For information on configuring the library at compile time, see the - * configuration header files mbedtls/mbedtls_config.h and - * psa/crypto_config.h. - * - * ## Private interfaces - * - * For technical reasons, the rendered documentation includes elements - * that are not considered part of the stable API. Private elements may - * be removed or may have their semantics changed in a future minor release - * without notice. - * - * The following elements are considered private: - * - * - Any header file whose path contains `/private`, and its contents - * (unless re-exported and documented in another non-private header). - * - Any structure or union field whose name starts with `private_`. - * - Any preprocessor macro that is just listed with its automatically - * rendered parameter list, value and location. Macros are part of - * the API only if their documentation has custom text. - * - */ diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h deleted file mode 100644 index 22608a879b..0000000000 --- a/doxygen/input/doc_rng.h +++ /dev/null @@ -1,27 +0,0 @@ -/** - * \file doc_rng.h - * - * \brief Random number generator (RNG) module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup rng_module Random number generator (RNG) module - * - * The Random number generator (RNG) module provides random number - * generation, see \c mbedtls_ctr_drbg_random(). - * - * The block-cipher counter-mode based deterministic random - * bit generator (CTR_DBRG) as specified in NIST SP800-90. It needs an external - * source of entropy. For these purposes \c mbedtls_entropy_func() can be used. - * This is an implementation based on a simple entropy accumulator design. - * - * Meaning that there seems to be no practical algorithm that can guess - * the next bit with a probability larger than 1/2 in an output sequence. - * - * This module can be used to generate random numbers. - */ diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h deleted file mode 100644 index 5757574f3b..0000000000 --- a/doxygen/input/doc_ssltls.h +++ /dev/null @@ -1,37 +0,0 @@ -/** - * \file doc_ssltls.h - * - * \brief SSL/TLS communication module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup ssltls_communication_module SSL/TLS communication module - * - * The SSL/TLS communication module provides the means to create an SSL/TLS - * communication channel. - * - * The basic provisions are: - * - initialise an SSL/TLS context (see \c mbedtls_ssl_init()). - * - perform an SSL/TLS handshake (see \c mbedtls_ssl_handshake()). - * - read/write (see \c mbedtls_ssl_read() and \c mbedtls_ssl_write()). - * - notify a peer that connection is being closed (see \c mbedtls_ssl_close_notify()). - * - * Many aspects of such a channel are set through parameters and callback - * functions: - * - the endpoint role: client or server. - * - the authentication mode. Should verification take place. - * - the Host-to-host communication channel. A TCP/IP module is provided. - * - the random number generator (RNG). - * - the ciphers to use for encryption/decryption. - * - session control functions. - * - X.509 parameters for certificate-handling and key exchange. - * - * This module can be used to create an SSL/TLS server and client and to provide a basic - * framework to setup and communicate through an SSL/TLS communication channel.\n - * Note that you need to provide for several aspects yourself as mentioned above. - */ diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h deleted file mode 100644 index f8d8c6905b..0000000000 --- a/doxygen/input/doc_tcpip.h +++ /dev/null @@ -1,32 +0,0 @@ -/** - * \file doc_tcpip.h - * - * \brief TCP/IP communication module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup tcpip_communication_module TCP/IP communication module - * - * The TCP/IP communication module provides for a channel of - * communication for the \link ssltls_communication_module SSL/TLS communication - * module\endlink to use. - * In the TCP/IP-model it provides for communication up to the Transport - * (or Host-to-host) layer. - * SSL/TLS resides on top of that, in the Application layer, and makes use of - * its basic provisions: - * - listening on a port (see \c mbedtls_net_bind()). - * - accepting a connection (through \c mbedtls_net_accept()). - * - read/write (through \c mbedtls_net_recv()/\c mbedtls_net_send()). - * - close a connection (through \c mbedtls_net_close()). - * - * This way you have the means to, for example, implement and use an UDP or - * IPSec communication solution as a basis. - * - * This module can be used at server- and clientside to provide a basic - * means of communication over the internet. - */ diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h deleted file mode 100644 index 945830f110..0000000000 --- a/doxygen/input/doc_x509.h +++ /dev/null @@ -1,31 +0,0 @@ -/** - * \file doc_x509.h - * - * \brief X.509 module documentation file. - */ -/* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * @addtogroup x509_module X.509 module - * - * The X.509 module provides X.509 support for reading, writing and verification - * of certificates. - * In summary: - * - X.509 certificate (CRT) reading (see \c mbedtls_x509_crt_parse(), - * \c mbedtls_x509_crt_parse_der(), \c mbedtls_x509_crt_parse_file()). - * - X.509 certificate revocation list (CRL) reading (see - * \c mbedtls_x509_crl_parse(), \c mbedtls_x509_crl_parse_der(), - * and \c mbedtls_x509_crl_parse_file()). - * - X.509 certificate signature verification (see \c - * mbedtls_x509_crt_verify() and \c mbedtls_x509_crt_verify_with_profile(). - * - X.509 certificate writing and certificate request writing (see - * \c mbedtls_x509write_crt_der() and \c mbedtls_x509write_csr_der()). - * - * This module can be used to build a certificate authority (CA) chain and - * verify its signature. It is also used to generate Certificate Signing - * Requests and X.509 certificates just as a CA would do. - */ diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile deleted file mode 100644 index 80e459cc72..0000000000 --- a/doxygen/mbedtls.doxyfile +++ /dev/null @@ -1,56 +0,0 @@ -PROJECT_NAME = "Mbed TLS v4.0.0" -OUTPUT_DIRECTORY = ../apidoc/ -FULL_PATH_NAMES = NO -OPTIMIZE_OUTPUT_FOR_C = YES -EXTRACT_ALL = YES -EXTRACT_PRIVATE = YES -EXTRACT_STATIC = YES -CASE_SENSE_NAMES = NO -INPUT = ../include input ../tf-psa-crypto/include ../tests/include/alt-dummy -FILE_PATTERNS = *.h -EXCLUDE = ../tf-psa-crypto/include/mbedtls/private -RECURSIVE = YES -EXCLUDE_SYMLINKS = YES -SOURCE_BROWSER = YES -REFERENCED_BY_RELATION = YES -REFERENCES_RELATION = YES -ALPHABETICAL_INDEX = NO -HTML_OUTPUT = . -HTML_TIMESTAMP = YES -SEARCHENGINE = YES -GENERATE_LATEX = NO -GENERATE_XML = YES -MACRO_EXPANSION = YES -EXPAND_ONLY_PREDEF = YES -INCLUDE_PATH = ../include ../tf-psa-crypto/include ../tf-psa-crypto/drivers/builtin/include -EXPAND_AS_DEFINED = MBEDTLS_PRIVATE -CLASS_DIAGRAMS = NO -HAVE_DOT = YES -DOT_GRAPH_MAX_NODES = 200 -MAX_DOT_GRAPH_DEPTH = 1000 -DOT_TRANSPARENT = YES - -# We mostly use \retval declarations to document which error codes a function -# can return. The reader can follow the hyperlink to the definition of the -# constant to get the generic documentation of that error code. If we don't -# have anything to say about the specific error code for the specific -# function, we can leave the description part of the \retval command blank. -# This is perfectly valid as far as Doxygen is concerned. However, with -# Clang >=15, the -Wdocumentation option emits a warning for empty -# descriptions. -# https://github.com/Mbed-TLS/mbedtls/issues/6960 -# https://github.com/llvm/llvm-project/issues/60315 -# As a workaround, you can write something like -# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription -# This avoids writing redundant text and keeps Clang happy. -ALIASES += emptydescription="" - -# Define away Mbed TLS macros that make parsing definitions difficult. -# MBEDTLS_DEPRECATED is not included in this list as it's important to -# display deprecated status in the documentation. -PREDEFINED = "MBEDTLS_CHECK_RETURN_CRITICAL=" \ - "MBEDTLS_CHECK_RETURN_TYPICAL=" \ - "MBEDTLS_CHECK_RETURN_OPTIONAL=" \ - "MBEDTLS_PRINTF_ATTRIBUTE(a,b)=" \ - "__DOXYGEN__" \ - diff --git a/framework b/framework deleted file mode 160000 index 9232f41572..0000000000 --- a/framework +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 9232f4157207829d45f8689c50951e2e84c1a83b diff --git a/include/.gitignore b/include/.gitignore deleted file mode 100644 index bf67d02ed8..0000000000 --- a/include/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -Makefile -*.sln -*.vcxproj -mbedtls/check_config diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt deleted file mode 100644 index f76977fbab..0000000000 --- a/include/CMakeLists.txt +++ /dev/null @@ -1,21 +0,0 @@ -option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON) - -if(INSTALL_MBEDTLS_HEADERS) - - file(GLOB headers "mbedtls/*.h") - - install(FILES ${headers} - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) - - file(GLOB private_headers "mbedtls/private/*.h") - - install(FILES ${private_headers} - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls/private - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) -endif(INSTALL_MBEDTLS_HEADERS) - -# Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it. -if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - link_to_source(mbedtls) -endif() diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h deleted file mode 100644 index 7b7ff49f5a..0000000000 --- a/include/mbedtls/build_info.h +++ /dev/null @@ -1,93 +0,0 @@ -/** - * \file mbedtls/build_info.h - * - * \brief Build-time configuration info - * - * Include this file if you need to depend on the - * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_BUILD_INFO_H -#define MBEDTLS_BUILD_INFO_H - -#include "tf-psa-crypto/build_info.h" - -/* - * This set of compile-time defines can be used to determine the version number - * of the Mbed TLS library used. Run-time variables for the same can be found in - * version.h - */ - -/** - * The version number x.y.z is split into three parts. - * Major, Minor, Patchlevel - */ -#define MBEDTLS_VERSION_MAJOR 4 -#define MBEDTLS_VERSION_MINOR 0 -#define MBEDTLS_VERSION_PATCH 0 - -/** - * The single version number has the following structure: - * MMNNPP00 - * Major version | Minor version | Patch version - */ -#define MBEDTLS_VERSION_NUMBER 0x04000000 -#define MBEDTLS_VERSION_STRING "4.0.0" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 4.0.0" - -#if defined(MBEDTLS_CONFIG_FILES_READ) -#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!" -#endif -#if defined(MBEDTLS_CONFIG_IS_FINALIZED) -#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!" -#endif - -/* X.509 and TLS configuration */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/mbedtls_config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_CONFIG_VERSION) && ( \ - MBEDTLS_CONFIG_VERSION < 0x04000000 || \ - MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER) -#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported" -#endif - -/* Target and application specific configurations - * - * Allow user to override any previous default. - * - */ -#if defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -/* For the sake of consistency checks in mbedtls_config.c */ -#if defined(MBEDTLS_INCLUDE_AFTER_RAW_CONFIG) -#include MBEDTLS_INCLUDE_AFTER_RAW_CONFIG -#endif - -/* Indicate that all configuration files have been read. - * It is now time to adjust the configuration (follow through on dependencies, - * make PSA and legacy crypto consistent, etc.). - */ -#define MBEDTLS_CONFIG_FILES_READ - -#include "mbedtls/private/config_adjust_x509.h" - -#include "mbedtls/private/config_adjust_ssl.h" - -/* Indicate that all configuration symbols are set, - * even the ones that are calculated programmatically. - * It is now safe to query the configuration (to check it, to size buffers, - * etc.). - */ -#define MBEDTLS_CONFIG_IS_FINALIZED - -#endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h deleted file mode 100644 index bdfc597e0c..0000000000 --- a/include/mbedtls/debug.h +++ /dev/null @@ -1,135 +0,0 @@ -/** - * \file debug.h - * - * \brief Functions for controlling and providing debug output from the library. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_DEBUG_H -#define MBEDTLS_DEBUG_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_DEBUG_C) - -#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ - -#define MBEDTLS_SSL_DEBUG_MSG(level, args) \ - mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \ - MBEDTLS_DEBUG_STRIP_PARENS args) - -#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \ - mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret) - -#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \ - mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ - mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt) -#else -#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#else /* MBEDTLS_DEBUG_C */ - -#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0) -#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0) -#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0) -#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0) -#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) - -#endif /* MBEDTLS_DEBUG_C */ - -/** - * \def MBEDTLS_PRINTF_ATTRIBUTE - * - * Mark a function as having printf attributes, and thus enable checking - * via -wFormat and other flags. This does nothing on builds with compilers - * that do not support the format attribute - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. - */ -#if defined(__has_attribute) -#if __has_attribute(format) -#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ - __attribute__((__format__(gnu_printf, string_index, first_to_check))) -#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ - __attribute__((format(printf, string_index, first_to_check))) -#endif -#else /* __has_attribute(format) */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) -#endif /* __has_attribute(format) */ -#else /* defined(__has_attribute) */ -#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) -#endif - -/** - * \def MBEDTLS_PRINTF_SIZET - * - * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers - * and MinGW we need to define the printf specifier for size_t - * and long long per platform. - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. - */ -#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) - #include - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ - #define MBEDTLS_PRINTF_SIZET "zu" - #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ - -#if !defined(MBEDTLS_PRINTF_MS_TIME) -#include -#if !defined(PRId64) -#define MBEDTLS_PRINTF_MS_TIME MBEDTLS_PRINTF_LONGLONG -#else -#define MBEDTLS_PRINTF_MS_TIME PRId64 -#endif -#endif /* MBEDTLS_PRINTF_MS_TIME */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Set the threshold error level to handle globally all debug output. - * Debug messages that have a level over the threshold value are - * discarded. - * (Default value: 0 = No debug ) - * - * \param threshold threshold level of messages to filter on. Messages at a - * higher level will be discarded. - * - Debug levels - * - 0 No debug - * - 1 Error - * - 2 State change - * - 3 Informational - * - 4 Verbose - */ -void mbedtls_debug_set_threshold(int threshold); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_DEBUG_H */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h deleted file mode 100644 index ee3d093c93..0000000000 --- a/include/mbedtls/error.h +++ /dev/null @@ -1,37 +0,0 @@ -/** - * \file error.h - * - * \brief Error to string translation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_ERROR_H -#define MBEDTLS_ERROR_H - -#include "mbedtls/build_info.h" -#include "mbedtls/private/error_common.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Translate an Mbed TLS error code into a string representation. - * The result is truncated if necessary and always includes a - * terminating null byte. - * - * \param errnum error code - * \param buffer buffer to place representation in - * \param buflen length of the buffer - */ -void mbedtls_strerror(int errnum, char *buffer, size_t buflen); - -#ifdef __cplusplus -} -#endif - -#endif /* error.h */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h deleted file mode 100644 index ad843c70c3..0000000000 --- a/include/mbedtls/mbedtls_config.h +++ /dev/null @@ -1,1202 +0,0 @@ -/** - * \file mbedtls_config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * This is an optional version symbol that enables compatibility handling of - * config files. - * - * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that - * introduced the config format we want to be compatible with. - */ -#define MBEDTLS_CONFIG_VERSION 0x04000000 - -/** - * \name SECTION: Platform abstraction layer - * - * This section sets platform specific settings. - * \{ - */ - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP and UDP over IPv6/IPv4 networking routines. - * - * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) - * and Windows. For other platforms, you'll want to disable it, and write your - * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/net_sockets.c - * - * This module provides networking routines. - */ -#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the semi-portable timing interface. - * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note The timing module will include time.h on suitable platforms - * regardless of the setting of MBEDTLS_HAVE_TIME, unless - * MBEDTLS_TIMING_ALT is used. See timing.c for more information. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/timing.c - */ -#define MBEDTLS_TIMING_C - -/** \} name SECTION: Platform abstraction layer */ - -/** - * \name SECTION: General configuration options - * - * This section contains Mbed TLS build settings that are not associated - * with a particular module. - * \{ - */ - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_CONFIG_FILE - * - * If defined, this is a header which will be included instead of - * `"mbedtls/mbedtls_config.h"`. - * This header file specifies the compile-time configuration of Mbed TLS. - * Unlike other configuration options, this one must be defined on the - * compiler command line: a definition in `mbedtls_config.h` would have - * no effect. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" - -/** - * \def MBEDTLS_USER_CONFIG_FILE - * - * If defined, this is a header which will be included after - * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE. - * This allows you to modify the default configuration, including the ability - * to undefine options that are enabled by default. - * - * This macro is expanded after an \#include directive. This is a popular but - * non-standard feature of the C language, so this feature is only available - * with compilers that perform macro expansion on an \#include line. - * - * The value of this symbol is typically a path in double quotes, either - * absolute or relative to a directory on the include search path. - */ -//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" - -/** \} name SECTION: General configuration options */ - -/** - * \name SECTION: TLS feature selection - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_SSL_NULL_CIPHERSUITES - * - * Enable ciphersuites without encryption. - * - * Warning: Only do so when you know what you are doing. This allows for - * channels without any encryption. All data are transmitted in clear. - * - * Uncomment this macro to enable the NULL ciphersuites - */ -//#define MBEDTLS_SSL_NULL_CIPHERSUITES - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_msg.c - * library/ssl_tls.c - * library/ssl_tls12_*.c - * library/ssl_tls13_*.c - * - * This module provides debugging functions. - */ -#define MBEDTLS_DEBUG_C - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: PSA_WANT_ALG_ECDH - * PSA_WANT_ALG_ECDSA - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: PSA_WANT_ALG_ECDH - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: PSA_WANT_ALG_ECDH - * PSA_WANT_ALG_RSA_PKCS1V15_SIGN - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: PSA_WANT_ALG_JPAKE - * PSA_WANT_ALG_SHA_256 - * PSA_WANT_ECC_SECP_R1_256 - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, Mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#define MBEDTLS_SSL_ALPN - -/** - * \def MBEDTLS_SSL_ASYNC_PRIVATE - * - * Enable asynchronous external private key operations in SSL. This allows - * you to configure an SSL connection to call an external cryptographic - * module to perform private key operations instead of performing the - * operation inside the library. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl*_client.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * \warning You must call psa_crypto_init() before doing any TLS operations. - * - * This module is required for SSL/TLS client support. - */ -#define MBEDTLS_SSL_CLI_C - -/** - * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION - * - * Enable serialization of the TLS context structures, through use of the - * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). - * - * This pair of functions allows one side of a connection to serialize the - * context associated with the connection, then free or re-use that context - * while the serialized state is persisted elsewhere, and finally deserialize - * that state to a live context for resuming read/write operations on the - * connection. From a protocol perspective, the state of the connection is - * unaffected, in particular this is entirely transparent to the peer. - * - * Note: this is distinct from TLS session resumption, which is part of the - * protocol and fully visible by the peer. TLS session resumption enables - * establishing new connections associated to a saved session with shorter, - * lighter handshakes, while context serialization is a local optimization in - * handling a single, potentially long-lived connection. - * - * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are - * saved after the handshake to allow for more efficient serialization, so if - * you don't need this feature you'll save RAM by disabling it. - * - * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305 - * - * Comment to disable the context serialization APIs. - */ -#define MBEDTLS_SSL_CONTEXT_SERIALIZATION - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - -/** - * \def MBEDTLS_SSL_DTLS_CONNECTION_ID - * - * Enable support for the DTLS Connection ID (CID) extension, - * which allows to identify DTLS connections across changes - * in the underlying transport. The CID functionality is described - * in RFC 9146. - * - * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, - * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and - * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for - * more information. - * - * The maximum lengths of outgoing and incoming CIDs can be configured - * through the options - * - MBEDTLS_SSL_CID_OUT_LEN_MAX - * - MBEDTLS_SSL_CID_IN_LEN_MAX. - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Uncomment to enable the Connection ID extension. - */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can be a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/** - * \def MBEDTLS_SSL_DTLS_SRTP - * - * Enable support for negotiation of DTLS-SRTP (RFC 5764) - * through the use_srtp extension. - * - * \note This feature provides the minimum functionality required - * to negotiate the use of DTLS-SRTP and to allow the derivation of - * the associated SRTP packet protection key material. - * In particular, the SRTP packet protection itself, as well as the - * demultiplexing of RTP and DTLS packets at the datagram layer - * (see Section 5 of RFC 5764), are not handled by this feature. - * Instead, after successful completion of a handshake negotiating - * the use of DTLS-SRTP, the extended key exporter API - * mbedtls_ssl_conf_export_keys_cb() should be used to implement - * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 - * (this is implemented in the SSL example programs). - * The resulting key should then be passed to an SRTP stack. - * - * Setting this option enables the runtime API - * mbedtls_ssl_conf_dtls_srtp_protection_profiles() - * through which the supported DTLS-SRTP protection - * profiles can be configured. You must call this API at - * runtime if you wish to negotiate the use of DTLS-SRTP. - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Uncomment this to enable support for use_srtp extension. - */ -//#define MBEDTLS_SSL_DTLS_SRTP - -/** - * \def MBEDTLS_SSL_EARLY_DATA - * - * Enable support for RFC 8446 TLS 1.3 early data. - * - * Requires: MBEDTLS_SSL_SESSION_TICKETS and either - * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or - * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - * - * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 - * is not enabled, this option does not have any effect on the build. - * - * \note The maximum amount of early data can be set with - * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. - * - */ -//#define MBEDTLS_SSL_EARLY_DATA - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for RFC 7627: Session Hash and Extended Master Secret - * Extension. - * - * This was introduced as "the proper fix" to the Triple Handshake family of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET - -/** - * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - * - * This option controls the availability of the API mbedtls_ssl_get_peer_cert() - * giving access to the peer's certificate after completion of the handshake. - * - * Unless you need mbedtls_ssl_peer_cert() in your application, it is - * recommended to disable this option for reduced RAM usage. - * - * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still - * defined, but always returns \c NULL. - * - * \note This option has no influence on the protection against the - * triple handshake attack. Even if it is disabled, Mbed TLS will - * still ensure that certificates do not change during renegotiation, - * for example by keeping a hash of the peer's certificate. - * - * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set. - * - * Comment this macro to disable storing the peer's certificate - * after the handshake. - */ -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#define MBEDTLS_SSL_PROTO_DTLS - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384 - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_3 - * - * Enable support for TLS 1.3. - * - * \note See docs/architecture/tls13-support.md for a description of the TLS - * 1.3 support that this option enables. - * - * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - * Requires: MBEDTLS_PSA_CRYPTO_C - * - * Uncomment this macro to enable the support for TLS 1.3. - */ -#define MBEDTLS_SSL_PROTO_TLS1_3 - -/** - * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT - * - * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only). - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_3 - * - * Uncomment this macro to enable support for the record_size_limit extension - */ -//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT - -/** - * \def MBEDTLS_SSL_KEYING_MATERIAL_EXPORT - * - * When this option is enabled, the client and server can extract additional - * shared symmetric keys after an SSL handshake using the function - * mbedtls_ssl_export_keying_material(). - * - * The process for deriving the keys is specified in RFC 5705 for TLS 1.2 and - * in RFC 8446, Section 7.5, for TLS 1.3. - * - * Comment this macro to disable mbedtls_ssl_export_keying_material(). - */ -#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Enable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this to disable support for renegotiation. - * - * \note Even if this option is disabled, both client and server are aware - * of the Renegotiation Indication Extension (RFC 5746) used to - * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). - * (See \c mbedtls_ssl_conf_legacy_renegotiation for the - * configuration of this extension). - * - */ -#define MBEDTLS_SSL_RENEGOTIATION - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintenance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#define MBEDTLS_SSL_SESSION_TICKETS - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl*_server.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * \warning You must call psa_crypto_init() before doing any TLS operations. - * - * This module is required for SSL/TLS server support. - */ -#define MBEDTLS_SSL_SRV_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305 - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - * - * Enable TLS 1.3 middlebox compatibility mode. - * - * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility - * mode to make a TLS 1.3 connection more likely to pass through middle boxes - * expecting TLS 1.2 traffic. - * - * Turning on the compatibility mode comes at the cost of a few added bytes - * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations - * that don't use it. Therefore, unless transmission bandwidth is critical and - * you know that middlebox compatibility issues won't occur, it is therefore - * recommended to set this option. - * - * Comment to disable compatibility mode for TLS 1.3. If - * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any - * effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - -/** - * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - * - * Enable TLS 1.3 ephemeral key exchange mode. - * - * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH - * MBEDTLS_X509_CRT_PARSE_C - * and at least one of: - * PSA_WANT_ALG_ECDSA - * PSA_WANT_ALG_RSA_PSS - * - * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. - * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any - * effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - -/** - * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - * - * Enable TLS 1.3 PSK key exchange mode. - * - * Comment to disable support for the PSK key exchange mode in TLS 1.3. If - * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any - * effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - -/** - * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - * - * Enable TLS 1.3 PSK ephemeral key exchange mode. - * - * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH - * - * Comment to disable support for the PSK ephemeral key exchange mode in - * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not - * have any effect on the build. - * - */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl*_client.c - * library/ssl*_server.c - * - * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384 - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#define MBEDTLS_SSL_TLS_C - -/** - * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - * - * When this option is enabled, the SSL buffer will be resized automatically - * based on the negotiated maximum fragment length in each direction. - * - * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - */ -//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ - -/** \def MBEDTLS_SSL_CID_IN_LEN_MAX - * - * The maximum length of CIDs used for incoming DTLS messages. - * - */ -//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 - -/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX - * - * The maximum length of CIDs used for outgoing DTLS messages. - * - */ -//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 - -/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY - * - * This option controls the use of record plaintext padding - * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2. - * - * The padding will always be chosen so that the length of the - * padded plaintext is a multiple of the value of this option. - * - * Note: A value of \c 1 means that no padding will be used - * for outgoing records. - * - * Note: On systems lacking division instructions, - * a power of two should be preferred. - */ -//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING - * - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - * - * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN - * to account for a reassembled handshake message of maximum size, - * together with its reassembly bitmap. - * - * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) - * should be sufficient for all practical situations as it allows - * to reassembly a large handshake message (such as a certificate) - * while buffering multiple smaller handshake messages. - * - */ -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum length (in bytes) of incoming plaintext fragments. - * - * This determines the size of the incoming TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of the incoming I/O buffer. - */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 - -/** - * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE - * - * The default maximum amount of 0-RTT data. See the documentation of - * \c mbedtls_ssl_conf_max_early_data_size() for more information. - * - * It must be positive and smaller than UINT32_MAX. - * - * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not - * have any impact on the build. - */ -//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum length (in bytes) of outgoing plaintext fragments. - * - * This determines the size of the outgoing TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. - */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - -/** - * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS - * - * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server - * after handshake completion. This is not used in TLS 1.2 and relevant only if - * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. - * - */ -//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 - -/** - * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - * - * Maximum allowed ticket age difference in milliseconds tolerated between - * server and client. Default value is 6000. This is not used in TLS 1.2. - * - * - The client ticket age is the time difference between the time when the - * client proposes to the server to use the ticket and the time the client - * received the ticket from the server. - * - The server ticket age is the time difference between the time when the - * server receives a proposition from the client to use the ticket and the - * time when the ticket was created by the server. - * - * The ages might be different due to the client and server clocks not running - * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts - * per million (360 to 72 milliseconds per hour). Default tolerance window is - * 6s, thus in the worst case clients and servers must sync up their system time - * every 6000/360/2~=8 hours. - * - * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information. - */ -//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 - -/** - * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH - * - * Size in bytes of a ticket nonce. This is not used in TLS 1.2. - * - * This must be less than 256. - */ -//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 - -/** \} name SECTION: TLS feature selection */ - -/** - * \name SECTION: X.509 feature selection - * - * This section sets Certificate related options. - * \{ - */ - -/** - * \def MBEDTLS_PKCS7_C - * - * Enable PKCS #7 core for using PKCS #7-formatted signatures. - * RFC Link - https://tools.ietf.org/html/rfc2315 - * - * Module: library/pkcs7.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C, - * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, - * MBEDTLS_MD_C - * - * This module is required for the PKCS #7 parsing modules. - */ -#define MBEDTLS_PKCS7_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_PK_PARSE_C - * - * \warning You must call psa_crypto_init() before doing any X.509 operation. - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_tls.c - * library/ssl*_client.c - * library/ssl*_server.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_X509_REMOVE_INFO - * - * Disable mbedtls_x509_*_info() and related APIs. - * - * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() - * and other functions/constants only used by these functions, thus reducing - * the code footprint by several KB. - */ -//#define MBEDTLS_X509_REMOVE_INFO - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Requires: PSA_WANT_ALG_RSA_PSS - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/** - * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - * - * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` - * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure - * the set of trusted certificates through a callback instead of a linked - * list. - * - * This is useful for example in environments where a large number of trusted - * certificates is present and storing them in a linked list isn't efficient - * enough, or when the set of trusted certificates changes frequently. - * - * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and - * `mbedtls_ssl_conf_ca_cb()` for more information. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Uncomment to enable trusted certificate callbacks. - */ -//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C - * - * \warning You must call psa_crypto_init() before doing any X.509 operation. - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ - -/** \} name SECTION: X.509 feature selection */ diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h deleted file mode 100644 index f4eb683d3a..0000000000 --- a/include/mbedtls/net_sockets.h +++ /dev/null @@ -1,299 +0,0 @@ -/** - * \file net_sockets.h - * - * \brief Network sockets abstraction layer to integrate Mbed TLS into a - * BSD-style sockets API. - * - * The network sockets module provides an example integration of the - * Mbed TLS library into a BSD sockets implementation. The module is - * intended to be an example of how Mbed TLS can be integrated into a - * networking stack, as well as to be Mbed TLS's network integration - * for its supported platforms. - * - * The module is intended only to be used with the Mbed TLS library and - * is not intended to be used by third party application software - * directly. - * - * The supported platforms are as follows: - * * Microsoft Windows and Windows CE - * * POSIX/Unix platforms including Linux, OS X - * - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_NET_SOCKETS_H -#define MBEDTLS_NET_SOCKETS_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#include -#include - -/** Failed to open a socket. */ -#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 -/** The connection to the given server / port failed. */ -#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 -/** Binding of the socket failed. */ -#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 -/** Could not listen on the socket. */ -#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 -/** Could not accept the incoming connection. */ -#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A -/** Reading information from the socket failed. */ -#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C -/** Sending information through the socket failed. */ -#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E -/** Connection was reset by peer. */ -#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 -/** Failed to get an IP address for the given hostname. */ -#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 -/** Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL -/** The context is invalid, eg because it was free()ed. */ -#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 -/** Polling the net context failed. */ -#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 -/** Input invalid. */ -#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 - -#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ - -#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ -#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ - -#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */ -#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Wrapper type for sockets. - * - * Currently backed by just a file descriptor, but might be more in the future - * (eg two file descriptors for combined IPv4 + IPv6 support, or additional - * structures for hand-made UDP demultiplexing). - */ -typedef struct mbedtls_net_context { - /** The underlying file descriptor. - * - * This field is only guaranteed to be present on POSIX/Unix-like platforms. - * On other platforms, it may have a different type, have a different - * meaning, or be absent altogether. - */ - int fd; -} -mbedtls_net_context; - -/** - * \brief Initialize a context - * Just makes the context ready to be used or freed safely. - * - * \param ctx Context to initialize - */ -void mbedtls_net_init(mbedtls_net_context *ctx); - -/** - * \brief Initiate a connection with host:port in the given protocol - * - * \param ctx Socket to use - * \param host Host to connect to - * \param port Port to connect to - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_CONNECT_FAILED - * - * \note Sets the socket in connected mode even with UDP. - */ -int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, const char *port, int proto); - -/** - * \brief Create a receiving socket on bind_ip:port in the chosen - * protocol. If bind_ip == NULL, all interfaces are bound. - * - * \param ctx Socket to use - * \param bind_ip IP to bind to, can be NULL - * \param port Port number to use - * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP - * - * \return 0 if successful, or one of: - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_UNKNOWN_HOST, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_LISTEN_FAILED - * - * \note Regardless of the protocol, opens the sockets and binds it. - * In addition, make the socket listening if protocol is TCP. - */ -int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto); - -/** - * \brief Accept a connection from a remote client - * - * \param bind_ctx Relevant socket - * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address, can be NULL - * \param buf_size Size of the client_ip buffer - * \param cip_len Will receive the size of the client IP written, - * can be NULL if client_ip is null - * - * \return 0 if successful, or - * #MBEDTLS_ERR_NET_SOCKET_FAILED, - * #MBEDTLS_ERR_NET_BIND_FAILED, - * #MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * #PSA_ERROR_BUFFER_TOO_SMALL if buf_size is too small, - * #MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to - * non-blocking and accept() would block. - */ -int mbedtls_net_accept(mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *cip_len); - -/** - * \brief Check and wait for the context to be ready for read/write - * - * \note The current implementation of this function uses - * select() and returns an error if the file descriptor - * is \c FD_SETSIZE or greater. - * - * \param ctx Socket to check - * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and - * MBEDTLS_NET_POLL_WRITE specifying the events - * to wait for: - * - If MBEDTLS_NET_POLL_READ is set, the function - * will return as soon as the net context is available - * for reading. - * - If MBEDTLS_NET_POLL_WRITE is set, the function - * will return as soon as the net context is available - * for writing. - * \param timeout Maximal amount of time to wait before returning, - * in milliseconds. If \c timeout is zero, the - * function returns immediately. If \c timeout is - * -1u, the function blocks potentially indefinitely. - * - * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE - * on success or timeout, or a negative return code otherwise. - */ -int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout); - -/** - * \brief Set the socket blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_block(mbedtls_net_context *ctx); - -/** - * \brief Set the socket non-blocking - * - * \param ctx Socket to set - * - * \return 0 if successful, or a non-zero error code - */ -int mbedtls_net_set_nonblock(mbedtls_net_context *ctx); - -/** - * \brief Portable usleep helper - * - * \param usec Amount of microseconds to sleep - * - * \note Real amount of time slept will not be less than - * select()'s timeout granularity (typically, 10ms). - */ -void mbedtls_net_usleep(unsigned long usec); - -/** - * \brief Read at most 'len' characters. If no error occurs, - * the actual amount read is returned. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * - * \return the number of bytes received, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. - */ -int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); - -/** - * \brief Write at most 'len' characters. If no error occurs, - * the actual amount written is returned. - * - * \param ctx Socket - * \param buf The buffer to read from - * \param len The length of the buffer - * - * \return the number of bytes sent, - * or a non-zero error code; with a non-blocking socket, - * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. - */ -int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len); - -/** - * \brief Read at most 'len' characters, blocking for at most - * 'timeout' seconds. If no error occurs, the actual amount - * read is returned. - * - * \note The current implementation of this function uses - * select() and returns an error if the file descriptor - * is \c FD_SETSIZE or greater. - * - * \param ctx Socket - * \param buf The buffer to write to - * \param len Maximum length of the buffer - * \param timeout Maximum number of milliseconds to wait for data - * 0 means no timeout (wait forever) - * - * \return The number of bytes received if successful. - * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out. - * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * Another negative error code (MBEDTLS_ERR_NET_xxx) - * for other failures. - * - * \note This function will block (until data becomes available or - * timeout is reached) even if the socket is set to - * non-blocking. Handling timeouts with non-blocking reads - * requires a different strategy. - */ -int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/** - * \brief Closes down the connection and free associated data - * - * \param ctx The context to close - * - * \note This function frees and clears data associated with the - * context but does not free the memory pointed to by \p ctx. - * This memory is the responsibility of the caller. - */ -void mbedtls_net_close(mbedtls_net_context *ctx); - -/** - * \brief Gracefully shutdown the connection and free associated data - * - * \param ctx The context to free - * - * \note This function frees and clears data associated with the - * context but does not free the memory pointed to by \p ctx. - * This memory is the responsibility of the caller. - */ -void mbedtls_net_free(mbedtls_net_context *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* net_sockets.h */ diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h deleted file mode 100644 index d769ff2180..0000000000 --- a/include/mbedtls/oid.h +++ /dev/null @@ -1,304 +0,0 @@ -/** - * \file oid.h - * - * \brief Object Identifier (OID) values - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_OID_H -#define MBEDTLS_OID_H - -#include "mbedtls/build_info.h" -#include "mbedtls/asn1.h" - -/* - * Top level OID tuples - */ -#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ -#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ -#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ -#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ - -/* - * ISO Member bodies OID parts - */ -#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ -#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ -#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ -#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ -#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_ANSI_X9_62 - -/* - * ISO Identified organization OID parts - */ -#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ -#define MBEDTLS_OID_ORG_OIW "\x0e" -#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" -#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" -#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" -#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */ -#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_THAWTE -#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ -#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_CERTICOM -#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ -#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_TELETRUST - -/* - * ISO ITU OID parts - */ -#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ -#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ - -#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ -#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ - -#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ -#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ - -/* ISO arc for standard certificate and CRL extensions */ -#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ - -#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ - -/** - * Private Internet Extensions - * { iso(1) identified-organization(3) dod(6) internet(1) - * security(5) mechanisms(5) pkix(7) } - */ -#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ - "\x01" -#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" - -/* - * Arc for standard naming attributes - */ -#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ -#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ -#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ -#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ -#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ -#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ -#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ -#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ -#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ -#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ -#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ -#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ -#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ -#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ -#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ -#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ -#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ -#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ - -#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ -#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ - -/* - * OIDs for standard certificate extensions - */ -#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ -#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ -#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ -#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ -#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ -#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ -#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ -#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ -#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ -#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ -#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ -#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ -#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ -#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ -#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ - -/* - * Certificate policies - */ -#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ - -/* - * Netscape certificate extensions - */ -#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" -#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" -#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" -#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" -#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" -#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" -#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" -#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" -#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" -#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" -#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" - -/* - * OIDs for CRL extensions - */ -#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" -#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ - -/* - * X.509 v3 Extended key usage OIDs - */ -#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ - -#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ -#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ -#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ -#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ -#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ -#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ -#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ - -/** - * Wi-SUN Alliance Field Area Network - * { iso(1) identified-organization(3) dod(6) internet(1) - * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } - */ -#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" - -#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ -#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ - -/* - * PKCS definition OIDs - */ - -#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ -#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ -#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ -#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ -#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ -#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ - -/* - * PKCS#1 OIDs - */ -#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ -#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ -#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ -#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ -#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ -#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ - -#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" - -#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ - -/* RFC 4055 */ -#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ -#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ - -/* - * Digest algorithms - */ -#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ - -#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ - -/* - * PKCS#7 OIDs - */ -#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ -#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ -#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ -#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ -#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ -#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ - -#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ - - -/* - * ECDSA signature identifiers, from RFC 5480 - */ -#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ -#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ - -/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" - -/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" - -/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 2 } */ -#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" - -/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 3 } */ -#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" - -/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 4 } */ -#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" - -#if defined(MBEDTLS_X509_USE_C) -/** - * \brief Translate an ASN.1 OID into its numeric representation - * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") - * - * \param buf buffer to put representation in - * \param size size of the buffer - * \param oid OID to translate - * - * \return Length of the string written (excluding final NULL) or - * PSA_ERROR_BUFFER_TOO_SMALL in case of error - */ -int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); -#endif /* MBEDTLS_X509_USE_C */ - -#if defined(MBEDTLS_X509_CREATE_C) -/** - * \brief Translate a string containing a dotted-decimal - * representation of an ASN.1 OID into its encoded form - * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). - * On success, this function allocates oid->buf from the - * heap. It must be freed by the caller using mbedtls_free(). - * - * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse - * \param size length of the OID string, not including any null terminator - * - * \return 0 if successful - * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not - * represent a valid OID - * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to - * allocate oid->buf - */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); -#endif /* MBEDTLS_X509_CREATE_C */ - -#endif /* oid.h */ diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h deleted file mode 100644 index 957ca53d71..0000000000 --- a/include/mbedtls/pkcs7.h +++ /dev/null @@ -1,240 +0,0 @@ -/** - * \file pkcs7.h - * - * \brief PKCS #7 generic defines and structures - * https://tools.ietf.org/html/rfc2315 - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * Note: For the time being, this implementation of the PKCS #7 cryptographic - * message syntax is a partial implementation of RFC 2315. - * Differences include: - * - The RFC specifies 6 different content types. The only type currently - * supported in Mbed TLS is the signed-data content type. - * - The only supported PKCS #7 Signed Data syntax version is version 1 - * - The RFC specifies support for BER. This implementation is limited to - * DER only. - * - The RFC specifies that multiple digest algorithms can be specified - * in the Signed Data type. Only one digest algorithm is supported in Mbed TLS. - * - The RFC specifies the Signed Data type can contain multiple X.509 or PKCS #6 extended - * certificates. In Mbed TLS, this list can only contain 0 or 1 certificates - * and they must be in X.509 format. - * - The RFC specifies the Signed Data type can contain - * certificate-revocation lists (CRLs). This implementation has no support - * for CRLs so it is assumed to be an empty list. - * - The RFC allows for SignerInfo structure to optionally contain - * unauthenticatedAttributes and authenticatedAttributes. In Mbed TLS it is - * assumed these fields are empty. - * - The RFC allows for the signed Data type to contain contentInfo. This - * implementation assumes the type is DATA and the content is empty. - */ - -#ifndef MBEDTLS_PKCS7_H -#define MBEDTLS_PKCS7_H - -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/x509_crt.h" - -/** - * \name PKCS #7 Module Error codes - * \{ - */ -#define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 /**< The format is invalid, e.g. different type expected. */ -#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5380 /**< Unavailable feature, e.g. anything other than signed data. */ -#define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 /**< The PKCS #7 version element is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ -#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /**< Input invalid. */ -#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL PSA_ERROR_INVALID_SIGNATURE /**< Verification Failed */ -#define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS #7 date issued/expired dates are invalid */ -/* \} name */ - -/** - * \name PKCS #7 Supported Version - * \{ - */ -#define MBEDTLS_PKCS7_SUPPORTED_VERSION 0x01 -/* \} name */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Type-length-value structure that allows for ASN.1 using DER. - */ -typedef mbedtls_asn1_buf mbedtls_pkcs7_buf; - -/** - * Container for ASN.1 named information objects. - * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). - */ -typedef mbedtls_asn1_named_data mbedtls_pkcs7_name; - -/** - * Container for a sequence of ASN.1 items - */ -typedef mbedtls_asn1_sequence mbedtls_pkcs7_sequence; - -/** - * PKCS #7 types - */ -typedef enum { - MBEDTLS_PKCS7_NONE=0, - MBEDTLS_PKCS7_DATA, - MBEDTLS_PKCS7_SIGNED_DATA, - MBEDTLS_PKCS7_ENVELOPED_DATA, - MBEDTLS_PKCS7_SIGNED_AND_ENVELOPED_DATA, - MBEDTLS_PKCS7_DIGESTED_DATA, - MBEDTLS_PKCS7_ENCRYPTED_DATA, -} -mbedtls_pkcs7_type; - -/** - * Structure holding PKCS #7 signer info - */ -typedef struct mbedtls_pkcs7_signer_info { - int MBEDTLS_PRIVATE(version); - mbedtls_x509_buf MBEDTLS_PRIVATE(serial); - mbedtls_x509_name MBEDTLS_PRIVATE(issuer); - mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); - mbedtls_x509_buf MBEDTLS_PRIVATE(alg_identifier); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_alg_identifier); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - struct mbedtls_pkcs7_signer_info *MBEDTLS_PRIVATE(next); -} -mbedtls_pkcs7_signer_info; - -/** - * Structure holding the signed data section - */ -typedef struct mbedtls_pkcs7_signed_data { - int MBEDTLS_PRIVATE(version); - mbedtls_pkcs7_buf MBEDTLS_PRIVATE(digest_alg_identifiers); - int MBEDTLS_PRIVATE(no_of_certs); - mbedtls_x509_crt MBEDTLS_PRIVATE(certs); - int MBEDTLS_PRIVATE(no_of_crls); - mbedtls_x509_crl MBEDTLS_PRIVATE(crl); - int MBEDTLS_PRIVATE(no_of_signers); - mbedtls_pkcs7_signer_info MBEDTLS_PRIVATE(signers); -} -mbedtls_pkcs7_signed_data; - -/** - * Structure holding PKCS #7 structure, only signed data for now - */ -typedef struct mbedtls_pkcs7 { - mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw); - mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data); -} -mbedtls_pkcs7; - -/** - * \brief Initialize mbedtls_pkcs7 structure. - * - * \param pkcs7 mbedtls_pkcs7 structure. - */ -void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7); - -/** - * \brief Parse a single DER formatted PKCS #7 detached signature. - * - * \param pkcs7 The mbedtls_pkcs7 structure to be filled by the parser. - * \param buf The buffer holding only the DER encoded PKCS #7 content. - * \param buflen The size in bytes of \p buf. The size must be exactly the - * length of the DER encoded PKCS #7 content. - * - * \note This function makes an internal copy of the PKCS #7 buffer - * \p buf. In particular, \p buf may be destroyed or reused - * after this call returns. - * \note Signatures with internal data are not supported. - * - * \return The \c mbedtls_pkcs7_type of \p buf, if successful. - * \return A negative error code on failure. - */ -int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, - const size_t buflen); - -/** - * \brief Verification of PKCS #7 signature against a caller-supplied - * certificate. - * - * For each signer in the PKCS structure, this function computes - * a signature over the supplied data, using the supplied - * certificate and the same digest algorithm as specified by the - * signer. It then compares this signature against the - * signer's signature; verification succeeds if any comparison - * matches. - * - * This function does not use the certificates held within the - * PKCS #7 structure itself, and does not check that the - * certificate is signed by a trusted certification authority. - * - * \param pkcs7 mbedtls_pkcs7 structure containing signature. - * \param cert Certificate containing key to verify signature. - * \param data Plain data on which signature has to be verified. - * \param datalen Length of the data. - * - * \note This function internally calculates the hash on the supplied - * plain data for signature verification. - * - * \return 0 if the signature verifies, or a negative error code on failure. - */ -int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *data, - size_t datalen); - -/** - * \brief Verification of PKCS #7 signature against a caller-supplied - * certificate. - * - * For each signer in the PKCS structure, this function - * validates a signature over the supplied hash, using the - * supplied certificate and the same digest algorithm as - * specified by the signer. Verification succeeds if any - * signature is good. - * - * This function does not use the certificates held within the - * PKCS #7 structure itself, and does not check that the - * certificate is signed by a trusted certification authority. - * - * \param pkcs7 PKCS #7 structure containing signature. - * \param cert Certificate containing key to verify signature. - * \param hash Hash of the plain data on which signature has to be verified. - * \param hashlen Length of the hash. - * - * \note This function is different from mbedtls_pkcs7_signed_data_verify() - * in that it is directly passed the hash of the data. - * - * \return 0 if the signature verifies, or a negative error code on failure. - */ -int mbedtls_pkcs7_signed_hash_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *hash, size_t hashlen); - -/** - * \brief Unallocate all PKCS #7 data and zeroize the memory. - * It doesn't free \p pkcs7 itself. This should be done by the caller. - * - * \param pkcs7 mbedtls_pkcs7 structure to free. - */ -void mbedtls_pkcs7_free(mbedtls_pkcs7 *pkcs7); - -#ifdef __cplusplus -} -#endif - -#endif /* pkcs7.h */ diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h deleted file mode 100644 index ee35a67c9f..0000000000 --- a/include/mbedtls/private/config_adjust_ssl.h +++ /dev/null @@ -1,84 +0,0 @@ -/** - * \file mbedtls/private/config_adjust_ssl.h - * \brief Adjust TLS configuration - * - * This is an internal header. Do not include it directly. - * - * Automatically enable certain dependencies. Generally, MBEDTLS_xxx - * configurations need to be explicitly enabled by the user: enabling - * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a - * compilation error. However, we do automatically enable certain options - * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option - * used to identify parts of a module that are used by other module, and we - * don't want to make the symbol MBEDTLS_xxx_B part of the public API. - * Another case is if A didn't depend on B in earlier versions, and we - * want to use B in A but we need to preserve backward compatibility with - * configurations that explicitly activate MBEDTLS_xxx_A but not - * MBEDTLS_xxx_B. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H -#define MBEDTLS_CONFIG_ADJUST_SSL_H - -#if !defined(MBEDTLS_CONFIG_FILES_READ) -#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ - "up to and including runtime errors such as buffer overflows. " \ - "If you're trying to fix a complaint from check_config.h, just remove " \ - "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right point." -#endif /* */ - -/* The following blocks make it easier to disable all of TLS, - * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all - * key exchanges, options and extensions related to them. */ - -#if !defined(MBEDTLS_SSL_TLS_C) -#undef MBEDTLS_SSL_CLI_C -#undef MBEDTLS_SSL_SRV_C -#undef MBEDTLS_SSL_PROTO_TLS1_3 -#undef MBEDTLS_SSL_PROTO_TLS1_2 -#undef MBEDTLS_SSL_PROTO_DTLS -#endif - -#if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)) -#undef MBEDTLS_SSL_TICKET_C -#endif - -#if !defined(MBEDTLS_SSL_PROTO_DTLS) -#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY -#undef MBEDTLS_SSL_DTLS_SRTP -#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#endif - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC -#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#undef MBEDTLS_SSL_RENEGOTIATION -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#endif - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#undef MBEDTLS_SSL_EARLY_DATA -#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_ECDSA) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) -#define MBEDTLS_SSL_TLS1_2_SOME_ECC -#endif - -#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */ diff --git a/include/mbedtls/private/config_adjust_x509.h b/include/mbedtls/private/config_adjust_x509.h deleted file mode 100644 index 4af976666b..0000000000 --- a/include/mbedtls/private/config_adjust_x509.h +++ /dev/null @@ -1,35 +0,0 @@ -/** - * \file mbedtls/private/config_adjust_x509.h - * \brief Adjust X.509 configuration - * - * This is an internal header. Do not include it directly. - * - * Automatically enable certain dependencies. Generally, MBEDTLS_xxx - * configurations need to be explicitly enabled by the user: enabling - * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a - * compilation error. However, we do automatically enable certain options - * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option - * used to identify parts of a module that are used by other module, and we - * don't want to make the symbol MBEDTLS_xxx_B part of the public API. - * Another case is if A didn't depend on B in earlier versions, and we - * want to use B in A but we need to preserve backward compatibility with - * configurations that explicitly activate MBEDTLS_xxx_A but not - * MBEDTLS_xxx_B. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CONFIG_ADJUST_X509_H -#define MBEDTLS_CONFIG_ADJUST_X509_H - -#if !defined(MBEDTLS_CONFIG_FILES_READ) -#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ - "up to and including runtime errors such as buffer overflows. " \ - "If you're trying to fix a complaint from check_config.h, just remove " \ - "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right point." -#endif /* */ - -#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h deleted file mode 100644 index 02e527cdf5..0000000000 --- a/include/mbedtls/ssl.h +++ /dev/null @@ -1,5366 +0,0 @@ -/** - * \file ssl.h - * - * \brief SSL/TLS functions. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_H -#define MBEDTLS_SSL_H -#include "mbedtls/platform_util.h" -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/private/bignum.h" -#include "mbedtls/private/ecp.h" - -#include "mbedtls/ssl_ciphersuites.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#endif - -#include "mbedtls/md.h" - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) -#include "mbedtls/private/ecdh.h" -#endif - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#include "psa/crypto.h" - -/* - * SSL Error codes - */ -/** A cryptographic operation is in progress. Try again later. */ -#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 -/** The requested feature is not available. */ -#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 -/** Bad input parameters to function. */ -#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT -/** Verification of the message MAC failed. */ -#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 -/** An invalid SSL record was received. */ -#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 -/** The connection indicated an EOF. */ -#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 -/** A message could not be parsed due to a syntactic error. */ -#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300 -/* Error space gap */ -/** No RNG was provided to the SSL module. */ -#define MBEDTLS_ERR_SSL_NO_RNG -0x7400 -/** No client certification received from the client, but required by the authentication mode. */ -#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 -/** Client received an extended server hello containing an unsupported extension */ -#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500 -/** No ALPN protocols supported that the client advertises */ -#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580 -/** The own private key or pre-shared key is not set, but needed. */ -#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 -/** No CA Chain is set, but required to operate. */ -#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 -/** An unexpected message was received from our peer. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 -/** A fatal alert message was received from our peer. */ -#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 -/** No server could be identified matching the client's SNI. */ -#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800 -/** The peer notified us that the connection is going to be closed. */ -#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 -/* Error space gap */ -/* Error space gap */ -/** Processing of the Certificate handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 -/* Error space gap */ -/** - * Received NewSessionTicket Post Handshake Message. - * This error code is experimental and may be changed or removed without notice. - */ -#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 -/** Not possible to read early data */ -#define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80 -/** - * Early data has been received as part of an on-going handshake. - * This error code can be returned only on server side if and only if early - * data has been enabled by means of the mbedtls_ssl_conf_early_data() API. - * This error code can then be returned by mbedtls_ssl_handshake(), - * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if - * early data has been received as part of the handshake sequence they - * triggered. To read the early data, call mbedtls_ssl_read_early_data(). - */ -#define MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA -0x7C00 -/** Not possible to write early data */ -#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA -0x7C80 -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/** Cache entry not found */ -#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80 -/** Memory allocation failed */ -#define MBEDTLS_ERR_SSL_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY -/** Hardware acceleration function returned with error */ -#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 -/** Hardware acceleration function skipped / left alone data */ -#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 -/** Handshake protocol not within min/max boundaries */ -#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80 -/** The handshake negotiation failed. */ -#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00 -/** Session ticket has expired. */ -#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 -/** Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ -#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 -/** Unknown identity received (eg, PSK identity) */ -#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 -/** Internal error (eg, unexpected failure in lower-level module) */ -#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 -/** A counter would wrap (eg, too many messages exchanged). */ -#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 -/** Unexpected message at ServerHello in renegotiation. */ -#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 -/** DTLS client must retry for hello verification */ -#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 -/** A buffer is too small to receive or write a message */ -#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL -/* Error space gap */ -/** No data of requested type currently available on underlying transport. */ -#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 -/** Connection requires a write call. */ -#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 -/** The operation timed out. */ -#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 -/** The client initiated a reconnect from the same port. */ -#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 -/** Record header looks valid but is not expected. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 -/** The alert message received indicates a non-fatal error. */ -#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 -/** A field in a message was incorrect or inconsistent with other fields. */ -#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600 -/** Internal-only message signaling that further message-processing should be done */ -#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 -/** The asynchronous operation is not completed yet. */ -#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 -/** Internal-only message signaling that a message arrived early. */ -#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/** An encrypted DTLS-frame with an unexpected CID was received. */ -#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 -/** An operation failed due to an unexpected version or configuration. */ -#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 -/** Invalid value in SSL config */ -#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 -/* Error space gap */ -/** Attempt to verify a certificate without an expected hostname. - * This is usually insecure. - * - * In TLS clients, when a client authenticates a server through its - * certificate, the client normally checks three things: - * - the certificate chain must be valid; - * - the chain must start from a trusted CA; - * - the certificate must cover the server name that is expected by the client. - * - * Omitting any of these checks is generally insecure, and can allow a - * malicious server to impersonate a legitimate server. - * - * The third check may be safely skipped in some unusual scenarios, - * such as networks where eavesdropping is a risk but not active attacks, - * or a private PKI where the client equally trusts all servers that are - * accredited by the root CA. - * - * You should call mbedtls_ssl_set_hostname() with the expected server name - * before starting a TLS handshake on a client (unless the client is - * set up to only use PSK-based authentication, which does not rely on the - * host name). If you have determined that server name verification is not - * required for security in your scenario, call mbedtls_ssl_set_hostname() - * with \p NULL as the server name. - * - * This error is raised if all of the following conditions are met: - * - * - A TLS client is configured with the authentication mode - * #MBEDTLS_SSL_VERIFY_REQUIRED (default). - * - Certificate authentication is enabled. - * - The client does not call mbedtls_ssl_set_hostname(). - */ -#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80 - -/* - * Constants from RFC 8446 for TLS 1.3 PSK modes - * - * Those are used in the Pre-Shared Key Exchange Modes extension. - * See Section 4.2.9 in RFC 8446. - */ -#define MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE 0 /* Pure PSK-based exchange */ -#define MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE 1 /* PSK+ECDHE-based exchange */ - -/* - * TLS 1.3 NamedGroup values - * - * From RF 8446 - * enum { - * // Elliptic Curve Groups (ECDHE) - * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), - * x25519(0x001D), x448(0x001E), - * // Finite Field Groups (DHE) - * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), - * ffdhe6144(0x0103), ffdhe8192(0x0104), - * // Reserved Code Points - * ffdhe_private_use(0x01FC..0x01FF), - * ecdhe_private_use(0xFE00..0xFEFF), - * (0xFFFF) - * } NamedGroup; - * - */ - -/* Elliptic Curve Groups (ECDHE) */ -#define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 0x0019 -#define MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 0x001A -#define MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 0x001B -#define MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 0x001C -#define MBEDTLS_SSL_IANA_TLS_GROUP_X25519 0x001D -#define MBEDTLS_SSL_IANA_TLS_GROUP_X448 0x001E -/* Finite Field Groups (DHE) */ -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 0x0100 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072 0x0101 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096 0x0102 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144 0x0103 -#define MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 0x0104 - -/* - * TLS 1.3 Key Exchange Modes - * - * Mbed TLS internal identifiers for use with the SSL configuration API - * mbedtls_ssl_conf_tls13_key_exchange_modes(). - */ - -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK (1u << 0) /*!< Pure-PSK TLS 1.3 key exchange, - * encompassing both externally agreed PSKs - * as well as resumption PSKs. */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL (1u << 1) /*!< Pure-Ephemeral TLS 1.3 key exchanges, - * including for example ECDHE and DHE - * key exchanges. */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL (1u << 2) /*!< PSK-Ephemeral TLS 1.3 key exchanges, - * using both a PSK and an ephemeral - * key exchange. */ - -/* Convenience macros for sets of key exchanges. */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL \ - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) /*!< All TLS 1.3 key exchanges */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL \ - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) /*!< All PSK-based TLS 1.3 key exchanges */ -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL \ - (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL | \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) /*!< All ephemeral TLS 1.3 key exchanges */ - -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE (0) - -/* - * Various constants - */ - - -#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ -#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ - -#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ -#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */ - -#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */ - -/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c - * NONE must be zero so that memset()ing structure to zero works */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ -#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */ - -#define MBEDTLS_SSL_IS_CLIENT 0 -#define MBEDTLS_SSL_IS_SERVER 1 - -#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 -#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 - -#define MBEDTLS_SSL_CID_DISABLED 0 -#define MBEDTLS_SSL_CID_ENABLED 1 - -#define MBEDTLS_SSL_ETM_DISABLED 0 -#define MBEDTLS_SSL_ETM_ENABLED 1 - -#define MBEDTLS_SSL_COMPRESS_NULL 0 - -#define MBEDTLS_SSL_VERIFY_NONE 0 -#define MBEDTLS_SSL_VERIFY_OPTIONAL 1 -#define MBEDTLS_SSL_VERIFY_REQUIRED 2 -#define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */ - -#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0 -#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1 - -#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0 -#define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1 - -#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0 -#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1 - -#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1 -#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16 - -#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0 -#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1 -#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2 - -#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0 -#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1 -#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ - -#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 -#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 - -#define MBEDTLS_SSL_PRESET_DEFAULT 0 -#define MBEDTLS_SSL_PRESET_SUITEB 2 - -#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 -#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 - -#define MBEDTLS_SSL_EARLY_DATA_DISABLED 0 -#define MBEDTLS_SSL_EARLY_DATA_ENABLED 1 - -#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 -#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 - -#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1 -#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0 - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 48 -#elif defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 32 -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ -/* - * Default range for DTLS retransmission timer value, in milliseconds. - * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. - */ -#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 -#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 - -/* - * Whether early data record should be discarded or not and how. - * - * The client has indicated early data and the server has rejected them. - * The server has then to skip past early data by either: - * - attempting to deprotect received records using the handshake traffic - * key, discarding records which fail deprotection (up to the configured - * max_early_data_size). Once a record is deprotected successfully, - * it is treated as the start of the client's second flight and the - * server proceeds as with an ordinary 1-RTT handshake. - * - skipping all records with an external content type of - * "application_data" (indicating that they are encrypted), up to the - * configured max_early_data_size. This is the expected behavior if the - * server has sent an HelloRetryRequest message. The server ignores - * application data message before 2nd ClientHello. - */ -#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD 0 -#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD 1 -#define MBEDTLS_SSL_EARLY_DATA_DISCARD 2 - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -/* - * Maximum fragment length in bytes, - * determines the size of each of the two internal I/O buffers. - * - * Note: the RFC defines the default size of SSL / TLS messages. If you - * change the value here, other clients / servers may not be able to - * communicate with you anymore. Only change this value if you control - * both sides of the connection and have it reduced at both sides, or - * if you're using the Max Fragment Length extension and you know all your - * peers are using it too! - */ -#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN) -#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 -#endif - -#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN) -#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -#endif - -/* - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - */ -#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING) -#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 -#endif - -/* - * Maximum length of CIDs for incoming and outgoing messages. - */ -#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX) -#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 -#endif - -#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) -#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 -#endif - -#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) -#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 -#endif - -#if !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) -#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) -#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) -#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 -#endif - -#if !defined(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS) -#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 -#endif - -/** \} name SECTION: Module settings */ - -/* - * Length of the verify data for secure renegotiation - */ -#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12 - -/* - * Signaling ciphersuite values (SCSV) - */ -#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ - -/* - * Supported Signature and Hash algorithms (For TLS 1.2) - * RFC 5246 section 7.4.1.4.1 - */ -#define MBEDTLS_SSL_HASH_NONE 0 -#define MBEDTLS_SSL_HASH_MD5 1 -#define MBEDTLS_SSL_HASH_SHA1 2 -#define MBEDTLS_SSL_HASH_SHA224 3 -#define MBEDTLS_SSL_HASH_SHA256 4 -#define MBEDTLS_SSL_HASH_SHA384 5 -#define MBEDTLS_SSL_HASH_SHA512 6 - -#define MBEDTLS_SSL_SIG_ANON 0 -#define MBEDTLS_SSL_SIG_RSA 1 -#define MBEDTLS_SSL_SIG_ECDSA 3 - -/* - * TLS 1.3 signature algorithms - * RFC 8446, Section 4.2.3 - */ - -/* RSASSA-PKCS1-v1_5 algorithms */ -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 0x0401 -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 0x0501 -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 0x0601 - -/* ECDSA algorithms */ -#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 0x0403 -#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 0x0503 -#define MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 0x0603 - -/* RSASSA-PSS algorithms with public key OID rsaEncryption */ -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 0x0804 -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 0x0805 -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 0x0806 - -/* EdDSA algorithms */ -#define MBEDTLS_TLS1_3_SIG_ED25519 0x0807 -#define MBEDTLS_TLS1_3_SIG_ED448 0x0808 - -/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */ -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256 0x0809 -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384 0x080A -#define MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512 0x080B - -/* LEGACY ALGORITHMS */ -#define MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1 0x0201 -#define MBEDTLS_TLS1_3_SIG_ECDSA_SHA1 0x0203 - -#define MBEDTLS_TLS1_3_SIG_NONE 0x0 - -/* - * Client Certificate Types - * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 - */ -#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1 -#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64 - -/* - * Message, alert and handshake types - */ -#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20 -#define MBEDTLS_SSL_MSG_ALERT 21 -#define MBEDTLS_SSL_MSG_HANDSHAKE 22 -#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23 -#define MBEDTLS_SSL_MSG_CID 25 - -#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1 -#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2 - -#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */ -#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ -#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */ -#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */ -#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */ -#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ -#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */ -#define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */ -#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */ -#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */ -#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */ -#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */ -#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */ -#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ -#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ -#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ -#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ -#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ -#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ -#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */ -#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ -#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ -#define MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION 109 /* 0x6d -- new in TLS 1.3 */ -#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ -#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ -#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ -#define MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED 116 /* 0x74 */ -#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ - -#define MBEDTLS_SSL_HS_HELLO_REQUEST 0 -#define MBEDTLS_SSL_HS_CLIENT_HELLO 1 -#define MBEDTLS_SSL_HS_SERVER_HELLO 2 -#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3 -#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4 -#define MBEDTLS_SSL_HS_END_OF_EARLY_DATA 5 -#define MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS 8 -#define MBEDTLS_SSL_HS_CERTIFICATE 11 -#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12 -#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13 -#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14 -#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15 -#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16 -#define MBEDTLS_SSL_HS_FINISHED 20 -#define MBEDTLS_SSL_HS_MESSAGE_HASH 254 - -/* - * TLS extensions - */ -#define MBEDTLS_TLS_EXT_SERVERNAME 0 -#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0 - -#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 - -#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 -#define MBEDTLS_TLS_EXT_STATUS_REQUEST 5 /* RFC 6066 TLS 1.2 and 1.3 */ - -#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 -#define MBEDTLS_TLS_EXT_SUPPORTED_GROUPS 10 /* RFC 8422,7919 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 - -#define MBEDTLS_TLS_EXT_SIG_ALG 13 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_USE_SRTP 14 -#define MBEDTLS_TLS_EXT_HEARTBEAT 15 /* RFC 6520 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_ALPN 16 - -#define MBEDTLS_TLS_EXT_SCT 18 /* RFC 6962 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_CLI_CERT_TYPE 19 /* RFC 7250 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_SERV_CERT_TYPE 20 /* RFC 7250 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_PADDING 21 /* RFC 7685 TLS 1.2 and 1.3 */ -#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ -#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ - -#define MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT 28 /* RFC 8449 (implemented for TLS 1.3 only) */ - -#define MBEDTLS_TLS_EXT_SESSION_TICKET 35 - -#define MBEDTLS_TLS_EXT_PRE_SHARED_KEY 41 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_EARLY_DATA 42 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS 43 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_COOKIE 44 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES 45 /* RFC 8446 TLS 1.3 */ - -#define MBEDTLS_TLS_EXT_CERT_AUTH 47 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_OID_FILTERS 48 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH 49 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ -#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ - -#define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2 CID */ - -#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ - -#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 - -/* - * Size defines - */ -#if !defined(MBEDTLS_PSK_MAX_LEN) -/* - * If the library supports TLS 1.3 tickets and the cipher suite - * TLS1-3-AES-256-GCM-SHA384, set the PSK maximum length to 48 instead of 32. - * That way, the TLS 1.3 client and server are able to resume sessions where - * the cipher suite is TLS1-3-AES-256-GCM-SHA384 (pre-shared keys are 48 - * bytes long in that case). - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) && \ - defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ -#else -#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ -#endif -#endif /* !MBEDTLS_PSK_MAX_LEN */ - -/* Dummy type used only for its size */ -union mbedtls_ssl_premaster_secret { - unsigned char dummy; /* Make the union non-empty even with SSL disabled */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES - + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */ -#endif -}; - -#define MBEDTLS_PREMASTER_SIZE sizeof(union mbedtls_ssl_premaster_secret) - -#define MBEDTLS_TLS1_3_MD_MAX_SIZE PSA_HASH_MAX_SIZE - - -/* Length in number of bytes of the TLS sequence number */ -#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 - -/* Helper to state that client_random and server_random need to be stored - * after the handshake is complete. This is required for context serialization - * and for the keying material exporter in TLS 1.2. */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || \ - (defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) && defined(MBEDTLS_SSL_PROTO_TLS1_2)) -#define MBEDTLS_SSL_KEEP_RANDBYTES -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * SSL state machine - */ -typedef enum { - MBEDTLS_SSL_HELLO_REQUEST, - MBEDTLS_SSL_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_HELLO, - MBEDTLS_SSL_SERVER_CERTIFICATE, - MBEDTLS_SSL_SERVER_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_REQUEST, - MBEDTLS_SSL_SERVER_HELLO_DONE, - MBEDTLS_SSL_CLIENT_CERTIFICATE, - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, - MBEDTLS_SSL_CERTIFICATE_VERIFY, - MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_CLIENT_FINISHED, - MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, - MBEDTLS_SSL_SERVER_FINISHED, - MBEDTLS_SSL_FLUSH_BUFFERS, - MBEDTLS_SSL_HANDSHAKE_WRAPUP, - MBEDTLS_SSL_NEW_SESSION_TICKET, - MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, - MBEDTLS_SSL_HELLO_RETRY_REQUEST, - MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, - MBEDTLS_SSL_END_OF_EARLY_DATA, - MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY, - MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, - MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, - MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO, - MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, - MBEDTLS_SSL_HANDSHAKE_OVER, - MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET, - MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH, -} -mbedtls_ssl_states; - -/* - * Early data status, client side only. - */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -typedef enum { -/* - * See documentation of mbedtls_ssl_get_early_data_status(). - */ - MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED, - MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED, - MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED, -} mbedtls_ssl_early_data_status; -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ - -/** - * \brief Callback type: send data on the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the send callback (typically a file descriptor) - * \param buf Buffer holding the data to send - * \param len Length of the data to send - * - * \return The callback must return the number of bytes sent if any, - * or a non-zero error code. - * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE - * must be returned when the operation would block. - * - * \note The callback is allowed to send fewer bytes than requested. - * It must always return the number of bytes actually sent. - */ -typedef int mbedtls_ssl_send_t(void *ctx, - const unsigned char *buf, - size_t len); - -/** - * \brief Callback type: receive data from the network. - * - * \note That callback may be either blocking or non-blocking. - * - * \param ctx Context for the receive callback (typically a file - * descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * - * \returns If data has been received, the positive number of bytes received. - * \returns \c 0 if the connection has been closed. - * \returns If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ - * must be returned when the operation would block. - * \returns Another negative error code on other kinds of failures. - * - * \note The callback may receive fewer bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_t(void *ctx, - unsigned char *buf, - size_t len); - -/** - * \brief Callback type: receive data from the network, with timeout - * - * \note That callback must block until data is received, or the - * timeout delay expires, or the operation is interrupted by a - * signal. - * - * \param ctx Context for the receive callback (typically a file descriptor) - * \param buf Buffer to write the received data to - * \param len Length of the receive buffer - * \param timeout Maximum number of milliseconds to wait for data - * 0 means no timeout (potentially waiting forever) - * - * \return The callback must return the number of bytes received, - * or a non-zero error code: - * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, - * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. - * - * \note The callback may receive fewer bytes than the length of the - * buffer. It must always return the number of bytes actually - * received and written to the buffer. - */ -typedef int mbedtls_ssl_recv_timeout_t(void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout); -/** - * \brief Callback type: set a pair of timers/delays to watch - * - * \param ctx Context pointer - * \param int_ms Intermediate delay in milliseconds - * \param fin_ms Final delay in milliseconds - * 0 cancels the current timer. - * - * \note This callback must at least store the necessary information - * for the associated \c mbedtls_ssl_get_timer_t callback to - * return correct information. - * - * \note If using an event-driven style of programming, an event must - * be generated when the final delay is passed. The event must - * cause a call to \c mbedtls_ssl_handshake() with the proper - * SSL context to be scheduled. Care must be taken to ensure - * that at most one such call happens at a time. - * - * \note Only one timer at a time must be running. Calling this - * function while a timer is running must cancel it. Cancelled - * timers must not generate any event. - */ -typedef void mbedtls_ssl_set_timer_t(void *ctx, - uint32_t int_ms, - uint32_t fin_ms); - -/** - * \brief Callback type: get status of timers/delays - * - * \param ctx Context pointer - * - * \return This callback must return: - * -1 if cancelled (fin_ms == 0), - * 0 if none of the delays have passed, - * 1 if only the intermediate delay has passed, - * 2 if the final delay has passed. - */ -typedef int mbedtls_ssl_get_timer_t(void *ctx); - -/* Defined below */ -typedef struct mbedtls_ssl_session mbedtls_ssl_session; -typedef struct mbedtls_ssl_context mbedtls_ssl_context; -typedef struct mbedtls_ssl_config mbedtls_ssl_config; - -/* Defined in library/ssl_misc.h */ -typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; -typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; -#if defined(MBEDTLS_X509_CRT_PARSE_C) -typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; -#endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) -typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */ -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */ -#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA (1U << 3) - -#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK \ - (MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION | \ - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION | \ - MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -/** - * \brief Callback type: server-side session cache getter - * - * The session cache is logically a key value store, with - * keys being session IDs and values being instances of - * mbedtls_ssl_session. - * - * This callback retrieves an entry in this key-value store. - * - * \param data The address of the session cache structure to query. - * \param session_id The buffer holding the session ID to query. - * \param session_id_len The length of \p session_id in Bytes. - * \param session The address of the session structure to populate. - * It is initialized with mbdtls_ssl_session_init(), - * and the callback must always leave it in a state - * where it can safely be freed via - * mbedtls_ssl_session_free() independent of the - * return code of this function. - * - * \return \c 0 on success - * \return A non-zero return value on failure. - * - */ -typedef int mbedtls_ssl_cache_get_t(void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session); -/** - * \brief Callback type: server-side session cache setter - * - * The session cache is logically a key value store, with - * keys being session IDs and values being instances of - * mbedtls_ssl_session. - * - * This callback sets an entry in this key-value store. - * - * \param data The address of the session cache structure to modify. - * \param session_id The buffer holding the session ID to query. - * \param session_id_len The length of \p session_id in Bytes. - * \param session The address of the session to be stored in the - * session cache. - * - * \return \c 0 on success - * \return A non-zero return value on failure. - */ -typedef int mbedtls_ssl_cache_set_t(void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Callback type: start external signature operation. - * - * This callback is called during an SSL handshake to start - * a signature decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p hash if the value - * is needed for later processing, because the \p hash buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \note For an RSA key, this function must produce a PKCS#1v1.5 - * signature in the standard format (like - * #PSA_ALG_RSA_PKCS1V15_SIGN). \c md_alg is guaranteed to be - * a hash that is supported by the library. - * - * \note For ECDSA signatures, the output format is the DER encoding - * `Ecdsa-Sig-Value` defined in - * [RFC 4492 section 5.4](https://tools.ietf.org/html/rfc4492#section-5.4). - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param md_alg Hash algorithm. - * \param hash Buffer containing the hash. This buffer is - * no longer valid when the function returns. - * \param hash_len Size of the \c hash buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - mbedtls_md_type_t md_alg, - const unsigned char *hash, - size_t hash_len); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Callback type: resume external operation. - * - * This callback is called during an SSL handshake to resume - * an external operation started by the - * ::mbedtls_ssl_async_sign_t callback. - * - * This function typically checks the status of a pending - * request or causes the request queue to make progress, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * This function may call mbedtls_ssl_get_async_operation_data() - * to retrieve an operation context set by the start callback. - * It may call mbedtls_ssl_set_async_operation_data() to modify - * this context. - * - * Note that when this function returns a status other than - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, it must free any - * resources associated with the operation. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param output Buffer containing the output (signature or decrypted - * data) on success. - * \param output_len On success, number of bytes written to \p output. - * \param output_size Size of the \p output buffer in bytes. - * - * \return 0 if output of the operation is available in the - * \p output buffer. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * is still in progress. Subsequent requests for progress - * on the SSL connection will call the resume callback - * again. - * \return Any other error means that the operation is aborted. - * The SSL handshake is aborted. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl, - unsigned char *output, - size_t *output_len, - size_t output_size); - -/** - * \brief Callback type: cancel external operation. - * - * This callback is called if an SSL connection is closed - * while an asynchronous operation is in progress. Note that - * this callback is not called if the - * ::mbedtls_ssl_async_resume_t callback has run and has - * returned a value other than - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, since in that case - * the asynchronous operation has already completed. - * - * This function may call mbedtls_ssl_get_async_operation_data() - * to retrieve an operation context set by the start callback. - * - * \param ssl The SSL connection instance. It should not be - * modified. - */ -typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48 -#if defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32 -#elif defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48 -#elif defined(PSA_WANT_ALG_SHA_1) -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1 -#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20 -#else -/* This is already checked in check_config.h, but be sure. */ -#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT." -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && - !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -typedef struct { - unsigned char client_application_traffic_secret_N[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char server_application_traffic_secret_N[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char exporter_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char resumption_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; -} mbedtls_ssl_tls13_application_secrets; - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - -#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 -#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4 -/* - * For code readability use a typedef for DTLS-SRTP profiles - * - * Use_srtp extension protection profiles values as defined in - * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * - * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value - * must be updated too. - */ -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ((uint16_t) 0x0001) -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ((uint16_t) 0x0002) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ((uint16_t) 0x0005) -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ((uint16_t) 0x0006) -/* This one is not iana defined, but for code readability. */ -#define MBEDTLS_TLS_SRTP_UNSET ((uint16_t) 0x0000) - -typedef uint16_t mbedtls_ssl_srtp_profile; - -typedef struct mbedtls_dtls_srtp_info_t { - /*! The SRTP profile that was negotiated. */ - mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile); - /*! The length of mki_value. */ - uint16_t MBEDTLS_PRIVATE(mki_len); - /*! The mki_value used, with max size of 256 bytes. */ - unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; -} -mbedtls_dtls_srtp_info; - -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/** Human-friendly representation of the (D)TLS protocol version. */ -typedef enum { - MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */ - MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303, /*!< (D)TLS 1.2 */ - MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304, /*!< (D)TLS 1.3 */ -} mbedtls_ssl_protocol_version; - -/* - * This structure is used for storing current session data. - * - * Note: when changing this definition, we need to check and update: - * - in tests/suites/test_suite_ssl.function: - * ssl_populate_session() and ssl_serialize_session_save_load() - * - in library/ssl_tls.c: - * mbedtls_ssl_session_init() and mbedtls_ssl_session_free() - * mbedtls_ssl_session_save() and ssl_session_load() - * ssl_session_copy() - */ -struct mbedtls_ssl_session { -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -/*!< RecordSizeLimit received from the peer */ -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - uint16_t MBEDTLS_PRIVATE(record_size_limit); -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - - unsigned char MBEDTLS_PRIVATE(exported); - uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ - - /** TLS version negotiated in the session. Used if and when renegotiating - * or resuming a session instead of the configured minor TLS version. - */ - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); - -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< start time of current session */ -#endif - int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */ - size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */ - unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */ - unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */ -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /*! The digest of the peer's end-CRT. This must be kept to detect CRT - * changes during renegotiation, mitigating the triple handshake attack. */ - unsigned char *MBEDTLS_PRIVATE(peer_cert_digest); - size_t MBEDTLS_PRIVATE(peer_cert_digest_len); - mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */ - size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */ - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_HAVE_TIME) - /*! When a ticket is created by a TLS server as part of an established TLS - * session, the ticket creation time may need to be saved for the ticket - * module to be able to check the ticket age when the ticket is used. - * That's the purpose of this field. - * Before creating a new ticket, an Mbed TLS server set this field with - * its current time in milliseconds. This time may then be saved in the - * session ticket data by the session ticket writing function and - * recovered by the ticket parsing function later when the ticket is used. - * The ticket module may then use this time to compute the ticket age and - * determine if it has expired or not. - * The Mbed TLS implementations of the session ticket writing and parsing - * functions save and retrieve the ticket creation time as part of the - * session ticket data. The session ticket parsing function relies on - * the mbedtls_ssl_session_get_ticket_creation_time() API to get the - * ticket creation time from the session ticket data. - */ - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ - uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ - uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ - unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C) - char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */ -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) - char *MBEDTLS_PRIVATE(ticket_alpn); /*!< ALPN negotiated in the session - during which the ticket was generated. */ -#endif - -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) - /*! Time in milliseconds when the last ticket was received. */ - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - uint32_t MBEDTLS_PRIVATE(max_early_data_size); /*!< maximum amount of early data in tickets */ -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets); -#endif -}; - -/* - * Identifiers for PRFs used in various versions of TLS. - */ -typedef enum { - MBEDTLS_SSL_TLS_PRF_NONE, - MBEDTLS_SSL_TLS_PRF_SHA384, - MBEDTLS_SSL_TLS_PRF_SHA256, - MBEDTLS_SSL_HKDF_EXPAND_SHA384, - MBEDTLS_SSL_HKDF_EXPAND_SHA256 -} -mbedtls_tls_prf_types; - -typedef enum { - MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0, -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET, -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -} mbedtls_ssl_key_export_type; - -/** - * \brief Callback type: Export key alongside random values for - * session identification, and PRF for - * implementation of TLS key exporters. - * - * \param p_expkey Context for the callback. - * \param type The type of the key that is being exported. - * \param secret The address of the buffer holding the secret - * that's being exporterd. - * \param secret_len The length of \p secret in bytes. - * \param client_random The client random bytes. - * \param server_random The server random bytes. - * \param tls_prf_type The identifier for the PRF used in the handshake - * to which the key belongs. - */ -typedef void mbedtls_ssl_export_keys_t(void *p_expkey, - mbedtls_ssl_key_export_type type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type); - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Callback type: generic handshake callback - * - * \note Callbacks may use user_data funcs to set/get app user data. - * See \c mbedtls_ssl_get_user_data_p() - * \c mbedtls_ssl_get_user_data_n() - * \c mbedtls_ssl_conf_get_user_data_p() - * \c mbedtls_ssl_conf_get_user_data_n() - * - * \param ssl \c mbedtls_ssl_context on which the callback is run - * - * \return The return value of the callback is 0 if successful, - * or a specific MBEDTLS_ERR_XXX code, which will cause - * the handshake to be aborted. - */ -typedef int (*mbedtls_ssl_hs_cb_t)(mbedtls_ssl_context *ssl); -#endif - -/* A type for storing user data in a library structure. - * - * The representation of type may change in future versions of the library. - * Only the behaviors guaranteed by documented accessor functions are - * guaranteed to remain stable. - */ -typedef union { - uintptr_t n; /* typically a handle to an associated object */ - void *p; /* typically a pointer to extra data */ -} mbedtls_ssl_user_data_t; - -/** - * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. - */ -struct mbedtls_ssl_config { - /* Group items mostly by size. This helps to reduce memory wasted to - * padding. It also helps to keep smaller fields early in the structure, - * so that elements tend to be in the 128-element direct access window - * on Arm Thumb, which reduces the code size. */ - - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(max_tls_version); /*!< max. TLS version used */ - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(min_tls_version); /*!< min. TLS version used */ - - /* - * Flags (could be bit-fields to save RAM, but separate bytes make - * the code smaller on architectures with an instruction for direct - * byte access). - */ - - uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ - uint8_t MBEDTLS_PRIVATE(transport); /*!< 0: stream (TLS), 1: datagram (DTLS) */ - uint8_t MBEDTLS_PRIVATE(authmode); /*!< MBEDTLS_SSL_VERIFY_XXX */ - /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ - uint8_t MBEDTLS_PRIVATE(allow_legacy_renegotiation); /*!< MBEDTLS_LEGACY_XXX */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - uint8_t MBEDTLS_PRIVATE(mfl_code); /*!< desired fragment length indicator - (MBEDTLS_SSL_MAX_FRAG_LEN_XXX) */ -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - uint8_t MBEDTLS_PRIVATE(encrypt_then_mac); /*!< negotiate encrypt-then-mac? */ -#endif -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - uint8_t MBEDTLS_PRIVATE(extended_ms); /*!< negotiate extended master secret? */ -#endif -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - uint8_t MBEDTLS_PRIVATE(anti_replay); /*!< detect and prevent replay? */ -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - uint8_t MBEDTLS_PRIVATE(disable_renegotiation); /*!< disable renegotiation? */ -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_CLI_C) - uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */ -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint16_t MBEDTLS_PRIVATE(new_session_tickets_count); /*!< number of NewSessionTicket */ -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - uint8_t MBEDTLS_PRIVATE(cert_req_ca_list); /*!< enable sending CA list in - Certificate Request messages? */ - uint8_t MBEDTLS_PRIVATE(respect_cli_pref); /*!< pick the ciphersuite according to - the client's preferences rather - than ours? */ -#endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t MBEDTLS_PRIVATE(ignore_unexpected_cid); /*!< Should DTLS record with - * unexpected CID - * lead to failure? */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_DTLS_SRTP) - uint8_t MBEDTLS_PRIVATE(dtls_srtp_mki_support); /* support having mki_value - in the use_srtp extension? */ -#endif - - /* - * Pointers - */ - - /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */ - const int *MBEDTLS_PRIVATE(ciphersuite_list); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /** Allowed TLS 1.3 key exchange modes. */ - int MBEDTLS_PRIVATE(tls13_kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /** Callback for printing debug output */ - void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); - void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ - - /** Callback to retrieve a session from the cache */ - mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); - /** Callback to store a session into the cache */ - mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache); - void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /** Callback for setting cert according to SNI extension */ - int(*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */ -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /** Callback to customize X.509 certificate chain verification */ - int(*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); - void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */ -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_SSL_SRV_C) - /** Callback to retrieve PSK key from identity */ - int(*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */ -#endif -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - /** Callback to create & write a cookie for ClientHello verification */ - int(*MBEDTLS_PRIVATE(f_cookie_write))(void *, unsigned char **, unsigned char *, - const unsigned char *, size_t); - /** Callback to verify validity of a ClientHello cookie */ - int(*MBEDTLS_PRIVATE(f_cookie_check))(void *, const unsigned char *, size_t, - const unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */ -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) - /** Callback to create & write a session ticket */ - int(*MBEDTLS_PRIVATE(f_ticket_write))(void *, const mbedtls_ssl_session *, - unsigned char *, const unsigned char *, size_t *, - uint32_t *); - /** Callback to parse a session ticket into a session structure */ - int(*MBEDTLS_PRIVATE(f_ticket_parse))(void *, mbedtls_ssl_session *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */ - mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */ - mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb); - void *MBEDTLS_PRIVATE(p_ca_cb); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ - mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ - void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field - * should only be set via - * mbedtls_ssl_conf_psk_opaque(). - * If either no PSK or a raw PSK have been - * configured, this has value \c 0. - */ - unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should - * only be set via mbedtls_ssl_conf_psk(). - * If either no PSK or an opaque PSK - * have been configured, this has value NULL. */ - size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * Its value is non-zero if and only if - * \c psk is not \c NULL. */ - - unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * This is set if and only if either - * \c psk or \c psk_opaque are set. */ - size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity. - * This field should only be set via - * mbedtls_ssl_conf_psk(). - * Its value is non-zero if and only if - * \c psk is not \c NULL or \c psk_opaque - * is not \c 0. */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - int MBEDTLS_PRIVATE(early_data_enabled); /*!< Early data enablement: - * - MBEDTLS_SSL_EARLY_DATA_DISABLED, - * - MBEDTLS_SSL_EARLY_DATA_ENABLED */ - -#if defined(MBEDTLS_SSL_SRV_C) - /* The maximum amount of 0-RTT data. RFC 8446 section 4.6.1 */ - uint32_t MBEDTLS_PRIVATE(max_early_data_size); -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_ALPN) - const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /*! ordered list of supported srtp profile */ - const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list); - /*! number of supported profiles */ - size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - /* - * Numerical settings (int) - */ - - uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake - retransmission timeout (ms) */ - uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake - retransmission timeout (ms) */ -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */ - unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters - that triggers renegotiation */ -#endif - - unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */ - - /** User data pointer or handle. - * - * The library sets this to \p 0 when creating a context and does not - * access it afterwards. - */ - mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data); - -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_hs_cb_t MBEDTLS_PRIVATE(f_cert_cb); /*!< certificate selection callback */ -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - const mbedtls_x509_crt *MBEDTLS_PRIVATE(dn_hints);/*!< acceptable client cert issuers */ -#endif -}; - -struct mbedtls_ssl_context { - const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */ - - /* - * Miscellaneous - */ - int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ - - /** Mask of `MBEDTLS_SSL_CONTEXT_FLAG_XXX`. - * See `mbedtls_ssl_context_flags_t` in ssl_misc.h. - * - * This field is not saved by mbedtls_ssl_session_save(). - */ - uint32_t MBEDTLS_PRIVATE(flags); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */ - int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS, - number of retransmissions of request if - renego_max_records is < 0 */ -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - /** - * Maximum TLS version to be negotiated, then negotiated TLS version. - * - * It is initialized as the configured maximum TLS version to be - * negotiated by mbedtls_ssl_setup(). - * - * When renegotiating or resuming a session, it is overwritten in the - * ClientHello writing preparation stage with the previously negotiated - * TLS version. - * - * On client side, it is updated to the TLS version selected by the server - * for the handshake when the ServerHello is received. - * - * On server side, it is updated to the TLS version the server selects for - * the handshake when the ClientHello is received. - */ - mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) - /** - * State of the negotiation and transfer of early data. Reset to - * MBEDTLS_SSL_EARLY_DATA_STATE_IDLE when the context is reset. - */ - int MBEDTLS_PRIVATE(early_data_state); -#endif - - unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /** Callback to customize X.509 certificate chain verification */ - int(*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); - void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */ -#endif - - mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */ - mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */ - mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout); - /*!< Callback for network receive with timeout */ - - void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */ - - /* - * Session layer - */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */ - mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */ - - mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during - the handshake process */ - - /* - * Record layer transformations - */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) - * This is always a reference, - * never an owning pointer. */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out) - * This is always a reference, - * never an owning pointer. */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params - * This pointer owns the transform - * it references. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation - * This pointer owns the transform - * it references. */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /*! The application data transform in TLS 1.3. - * This pointer owns the transform it references. */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* - * Timers - */ - void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */ - - mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */ - mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */ - - /* - * Record layer (incoming data) - */ - unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */ - unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter - TLS: maintained by us - DTLS: read from peer */ - unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID; - * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */ - unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */ - unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */ - unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */ - - int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */ - size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */ - size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */ -#endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */ - size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram - (equal to in_left if none) */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */ - uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */ -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - - size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, - including the handshake header */ - size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments - (up to in_hslen) */ - int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ - - int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message - on next call to record layer? */ - - /* The following three variables indicate if and, if yes, - * what kind of alert is pending to be sent. - */ - unsigned char MBEDTLS_PRIVATE(send_alert); /*!< Determines if a fatal alert - should be sent. Values: - - \c 0 , no alert is to be sent. - - \c 1 , alert is to be sent. */ - unsigned char MBEDTLS_PRIVATE(alert_type); /*!< Type of alert if send_alert - != 0 */ - int MBEDTLS_PRIVATE(alert_reason); /*!< The error code to be returned - to the user once the fatal alert - has been sent. */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records - * within a single datagram. */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#if defined(MBEDTLS_SSL_SRV_C) - /* - * One of: - * MBEDTLS_SSL_EARLY_DATA_NO_DISCARD - * MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD - * MBEDTLS_SSL_EARLY_DATA_DISCARD - */ - uint8_t MBEDTLS_PRIVATE(discard_early_data_record); -#endif - uint32_t MBEDTLS_PRIVATE(total_early_data_size); /*!< Number of received/written early data bytes */ -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - /* - * Record layer (outgoing data) - */ - unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */ - unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */ - unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID; - * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */ - unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */ - unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */ - - int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */ - size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */ - size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */ -#endif - - unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Outgoing record sequence number. */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * User settings - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) - char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification - (and SNI if available) */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_ALPN) - const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */ -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* - * use_srtp extension - */ - mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - /* - * Information for DTLS hello verify - */ -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */ - size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */ -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - - /* - * Secure renegotiation - */ - /* needed to know when to send extension on server */ - int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or - secure renegotiation */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */ - char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ - char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* CID configuration to use in subsequent handshakes. */ - - /*! The next incoming CID, chosen by the user and applying to - * all subsequent handshakes. This may be different from the - * CID currently used in case the user has re-configured the CID - * after an initial handshake. */ - unsigned char MBEDTLS_PRIVATE(own_cid)[MBEDTLS_SSL_CID_IN_LEN_MAX]; - uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */ - uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should - * be negotiated in the next handshake or not. - * Possible values are #MBEDTLS_SSL_CID_ENABLED - * and #MBEDTLS_SSL_CID_DISABLED. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /** Callback to export key block and master secret */ - mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys); - void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ - - /** User data pointer or handle. - * - * The library sets this to \p 0 when creating a context and does not - * access it afterwards. - * - * \warning Serializing and restoring an SSL context with - * mbedtls_ssl_context_save() and mbedtls_ssl_context_load() - * does not currently restore the user data. - */ - mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data); -}; - -/** - * \brief Return the name of the ciphersuite associated with the - * given ID - * - * \param ciphersuite_id SSL ciphersuite ID - * - * \return a string containing the ciphersuite name - */ -const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id); - -/** - * \brief Return the ID of the ciphersuite associated with the - * given name - * - * \param ciphersuite_name SSL ciphersuite name - * - * \return the ID with the ciphersuite or 0 if not found - */ -int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name); - -/** - * \brief Initialize an SSL context - * Just makes the context ready for mbedtls_ssl_setup() or - * mbedtls_ssl_free() - * - * \param ssl SSL context - */ -void mbedtls_ssl_init(mbedtls_ssl_context *ssl); - -/** - * \brief Set up an SSL context for use - * - * \note No copy of the configuration context is made, it can be - * shared by many mbedtls_ssl_context structures. - * - * \warning The conf structure will be accessed during the session. - * It must not be modified or freed as long as the session - * is active. - * - * \warning This function must be called exactly once per context. - * Calling mbedtls_ssl_setup again is not supported, even - * if no session is active. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \note After setting up a client context, if certificate-based - * authentication is enabled, you should call - * mbedtls_ssl_set_hostname() to specifiy the expected - * name of the server. Otherwise, if server authentication - * is required (which is the case by default) and the - * selected key exchange involves a certificate (i.e. is not - * based on a pre-shared key), the certificate authentication - * will fail. See - * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - * for more information. - * - * \param ssl SSL context - * \param conf SSL configuration to use - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY if - * memory allocation failed - */ -int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf); - -/** - * \brief Reset an already initialized SSL context for re-use - * while retaining application-set variables, function - * pointers and data. - * - * \param ssl SSL context - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY or - MBEDTLS_ERR_SSL_HW_ACCEL_FAILED - */ -int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl); - -/** - * \brief Set the current endpoint type - * - * \param conf SSL configuration - * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER - */ -void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint); - -/** - * \brief Get the current endpoint type - * - * \param conf SSL configuration - * - * \return Endpoint type, either MBEDTLS_SSL_IS_CLIENT - * or MBEDTLS_SSL_IS_SERVER - */ -static inline int mbedtls_ssl_conf_get_endpoint(const mbedtls_ssl_config *conf) -{ - return conf->MBEDTLS_PRIVATE(endpoint); -} - -/** - * \brief Set the transport type (TLS or DTLS). - * Default: TLS - * - * \note For DTLS, you must either provide a recv callback that - * doesn't block, or one that handles timeouts, see - * \c mbedtls_ssl_set_bio(). You also need to provide timer - * callbacks with \c mbedtls_ssl_set_timer_cb(). - * - * \param conf SSL configuration - * \param transport transport type: - * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, - * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. - */ -void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport); - -/** - * \brief Set the certificate verification mode - * Default: NONE on server, REQUIRED on client - * - * \param conf SSL configuration - * \param authmode can be: - * - * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked - * (default on server) - * (insecure on client) - * - * MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the - * handshake continues even if verification failed; - * mbedtls_ssl_get_verify_result() can be called after the - * handshake is complete. - * - * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, - * handshake is aborted if verification failed. - * (default on client) - * - * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. - * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at - * the right time(s), which may not be obvious, while REQUIRED always perform - * the verification as soon as possible. For example, REQUIRED was protecting - * against the "triple handshake" attack even before it was found. - */ -void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/** - * \brief Set the early data mode - * Default: disabled on server and client - * - * \param conf The SSL configuration to use. - * \param early_data_enabled can be: - * - * MBEDTLS_SSL_EARLY_DATA_DISABLED: - * Early data functionality is disabled. This is the default on client and - * server. - * - * MBEDTLS_SSL_EARLY_DATA_ENABLED: - * Early data functionality is enabled and may be negotiated in the handshake. - * Application using early data functionality needs to be aware that the - * security properties for early data (also refered to as 0-RTT data) are - * weaker than those for other kinds of TLS data. See the documentation of - * mbedtls_ssl_write_early_data() and mbedtls_ssl_read_early_data() for more - * information. - * When early data functionality is enabled on server and only in that case, - * the call to one of the APIs that trigger or resume an handshake sequence, - * namely mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), - * mbedtls_ssl_read() or mbedtls_ssl_write() may return with the error code - * MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA indicating that some early data have - * been received. To read the early data, call mbedtls_ssl_read_early_data() - * before calling the original function again. - */ -void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, - int early_data_enabled); - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the maximum amount of 0-RTT data in bytes - * Default: #MBEDTLS_SSL_MAX_EARLY_DATA_SIZE - * - * This function sets the value of the max_early_data_size - * field of the early data indication extension included in - * the NewSessionTicket messages that the server may send. - * - * The value defines the maximum amount of 0-RTT data - * in bytes that a client will be allowed to send when using - * one of the tickets defined by the NewSessionTicket messages. - * - * \note When resuming a session using a ticket, if the server receives more - * early data than allowed for the ticket, it terminates the connection. - * The maximum amount of 0-RTT data should thus be large enough - * to allow a minimum of early data to be exchanged. - * - * \param[in] conf The SSL configuration to use. - * \param[in] max_early_data_size The maximum amount of 0-RTT data. - * - * \warning This interface DOES NOT influence/limit the amount of early data - * that can be received through previously created and issued tickets, - * which clients may have stored. - */ -void mbedtls_ssl_conf_max_early_data_size( - mbedtls_ssl_config *conf, uint32_t max_early_data_size); -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set the verification callback (Optional). - * - * If set, the provided verify callback is called for each - * certificate in the peer's CRT chain, including the trusted - * root. For more information, please see the documentation of - * \c mbedtls_x509_crt_verify(). - * - * \note For per context callbacks and contexts, please use - * mbedtls_ssl_set_verify() instead. - * - * \param conf The SSL configuration to use. - * \param f_vrfy The verification callback to use during CRT verification. - * \param p_vrfy The opaque context to be passed to the callback. - */ -void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Set the debug callback - * - * The callback has the following argument: - * void * opaque context for the callback - * int debug level - * const char * file name - * int line number - * const char * message - * - * \param conf SSL configuration - * \param f_dbg debug function - * \param p_dbg debug parameter - */ -void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg); - -/** - * \brief Return the SSL configuration structure associated - * with the given SSL context. - * - * \note The pointer returned by this function is guaranteed to - * remain valid until the context is freed. - * - * \param ssl The SSL context to query. - * \return Pointer to the SSL configuration associated with \p ssl. - */ -static inline const mbedtls_ssl_config *mbedtls_ssl_context_get_config( - const mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(conf); -} - -/** - * \brief Set the underlying BIO callbacks for write, read and - * read-with-timeout. - * - * \param ssl SSL context - * \param p_bio parameter (context) shared by BIO callbacks - * \param f_send write callback - * \param f_recv read callback - * \param f_recv_timeout blocking read callback with timeout. - * - * \note One of f_recv or f_recv_timeout can be NULL, in which case - * the other is used. If both are non-NULL, f_recv_timeout is - * used and f_recv is ignored (as if it were NULL). - * - * \note The two most common use cases are: - * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL - * - blocking I/O, f_recv == NULL, f_recv_timeout != NULL - * - * \note For DTLS, you need to provide either a non-NULL - * f_recv_timeout callback, or a f_recv that doesn't block. - * - * \note See the documentations of \c mbedtls_ssl_send_t, - * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for - * the conventions those callbacks must follow. - * - * \note On some platforms, net_sockets.c provides - * \c mbedtls_net_send(), \c mbedtls_net_recv() and - * \c mbedtls_net_recv_timeout() that are suitable to be used - * here. - */ -void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - - -/** - * \brief Configure the use of the Connection ID (CID) - * extension in the next handshake. - * - * Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05 - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05 - * for legacy version) - * - * The DTLS CID extension allows the reliable association of - * DTLS records to DTLS connections across changes in the - * underlying transport (changed IP and Port metadata) by - * adding explicit connection identifiers (CIDs) to the - * headers of encrypted DTLS records. The desired CIDs are - * configured by the application layer and are exchanged in - * new `ClientHello` / `ServerHello` extensions during the - * handshake, where each side indicates the CID it wants the - * peer to use when writing encrypted messages. The CIDs are - * put to use once records get encrypted: the stack discards - * any incoming records that don't include the configured CID - * in their header, and adds the peer's requested CID to the - * headers of outgoing messages. - * - * This API enables or disables the use of the CID extension - * in the next handshake and sets the value of the CID to - * be used for incoming messages. - * - * \param ssl The SSL context to configure. This must be initialized. - * \param enable This value determines whether the CID extension should - * be used or not. Possible values are: - * - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID. - * - MBEDTLS_SSL_CID_DISABLED (default) to disable the use - * of the CID. - * \param own_cid The address of the readable buffer holding the CID we want - * the peer to use when sending encrypted messages to us. - * This may be \c NULL if \p own_cid_len is \c 0. - * This parameter is unused if \p enable is set to - * MBEDTLS_SSL_CID_DISABLED. - * \param own_cid_len The length of \p own_cid. - * This parameter is unused if \p enable is set to - * MBEDTLS_SSL_CID_DISABLED. - * - * \note The value of \p own_cid_len must match the value of the - * \c len parameter passed to mbedtls_ssl_conf_cid() - * when configuring the ::mbedtls_ssl_config that \p ssl - * is bound to. - * - * \note This CID configuration applies to subsequent handshakes - * performed on the SSL context \p ssl, but does not trigger - * one. You still have to call `mbedtls_ssl_handshake()` - * (for the initial handshake) or `mbedtls_ssl_renegotiate()` - * (for a renegotiation handshake) explicitly after a - * successful call to this function to run the handshake. - * - * \note This call cannot guarantee that the use of the CID - * will be successfully negotiated in the next handshake, - * because the peer might not support it. Specifically: - * - On the Client, enabling the use of the CID through - * this call implies that the `ClientHello` in the next - * handshake will include the CID extension, thereby - * offering the use of the CID to the server. Only if - * the `ServerHello` contains the CID extension, too, - * the CID extension will actually be put to use. - * - On the Server, enabling the use of the CID through - * this call implies that the server will look for - * the CID extension in a `ClientHello` from the client, - * and, if present, reply with a CID extension in its - * `ServerHello`. - * - * \note To check whether the use of the CID was negotiated - * after the subsequent handshake has completed, please - * use the API mbedtls_ssl_get_peer_cid(). - * - * \warning If the use of the CID extension is enabled in this call - * and the subsequent handshake negotiates its use, Mbed TLS - * will silently drop every packet whose CID does not match - * the CID configured in \p own_cid. It is the responsibility - * of the user to adapt the underlying transport to take care - * of CID-based demultiplexing before handing datagrams to - * Mbed TLS. - * - * \return \c 0 on success. In this case, the CID configuration - * applies to the next handshake. - * \return A negative error code on failure. - */ -int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len); - -/** - * \brief Get information about our request for usage of the CID - * extension in the current connection. - * - * \param ssl The SSL context to query. - * \param enabled The address at which to store whether the CID extension - * is requested to be used or not. If the CID is - * requested, `*enabled` is set to - * MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to - * MBEDTLS_SSL_CID_DISABLED. - * \param own_cid The address of the buffer in which to store our own - * CID (if the CID extension is requested). This may be - * \c NULL in case the value of our CID isn't needed. If - * it is not \c NULL, \p own_cid_len must not be \c NULL. - * \param own_cid_len The address at which to store the size of our own CID - * (if the CID extension is requested). This is also the - * number of Bytes in \p own_cid that have been written. - * This may be \c NULL in case the length of our own CID - * isn't needed. If it is \c NULL, \p own_cid must be - * \c NULL, too. - * - *\note If we are requesting an empty CID this function sets - * `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale - * for this is that the resulting outcome is the - * same as if the CID extensions wasn't requested). - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], - size_t *own_cid_len); - -/** - * \brief Get information about the use of the CID extension - * in the current connection. - * - * \param ssl The SSL context to query. - * \param enabled The address at which to store whether the CID extension - * is currently in use or not. If the CID is in use, - * `*enabled` is set to MBEDTLS_SSL_CID_ENABLED; - * otherwise, it is set to MBEDTLS_SSL_CID_DISABLED. - * \param peer_cid The address of the buffer in which to store the CID - * chosen by the peer (if the CID extension is used). - * This may be \c NULL in case the value of peer CID - * isn't needed. If it is not \c NULL, \p peer_cid_len - * must not be \c NULL. - * \param peer_cid_len The address at which to store the size of the CID - * chosen by the peer (if the CID extension is used). - * This is also the number of Bytes in \p peer_cid that - * have been written. - * This may be \c NULL in case the length of the peer CID - * isn't needed. If it is \c NULL, \p peer_cid must be - * \c NULL, too. - * - * \note This applies to the state of the CID negotiated in - * the last complete handshake. If a handshake is in - * progress, this function will attempt to complete - * the handshake first. - * - * \note If CID extensions have been exchanged but both client - * and server chose to use an empty CID, this function - * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED - * (the rationale for this is that the resulting - * communication is the same as if the CID extensions - * hadn't been used). - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], - size_t *peer_cid_len); - -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -/** - * \brief Set the Maximum Transport Unit (MTU). - * Special value: 0 means unset (no limit). - * This represents the maximum size of a datagram payload - * handled by the transport layer (usually UDP) as determined - * by the network link and stack. In practice, this controls - * the maximum size datagram the DTLS layer will pass to the - * \c f_send() callback set using \c mbedtls_ssl_set_bio(). - * - * \note The limit on datagram size is converted to a limit on - * record payload by subtracting the current overhead of - * encapsulation and encryption/authentication if any. - * - * \note This can be called at any point during the connection, for - * example when a Path Maximum Transfer Unit (PMTU) - * estimate becomes available from other sources, - * such as lower (or higher) protocol layers. - * - * \note This setting only controls the size of the packets we send, - * and does not restrict the size of the datagrams we're - * willing to receive. Client-side, you can request the - * server to use smaller records with \c - * mbedtls_ssl_conf_max_frag_len(). - * - * \note If both a MTU and a maximum fragment length have been - * configured (or negotiated with the peer), the resulting - * lower limit on record payload (see first note) is used. - * - * \note This can only be used to decrease the maximum size - * of datagrams (hence records, see first note) sent. It - * cannot be used to increase the maximum size of records over - * the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN. - * - * \note Values lower than the current record layer expansion will - * result in an error when trying to send data. - * - * \param ssl SSL context - * \param mtu Value of the path MTU in bytes - */ -void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set a connection-specific verification callback (optional). - * - * If set, the provided verify callback is called for each - * certificate in the peer's CRT chain, including the trusted - * root. For more information, please see the documentation of - * \c mbedtls_x509_crt_verify(). - * - * \note This call is analogous to mbedtls_ssl_conf_verify() but - * binds the verification callback and context to an SSL context - * as opposed to an SSL configuration. - * If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify() - * are both used, mbedtls_ssl_set_verify() takes precedence. - * - * \param ssl The SSL context to use. - * \param f_vrfy The verification callback to use during CRT verification. - * \param p_vrfy The opaque context to be passed to the callback. - */ -void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Set the timeout period for mbedtls_ssl_read() - * (Default: no timeout.) - * - * \param conf SSL configuration context - * \param timeout Timeout value in milliseconds. - * Use 0 for no timeout (default). - * - * \note With blocking I/O, this will only work if a non-NULL - * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio(). - * With non-blocking I/O, this will only work if timer - * callbacks were set with \c mbedtls_ssl_set_timer_cb(). - * - * \note With non-blocking I/O, you may also skip this function - * altogether and handle timeouts at the application layer. - */ -void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout); - -/** - * \brief Check whether a buffer contains a valid and authentic record - * that has not been seen before. (DTLS only). - * - * This function does not change the user-visible state - * of the SSL context. Its sole purpose is to provide - * an indication of the legitimacy of an incoming record. - * - * This can be useful e.g. in distributed server environments - * using the DTLS Connection ID feature, in which connections - * might need to be passed between service instances on a change - * of peer address, but where such disruptive operations should - * only happen after the validity of incoming records has been - * confirmed. - * - * \param ssl The SSL context to use. - * \param buf The address of the buffer holding the record to be checked. - * This must be a read/write buffer of length \p buflen Bytes. - * \param buflen The length of \p buf in Bytes. - * - * \note This routine only checks whether the provided buffer begins - * with a valid and authentic record that has not been seen - * before, but does not check potential data following the - * initial record. In particular, it is possible to pass DTLS - * datagrams containing multiple records, in which case only - * the first record is checked. - * - * \note This function modifies the input buffer \p buf. If you need - * to preserve the original record, you have to maintain a copy. - * - * \return \c 0 if the record is valid and authentic and has not been - * seen before. - * \return MBEDTLS_ERR_SSL_INVALID_MAC if the check completed - * successfully but the record was found to be not authentic. - * \return MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed - * successfully but the record was found to be invalid for - * a reason different from authenticity checking. - * \return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed - * successfully but the record was found to be unexpected - * in the state of the SSL context, including replayed records. - * \return Another negative error code on different kinds of failure. - * In this case, the SSL context becomes unusable and needs - * to be freed or reset before reuse. - */ -int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen); - -/** - * \brief Set the timer callbacks (Mandatory for DTLS.) - * - * \param ssl SSL context - * \param p_timer parameter (context) shared by timer callbacks - * \param f_set_timer set timer callback - * \param f_get_timer get timer callback. Must return: - * - * \note See the documentation of \c mbedtls_ssl_set_timer_t and - * \c mbedtls_ssl_get_timer_t for the conventions this pair of - * callbacks must follow. - * - * \note On some platforms, timing.c provides - * \c mbedtls_timing_set_delay() and - * \c mbedtls_timing_get_delay() that are suitable for using - * here, except if using an event-driven style. - * - * \note See also the "DTLS tutorial" article in our knowledge base. - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial - */ -void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer); - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the certificate selection callback (server-side only). - * - * If set, the callback is always called for each handshake, - * after `ClientHello` processing has finished. - * - * \param conf The SSL configuration to register the callback with. - * \param f_cert_cb The callback for selecting server certificate after - * `ClientHello` processing has finished. - */ -static inline void mbedtls_ssl_conf_cert_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_hs_cb_t f_cert_cb) -{ - conf->MBEDTLS_PRIVATE(f_cert_cb) = f_cert_cb; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -/** - * \brief Callback type: generate and write session ticket - * - * \note This describes what a callback implementation should do. - * This callback should generate an encrypted and - * authenticated ticket for the session and write it to the - * output buffer. Here, ticket means the opaque ticket part - * of the NewSessionTicket structure of RFC 5077. - * - * \param p_ticket Context for the callback - * \param session SSL session to be written in the ticket - * \param start Start of the output buffer - * \param end End of the output buffer - * \param tlen On exit, holds the length written - * \param lifetime On exit, holds the lifetime of the ticket in seconds - * - * \return 0 if successful, or - * a specific MBEDTLS_ERR_XXX code. - */ -typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *lifetime); - -/** - * \brief Callback type: parse and load session ticket - * - * \note This describes what a callback implementation should do. - * This callback should parse a session ticket as generated - * by the corresponding mbedtls_ssl_ticket_write_t function, - * and, if the ticket is authentic and valid, load the - * session. - * - * \note The implementation is allowed to modify the first len - * bytes of the input buffer, eg to use it as a temporary - * area for the decrypted ticket contents. - * - * \param p_ticket Context for the callback - * \param session SSL session to be loaded - * \param buf Start of the buffer containing the ticket - * \param len Length of the ticket. - * - * \return 0 if successful, or - * MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or - * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or - * any other non-zero code for other failures. - */ -typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Configure SSL session ticket callbacks (server only). - * (Default: none.) - * - * \note On server, session tickets are enabled by providing - * non-NULL callbacks. - * - * \note On client, use \c mbedtls_ssl_conf_session_tickets(). - * - * \param conf SSL configuration context - * \param f_ticket_write Callback for writing a ticket - * \param f_ticket_parse Callback for parsing a ticket - * \param p_ticket Context shared by the two callbacks - */ -void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket); - -#if defined(MBEDTLS_HAVE_TIME) -/** - * \brief Get the creation time of a session ticket. - * - * \note See the documentation of \c ticket_creation_time for information about - * the intended usage of this function. - * - * \param session SSL session - * \param ticket_creation_time On exit, holds the ticket creation time in - * milliseconds. - * - * \return 0 on success, - * #PSA_ERROR_INVALID_ARGUMENT if an input is not valid. - */ -static inline int mbedtls_ssl_session_get_ticket_creation_time( - mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time) -{ - if (session == NULL || ticket_creation_time == NULL || - session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time); - - return 0; -} -#endif /* MBEDTLS_HAVE_TIME */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ - -/** - * \brief Get the session-id buffer. - * - * \param session SSL session. - * - * \return The address of the session-id buffer. - */ -static inline unsigned const char (*mbedtls_ssl_session_get_id(const mbedtls_ssl_session * - session))[32] -{ - return &session->MBEDTLS_PRIVATE(id); -} - -/** - * \brief Get the size of the session-id. - * - * \param session SSL session. - * - * \return size_t size of session-id buffer. - */ -static inline size_t mbedtls_ssl_session_get_id_len(const mbedtls_ssl_session *session) -{ - return session->MBEDTLS_PRIVATE(id_len); -} - -/** - * \brief Get the ciphersuite-id. - * - * \param session SSL session. - * - * \return int represetation for ciphersuite. - */ -static inline int mbedtls_ssl_session_get_ciphersuite_id(const mbedtls_ssl_session *session) -{ - return session->MBEDTLS_PRIVATE(ciphersuite); -} - -/** - * \brief Configure a key export callback. - * (Default: none.) - * - * This API can be used for two purposes: - * - Debugging: Use this API to e.g. generate an NSSKeylog - * file and use it to inspect encrypted traffic in tools - * such as Wireshark. - * - Application-specific export: Use this API to implement - * key exporters, e.g. for EAP-TLS or DTLS-SRTP. - * - * - * \param ssl The SSL context to which the export - * callback should be attached. - * \param f_export_keys The callback for the key export. - * \param p_export_keys The opaque context pointer to be passed to the - * callback \p f_export_keys. - */ -void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys); - -/** \brief Set the user data in an SSL configuration to a pointer. - * - * You can retrieve this value later with mbedtls_ssl_conf_get_user_data_p(). - * - * \note The library stores \c p without accessing it. It is the responsibility - * of the caller to ensure that the pointer remains valid. - * - * \param conf The SSL configuration context to modify. - * \param p The new value of the user data. - */ -static inline void mbedtls_ssl_conf_set_user_data_p( - mbedtls_ssl_config *conf, - void *p) -{ - conf->MBEDTLS_PRIVATE(user_data).p = p; -} - -/** \brief Set the user data in an SSL configuration to an integer. - * - * You can retrieve this value later with mbedtls_ssl_conf_get_user_data_n(). - * - * \param conf The SSL configuration context to modify. - * \param n The new value of the user data. - */ -static inline void mbedtls_ssl_conf_set_user_data_n( - mbedtls_ssl_config *conf, - uintptr_t n) -{ - conf->MBEDTLS_PRIVATE(user_data).n = n; -} - -/** \brief Retrieve the user data in an SSL configuration as a pointer. - * - * This is the value last set with mbedtls_ssl_conf_set_user_data_p(), or - * \c NULL if mbedtls_ssl_conf_set_user_data_p() has not previously been - * called. The value is undefined if mbedtls_ssl_conf_set_user_data_n() has - * been called without a subsequent call to mbedtls_ssl_conf_set_user_data_p(). - * - * \param conf The SSL configuration context to modify. - * \return The current value of the user data. - */ -static inline void *mbedtls_ssl_conf_get_user_data_p( - mbedtls_ssl_config *conf) -{ - return conf->MBEDTLS_PRIVATE(user_data).p; -} - -/** \brief Retrieve the user data in an SSL configuration as an integer. - * - * This is the value last set with mbedtls_ssl_conf_set_user_data_n(), or - * \c 0 if mbedtls_ssl_conf_set_user_data_n() has not previously been - * called. The value is undefined if mbedtls_ssl_conf_set_user_data_p() has - * been called without a subsequent call to mbedtls_ssl_conf_set_user_data_n(). - * - * \param conf The SSL configuration context to modify. - * \return The current value of the user data. - */ -static inline uintptr_t mbedtls_ssl_conf_get_user_data_n( - mbedtls_ssl_config *conf) -{ - return conf->MBEDTLS_PRIVATE(user_data).n; -} - -/** \brief Set the user data in an SSL context to a pointer. - * - * You can retrieve this value later with mbedtls_ssl_get_user_data_p(). - * - * \note The library stores \c p without accessing it. It is the responsibility - * of the caller to ensure that the pointer remains valid. - * - * \param ssl The SSL context to modify. - * \param p The new value of the user data. - */ -static inline void mbedtls_ssl_set_user_data_p( - mbedtls_ssl_context *ssl, - void *p) -{ - ssl->MBEDTLS_PRIVATE(user_data).p = p; -} - -/** \brief Set the user data in an SSL context to an integer. - * - * You can retrieve this value later with mbedtls_ssl_get_user_data_n(). - * - * \param ssl The SSL context to modify. - * \param n The new value of the user data. - */ -static inline void mbedtls_ssl_set_user_data_n( - mbedtls_ssl_context *ssl, - uintptr_t n) -{ - ssl->MBEDTLS_PRIVATE(user_data).n = n; -} - -/** \brief Retrieve the user data in an SSL context as a pointer. - * - * This is the value last set with mbedtls_ssl_set_user_data_p(), or - * \c NULL if mbedtls_ssl_set_user_data_p() has not previously been - * called. The value is undefined if mbedtls_ssl_set_user_data_n() has - * been called without a subsequent call to mbedtls_ssl_set_user_data_p(). - * - * \param ssl The SSL context to modify. - * \return The current value of the user data. - */ -static inline void *mbedtls_ssl_get_user_data_p( - mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(user_data).p; -} - -/** \brief Retrieve the user data in an SSL context as an integer. - * - * This is the value last set with mbedtls_ssl_set_user_data_n(), or - * \c 0 if mbedtls_ssl_set_user_data_n() has not previously been - * called. The value is undefined if mbedtls_ssl_set_user_data_p() has - * been called without a subsequent call to mbedtls_ssl_set_user_data_n(). - * - * \param ssl The SSL context to modify. - * \return The current value of the user data. - */ -static inline uintptr_t mbedtls_ssl_get_user_data_n( - mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(user_data).n; -} - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -/** - * \brief Configure asynchronous private key operation callbacks. - * - * \param conf SSL configuration context - * \param f_async_sign Callback to start a signature operation. See - * the description of ::mbedtls_ssl_async_sign_t - * for more information. This may be \c NULL if the - * external processor does not support any signature - * operation; in this case the private key object - * associated with the certificate will be used. - * \param f_async_resume Callback to resume an asynchronous operation. See - * the description of ::mbedtls_ssl_async_resume_t - * for more information. This may not be \c NULL unless - * \p f_async_sign is \c NULL. - * \param f_async_cancel Callback to cancel an asynchronous operation. See - * the description of ::mbedtls_ssl_async_cancel_t - * for more information. This may be \c NULL if - * no cleanup is needed. - * \param config_data A pointer to configuration data which can be - * retrieved with - * mbedtls_ssl_conf_get_async_config_data(). The - * library stores this value without dereferencing it. - */ -void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_resume_t *f_async_resume, - mbedtls_ssl_async_cancel_t *f_async_cancel, - void *config_data); - -/** - * \brief Retrieve the configuration data set by - * mbedtls_ssl_conf_async_private_cb(). - * - * \param conf SSL configuration context - * \return The configuration data set by - * mbedtls_ssl_conf_async_private_cb(). - */ -void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf); - -/** - * \brief Retrieve the asynchronous operation user context. - * - * \note This function may only be called while a handshake - * is in progress. - * - * \param ssl The SSL context to access. - * - * \return The asynchronous operation user context that was last - * set during the current handshake. If - * mbedtls_ssl_set_async_operation_data() has not yet been - * called during the current handshake, this function returns - * \c NULL. - */ -void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl); - -/** - * \brief Retrieve the asynchronous operation user context. - * - * \note This function may only be called while a handshake - * is in progress. - * - * \param ssl The SSL context to access. - * \param ctx The new value of the asynchronous operation user context. - * Call mbedtls_ssl_get_async_operation_data() later during the - * same handshake to retrieve this value. - */ -void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, - void *ctx); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -/** - * \brief Callback type: generate a cookie - * - * \param ctx Context for the callback - * \param p Buffer to write to, - * must be updated to point right after the cookie - * \param end Pointer to one past the end of the output buffer - * \param info Client ID info that was passed to - * \c mbedtls_ssl_set_client_transport_id() - * \param ilen Length of info in bytes - * - * \return The callback must return 0 on success, - * or a negative error code. - */ -typedef int mbedtls_ssl_cookie_write_t(void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *info, size_t ilen); - -/** - * \brief Callback type: verify a cookie - * - * \param ctx Context for the callback - * \param cookie Cookie to verify - * \param clen Length of cookie - * \param info Client ID info that was passed to - * \c mbedtls_ssl_set_client_transport_id() - * \param ilen Length of info in bytes - * - * \return The callback must return 0 if cookie is valid, - * or a negative error code. - */ -typedef int mbedtls_ssl_cookie_check_t(void *ctx, - const unsigned char *cookie, size_t clen, - const unsigned char *info, size_t ilen); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Register callbacks for DTLS cookies - * (Server only. DTLS only.) - * - * Default: dummy callbacks that fail, in order to force you to - * register working callbacks (and initialize their context). - * - * To disable HelloVerifyRequest, register NULL callbacks. - * - * \warning Disabling hello verification allows your server to be used - * for amplification in DoS attacks against other hosts. - * Only disable if you known this can't happen in your - * particular environment. - * - * \note See comments on \c mbedtls_ssl_handshake() about handling - * the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected - * on the first handshake attempt when this is enabled. - * - * \note This is also necessary to handle client reconnection from - * the same port as described in RFC 6347 section 4.2.8 (only - * the variant with cookies is supported currently). See - * comments on \c mbedtls_ssl_read() for details. - * - * \param conf SSL configuration - * \param f_cookie_write Cookie write callback - * \param f_cookie_check Cookie check callback - * \param p_cookie Context for both callbacks - */ -void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie); - -/** - * \brief Set client's transport-level identification info. - * (Server only. DTLS only.) - * - * This is usually the IP address (and port), but could be - * anything identify the client depending on the underlying - * network stack. Used for HelloVerifyRequest with DTLS. - * This is *not* used to route the actual packets. - * - * \param ssl SSL context - * \param info Transport-level info identifying the client (eg IP + port) - * \param ilen Length of info in bytes - * - * \note An internal copy is made, so the info buffer can be reused. - * - * \return 0 on success, - * #PSA_ERROR_INVALID_ARGUMENT if used on client, - * #PSA_ERROR_INSUFFICIENT_MEMORY if out of memory. - */ -int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen); - -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -/** - * \brief Enable or disable anti-replay protection for DTLS. - * (DTLS only, no effect on TLS.) - * Default: enabled. - * - * \param conf SSL configuration - * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. - * - * \warning Disabling this is a security risk unless the application - * protocol handles duplicated packets in a safe way. You - * should not disable this without careful consideration. - * However, if your application already detects duplicated - * packets and needs information about them to adjust its - * transmission strategy, then you'll want to disable this. - */ -void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode); -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -/** - * \brief Set a limit on the number of records with a bad MAC - * before terminating the connection. - * (DTLS only, no effect on TLS.) - * Default: 0 (disabled). - * - * \param conf SSL configuration - * \param limit Limit, or 0 to disable. - * - * \note If the limit is N, then the connection is terminated when - * the Nth non-authentic record is seen. - * - * \note Records with an invalid header are not counted, only the - * ones going through the authentication-decryption phase. - * - * \note This is a security trade-off related to the fact that it's - * often relatively easy for an active attacker to inject UDP - * datagrams. On one hand, setting a low limit here makes it - * easier for such an attacker to forcibly terminated a - * connection. On the other hand, a high limit or no limit - * might make us waste resources checking authentication on - * many bogus packets. - */ -void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -/** - * \brief Allow or disallow packing of multiple handshake records - * within a single datagram. - * - * \param ssl The SSL context to configure. - * \param allow_packing This determines whether datagram packing may - * be used or not. A value of \c 0 means that every - * record will be sent in a separate datagram; a - * value of \c 1 means that, if space permits, - * multiple handshake messages (including CCS) belonging to - * a single flight may be packed within a single datagram. - * - * \note This is enabled by default and should only be disabled - * for test purposes, or if datagram packing causes - * interoperability issues with peers that don't support it. - * - * \note Allowing datagram packing reduces the network load since - * there's less overhead if multiple messages share the same - * datagram. Also, it increases the handshake efficiency - * since messages belonging to a single datagram will not - * be reordered in transit, and so future message buffering - * or flight retransmission (if no buffering is used) as - * means to deal with reordering are needed less frequently. - * - * \note Application records are not affected by this option and - * are currently always sent in separate datagrams. - * - */ -void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, - unsigned allow_packing); - -/** - * \brief Set retransmit timeout values for the DTLS handshake. - * (DTLS only, no effect on TLS.) - * - * \param conf SSL configuration - * \param min Initial timeout value in milliseconds. - * Default: 1000 (1 second). - * \param max Maximum timeout value in milliseconds. - * Default: 60000 (60 seconds). - * - * \note Default values are from RFC 6347 section 4.2.4.1. - * - * \note The 'min' value should typically be slightly above the - * expected round-trip time to your peer, plus whatever time - * it takes for the peer to process the message. For example, - * if your RTT is about 600ms and you peer needs up to 1s to - * do the cryptographic operations in the handshake, then you - * should set 'min' slightly above 1600. Lower values of 'min' - * might cause spurious resends which waste network resources, - * while larger value of 'min' will increase overall latency - * on unreliable network links. - * - * \note The more unreliable your network connection is, the larger - * your max / min ratio needs to be in order to achieve - * reliable handshakes. - * - * \note Messages are retransmitted up to log2(ceil(max/min)) times. - * For example, if min = 1s and max = 5s, the retransmit plan - * goes: send ... 1s -> resend ... 2s -> resend ... 4s -> - * resend ... 5s -> give up and return a timeout error. - */ -void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, uint32_t min, uint32_t max); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the session cache callbacks (server-side only) - * If not set, no session resuming is done (except if session - * tickets are enabled too). - * - * The session cache has the responsibility to check for stale - * entries based on timeout. See RFC 5246 for recommendations. - * - * Warning: session.peer_cert is cleared by the SSL/TLS layer on - * connection shutdown, so do not cache the pointer! Either set - * it to NULL or make a full copy of the certificate. - * - * The get callback is called once during the initial handshake - * to enable session resuming. The get function has the - * following parameters: (void *parameter, mbedtls_ssl_session *session) - * If a valid entry is found, it should fill the master of - * the session object with the cached values and return 0, - * return 1 otherwise. Optionally peer_cert can be set as well - * if it is properly present in cache entry. - * - * The set callback is called once during the initial handshake - * to enable session resuming after the entire handshake has - * been finished. The set function has the following parameters: - * (void *parameter, const mbedtls_ssl_session *session). The function - * should create a cache entry for future retrieval based on - * the data in the session structure and should keep in mind - * that the mbedtls_ssl_session object presented (and all its referenced - * data) is cleared by the SSL/TLS layer when the connection is - * terminated. It is recommended to add metadata to determine if - * an entry is still valid in the future. Return 0 if - * successfully cached, return 1 otherwise. - * - * \param conf SSL configuration - * \param p_cache parameter (context) for both callbacks - * \param f_get_cache session get callback - * \param f_set_cache session set callback - */ -void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, - void *p_cache, - mbedtls_ssl_cache_get_t *f_get_cache, - mbedtls_ssl_cache_set_t *f_set_cache); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Load a session for session resumption. - * - * Sessions loaded through this call will be considered - * for session resumption in the next handshake. - * - * \note Even if this call succeeds, it is not guaranteed that - * the next handshake will indeed be shortened through the - * use of session resumption: The server is always free - * to reject any attempt for resumption and fall back to - * a full handshake. - * - * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption - * and ticket-based resumption will be considered. For TLS 1.3, - * sessions equate to tickets, and loading one session by - * calling this function will lead to its corresponding ticket - * being advertised as resumption PSK by the client. This - * depends on session tickets being enabled (see - * #MBEDTLS_SSL_SESSION_TICKETS configuration option) though. - * If session tickets are disabled, a call to this function - * with a TLS 1.3 session, will not have any effect on the next - * handshake for the SSL context \p ssl. - * - * \param ssl The SSL context representing the connection which should - * be attempted to be setup using session resumption. This - * must be initialized via mbedtls_ssl_init() and bound to - * an SSL configuration via mbedtls_ssl_setup(), but - * the handshake must not yet have been started. - * \param session The session to be considered for session resumption. - * This must be a session previously exported via - * mbedtls_ssl_get_session(), and potentially serialized and - * deserialized through mbedtls_ssl_session_save() and - * mbedtls_ssl_session_load() in the meantime. - * - * \return \c 0 if successful. - * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session - * could not be loaded because one session has already been - * loaded. This error is non-fatal, and has no observable - * effect on the SSL context or the session that was attempted - * to be loaded. - * \return Another negative error code on other kinds of failure. - * - * \sa mbedtls_ssl_get_session() - * \sa mbedtls_ssl_session_load() - */ -int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session); -#endif /* MBEDTLS_SSL_CLI_C */ - -/** - * \brief Load serialized session data into a session structure. - * On client, this can be used for loading saved sessions - * before resuming them with mbedtls_ssl_set_session(). - * On server, this can be used for alternative implementations - * of session cache or session tickets. - * - * \warning If a peer certificate chain is associated with the session, - * the serialized state will only contain the peer's - * end-entity certificate and the result of the chain - * verification (unless verification was disabled), but not - * the rest of the chain. - * - * \see mbedtls_ssl_session_save() - * \see mbedtls_ssl_set_session() - * - * \param session The session structure to be populated. It must have been - * initialised with mbedtls_ssl_session_init() but not - * populated yet. - * \param buf The buffer holding the serialized session data. It must be a - * readable buffer of at least \p len bytes. - * \param len The size of the serialized data in bytes. - * - * \return \c 0 if successful. - * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. - * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. - * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data - * was generated in a different version or configuration of - * Mbed TLS. - * \return Another negative value for other kinds of errors (for - * example, unsupported features in the embedded certificate). - */ -int mbedtls_ssl_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len); - -/** - * \brief Save session structure as serialized data in a buffer. - * On client, this can be used for saving session data, - * potentially in non-volatile storage, for resuming later. - * On server, this can be used for alternative implementations - * of session cache or session tickets. - * - * \see mbedtls_ssl_session_load() - * - * \param session The session structure to be saved. - * \param buf The buffer to write the serialized data to. It must be a - * writeable buffer of at least \p buf_len bytes, or may be \c - * NULL if \p buf_len is \c 0. - * \param buf_len The number of bytes available for writing in \p buf. - * \param olen The size in bytes of the data that has been or would have - * been written. It must point to a valid \c size_t. - * - * \note \p olen is updated to the correct value regardless of - * whether \p buf_len was large enough. This makes it possible - * to determine the necessary size by calling this function - * with \p buf set to \c NULL and \p buf_len to \c 0. - * - * \note For TLS 1.3 sessions, this feature is supported only if the - * MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled, - * as in TLS 1.3 session resumption is possible only with - * tickets. - * - * \return \c 0 if successful. - * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the - * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled - * and the session is a TLS 1.3 session. - */ -int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen); - -/** - * \brief Set the list of allowed ciphersuites and the preference - * order. First in the list has the highest preference. - * - * For TLS 1.2, the notion of ciphersuite determines both - * the key exchange mechanism and the suite of symmetric - * algorithms to be used during and after the handshake. - * - * For TLS 1.3 (in development), the notion of ciphersuite - * only determines the suite of symmetric algorithms to be - * used during and after the handshake, while key exchange - * mechanisms are configured separately. - * - * In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3 - * are configured via this function. For users of TLS 1.3, - * there will be separate API for the configuration of key - * exchange mechanisms. - * - * The list of ciphersuites passed to this function may - * contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite - * identifiers. This is useful if negotiation of TLS 1.3 - * should be attempted, but a fallback to TLS 1.2 would - * be tolerated. - * - * \note By default, the server chooses its preferred - * ciphersuite among those that the client supports. If - * mbedtls_ssl_conf_preference_order() is called to prefer - * the client's preferences, the server instead chooses - * the client's preferred ciphersuite among those that - * the server supports. - * - * \warning The ciphersuites array \p ciphersuites is not copied. - * It must remain valid for the lifetime of the SSL - * configuration \p conf. - * - * \param conf The SSL configuration to modify. - * \param ciphersuites A 0-terminated list of IANA identifiers of supported - * ciphersuites, accessible through \c MBEDTLS_TLS_XXX - * and \c MBEDTLS_TLS1_3_XXX macros defined in - * ssl_ciphersuites.h. - */ -void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, - const int *ciphersuites); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/** - * \brief Set the supported key exchange modes for TLS 1.3 connections. - * - * In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not - * include the choice of key exchange mechanism. It is therefore not - * covered by the API mbedtls_ssl_conf_ciphersuites(). See the - * documentation of mbedtls_ssl_conf_ciphersuites() for more - * information on the ciphersuite concept in TLS 1.2 and TLS 1.3. - * - * The present function is specific to TLS 1.3 and allows users to - * configure the set of supported key exchange mechanisms in TLS 1.3. - * - * \param conf The SSL configuration the change should apply to. - * \param kex_modes A bitwise combination of one or more of the following: - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK - * This flag enables pure-PSK key exchanges. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL - * This flag enables combined PSK-ephemeral key exchanges. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL - * This flag enables pure-ephemeral key exchanges. - * For convenience, the following pre-defined macros are - * available for combinations of the above: - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL - * Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL - * Includes both pure-PSK and combined PSK-ephemeral - * key exchanges, but excludes pure-ephemeral key exchanges. - * - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL - * Includes both pure-ephemeral and combined PSK-ephemeral - * key exchanges. - * - * \note If a PSK-based key exchange mode shall be supported, applications - * must also use the APIs mbedtls_ssl_conf_psk() or - * mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque() - * to configure the PSKs to be used. - * - * \note If a pure-ephemeral key exchange mode shall be supported, - * server-side applications must also provide a certificate via - * mbedtls_ssl_conf_own_cert(). - * - */ - -void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, - const int kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 -#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1 -/** - * \brief Specify the length of Connection IDs for incoming - * encrypted DTLS records, as well as the behaviour - * on unexpected CIDs. - * - * By default, the CID length is set to \c 0, - * and unexpected CIDs are silently ignored. - * - * \param conf The SSL configuration to modify. - * \param len The length in Bytes of the CID fields in encrypted - * DTLS records using the CID mechanism. This must - * not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX. - * \param ignore_other_cids This determines the stack's behaviour when - * receiving a record with an unexpected CID. - * Possible values are: - * - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE - * In this case, the record is silently ignored. - * - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL - * In this case, the stack fails with the specific - * error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID. - * - * \note The CID specification allows implementations to either - * use a common length for all incoming connection IDs or - * allow variable-length incoming IDs. Mbed TLS currently - * requires a common length for all connections sharing the - * same SSL configuration; this allows simpler parsing of - * record headers. - * - * \return \c 0 on success. - * \return #PSA_ERROR_INVALID_ARGUMENT if \p len - * is too large. - */ -int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, - int ignore_other_cids); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set the X.509 security profile used for verification - * - * \note The restrictions are enforced for all certificates in the - * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_algs(). - * - * \param conf SSL configuration - * \param profile Profile to use - */ -void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile); - -/** - * \brief Set the data required to verify peer certificate - * - * \note See \c mbedtls_x509_crt_verify() for notes regarding the - * parameters ca_chain (maps to trust_ca for that function) - * and ca_crl. - * - * \param conf SSL configuration - * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) - * \param ca_crl trusted CA CRLs - */ -void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl); - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -/** - * \brief Set DN hints sent to client in CertificateRequest message - * - * \note If not set, subject distinguished names (DNs) are taken - * from \c mbedtls_ssl_conf_ca_chain() - * or \c mbedtls_ssl_set_hs_ca_chain()) - * - * \param conf SSL configuration - * \param crt crt chain whose subject DNs are issuer DNs of client certs - * from which the client should select client peer certificate. - */ -static inline -void mbedtls_ssl_conf_dn_hints(mbedtls_ssl_config *conf, - const mbedtls_x509_crt *crt) -{ - conf->MBEDTLS_PRIVATE(dn_hints) = crt; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/** - * \brief Set the trusted certificate callback. - * - * This API allows to register the set of trusted certificates - * through a callback, instead of a linked list as configured - * by mbedtls_ssl_conf_ca_chain(). - * - * This is useful for example in contexts where a large number - * of CAs are used, and the inefficiency of maintaining them - * in a linked list cannot be tolerated. It is also useful when - * the set of trusted CAs needs to be modified frequently. - * - * See the documentation of `mbedtls_x509_crt_ca_cb_t` for - * more information. - * - * \param conf The SSL configuration to register the callback with. - * \param f_ca_cb The trusted certificate callback to use when verifying - * certificate chains. - * \param p_ca_cb The context to be passed to \p f_ca_cb (for example, - * a reference to a trusted CA database). - * - * \note This API is incompatible with mbedtls_ssl_conf_ca_chain(): - * Any call to this function overwrites the values set through - * earlier calls to mbedtls_ssl_conf_ca_chain() or - * mbedtls_ssl_conf_ca_cb(). - * - * \note This API is incompatible with CA indication in - * CertificateRequest messages: A server-side SSL context which - * is bound to an SSL configuration that uses a CA callback - * configured via mbedtls_ssl_conf_ca_cb(), and which requires - * client authentication, will send an empty CA list in the - * corresponding CertificateRequest message. - * - * \note This API is incompatible with mbedtls_ssl_set_hs_ca_chain(): - * If an SSL context is bound to an SSL configuration which uses - * CA callbacks configured via mbedtls_ssl_conf_ca_cb(), then - * calls to mbedtls_ssl_set_hs_ca_chain() have no effect. - * - * \note The use of this API disables the use of restartable ECC - * during X.509 CRT signature verification (but doesn't affect - * other uses). - * - * \warning This API is incompatible with the use of CRLs. Any call to - * mbedtls_ssl_conf_ca_cb() unsets CRLs configured through - * earlier calls to mbedtls_ssl_conf_ca_chain(). - * - * \warning In multi-threaded environments, the callback \p f_ca_cb - * must be thread-safe, and it is the user's responsibility - * to guarantee this (for example through a mutex - * contained in the callback context pointed to by \p p_ca_cb). - */ -void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/** - * \brief Set own certificate chain and private key - * - * \note own_cert should contain in order from the bottom up your - * certificate chain. The top certificate (self-signed) - * can be omitted. - * - * \note On server, this function can be called multiple times to - * provision more than one cert/key pair (eg one ECDSA, one - * RSA with SHA-256, one RSA with SHA-1). An adequate - * certificate will be selected according to the client's - * advertised capabilities. In case multiple certificates are - * adequate, preference is given to the one set by the first - * call to this function, then second, etc. - * - * \note On client, only the first call has any effect. That is, - * only one client certificate can be provisioned. The - * server's preferences in its CertificateRequest message will - * be ignored and our only cert will be sent regardless of - * whether it matches those preferences - the server can then - * decide what it wants to do with it. - * - * \note The provided \p pk_key needs to match the public key in the - * first certificate in \p own_cert, or all handshakes using - * that certificate will fail. It is your responsibility - * to ensure that; this function will not perform any check. - * You may use mbedtls_pk_check_pair() in order to perform - * this check yourself, but be aware that this function can - * be computationally expensive on some key types. - * - * \param conf SSL configuration - * \param own_cert own public certificate chain - * \param pk_key own private key - * - * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -/** - * \brief Configure pre-shared keys (PSKs) and their - * identities to be used in PSK-based ciphersuites. - * - * Only one PSK can be registered, through either - * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque(). - * If you attempt to register more than one PSK, this function - * fails, though this may change in future versions, which - * may add support for multiple PSKs. - * - * \note This is mainly useful for clients. Servers will usually - * want to use \c mbedtls_ssl_conf_psk_cb() instead. - * - * \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback - * takes precedence over a PSK configured by this function. - * - * \param conf The SSL configuration to register the PSK with. - * \param psk The pointer to the pre-shared key to use. - * \param psk_len The length of the pre-shared key in bytes. - * \param psk_identity The pointer to the pre-shared key identity. - * \param psk_identity_len The length of the pre-shared key identity - * in bytes. - * - * \note The PSK and its identity are copied internally and - * hence need not be preserved by the caller for the lifetime - * of the SSL configuration. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs - * can be configured. In this case, the old PSK(s) remain intact. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len); - -/** - * \brief Configure one or more opaque pre-shared keys (PSKs) and - * their identities to be used in PSK-based ciphersuites. - * - * Only one PSK can be registered, through either - * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque(). - * If you attempt to register more than one PSK, this function - * fails, though this may change in future versions, which - * may add support for multiple PSKs. - * - * \note This is mainly useful for clients. Servers will usually - * want to use \c mbedtls_ssl_conf_psk_cb() instead. - * - * \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in - * the PSK callback takes precedence over an opaque PSK - * configured by this function. - * - * \param conf The SSL configuration to register the PSK with. - * \param psk The identifier of the key slot holding the PSK. - * Until \p conf is destroyed or this function is successfully - * called again, the key slot \p psk must be populated with a - * key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy - * allows its use for the key derivation algorithm applied - * in the handshake. - * \param psk_identity The pointer to the pre-shared key identity. - * \param psk_identity_len The length of the pre-shared key identity - * in bytes. - * - * \note The PSK identity hint is copied internally and hence need - * not be preserved by the caller for the lifetime of the - * SSL configuration. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs - * can be configured. In this case, the old PSK(s) remain intact. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, - mbedtls_svc_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len); - -/** - * \brief Set the pre-shared Key (PSK) for the current handshake. - * - * \note This should only be called inside the PSK callback, - * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). - * - * \note A PSK set by this function takes precedence over a PSK - * configured by \c mbedtls_ssl_conf_psk(). - * - * \param ssl The SSL context to configure a PSK for. - * \param psk The pointer to the pre-shared key. - * \param psk_len The length of the pre-shared key in bytes. - * - * \return \c 0 if successful. - * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. - */ -int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len); - -/** - * \brief Set an opaque pre-shared Key (PSK) for the current handshake. - * - * \note This should only be called inside the PSK callback, - * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). - * - * \note An opaque PSK set by this function takes precedence over an - * opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque(). - * - * \param ssl The SSL context to configure a PSK for. - * \param psk The identifier of the key slot holding the PSK. - * For the duration of the current handshake, the key slot - * must be populated with a key of type - * PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its - * use for the key derivation algorithm - * applied in the handshake. - * - * \return \c 0 if successful. - * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. - */ -int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t psk); - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the PSK callback (server-side only). - * - * If set, the PSK callback is called for each - * handshake where a PSK-based ciphersuite was negotiated. - * The caller provides the identity received and wants to - * receive the actual PSK data and length. - * - * The callback has the following parameters: - * - \c void*: The opaque pointer \p p_psk. - * - \c mbedtls_ssl_context*: The SSL context to which - * the operation applies. - * - \c const unsigned char*: The PSK identity - * selected by the client. - * - \c size_t: The length of the PSK identity - * selected by the client. - * - * If a valid PSK identity is found, the callback should use - * \c mbedtls_ssl_set_hs_psk() or - * \c mbedtls_ssl_set_hs_psk_opaque() - * on the SSL context to set the correct PSK and return \c 0. - * Any other return value will result in a denied PSK identity. - * - * \note A dynamic PSK (i.e. set by the PSK callback) takes - * precedence over a static PSK (i.e. set by - * \c mbedtls_ssl_conf_psk() or - * \c mbedtls_ssl_conf_psk_opaque()). - * This means that if you set a PSK callback using this - * function, you don't need to set a PSK using - * \c mbedtls_ssl_conf_psk() or - * \c mbedtls_ssl_conf_psk_opaque()). - * - * \param conf The SSL configuration to register the callback with. - * \param f_psk The callback for selecting and setting the PSK based - * in the PSK identity chosen by the client. - * \param p_psk A pointer to an opaque structure to be passed to - * the callback, for example a PSK store. - */ -void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk); -#endif /* MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -/** - * \brief Set the allowed groups in order of preference. - * - * On server: This only affects the choice of key agreement mechanism - * - * On client: this affects the list of groups offered for any - * use. The server can override our preference order. - * - * Both sides: limits the set of groups accepted for use in - * key sharing. - * - * \note This list should be ordered by decreasing preference - * (preferred group first). - * - * \note When this function is not called, a default list is used, - * consisting of all supported curves at 255 bits and above, - * and all supported finite fields at 2048 bits and above. - * The order favors groups with the lowest resource usage. - * - * \note New minor versions of Mbed TLS will not remove items - * from the default list unless serious security concerns require it. - * New minor versions of Mbed TLS may change the order in - * keeping with the general principle of favoring the lowest - * resource usage. - * - * \param conf SSL configuration - * \param groups List of allowed groups ordered by preference, terminated by 0. - * Must contain valid IANA NamedGroup IDs (provided via either an integer - * or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros). - */ -void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, - const uint16_t *groups); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/** - * \brief Configure allowed signature algorithms for use in TLS - * - * \param conf The SSL configuration to use. - * \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms, - * terminated by #MBEDTLS_TLS1_3_SIG_NONE. The list must remain - * available throughout the lifetime of the conf object. - * - For TLS 1.3, values of \c MBEDTLS_TLS1_3_SIG_XXXX should be - * used. - * - For TLS 1.2, values should be given as - * "(HashAlgorithm << 8) | SignatureAlgorithm". - */ -void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, - const uint16_t *sig_algs); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Set or reset the hostname to check against the received - * peer certificate. On a client, this also sets the - * ServerName TLS extension, if that extension is enabled. - * On a TLS 1.3 client, this also sets the server name in - * the session resumption ticket, if that feature is enabled. - * - * \param ssl SSL context - * \param hostname The server hostname. This may be \c NULL to clear - * the hostname. - * - * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN. - * - * \note If the hostname is \c NULL on a client, then the server - * is not authenticated: it only needs to have a valid - * certificate, not a certificate matching its name. - * Therefore you should always call this function on a client, - * unless the connection is set up to only allow - * pre-shared keys, or in scenarios where server - * impersonation is not a concern. See the documentation of - * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - * for more details. - * - * \return 0 if successful, #PSA_ERROR_INSUFFICIENT_MEMORY on - * allocation failure, #PSA_ERROR_INVALID_ARGUMENT on - * too long input hostname. - * - * Hostname set to the one provided on success (cleared - * when NULL). On allocation failure hostname is cleared. - * On too long input failure, old hostname is unchanged. - */ -int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname); - -/** - * \brief Get the hostname that checked against the received - * server certificate. It is used to set the ServerName - * TLS extension, too, if that extension is enabled. - * (client-side only) - * - * \param ssl SSL context - * - * \return const pointer to the hostname value - */ -static inline const char *mbedtls_ssl_get_hostname(mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(hostname); -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -/** - * \brief Retrieve SNI extension value for the current handshake. - * Available in \c f_cert_cb of \c mbedtls_ssl_conf_cert_cb(), - * this is the same value passed to \c f_sni callback of - * \c mbedtls_ssl_conf_sni() and may be used instead of - * \c mbedtls_ssl_conf_sni(). - * - * \param ssl SSL context - * \param name_len pointer into which to store length of returned value. - * 0 if SNI extension is not present or not yet processed. - * - * \return const pointer to SNI extension value. - * - value is valid only when called in \c f_cert_cb - * registered with \c mbedtls_ssl_conf_cert_cb(). - * - value is NULL if SNI extension is not present. - * - value is not '\0'-terminated. Use \c name_len for len. - * - value must not be freed. - */ -const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl, - size_t *name_len); - -/** - * \brief Set own certificate and key for the current handshake - * - * \note Same as \c mbedtls_ssl_conf_own_cert() but for use within - * the SNI callback or the certificate selection callback. - * - * \note Passing null \c own_cert clears the certificate list for - * the current handshake. - * - * \param ssl SSL context - * \param own_cert own public certificate chain - * \param pk_key own private key - * - * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key); - -/** - * \brief Set the data required to verify peer certificate for the - * current handshake - * - * \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within - * the SNI callback or the certificate selection callback. - * - * \param ssl SSL context - * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) - * \param ca_crl trusted CA CRLs - */ -void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl); - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -/** - * \brief Set DN hints sent to client in CertificateRequest message - * - * \note Same as \c mbedtls_ssl_conf_dn_hints() but for use within - * the SNI callback or the certificate selection callback. - * - * \param ssl SSL context - * \param crt crt chain whose subject DNs are issuer DNs of client certs - * from which the client should select client peer certificate. - */ -void mbedtls_ssl_set_hs_dn_hints(mbedtls_ssl_context *ssl, - const mbedtls_x509_crt *crt); -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -/** - * \brief Set authmode for the current handshake. - * - * \note Same as \c mbedtls_ssl_conf_authmode() but for use within - * the SNI callback or the certificate selection callback. - * - * \param ssl SSL context - * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or - * MBEDTLS_SSL_VERIFY_REQUIRED - */ -void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, - int authmode); - -/** - * \brief Set server side ServerName TLS extension callback - * (optional, server-side only). - * - * If set, the ServerName callback is called whenever the - * server receives a ServerName TLS extension from the client - * during a handshake. The ServerName callback has the - * following parameters: (void *parameter, mbedtls_ssl_context *ssl, - * const unsigned char *hostname, size_t len). If a suitable - * certificate is found, the callback must set the - * certificate(s) and key(s) to use with \c - * mbedtls_ssl_set_hs_own_cert() (can be called repeatedly), - * and may optionally adjust the CA and associated CRL with \c - * mbedtls_ssl_set_hs_ca_chain() as well as the client - * authentication mode with \c mbedtls_ssl_set_hs_authmode(), - * then must return 0. If no matching name is found, the - * callback may return non-zero to abort the handshake. - * - * \param conf SSL configuration - * \param f_sni verification function - * \param p_sni verification parameter - */ -void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_sni); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -/** - * \brief Set the EC J-PAKE password for current handshake. - * - * \note An internal copy is made, and destroyed as soon as the - * handshake is completed, or when the SSL context is reset or - * freed. - * - * \note The SSL context needs to be already set up. The right place - * to call this function is between \c mbedtls_ssl_setup() or - * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake(). - * Password cannot be empty (see RFC 8236). - * - * \param ssl SSL context - * \param pw EC J-PAKE password (pre-shared secret). It cannot be empty - * \param pw_len length of pw in bytes - * - * \return 0 on success, or a negative error code. - */ -int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len); - -/** - * \brief Set the EC J-PAKE opaque password for current handshake. - * - * \note The key must remain valid until the handshake is over. - * - * \note The SSL context needs to be already set up. The right place - * to call this function is between \c mbedtls_ssl_setup() or - * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake(). - * - * \param ssl SSL context - * \param pwd EC J-PAKE opaque password - * - * \return 0 on success, or a negative error code. - */ -int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t pwd); -#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) -/** - * \brief Set the supported Application Layer Protocols. - * - * \param conf SSL configuration - * \param protos Pointer to a NULL-terminated list of supported protocols, - * in decreasing preference order. The pointer to the list is - * recorded by the library for later reference as required, so - * the lifetime of the table must be at least as long as the - * lifetime of the SSL configuration structure. - * - * \return 0 on success, or #PSA_ERROR_INVALID_ARGUMENT. - */ -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, - const char *const *protos); - -/** - * \brief Get the name of the negotiated Application Layer Protocol. - * This function should be called after the handshake is - * completed. - * - * \param ssl SSL context - * - * \return Protocol name, or NULL if no protocol was negotiated. - */ -const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#if defined(MBEDTLS_DEBUG_C) -static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile) -{ - switch (profile) { - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; - default: break; - } - return ""; -} -#endif /* MBEDTLS_DEBUG_C */ -/** - * \brief Manage support for mki(master key id) value - * in use_srtp extension. - * MKI is an optional part of SRTP used for key management - * and re-keying. See RFC3711 section 3.1 for details. - * The default value is - * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. - * - * \param conf The SSL configuration to manage mki support. - * \param support_mki_value Enable or disable mki usage. Values are - * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED - * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. - */ -void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, - int support_mki_value); - -/** - * \brief Set the supported DTLS-SRTP protection profiles. - * - * \param conf SSL configuration - * \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated - * supported protection profiles - * in decreasing preference order. - * The pointer to the list is recorded by the library - * for later reference as required, so the lifetime - * of the table must be at least as long as the lifetime - * of the SSL configuration structure. - * The list must not hold more than - * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements - * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). - * - * \return 0 on success - * \return #PSA_ERROR_INVALID_ARGUMENT when the list of - * protection profiles is incorrect. - */ -int mbedtls_ssl_conf_dtls_srtp_protection_profiles - (mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles); - -/** - * \brief Set the mki_value for the current DTLS-SRTP session. - * - * \param ssl SSL context to use. - * \param mki_value The MKI value to set. - * \param mki_len The length of the MKI value. - * - * \note This function is relevant on client side only. - * The server discovers the mki value during handshake. - * A mki value set on server side using this function - * is ignored. - * - * \return 0 on success - * \return #PSA_ERROR_INVALID_ARGUMENT - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - */ -int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len); -/** - * \brief Get the negotiated DTLS-SRTP information: - * Protection profile and MKI value. - * - * \warning This function must be called after the handshake is - * completed. The value returned by this function must - * not be trusted or acted upon before the handshake completes. - * - * \param ssl The SSL context to query. - * \param dtls_srtp_info The negotiated DTLS-SRTP information: - * - Protection profile in use. - * A direct mapping of the iana defined value for protection - * profile on an uint16_t. - http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated - * or peer's Hello packet was not parsed yet. - * - mki size and value( if size is > 0 ). - */ -void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/** - * \brief Set the maximum supported version sent from the client side - * and/or accepted at the server side. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \param conf SSL configuration - * \param tls_version TLS protocol version number (\c mbedtls_ssl_protocol_version) - * (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid) - */ -static inline void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, - mbedtls_ssl_protocol_version tls_version) -{ - conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version; -} - -/** - * \brief Set the minimum supported version sent from the client side - * and/or accepted at the server side. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \param conf SSL configuration - * \param tls_version TLS protocol version number (\c mbedtls_ssl_protocol_version) - * (#MBEDTLS_SSL_VERSION_UNKNOWN is not valid) - */ -static inline void mbedtls_ssl_conf_min_tls_version(mbedtls_ssl_config *conf, - mbedtls_ssl_protocol_version tls_version) -{ - conf->MBEDTLS_PRIVATE(min_tls_version) = tls_version; -} - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -/** - * \brief Enable or disable Encrypt-then-MAC - * (Default: MBEDTLS_SSL_ETM_ENABLED) - * - * \note This should always be enabled, it is a security - * improvement, and should not cause any interoperability - * issue (used only if the peer supports it too). - * - * \param conf SSL configuration - * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED - */ -void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm); -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -/** - * \brief Enable or disable Extended Master Secret negotiation. - * (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED) - * - * \note This should always be enabled, it is a security fix to the - * protocol, and should not cause any interoperability issue - * (used only if the peer supports it too). - * - * \param conf SSL configuration - * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED - */ -void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems); -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Whether to send a list of acceptable CAs in - * CertificateRequest messages. - * (Default: do send) - * - * \param conf SSL configuration - * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or - * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED - */ -void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, - char cert_req_ca_list); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/** - * \brief Set the maximum fragment length to emit and/or negotiate. - * (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and - * #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes) - * (Server: set maximum fragment length to emit, - * usually negotiated by the client during handshake) - * (Client: set maximum fragment length to emit *and* - * negotiate with the server during handshake) - * (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE) - * - * \note On the client side, the maximum fragment length extension - * *will not* be used, unless the maximum fragment length has - * been set via this function to a value different than - * #MBEDTLS_SSL_MAX_FRAG_LEN_NONE. - * - * \note With TLS, this currently only affects ApplicationData (sent - * with \c mbedtls_ssl_read()), not handshake messages. - * With DTLS, this affects both ApplicationData and handshake. - * - * \note Defragmentation of TLS handshake messages is supported - * with some limitations. See the documentation of - * mbedtls_ssl_handshake() for details. - * - * \note This sets the maximum length for a record's payload, - * excluding record overhead that will be added to it, see - * \c mbedtls_ssl_get_record_expansion(). - * - * \note For DTLS, it is also possible to set a limit for the total - * size of datagrams passed to the transport layer, including - * record overhead, see \c mbedtls_ssl_set_mtu(). - * - * \param conf SSL configuration - * \param mfl_code Code for maximum fragment length (allowed values: - * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, - * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) - * - * \return 0 if successful or #PSA_ERROR_INVALID_ARGUMENT - */ -int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Pick the ciphersuites order according to the second parameter - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER) - * - * \param conf SSL configuration - * \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER - * or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) - */ -void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Enable / Disable session tickets (client only). - * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.) - * - * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb(). - * - * \param conf SSL configuration - * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or - * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) - */ -void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) -/** - * \brief Number of NewSessionTicket messages for the server to send - * after handshake completion. - * - * \note The default value is - * \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS. - * - * \note In case of a session resumption, this setting only partially apply. - * At most one ticket is sent in that case to just renew the pool of - * tickets of the client. The rationale is to avoid the number of - * tickets on the server to become rapidly out of control when the - * server has the same configuration for all its connection instances. - * - * \param conf SSL configuration - * \param num_tickets Number of NewSessionTicket. - * - */ -void mbedtls_ssl_conf_new_session_tickets(mbedtls_ssl_config *conf, - uint16_t num_tickets); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_PROTO_TLS1_3*/ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Enable / Disable renegotiation support for connection when - * initiated by peer - * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) - * - * \warning It is recommended to always disable renegotiation unless you - * know you need it and you know what you're doing. In the - * past, there have been several issues associated with - * renegotiation or a poor understanding of its properties. - * - * \note Server-side, enabling renegotiation also makes the server - * susceptible to a resource DoS by a malicious client. - * - * \param conf SSL configuration - * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or - * MBEDTLS_SSL_RENEGOTIATION_DISABLED) - */ -void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Prevent or allow legacy renegotiation. - * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) - * - * MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to - * be established even if the peer does not support - * secure renegotiation, but does not allow renegotiation - * to take place if not secure. - * (Interoperable and secure option) - * - * MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations - * with non-upgraded peers. Allowing legacy renegotiation - * makes the connection vulnerable to specific man in the - * middle attacks. (See RFC 5746) - * (Most interoperable and least secure option) - * - * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections - * if peer does not support secure renegotiation. Results - * in interoperability issues with non-upgraded peers - * that do not support renegotiation altogether. - * (Most secure option, interoperability issues) - * - * \param conf SSL configuration - * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, - * SSL_ALLOW_LEGACY_RENEGOTIATION or - * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) - */ -void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Enforce renegotiation requests. - * (Default: enforced, max_records = 16) - * - * When we request a renegotiation, the peer can comply or - * ignore the request. This function allows us to decide - * whether to enforce our renegotiation requests by closing - * the connection if the peer doesn't comply. - * - * However, records could already be in transit from the peer - * when the request is emitted. In order to increase - * reliability, we can accept a number of records before the - * expected handshake records. - * - * The optimal value is highly dependent on the specific usage - * scenario. - * - * \note With DTLS and server-initiated renegotiation, the - * HelloRequest is retransmitted every time mbedtls_ssl_read() times - * out or receives Application Data, until: - * - max_records records have beens seen, if it is >= 0, or - * - the number of retransmits that would happen during an - * actual handshake has been reached. - * Please remember the request might be lost a few times - * if you consider setting max_records to a really low value. - * - * \warning On client, the grace period can only happen during - * mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate() - * which always behave as if max_record was 0. The reason is, - * if we receive application data from the server, we need a - * place to write it, which only happens during mbedtls_ssl_read(). - * - * \param conf SSL configuration - * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to - * enforce renegotiation, or a non-negative value to enforce - * it but allow for a grace period of max_records records. - */ -void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records); - -/** - * \brief Set record counter threshold for periodic renegotiation. - * (Default: 2^48 - 1) - * - * Renegotiation is automatically triggered when a record - * counter (outgoing or incoming) crosses the defined - * threshold. The default value is meant to prevent the - * connection from being closed when the counter is about to - * reached its maximal value (it is not allowed to wrap). - * - * Lower values can be used to enforce policies such as "keys - * must be refreshed every N packets with cipher X". - * - * The renegotiation period can be disabled by setting - * conf->disable_renegotiation to - * MBEDTLS_SSL_RENEGOTIATION_DISABLED. - * - * \note When the configured transport is - * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation - * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, - * the maximum renegotiation period is 2^64 - 1. - * - * \param conf SSL configuration - * \param period The threshold value: a big-endian 64-bit number. - */ -void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, - const unsigned char period[8]); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Check if there is data already read from the - * underlying transport but not yet processed. - * - * \param ssl SSL context - * - * \return 0 if nothing's pending, 1 otherwise. - * - * \note This is different in purpose and behaviour from - * \c mbedtls_ssl_get_bytes_avail in that it considers - * any kind of unprocessed data, not only unread - * application data. If \c mbedtls_ssl_get_bytes - * returns a non-zero value, this function will - * also signal pending data, but the converse does - * not hold. For example, in DTLS there might be - * further records waiting to be processed from - * the current underlying transport's datagram. - * - * \note If this function returns 1 (data pending), this - * does not imply that a subsequent call to - * \c mbedtls_ssl_read will provide any data; - * e.g., the unprocessed data might turn out - * to be an alert or a handshake message. - * - * \note This function is useful in the following situation: - * If the SSL/TLS module successfully returns from an - * operation - e.g. a handshake or an application record - * read - and you're awaiting incoming data next, you - * must not immediately idle on the underlying transport - * to have data ready, but you need to check the value - * of this function first. The reason is that the desired - * data might already be read but not yet processed. - * If, in contrast, a previous call to the SSL/TLS module - * returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary - * to call this function, as the latter error code entails - * that all internal data has been processed. - * - */ -int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the number of application data bytes - * remaining to be read from the current record. - * - * \param ssl SSL context - * - * \return How many bytes are available in the application - * data record read buffer. - * - * \note When working over a datagram transport, this is - * useful to detect the current datagram's boundary - * in case \c mbedtls_ssl_read has written the maximal - * amount of data fitting into the input buffer. - * - */ -size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the result of the certificate verification - * - * \param ssl The SSL context to use. - * - * \return \c 0 if the certificate verification was successful. - * \return \c -1u if the result is not available. This may happen - * e.g. if the handshake aborts early, or a verification - * callback returned a fatal error. - * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX - * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h. - */ -uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the id of the current ciphersuite - * - * \param ssl SSL context - * - * \return a ciphersuite id - */ -int mbedtls_ssl_get_ciphersuite_id_from_ssl(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the name of the current ciphersuite - * - * \param ssl SSL context - * - * \return a string containing the ciphersuite name - */ -const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl); - - -/** - * \brief Return the (D)TLS protocol version negotiated in the - * given connection. - * - * \note If you call this function too early during the initial - * handshake, before the two sides have agreed on a version, - * this function returns #MBEDTLS_SSL_VERSION_UNKNOWN. - * - * \param ssl The SSL context to query. - * \return The negotiated protocol version. - */ -static inline mbedtls_ssl_protocol_version mbedtls_ssl_get_version_number( - const mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(tls_version); -} - -/** - * \brief Return the current TLS version - * - * \param ssl SSL context - * - * \return a string containing the TLS version - */ -const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the (maximum) number of bytes added by the record - * layer: header + encryption/MAC overhead (inc. padding) - * - * \param ssl SSL context - * - * \return Current maximum record expansion in bytes - */ -int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the current maximum outgoing record payload in bytes. - * - * \note The logic to determine the maximum outgoing record payload is - * version-specific. It takes into account various factors, such as - * the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions - * such as the max fragment length or record size limit extension if - * used, and for DTLS the path MTU as configured and current - * record expansion. - * - * \note With DTLS, \c mbedtls_ssl_write() will return an error if - * called with a larger length value. - * With TLS, \c mbedtls_ssl_write() will fragment the input if - * necessary and return the number of bytes written; it is up - * to the caller to call \c mbedtls_ssl_write() again in - * order to send the remaining bytes if any. - * - * \sa mbedtls_ssl_get_max_out_record_payload() - * \sa mbedtls_ssl_get_record_expansion() - * - * \param ssl SSL context - * - * \return Current maximum payload for an outgoing record, - * or a negative error code. - */ -int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the current maximum incoming record payload in bytes. - * - * \note The logic to determine the maximum incoming record payload is - * version-specific. It takes into account various factors, such as - * the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions - * such as the max fragment length extension or record size limit - * extension if used, and the current record expansion. - * - * \sa mbedtls_ssl_set_mtu() - * \sa mbedtls_ssl_get_max_in_record_payload() - * \sa mbedtls_ssl_get_record_expansion() - * - * \param ssl SSL context - * - * \return Current maximum payload for an incoming record, - * or a negative error code. - */ -int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * \brief Return the peer certificate from the current connection. - * - * \param ssl The SSL context to use. This must be initialized and setup. - * - * \return The current peer certificate, if available. - * The returned certificate is owned by the SSL context and - * is valid only until the next call to the SSL API. - * \return \c NULL if no peer certificate is available. This might - * be because the chosen ciphersuite doesn't use CRTs - * (PSK-based ciphersuites, for example), or because - * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled, - * allowing the stack to free the peer's CRT to save memory. - * - * \note For one-time inspection of the peer's certificate during - * the handshake, consider registering an X.509 CRT verification - * callback through mbedtls_ssl_conf_verify() instead of calling - * this function. Using mbedtls_ssl_conf_verify() also comes at - * the benefit of allowing you to influence the verification - * process, for example by masking expected and tolerated - * verification failures. - * - * \warning You must not use the pointer returned by this function - * after any further call to the SSL API, including - * mbedtls_ssl_read() and mbedtls_ssl_write(); this is - * because the pointer might change during renegotiation, - * which happens transparently to the user. - * If you want to use the certificate across API calls, - * you must make a copy. - */ -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Export a session in order to resume it later. - * - * \param ssl The SSL context representing the connection for which to - * to export a session structure for later resumption. - * \param session The target structure in which to store the exported session. - * This must have been initialized with mbedtls_ssl_session_init() - * but otherwise be unused. - * - * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption and - * ticket-based resumption will be considered. For TLS 1.3, - * sessions equate to tickets, and if session tickets are - * enabled (see #MBEDTLS_SSL_SESSION_TICKETS configuration - * option), this function exports the last received ticket and - * the exported session may be used to resume the TLS 1.3 - * session. If session tickets are disabled, exported sessions - * cannot be used to resume a TLS 1.3 session. - * - * \return \c 0 if successful. In this case, \p session can be used for - * session resumption by passing it to mbedtls_ssl_set_session(), - * and serialized for storage via mbedtls_ssl_session_save(). - * \return Another negative error code on other kinds of failure. - * - * \sa mbedtls_ssl_set_session() - * \sa mbedtls_ssl_session_save() - */ -int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, - mbedtls_ssl_session *session); -#endif /* MBEDTLS_SSL_CLI_C */ - -/** - * \brief Perform the SSL handshake - * - * \param ssl SSL context - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use - * and the client did not demonstrate reachability yet - in - * this case you must stop using the context (see below). - * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as - * defined in RFC 8446 (TLS 1.3 specification), has been - * received as part of the handshake. This is server specific - * and may occur only if the early data feature has been - * enabled on server (see mbedtls_ssl_conf_early_data() - * documentation). You must call mbedtls_ssl_read_early_data() - * to read the early data before resuming the handshake. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note If DTLS is in use, then you may choose to handle - * #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging - * purposes, as it is an expected return value rather than an - * actual error, but you still need to reset/free the context. - * - * \note Remarks regarding event-driven DTLS: - * If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram - * from the underlying transport layer is currently being processed, - * and it is safe to idle until the timer or the underlying transport - * signal a new event. This is not true for a successful handshake, - * in which case the datagram of the underlying transport that is - * currently being processed might or might not contain further - * DTLS records. - * - * \note In TLS, reception of fragmented handshake messages is - * supported with some limitations (those limitations do - * not apply to DTLS, where defragmentation is fully - * supported): - * - On an Mbed TLS server that only accepts TLS 1.2, - * the initial ClientHello message must not be fragmented. - * A TLS 1.2 ClientHello may be fragmented if the server - * also accepts TLS 1.3 connections (meaning - * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the - * accepted versions have not been restricted with - * mbedtls_ssl_conf_max_tls_version() or the like). - * - The first fragment of a handshake message must be - * at least 4 bytes long. - * - Non-handshake records must not be interleaved between - * the fragments of a handshake message. (This is permitted - * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it - * even in TLS 1.2.) - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - */ -int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); - -/** - * \brief After calling mbedtls_ssl_handshake() to start the SSL - * handshake you can call this function to check whether the - * handshake is over for a given SSL context. This function - * should be also used to determine when to stop calling - * mbedtls_handshake_step() for that context. - * - * \param ssl SSL context - * - * \return \c 1 if handshake is over, \c 0 if it is still ongoing. - */ -static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl) -{ - return ssl->MBEDTLS_PRIVATE(state) >= MBEDTLS_SSL_HANDSHAKE_OVER; -} - -/** - * \brief Perform a single step of the SSL handshake - * - * \note The state of the context (ssl->state) will be at - * the next state after this function returns \c 0. Do not - * call this function if mbedtls_ssl_is_handshake_over() - * returns \c 1. - * - * \warning Whilst in the past you may have used direct access to the - * context state (ssl->state) in order to ascertain when to - * stop calling this function and although you can still do - * so with something like ssl->MBEDTLS_PRIVATE(state) or by - * defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now - * considered deprecated and could be broken in any future - * release. If you still find you have good reason for such - * direct access, then please do contact the team to explain - * this (raise an issue or post to the mailing list), so that - * we can add a solution to your problem that will be - * guaranteed to work in the future. - * - * \param ssl SSL context - * - * \return See mbedtls_ssl_handshake(). - * - * \warning If this function returns something other than \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using - * the SSL context for reading or writing, and either free it - * or call \c mbedtls_ssl_session_reset() on it before - * re-using it for a new connection; the current connection - * must be closed. - */ -int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/** - * \brief Initiate an SSL renegotiation on the running connection. - * Client: perform the renegotiation right now. - * Server: request renegotiation, which will be performed - * during the next call to mbedtls_ssl_read() if honored by - * client. - * - * \param ssl SSL context - * - * \return 0 if successful, or any mbedtls_ssl_handshake() return - * value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't - * happen during a renegotiation. - * - * \warning If this function returns something other than \c 0, - * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using - * the SSL context for reading or writing, and either free it - * or call \c mbedtls_ssl_session_reset() on it before - * re-using it for a new connection; the current connection - * must be closed. - * - */ -int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -/** - * \brief Read at most 'len' application data bytes - * - * \param ssl SSL context - * \param buf buffer that will hold the data - * \param len maximum number of bytes to read - * - * \return The (positive) number of bytes read if successful. - * \return \c 0 if the read end of the underlying transport was closed - * without sending a CloseNotify beforehand, which might happen - * because of various reasons (internal error of an underlying - * stack, non-conformant peer not sending a CloseNotify and - * such) - in this case you must stop using the context - * (see below). - * \return #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying - * transport is still functional, but the peer has - * acknowledged to not send anything anymore. - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server - * side of a DTLS connection and the client is initiating a - * new connection using the same source port. See below. - * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as - * defined in RFC 8446 (TLS 1.3 specification), has been - * received as part of the handshake. This is server specific - * and may occur only if the early data feature has been - * enabled on server (see mbedtls_ssl_conf_early_data() - * documentation). You must call mbedtls_ssl_read_early_data() - * to read the early data before resuming the handshake. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * a positive value, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT - * (which can only happen server-side), it means that a client - * is initiating a new connection using the same source port. - * You can either treat that as a connection close and wait - * for the client to resend a ClientHello, or directly - * continue with \c mbedtls_ssl_handshake() with the same - * context (as it has been reset internally). Either way, you - * must make sure this is seen by the application as a new - * connection: application state, if any, should be reset, and - * most importantly the identity of the client must be checked - * again. WARNING: not validating the identity of the client - * again, or not transmitting the new identity to the - * application layer, would allow authentication bypass! - * - * \note Remarks regarding event-driven DTLS: - * - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram - * from the underlying transport layer is currently being processed, - * and it is safe to idle until the timer or the underlying transport - * signal a new event. - * - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was - * initially available on the underlying transport, as this data may have - * been only e.g. duplicated messages or a renegotiation request. - * Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even - * when reacting to an incoming-data event from the underlying transport. - * - On success, the datagram of the underlying transport that is currently - * being processed may contain further DTLS records. You should call - * \c mbedtls_ssl_check_pending to check for remaining records. - * - */ -int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); - -/** - * \brief Try to write exactly 'len' application data bytes - * - * \warning This function will do partial writes in some cases. If the - * return value is non-negative but less than length, the - * function must be called again with updated arguments: - * buf + ret, len - ret (if ret is the return value) until - * it returns a value equal to the last 'len' argument. - * - * \param ssl SSL context - * \param buf buffer holding the data - * \param len how many bytes must be written - * - * \return The (non-negative) number of bytes actually written if - * successful (may be less than \p len). - * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE - * if the handshake is incomplete and waiting for data to - * be available for reading from or writing to the underlying - * transport - in this case you must call this function again - * when the underlying transport is ready for the operation. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous - * operation is in progress (see - * mbedtls_ssl_conf_async_private_cb()) - in this case you - * must call this function again when the operation is ready. - * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - - * in this case you must call this function again to complete - * the handshake when you're done attending other tasks. - * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as - * defined in RFC 8446 (TLS 1.3 specification), has been - * received as part of the handshake. This is server specific - * and may occur only if the early data feature has been - * enabled on server (see mbedtls_ssl_conf_early_data() - * documentation). You must call mbedtls_ssl_read_early_data() - * to read the early data before resuming the handshake. - * \return Another SSL error code - in this case you must stop using - * the context (see below). - * - * \warning If this function returns something other than - * a non-negative value, - * #MBEDTLS_ERR_SSL_WANT_READ, - * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, - * you must stop using the SSL context for reading or writing, - * and either free it or call \c mbedtls_ssl_session_reset() - * on it before re-using it for a new connection; the current - * connection must be closed. - * - * \note When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ, - * it must be called later with the *same* arguments, - * until it returns a value greater than or equal to 0. When - * the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be - * some partial data in the output buffer, however this is not - * yet sent. - * - * \note If the requested length is greater than the maximum - * fragment length (either the built-in limit or the one set - * or negotiated with the peer), then: - * - with TLS, less bytes than requested are written. - * - with DTLS, #PSA_ERROR_INVALID_ARGUMENT is returned. - * \c mbedtls_ssl_get_max_out_record_payload() may be used to - * query the active maximum fragment length. - * - * \note Attempting to write 0 bytes will result in an empty TLS - * application record being sent. - */ -int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len); - -/** - * \brief Send an alert message - * - * \param ssl SSL context - * \param level The alert level of the message - * (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL) - * \param message The alert message (SSL_ALERT_MSG_*) - * - * \return 0 if successful, or a specific SSL error code. - * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - */ -int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message); -/** - * \brief Notify the peer that the connection is being closed - * - * \param ssl SSL context - * - * \return 0 if successful, or a specific SSL error code. - * - * \note If this function returns something other than 0 or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using - * the SSL context for reading or writing, and either free it or - * call \c mbedtls_ssl_session_reset() on it before re-using it - * for a new connection; the current connection must be closed. - */ -int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - -#if defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Read at most 'len' bytes of early data - * - * \note This API is server specific. - * - * \warning Early data is defined in the TLS 1.3 specification, RFC 8446. - * IMPORTANT NOTE from section 2.3 of the specification: - * - * The security properties for 0-RTT data are weaker than - * those for other kinds of TLS data. Specifically: - * - This data is not forward secret, as it is encrypted - * solely under keys derived using the offered PSK. - * - There are no guarantees of non-replay between connections. - * Protection against replay for ordinary TLS 1.3 1-RTT data - * is provided via the server's Random value, but 0-RTT data - * does not depend on the ServerHello and therefore has - * weaker guarantees. This is especially relevant if the - * data is authenticated either with TLS client - * authentication or inside the application protocol. The - * same warnings apply to any use of the - * early_exporter_master_secret. - * - * \warning Mbed TLS does not implement any of the anti-replay defenses - * defined in section 8 of the TLS 1.3 specification: - * single-use of tickets or ClientHello recording within a - * given time window. - * - * \note This function is used in conjunction with - * mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), - * mbedtls_ssl_read() and mbedtls_ssl_write() to read early - * data when these functions return - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA. - * - * \param ssl SSL context, it must have been initialized and set up. - * \param buf buffer that will hold the data - * \param len maximum number of bytes to read - * - * \return The (positive) number of bytes read if successful. - * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. - * \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not - * possible to read early data for the SSL context \p ssl. Note - * that this function is intended to be called for an SSL - * context \p ssl only after a call to mbedtls_ssl_handshake(), - * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or - * mbedtls_ssl_write() for \p ssl that has returned - * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA. - */ -int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, - unsigned char *buf, size_t len); -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Try to write exactly 'len' application data bytes while - * performing the handshake (early data). - * - * \warning Early data is defined in the TLS 1.3 specification, RFC 8446. - * IMPORTANT NOTE from section 2.3 of the specification: - * - * The security properties for 0-RTT data are weaker than - * those for other kinds of TLS data. Specifically: - * - This data is not forward secret, as it is encrypted - * solely under keys derived using the offered PSK. - * - There are no guarantees of non-replay between connections. - * Protection against replay for ordinary TLS 1.3 1-RTT data - * is provided via the server's Random value, but 0-RTT data - * does not depend on the ServerHello and therefore has - * weaker guarantees. This is especially relevant if the - * data is authenticated either with TLS client - * authentication or inside the application protocol. The - * same warnings apply to any use of the - * early_exporter_master_secret. - * - * \note This function behaves mainly as mbedtls_ssl_write(). The - * specification of mbedtls_ssl_write() relevant to TLS 1.3 - * (thus not the parts specific to (D)TLS1.2) applies to this - * function and the present documentation is mainly restricted - * to the differences with mbedtls_ssl_write(). One noticeable - * difference though is that mbedtls_ssl_write() aims to - * complete the handshake before to write application data - * while mbedtls_ssl_write_early() aims to drive the handshake - * just past the point where it is not possible to send early - * data anymore. - * - * \param ssl SSL context - * \param buf buffer holding the data - * \param len how many bytes must be written - * - * \return The (non-negative) number of bytes actually written if - * successful (may be less than \p len). - * - * \return One additional specific error code compared to - * mbedtls_ssl_write(): - * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA. - * - * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA is returned when it - * is not possible to write early data for the SSL context - * \p ssl. - * - * It may have been possible and it is not possible - * anymore because the client received the server Finished - * message, the server rejected early data or the maximum - * number of allowed early data for the PSK in use has been - * reached. - * - * It may never have been possible and will never be possible - * for the SSL context \p ssl because the use of early data - * is disabled for that context or more generally the context - * is not suitably configured to enable early data or the first - * call to the function was done while the handshake was - * already completed. - * - * It is not possible to write early data for the SSL context - * \p ssl and any subsequent call to this API will return this - * error code. But this does not preclude for using it with - * mbedtls_ssl_write(), mbedtls_ssl_read() or - * mbedtls_ssl_handshake() and the handshake can be - * completed by calling one of these APIs. - * - * \note This function may write early data only if the SSL context - * has been configured for the handshake with a PSK for which - * early data is allowed. - * - * \note To maximize the number of early data that can be written in - * the course of the handshake, it is expected that this - * function starts the handshake for the SSL context \p ssl. - * But this is not mandatory. - * - * \note This function does not provide any information on whether - * the server has accepted or will accept early data or not. - * When it returns a positive value, it just means that it - * has written early data to the server. To know whether the - * server has accepted early data or not, you should call - * mbedtls_ssl_get_early_data_status() with the handshake - * completed. - */ -int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len); - -/** - * \brief Get the status of the negotiation of the use of early data. - * - * \param ssl The SSL context to query - * - * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called - * from the server-side. - * - * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called - * prior to completion of the handshake. - * - * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client - * has not indicated the use of early data to the server. - * - * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED if the client has - * indicated the use of early data and the server has accepted - * it. - * - * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED if the client has - * indicated the use of early data but the server has rejected - * it. In this situation, the client may want to re-send the - * early data it may have tried to send by calling - * mbedtls_ssl_write_early_data() as ordinary post-handshake - * application data by calling mbedtls_ssl_write(). - * - */ -int mbedtls_ssl_get_early_data_status(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_CLI_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/** - * \brief Free referenced items in an SSL context and clear memory - * - * \param ssl SSL context - */ -void mbedtls_ssl_free(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -/** - * \brief Save an active connection as serialized data in a buffer. - * This allows the freeing or re-using of the SSL context - * while still picking up the connection later in a way that - * it entirely transparent to the peer. - * - * \see mbedtls_ssl_context_load() - * - * \note The serialized data only contains the data that is - * necessary to resume the connection: negotiated protocol - * options, session identifier, keys, etc. - * Loading a saved SSL context does not restore settings and - * state related to how the application accesses the context, - * such as configured callback functions, user data, pending - * incoming or outgoing data, etc. - * - * \note This feature is currently only available under certain - * conditions, see the documentation of the return value - * #PSA_ERROR_INVALID_ARGUMENT for details. - * - * \note When this function succeeds, it calls - * mbedtls_ssl_session_reset() on \p ssl which as a result is - * no longer associated with the connection that has been - * serialized. This avoids creating copies of the connection - * state. You're then free to either re-use the context - * structure for a different connection, or call - * mbedtls_ssl_free() on it. See the documentation of - * mbedtls_ssl_session_reset() for more details. - * - * \param ssl The SSL context to save. On success, it is no longer - * associated with the connection that has been serialized. - * \param buf The buffer to write the serialized data to. It must be a - * writeable buffer of at least \p buf_len bytes, or may be \c - * NULL if \p buf_len is \c 0. - * \param buf_len The number of bytes available for writing in \p buf. - * \param olen The size in bytes of the data that has been or would have - * been written. It must point to a valid \c size_t. - * - * \note \p olen is updated to the correct value regardless of - * whether \p buf_len was large enough. This makes it possible - * to determine the necessary size by calling this function - * with \p buf set to \c NULL and \p buf_len to \c 0. However, - * the value of \p olen is only guaranteed to be correct when - * the function returns #PSA_ERROR_BUFFER_TOO_SMALL or - * \c 0. If the return value is different, then the value of - * \p olen is undefined. - * - * \return \c 0 if successful. - * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. - * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed - * while resetting the context. - * \return #PSA_ERROR_INVALID_ARGUMENT if a handshake is in - * progress, or there is pending data for reading or sending, - * or the connection does not use DTLS 1.2 with an AEAD - * ciphersuite, or renegotiation is enabled. - */ -int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen); - -/** - * \brief Load serialized connection data to an SSL context. - * - * \see mbedtls_ssl_context_save() - * - * \warning The same serialized data must never be loaded into more - * that one context. In order to ensure that, after - * successfully loading serialized data to an SSL context, you - * should immediately destroy or invalidate all copies of the - * serialized data that was loaded. Loading the same data in - * more than one context would cause severe security failures - * including but not limited to loss of confidentiality. - * - * \note Before calling this function, the SSL context must be - * prepared in one of the two following ways. The first way is - * to take a context freshly initialised with - * mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with - * the same ::mbedtls_ssl_config structure that was used in - * the original connection. The second way is to - * call mbedtls_ssl_session_reset() on a context that was - * previously prepared as above but used in the meantime. - * Either way, you must not use the context to perform a - * handshake between calling mbedtls_ssl_setup() or - * mbedtls_ssl_session_reset() and calling this function. You - * may however call other setter functions in that time frame - * as indicated in the note below. - * - * \note Before or after calling this function successfully, you - * also need to configure some connection-specific callbacks - * and settings before you can use the connection again - * (unless they were already set before calling - * mbedtls_ssl_session_reset() and the values are suitable for - * the present connection). Specifically, you want to call - * at least mbedtls_ssl_set_bio(), - * mbedtls_ssl_set_timer_cb(), and - * mbedtls_ssl_set_user_data_n() or - * mbedtls_ssl_set_user_data_p() if they were set originally. - * All other SSL setter functions - * are not necessary to call, either because they're only used - * in handshakes, or because the setting is already saved. You - * might choose to call them anyway, for example in order to - * share code between the cases of establishing a new - * connection and the case of loading an already-established - * connection. - * - * \note If you have new information about the path MTU, you want to - * call mbedtls_ssl_set_mtu() after calling this function, as - * otherwise this function would overwrite your - * newly-configured value with the value that was active when - * the context was saved. - * - * \note When this function returns an error code, it calls - * mbedtls_ssl_free() on \p ssl. In this case, you need to - * prepare the context with the usual sequence starting with a - * call to mbedtls_ssl_init() if you want to use it again. - * - * \param ssl The SSL context structure to be populated. It must have - * been prepared as described in the note above. - * \param buf The buffer holding the serialized connection data. It must - * be a readable buffer of at least \p len bytes. - * \param len The size of the serialized data in bytes. - * - * \return \c 0 if successful. - * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data - * comes from a different Mbed TLS version or build. - * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. - */ -int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len); -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -/** - * \brief Initialize an SSL configuration context - * Just makes the context ready for - * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). - * - * \note You need to call mbedtls_ssl_config_defaults() unless you - * manually set all of the relevant fields yourself. - * - * \param conf SSL configuration context - */ -void mbedtls_ssl_config_init(mbedtls_ssl_config *conf); - -/** - * \brief Load reasonable default SSL configuration values. - * (You need to call mbedtls_ssl_config_init() first.) - * - * \param conf SSL configuration context - * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER - * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or - * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS - * \param preset a MBEDTLS_SSL_PRESET_XXX value - * - * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. - * - * \return 0 if successful, or - * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error. - */ -int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, - int endpoint, int transport, int preset); - -/** - * \brief Free an SSL configuration context - * - * \param conf SSL configuration context - */ -void mbedtls_ssl_config_free(mbedtls_ssl_config *conf); - -/** - * \brief Initialize SSL session structure - * - * \param session SSL session - */ -void mbedtls_ssl_session_init(mbedtls_ssl_session *session); - -/** - * \brief Free referenced items in an SSL session including the - * peer certificate and clear memory - * - * \note A session object can be freed even if the SSL context - * that was used to retrieve the session is still in use. - * - * \param session SSL session - */ -void mbedtls_ssl_session_free(mbedtls_ssl_session *session); - -/** - * \brief TLS-PRF function for key derivation. - * - * \param prf The tls_prf type function type to be used. - * \param secret Secret for the key derivation function. - * \param slen Length of the secret. - * \param label String label for the key derivation function, - * terminated with null character. - * \param random Random bytes. - * \param rlen Length of the random bytes buffer. - * \param dstbuf The buffer holding the derived key. - * \param dlen Length of the output buffer. - * - * \return 0 on success. An SSL specific error on failure. - */ -int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) -/* Maximum value for key_len in mbedtls_ssl_export_keying material. Depending on the TLS - * version and the negotiated ciphersuite, larger keys could in principle be exported, - * but for simplicity, we define one limit that works in all cases. TLS 1.3 with SHA256 - * has the strictest limit: 255 blocks of SHA256 output, or 8160 bytes. */ -#define MBEDTLS_SSL_EXPORT_MAX_KEY_LEN 8160 - -/** - * \brief TLS-Exporter to derive shared symmetric keys between server and client. - * - * \param ssl SSL context from which to export keys. Must have finished the handshake. - * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes, must be at most - * MBEDTLS_SSL_EXPORT_MAX_KEY_LEN (8160). - * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be at most 249 in TLS 1.3. - * \param context Context of the key. Can be NULL if context_len or use_context is 0. - * \param context_len Length of context. Must be < 2^16 in TLS 1.2. - * \param use_context Indicates if a context should be used in deriving the key. - * - * \note TLS 1.2 makes a distinction between a 0-length context and no context. - * This is why the use_context argument exists. TLS 1.3 does not make - * this distinction. If use_context is 0 and TLS 1.3 is used, context and - * context_len are ignored and a 0-length context is used. - * - * \return 0 on success. - * \return #PSA_ERROR_INVALID_ARGUMENT if the handshake is not yet completed. - * \return An SSL-specific error on failure. - */ -int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, - const int use_context); -#endif -#ifdef __cplusplus -} -#endif - -#endif /* ssl.h */ diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h deleted file mode 100644 index a1307b4508..0000000000 --- a/include/mbedtls/ssl_cache.h +++ /dev/null @@ -1,187 +0,0 @@ -/** - * \file ssl_cache.h - * - * \brief SSL session cache implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_CACHE_H -#define MBEDTLS_SSL_CACHE_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) -#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ -#endif - -#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) -#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ -#endif - -/** \} name SECTION: Module settings */ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context; -typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; - -/** - * \brief This structure is used for storing cache entries - */ -struct mbedtls_ssl_cache_entry { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */ -#endif - - unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */ - size_t MBEDTLS_PRIVATE(session_id_len); - - unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */ - size_t MBEDTLS_PRIVATE(session_len); - - mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */ -}; - -/** - * \brief Cache context - */ -struct mbedtls_ssl_cache_context { - mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */ - int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */ - int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */ -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */ -#endif -}; - -/** - * \brief Initialize an SSL cache context - * - * \param cache SSL cache context - */ -void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache); - -/** - * \brief Cache get callback implementation - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * for the session to load. - * \param session_id_len The length of \p session_id in bytes. - * \param session The address at which to store the session - * associated with \p session_id, if present. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is - * no cache entry with specified session ID found, or - * any other negative error code for other failures. - */ -int mbedtls_ssl_cache_get(void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session); - -/** - * \brief Cache set callback implementation - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * associated to \p session. - * \param session_id_len The length of \p session_id in bytes. - * \param session The session to store. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_ssl_cache_set(void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session); - -/** - * \brief Remove the cache entry by the session ID - * (Thread-safe if MBEDTLS_THREADING_C is enabled) - * - * \param data The SSL cache context to use. - * \param session_id The pointer to the buffer holding the session ID - * associated to session. - * \param session_id_len The length of \p session_id in bytes. - * - * \return \c 0 on success. This indicates the cache entry for - * the session with provided ID is removed or does not - * exist. - * \return A negative error code on failure. - */ -int mbedtls_ssl_cache_remove(void *data, - unsigned char const *session_id, - size_t session_id_len); - -#if defined(MBEDTLS_HAVE_TIME) -/** - * \brief Set the cache timeout - * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day)) - * - * A timeout of 0 indicates no timeout. - * - * \param cache SSL cache context - * \param timeout cache entry timeout in seconds - */ -void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout); - -/** - * \brief Get the cache timeout - * - * A timeout of 0 indicates no timeout. - * - * \param cache SSL cache context - * - * \return cache entry timeout in seconds - */ -static inline int mbedtls_ssl_cache_get_timeout(mbedtls_ssl_cache_context *cache) -{ - return cache->MBEDTLS_PRIVATE(timeout); -} -#endif /* MBEDTLS_HAVE_TIME */ - -/** - * \brief Set the maximum number of cache entries - * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) - * - * \param cache SSL cache context - * \param max cache entry maximum - */ -void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max); - -/** - * \brief Free referenced items in a cache context and clear memory - * - * \param cache SSL cache context - */ -void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_cache.h */ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h deleted file mode 100644 index dfd369416b..0000000000 --- a/include/mbedtls/ssl_ciphersuites.h +++ /dev/null @@ -1,304 +0,0 @@ -/** - * \file ssl_ciphersuites.h - * - * \brief SSL Ciphersuites for Mbed TLS - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_CIPHERSUITES_H -#define MBEDTLS_SSL_CIPHERSUITES_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/pk.h" -#include "mbedtls/private/cipher.h" -#include "mbedtls/md.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Supported ciphersuites (Official IANA names) - */ -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ - -#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C -#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D - -#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE -#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ -#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A - -#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A -#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ - -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 -#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B - -#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */ -/* The last two are named with PSK_DHE in the RFC, which looks like a typo */ - -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */ - -#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */ - -/* RFC 7905 */ -#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */ - -/* RFC 8446, Appendix B.4 */ -#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_AES_256_GCM_SHA384 0x1302 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256 0x1303 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_AES_128_CCM_SHA256 0x1304 /**< TLS 1.3 */ -#define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256 0x1305 /**< TLS 1.3 */ - -/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. - * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below - */ -typedef enum { - MBEDTLS_KEY_EXCHANGE_NONE = 0, - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_KEY_EXCHANGE_ECJPAKE, -} mbedtls_key_exchange_type_t; - -/* Key exchanges using a certificate */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED -#endif - -/* Key exchanges in either TLS 1.2 or 1.3 which are using an ECDSA - * signature */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED -#endif - -/* Key exchanges allowing client certificate requests. - * - * This is now the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED, - * and the two macros could be unified. - * Until Mbed TLS 3.x, the two sets were different because - * MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED covers - * MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED plus RSA-PSK. - * But RSA-PSK was removed in Mbed TLS 4.0. - */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED -#endif - -/* Helper to state that certificate-based client authentication through ECDSA - * is supported in TLS 1.2 */ -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \ - defined(PSA_HAVE_ALG_ECDSA_SIGN) && defined(PSA_HAVE_ALG_ECDSA_VERIFY) -#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED -#endif - -/* ECDSA required for certificates in either TLS 1.2 or 1.3 */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED -#endif - -/* Key exchanges involving server signature in ServerKeyExchange */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED -#endif - -/* Key exchanges that involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED -#endif - -/* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED -#endif - -/* Key exchanges using ECDHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED -#endif - -/* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED -#endif - -/* TLS 1.3 PSK key exchanges */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED -#endif - -/* TLS 1.2 or 1.3 key exchanges with PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED -#endif - -/* TLS 1.3 ephemeral key exchanges */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED -#endif - -/* TLS 1.3 key exchanges using ECDHE */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_ECDH) -#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED -#endif - -/* TLS 1.2 or 1.3 key exchanges using ECDH or ECDHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED -#endif - -/* The handshake params structure has a set of fields called xxdh_psa which are used: - * - by TLS 1.2 to do ECDH or ECDHE; - * - by TLS 1.3 to do ECDHE or FFDHE. - * The following macros can be used to guard their declaration and use. - */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED -#endif - -typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; - -#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ -#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag, - eg for CCM_8 */ -#define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */ - -/** - * \brief This structure is used for storing ciphersuite information - * - * \note members are defined using integral types instead of enums - * in order to pack structure and reduce memory usage by internal - * \c ciphersuite_definitions[] - */ -struct mbedtls_ssl_ciphersuite_t { - int MBEDTLS_PRIVATE(id); - const char *MBEDTLS_PRIVATE(name); - - uint8_t MBEDTLS_PRIVATE(cipher); /* mbedtls_cipher_type_t */ - uint8_t MBEDTLS_PRIVATE(mac); /* mbedtls_md_type_t */ - uint8_t MBEDTLS_PRIVATE(key_exchange); /* mbedtls_key_exchange_type_t */ - uint8_t MBEDTLS_PRIVATE(flags); - - uint16_t MBEDTLS_PRIVATE(min_tls_version); /* mbedtls_ssl_protocol_version */ - uint16_t MBEDTLS_PRIVATE(max_tls_version); /* mbedtls_ssl_protocol_version */ -}; - -const int *mbedtls_ssl_list_ciphersuites(void); - -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name); -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id); - -static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info) -{ - return info->MBEDTLS_PRIVATE(name); -} - -static inline int mbedtls_ssl_ciphersuite_get_id(const mbedtls_ssl_ciphersuite_t *info) -{ - return info->MBEDTLS_PRIVATE(id); -} - -size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_ciphersuites.h */ diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h deleted file mode 100644 index ec54f614d3..0000000000 --- a/include/mbedtls/ssl_cookie.h +++ /dev/null @@ -1,90 +0,0 @@ -/** - * \file ssl_cookie.h - * - * \brief DTLS cookie callbacks implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_COOKIE_H -#define MBEDTLS_SSL_COOKIE_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/ssl.h" - - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h or define them on the compiler command line. - * \{ - */ -#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT -#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ -#endif - -/** \} name SECTION: Module settings */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Context for the default cookie functions. - */ -typedef struct mbedtls_ssl_cookie_ctx { - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */ - psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */ -#if !defined(MBEDTLS_HAVE_TIME) - unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ -#endif - unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, - or in number of tickets issued */ - -} mbedtls_ssl_cookie_ctx; - -/** - * \brief Initialize cookie context - */ -void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); - -/** - * \brief Setup cookie context (generate keys) - */ -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); - -/** - * \brief Set expiration delay for cookies - * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) - * - * \param ctx Cookie context - * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies - * issued in the meantime. - * 0 to disable expiration (NOT recommended) - */ -void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay); - -/** - * \brief Free cookie context - */ -void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx); - -/** - * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t - */ -mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; - -/** - * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t - */ -mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_cookie.h */ diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h deleted file mode 100644 index 5a2e4876e5..0000000000 --- a/include/mbedtls/ssl_ticket.h +++ /dev/null @@ -1,186 +0,0 @@ -/** - * \file ssl_ticket.h - * - * \brief TLS server ticket callbacks implementation - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_TICKET_H -#define MBEDTLS_SSL_TICKET_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -/* - * This implementation of the session ticket callbacks includes key - * management, rotating the keys periodically in order to preserve forward - * secrecy, when MBEDTLS_HAVE_TIME is defined. - */ - -#include "mbedtls/ssl.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#include "psa/crypto.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */ -#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */ - -/** - * \brief Information for session ticket protection - */ -typedef struct mbedtls_ssl_ticket_key { - unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; - /*!< random key identifier */ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ -#endif - /*! Lifetime of the key in seconds. This is also the lifetime of the - * tickets created under that key. - */ - uint32_t MBEDTLS_PRIVATE(lifetime); - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key); /*!< key used for auth enc/decryption */ - psa_algorithm_t MBEDTLS_PRIVATE(alg); /*!< algorithm of auth enc/decryption */ - psa_key_type_t MBEDTLS_PRIVATE(key_type); /*!< key type */ - size_t MBEDTLS_PRIVATE(key_bits); /*!< key length in bits */ -} -mbedtls_ssl_ticket_key; - -/** - * \brief Context for session ticket handling functions - */ -typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ - unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ - - /** Callback for getting (pseudo-)random numbers */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ssl_ticket_context; - -/** - * \brief Initialize a ticket context. - * (Just make it ready for mbedtls_ssl_ticket_setup() - * or mbedtls_ssl_ticket_free().) - * - * \param ctx Context to be initialized - */ -void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); - -/** - * \brief Prepare context to be actually used - * - * \param ctx Context to be set up - * \param alg AEAD cipher to use for ticket protection. - * \param key_type Cryptographic key type to use. - * \param key_bits Cryptographic key size to use in bits. - * \param lifetime Tickets lifetime in seconds - * Recommended value: 86400 (one day). - * - * \note It is highly recommended to select a cipher that is at - * least as strong as the strongest ciphersuite - * supported. Usually that means a 256-bit key. - * - * \note It is recommended to pick a reasonable lifetime so as not - * to negate the benefits of forward secrecy. - * - * \note The TLS 1.3 specification states that ticket lifetime must - * be smaller than seven days. If ticket lifetime has been - * set to a value greater than seven days in this module then - * if the TLS 1.3 is configured to send tickets after the - * handshake it will fail the connection when trying to send - * the first ticket. - * - * \return 0 if successful, - * or a specific MBEDTLS_ERR_XXX error code - */ -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, - uint32_t lifetime); - -/** - * \brief Rotate session ticket encryption key to new specified key. - * Provides for external control of session ticket encryption - * key rotation, e.g. for synchronization between different - * machines. If this function is not used, or if not called - * before ticket lifetime expires, then a new session ticket - * encryption key is generated internally in order to avoid - * unbounded session ticket encryption key lifetimes. - * - * \param ctx Context to be set up - * \param name Session ticket encryption key name - * \param nlength Session ticket encryption key name length in bytes - * \param k Session ticket encryption key - * \param klength Session ticket encryption key length in bytes - * \param lifetime Tickets lifetime in seconds - * Recommended value: 86400 (one day). - * - * \note \c name and \c k are recommended to be cryptographically - * random data. - * - * \note \c nlength must match sizeof( ctx->name ) - * - * \note \c klength must be sufficient for use by cipher specified - * to \c mbedtls_ssl_ticket_setup - * - * \note It is recommended to pick a reasonable lifetime so as not - * to negate the benefits of forward secrecy. - * - * \note The TLS 1.3 specification states that ticket lifetime must - * be smaller than seven days. If ticket lifetime has been - * set to a value greater than seven days in this module then - * if the TLS 1.3 is configured to send tickets after the - * handshake it will fail the connection when trying to send - * the first ticket. - * - * \return 0 if successful, - * or a specific MBEDTLS_ERR_XXX error code - */ -int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, - const unsigned char *name, size_t nlength, - const unsigned char *k, size_t klength, - uint32_t lifetime); - -/** - * \brief Implementation of the ticket write callback - * - * \note See \c mbedtls_ssl_ticket_write_t for description - */ -mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; - -/** - * \brief Implementation of the ticket parse callback - * - * \note See \c mbedtls_ssl_ticket_parse_t for description - */ -mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; - -/** - * \brief Free a context's content and zeroize it. - * - * \param ctx Context to be cleaned up - */ -void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* ssl_ticket.h */ diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h deleted file mode 100644 index 62ae1022d9..0000000000 --- a/include/mbedtls/timing.h +++ /dev/null @@ -1,94 +0,0 @@ -/** - * \file timing.h - * - * \brief Portable interface to timeouts and to the CPU cycle counter - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_TIMING_H -#define MBEDTLS_TIMING_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_TIMING_ALT) -// Regular implementation -// - -/** - * \brief timer structure - */ -struct mbedtls_timing_hr_time { - uint64_t MBEDTLS_PRIVATE(opaque)[4]; -}; - -/** - * \brief Context for mbedtls_timing_set/get_delay() - */ -typedef struct mbedtls_timing_delay_context { - struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer); - uint32_t MBEDTLS_PRIVATE(int_ms); - uint32_t MBEDTLS_PRIVATE(fin_ms); -} mbedtls_timing_delay_context; - -#else /* MBEDTLS_TIMING_ALT */ -#include "timing_alt.h" -#endif /* MBEDTLS_TIMING_ALT */ - -/* Internal use */ -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); - -/** - * \brief Set a pair of delays to watch - * (See \c mbedtls_timing_get_delay().) - * - * \param data Pointer to timing data. - * Must point to a valid \c mbedtls_timing_delay_context struct. - * \param int_ms First (intermediate) delay in milliseconds. - * The effect if int_ms > fin_ms is unspecified. - * \param fin_ms Second (final) delay in milliseconds. - * Pass 0 to cancel the current delay. - * - * \note To set a single delay, either use \c mbedtls_timing_set_timer - * directly or use this function with int_ms == fin_ms. - */ -void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms); - -/** - * \brief Get the status of delays - * (Memory helper: number of delays passed.) - * - * \param data Pointer to timing data - * Must point to a valid \c mbedtls_timing_delay_context struct. - * - * \return -1 if cancelled (fin_ms = 0), - * 0 if none of the delays are passed, - * 1 if only the intermediate delay is passed, - * 2 if the final delay is passed. - */ -int mbedtls_timing_get_delay(void *data); - -/** - * \brief Get the final timing delay - * - * \param data Pointer to timing data - * Must point to a valid \c mbedtls_timing_delay_context struct. - * - * \return Final timing delay in milliseconds. - */ -uint32_t mbedtls_timing_get_final_delay( - const mbedtls_timing_delay_context *data); - -#ifdef __cplusplus -} -#endif - -#endif /* timing.h */ diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h deleted file mode 100644 index 4a0b216e3b..0000000000 --- a/include/mbedtls/version.h +++ /dev/null @@ -1,69 +0,0 @@ -/** - * \file mbedtls/version.h - * - * \brief Run-time version information - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * This set of run-time variables can be used to determine the version number of - * the Mbed TLS library used. Compile-time version defines for the same can be - * found in build_info.h - */ -#ifndef MBEDTLS_VERSION_H -#define MBEDTLS_VERSION_H - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_VERSION_C) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Get the version number. - * - * \return The constructed version number in the format - * MMNNPP00 (Major, Minor, Patch). - */ -unsigned int mbedtls_version_get_number(void); - -/** - * Get a pointer to the version string ("x.y.z"). - */ -const char *mbedtls_version_get_string(void); - -/** - * Get a pointer to the full version string ("Mbed TLS x.y.z"). - */ -const char *mbedtls_version_get_string_full(void); - -/** - * \brief Check if support for a feature was compiled into this - * Mbed TLS binary. This allows you to see at runtime if the - * library was for instance compiled with or without - * Multi-threading support. - * - * \note only checks against defines in the sections "System - * support", "Mbed TLS modules" and "Mbed TLS feature - * support" in mbedtls_config.h - * - * \param feature The string for the define to check (e.g. "MBEDTLS_SSL_SRV_C") - * - * \return 0 if the feature is present, - * -1 if the feature is not present and - * -2 if support for feature checking as a whole was not - * compiled in. - */ -int mbedtls_version_check_feature(const char *feature); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_VERSION_C */ - -#endif /* version.h */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h deleted file mode 100644 index 8b6a1daee5..0000000000 --- a/include/mbedtls/x509.h +++ /dev/null @@ -1,493 +0,0 @@ -/** - * \file x509.h - * - * \brief X.509 generic defines and structures - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_H -#define MBEDTLS_X509_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/pk.h" - -/** - * \addtogroup x509_module - * \{ - */ - -#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA) -/** - * Maximum number of intermediate CAs in a verification chain. - * That is, maximum length of the chain, excluding the end-entity certificate - * and the trusted root certificate. - * - * Set this to a low value to prevent an adversary from making you waste - * resources verifying an overlong certificate chain. - */ -#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 -#endif - -/** - * \name X509 Error codes - * \{ - */ -/** Unavailable feature, e.g. RSA hashing/encryption combination. */ -#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 -/** Requested OID is unknown. */ -#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 -/** The CRT/CRL/CSR format is invalid, e.g. different type expected. */ -#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 -/** The CRT/CRL/CSR version element is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 -/** The serial tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 -/** The algorithm tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 -/** The name tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380 -/** The date tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 -/** The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 -/** The extension tag or value is invalid. */ -#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 -/** CRT/CRL/CSR has an unsupported version number. */ -#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 -/** Signature algorithm (oid) is unsupported. */ -#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 -/** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ -#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 -/** Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 -/** Format not recognized as DER or PEM. */ -#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 -/** Input invalid. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 -/** Allocation of memory failed. */ -#define MBEDTLS_ERR_X509_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY -/** Read/write of file failed. */ -#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 -/** Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL -/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ -#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 -/** \} name X509 Error codes */ - -/** - * \name X509 Verify codes - * \{ - */ -/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ -#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ -#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ -#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ -#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ -#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ -#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ -#define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */ -#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ -#define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ -#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ -#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ -#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ -#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ -#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ -#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 /**< The certificate is signed with an unacceptable hash. */ -#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ -#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */ -#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */ -#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ -#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */ - -/** \} name X509 Verify codes */ -/** \} addtogroup x509_module */ - -/* - * X.509 v3 Subject Alternative Name types. - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER - */ -#define MBEDTLS_X509_SAN_OTHER_NAME 0 -#define MBEDTLS_X509_SAN_RFC822_NAME 1 -#define MBEDTLS_X509_SAN_DNS_NAME 2 -#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3 -#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 -#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5 -#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 -#define MBEDTLS_X509_SAN_IP_ADDRESS 7 -#define MBEDTLS_X509_SAN_REGISTERED_ID 8 - -/* - * X.509 v3 Key Usage Extension flags - * Reminder: update mbedtls_x509_info_key_usage() when adding new flags. - */ -#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ -#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */ -#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ -#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ -#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */ -#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ -#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ -#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */ -#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */ - -/* - * Netscape certificate types - * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html) - */ - -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ -#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ -#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ -#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ -#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ -#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ -#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ - -/* - * X.509 extension types - * - * Comments refer to the status for using certificates. Status can be - * different for writing certificates or reading CRLs or CSRs. - */ -#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) -#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) -#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) -#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3) -#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4) -#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ -#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6) -#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) -#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ -#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9) -#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10) -#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) -#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) -#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) -#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) - -/* - * Storage format identifiers - * Recognized formats: PEM and DER - */ -#define MBEDTLS_X509_FORMAT_DER 1 -#define MBEDTLS_X509_FORMAT_PEM 2 - -#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures for parsing X.509 certificates, CRLs and CSRs - * \{ - */ - -/** - * Type-length-value structure that allows for ASN1 using DER. - */ -typedef mbedtls_asn1_buf mbedtls_x509_buf; - -/** - * Container for ASN1 bit strings. - */ -typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring; - -/** - * Container for ASN1 named information objects. - * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). - */ -typedef mbedtls_asn1_named_data mbedtls_x509_name; - -/** - * Container for a sequence of ASN.1 items - */ -typedef mbedtls_asn1_sequence mbedtls_x509_sequence; - -/* - * Container for the fields of the Authority Key Identifier object - */ -typedef struct mbedtls_x509_authority { - mbedtls_x509_buf keyIdentifier; - mbedtls_x509_sequence authorityCertIssuer; - mbedtls_x509_buf authorityCertSerialNumber; - mbedtls_x509_buf raw; -} -mbedtls_x509_authority; - -/** Container for date and time (precision in seconds). */ -typedef struct mbedtls_x509_time { - int year, mon, day; /**< Date. */ - int hour, min, sec; /**< Time. */ -} -mbedtls_x509_time; - -/** - * From RFC 5280 section 4.2.1.6: - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * Future versions of the library may add new fields to this structure or - * to its embedded union and structure. - */ -typedef struct mbedtls_x509_san_other_name { - /** - * The type_id is an OID as defined in RFC 5280. - * To check the value of the type id, you should use - * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. - */ - mbedtls_x509_buf type_id; /**< The type id. */ - union { - /** - * From RFC 4108 section 5: - * HardwareModuleName ::= SEQUENCE { - * hwType OBJECT IDENTIFIER, - * hwSerialNum OCTET STRING } - */ - struct { - mbedtls_x509_buf oid; /**< The object identifier. */ - mbedtls_x509_buf val; /**< The named value. */ - } - hardware_module_name; - } - value; -} -mbedtls_x509_san_other_name; - -/** - * A structure for holding the parsed Subject Alternative Name, - * according to type. - * - * Future versions of the library may add new fields to this structure or - * to its embedded union and structure. - */ -typedef struct mbedtls_x509_subject_alternative_name { - int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ - union { - mbedtls_x509_san_other_name other_name; - mbedtls_x509_name directory_name; - mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */ - } - san; /**< A union of the supported SAN types */ -} -mbedtls_x509_subject_alternative_name; - -typedef struct mbedtls_x509_san_list { - mbedtls_x509_subject_alternative_name node; - struct mbedtls_x509_san_list *next; -} -mbedtls_x509_san_list; - -/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ -/** \} addtogroup x509_module */ - -/** - * \brief Store the certificate DN in printable form into buf; - * no more than size characters will be written. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param dn The X509 name to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); - -/** - * \brief Convert the certificate DN string \p name into - * a linked list of mbedtls_x509_name (equivalent to - * mbedtls_asn1_named_data). - * - * \note This function allocates a linked list, and places the head - * pointer in \p head. This list must later be freed by a - * call to mbedtls_asn1_free_named_data_list(). - * - * \param[out] head Address in which to store the pointer to the head of the - * allocated list of mbedtls_x509_name. Must point to NULL on - * entry. - * \param[in] name The string representation of a DN to convert - * - * \return 0 on success, or a negative error code. - */ -int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name); - -/** - * \brief Return the next relative DN in an X509 name. - * - * \note Intended use is to compare function result to dn->next - * in order to detect boundaries of multi-valued RDNs. - * - * \param dn Current node in the X509 name - * - * \return Pointer to the first attribute-value pair of the - * next RDN in sequence, or NULL if end is reached. - */ -static inline mbedtls_x509_name *mbedtls_x509_dn_get_next( - mbedtls_x509_name *dn) -{ - while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) { - dn = dn->next; - } - return dn->next; -} - -/** - * \brief Store the certificate serial in printable form into buf; - * no more than size characters will be written. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param serial The X509 serial to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial); - -/** - * \brief Compare pair of mbedtls_x509_time. - * - * \param t1 mbedtls_x509_time to compare - * \param t2 mbedtls_x509_time to compare - * - * \return < 0 if t1 is before t2 - * 0 if t1 equals t2 - * > 0 if t1 is after t2 - */ -int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2); - -#if defined(MBEDTLS_HAVE_TIME_DATE) -/** - * \brief Fill mbedtls_x509_time with provided mbedtls_time_t. - * - * \param tt mbedtls_time_t to convert - * \param now mbedtls_x509_time to fill with converted mbedtls_time_t - * - * \return \c 0 on success - * \return A non-zero return value on failure. - */ -int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now); -#endif /* MBEDTLS_HAVE_TIME_DATE */ - -/** - * \brief Check a given mbedtls_x509_time against the system time - * and tell if it's in the past. - * - * \note Intended usage is "if( is_past( valid_to ) ) ERROR". - * Hence the return value of 1 if on internal errors. - * - * \param to mbedtls_x509_time to check - * - * \return 1 if the given time is in the past or an error occurred, - * 0 otherwise. - */ -int mbedtls_x509_time_is_past(const mbedtls_x509_time *to); - -/** - * \brief Check a given mbedtls_x509_time against the system time - * and tell if it's in the future. - * - * \note Intended usage is "if( is_future( valid_from ) ) ERROR". - * Hence the return value of 1 if on internal errors. - * - * \param from mbedtls_x509_time to check - * - * \return 1 if the given time is in the future or an error occurred, - * 0 otherwise. - */ -int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); - -/** - * \brief This function parses an item in the SubjectAlternativeNames - * extension. Please note that this function might allocate - * additional memory for a subject alternative name, thus - * mbedtls_x509_free_subject_alt_name has to be called - * to dispose of this additional memory afterwards. - * - * \param san_buf The buffer holding the raw data item of the subject - * alternative name. - * \param san The target structure to populate with the parsed presentation - * of the subject alternative name encoded in \p san_buf. - * - * \note Supported GeneralName types, as defined in RFC 5280: - * "rfc822Name", "dnsName", "directoryName", - * "uniformResourceIdentifier" and "hardware_module_name" - * of type "otherName", as defined in RFC 4108. - * - * \note This function should be called on a single raw data of - * subject alternative name. For example, after successful - * certificate parsing, one must iterate on every item in the - * \c crt->subject_alt_names sequence, and pass it to - * this function. - * - * \warning The target structure contains pointers to the raw data of the - * parsed certificate, and its lifetime is restricted by the - * lifetime of the certificate. - * - * \return \c 0 on success - * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported - * SAN type. - * \return Another negative value for any other failure. - */ -int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san); -/** - * \brief Unallocate all data related to subject alternative name - * - * \param san SAN structure - extra memory owned by this structure will be freed - */ -void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san); - -/** - * \brief This function parses a CN string as an IP address. - * - * \param cn The CN string to parse. CN string MUST be null-terminated. - * \param dst The target buffer to populate with the binary IP address. - * The buffer MUST be 16 bytes to save IPv6, and should be - * 4-byte aligned if the result will be used as struct in_addr. - * e.g. uint32_t dst[4] - * - * \note \p cn is parsed as an IPv6 address if string contains ':', - * else \p cn is parsed as an IPv4 address. - * - * \return Length of binary IP address; num bytes written to target. - * \return \c 0 on failure to parse CN string as an IP address. - */ -size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); - -#define MBEDTLS_X509_SAFE_SNPRINTF \ - do { \ - if (ret < 0 || (size_t) ret >= n) \ - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \ - \ - n -= (size_t) ret; \ - p += (size_t) ret; \ - } while (0) - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_X509_H */ diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h deleted file mode 100644 index 095cb5d9a5..0000000000 --- a/include/mbedtls/x509_crl.h +++ /dev/null @@ -1,180 +0,0 @@ -/** - * \file x509_crl.h - * - * \brief X.509 certificate revocation list parsing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_CRL_H -#define MBEDTLS_X509_CRL_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures and functions for parsing CRLs - * \{ - */ - -/** - * Certificate revocation list entry. - * Contains the CA-specific serial numbers and revocation dates. - * - * Some fields of this structure are publicly readable. Do not modify - * them except via Mbed TLS library functions: the effect of modifying - * those fields or the data that those fields points to is unspecified. - */ -typedef struct mbedtls_x509_crl_entry { - /** Direct access to the whole entry inside the containing buffer. */ - mbedtls_x509_buf raw; - /** The serial number of the revoked certificate. */ - mbedtls_x509_buf serial; - /** The revocation date of this entry. */ - mbedtls_x509_time revocation_date; - /** Direct access to the list of CRL entry extensions - * (an ASN.1 constructed sequence). - * - * If there are no extensions, `entry_ext.len == 0` and - * `entry_ext.p == NULL`. */ - mbedtls_x509_buf entry_ext; - - /** Next element in the linked list of entries. - * \p NULL indicates the end of the list. - * Do not modify this field directly. */ - struct mbedtls_x509_crl_entry *next; -} -mbedtls_x509_crl_entry; - -/** - * Certificate revocation list structure. - * Every CRL may have multiple entries. - */ -typedef struct mbedtls_x509_crl { - mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ - mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ - - int version; /**< CRL version (1=v1, 2=v2) */ - mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ - - mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ - - mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ - - mbedtls_x509_time this_update; - mbedtls_x509_time next_update; - - mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ - - mbedtls_x509_buf crl_ext; - - mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - - /** Next element in the linked list of CRL. - * \p NULL indicates the end of the list. - * Do not modify this field directly. */ - struct mbedtls_x509_crl *next; -} -mbedtls_x509_crl; - -/** - * \brief Parse a DER-encoded CRL and append it to the chained list - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param buf buffer holding the CRL data in DER format - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen); -/** - * \brief Parse one or more CRLs and append them to the chained list - * - * \note Multiple CRLs are accepted only if using PEM format - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param buf buffer holding the CRL data in PEM or DER format - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load one or more CRLs and append them to the chained list - * - * \note Multiple CRLs are accepted only if using PEM format - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param path filename to read the CRLs from (in PEM or DER encoding) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path); -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the CRL. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param crl The X509 CRL to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Initialize a CRL (chain) - * - * \param crl CRL chain to initialize - */ -void mbedtls_x509_crl_init(mbedtls_x509_crl *crl); - -/** - * \brief Unallocate all CRL data - * - * \param crl CRL chain to free - */ -void mbedtls_x509_crl_free(mbedtls_x509_crl *crl); - -/** \} name Structures and functions for parsing CRLs */ -/** \} addtogroup x509_module */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_crl.h */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h deleted file mode 100644 index 3352e3824a..0000000000 --- a/include/mbedtls/x509_crt.h +++ /dev/null @@ -1,1169 +0,0 @@ -/** - * \file x509_crt.h - * - * \brief X.509 certificate parsing and writing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_CRT_H -#define MBEDTLS_X509_CRT_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/private/bignum.h" - -/** - * \addtogroup x509_module - * \{ - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \name Structures and functions for parsing and writing X.509 certificates - * \{ - */ - -/** - * Container for an X.509 certificate. The certificate may be chained. - * - * Some fields of this structure are publicly readable. Do not modify - * them except via Mbed TLS library functions: the effect of modifying - * those fields or the data that those fields points to is unspecified. - */ -typedef struct mbedtls_x509_crt { - int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned - * by the structure or not. */ - mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ - mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ - - int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ - mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ - mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ - - mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ - mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ - - mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ - mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ - - mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ - mbedtls_x509_time valid_to; /**< End time of certificate validity. */ - - mbedtls_x509_buf pk_raw; - mbedtls_pk_context pk; /**< Container for the public key context. */ - - mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ - mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ - mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ - mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */ - mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */ - - mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ - - int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ - int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ - int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ - - unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */ - - mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ - - unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */ - - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - - /** Next certificate in the linked list that constitutes the CA chain. - * \p NULL indicates the end of the list. - * Do not modify this field directly. */ - struct mbedtls_x509_crt *next; -} -mbedtls_x509_crt; - -/** - * Build flag from an algorithm/curve identifier (pk, md, ecp) - * Since 0 is always XXX_NONE, ignore it. - */ -#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1)) - -/** - * Security profile for certificate verification. - * - * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). - * - * The fields of this structure are part of the public API and can be - * manipulated directly by applications. Future versions of the library may - * add extra fields or reorder existing fields. - * - * You can create custom profiles by starting from a copy of - * an existing profile, such as mbedtls_x509_crt_profile_default or - * mbedtls_x509_ctr_profile_none and then tune it to your needs. - * - * For example to allow SHA-224 in addition to the default: - * - * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; - * my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); - * - * Or to allow only RSA-3072+ with SHA-256: - * - * mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none; - * my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ); - * my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ); - * my_profile.rsa_min_bitlen = 3072; - */ -typedef struct mbedtls_x509_crt_profile { - uint32_t allowed_mds; /**< MDs for signatures */ - uint32_t allowed_pks; /**< PK algs for public keys; - * this applies to all certificates - * in the provided chain. */ - uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ - uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ -} -mbedtls_x509_crt_profile; - -#define MBEDTLS_X509_CRT_VERSION_1 0 -#define MBEDTLS_X509_CRT_VERSION_2 1 -#define MBEDTLS_X509_CRT_VERSION_3 2 - -#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 20 -#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 - -#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN) -#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 -#endif - -/* This macro unfolds to the concatenation of macro invocations - * X509_CRT_ERROR_INFO( error code, - * error code as string, - * human readable description ) - * where X509_CRT_ERROR_INFO is defined by the user. - * See x509_crt.c for an example of how to use this. */ -#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED, \ - "MBEDTLS_X509_BADCERT_EXPIRED", \ - "The certificate validity has expired") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED, \ - "MBEDTLS_X509_BADCERT_REVOKED", \ - "The certificate has been revoked (is on a CRL)") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_CN_MISMATCH, \ - "MBEDTLS_X509_BADCERT_CN_MISMATCH", \ - "The certificate Common Name (CN) does not match with the expected CN") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NOT_TRUSTED, \ - "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \ - "The certificate is not correctly signed by the trusted CA") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED, \ - "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \ - "The CRL is not correctly signed by the trusted CA") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED, \ - "MBEDTLS_X509_BADCRL_EXPIRED", \ - "The CRL is expired") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING, \ - "MBEDTLS_X509_BADCERT_MISSING", \ - "Certificate was missing") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY, \ - "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \ - "Certificate verification was skipped") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER, \ - "MBEDTLS_X509_BADCERT_OTHER", \ - "Other reason (can be used by verify callback)") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE, \ - "MBEDTLS_X509_BADCERT_FUTURE", \ - "The certificate validity starts in the future") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE, \ - "MBEDTLS_X509_BADCRL_FUTURE", \ - "The CRL is from the future") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE, \ - "MBEDTLS_X509_BADCERT_KEY_USAGE", \ - "Usage does not match the keyUsage extension") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \ - "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \ - "Usage does not match the extendedKeyUsage extension") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \ - "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \ - "Usage does not match the nsCertType extension") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_MD, \ - "MBEDTLS_X509_BADCERT_BAD_MD", \ - "The certificate is signed with an unacceptable hash.") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_PK, \ - "MBEDTLS_X509_BADCERT_BAD_PK", \ - "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_BAD_KEY, \ - "MBEDTLS_X509_BADCERT_BAD_KEY", \ - "The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD, \ - "MBEDTLS_X509_BADCRL_BAD_MD", \ - "The CRL is signed with an unacceptable hash.") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_PK, \ - "MBEDTLS_X509_BADCRL_BAD_PK", \ - "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY, \ - "MBEDTLS_X509_BADCRL_BAD_KEY", \ - "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).") - -/** - * Container for writing a certificate (CRT) - */ -typedef struct mbedtls_x509write_cert { - int MBEDTLS_PRIVATE(version); - unsigned char MBEDTLS_PRIVATE(serial)[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN]; - size_t MBEDTLS_PRIVATE(serial_len); - mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key); - mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer); - mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); -} -mbedtls_x509write_cert; - -/** - * \brief Set Subject Alternative Name - * - * \param ctx Certificate context to use - * \param san_list List of SAN values - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - * - * \note "dnsName", "uniformResourceIdentifier", "IP address", - * "otherName", and "DirectoryName", as defined in RFC 5280, - * are supported. - */ -int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, - const mbedtls_x509_san_list *san_list); - -/** - * Item in a verification chain: cert and flags for it - */ -typedef struct { - mbedtls_x509_crt *MBEDTLS_PRIVATE(crt); - uint32_t MBEDTLS_PRIVATE(flags); -} mbedtls_x509_crt_verify_chain_item; - -/** - * Max size of verification chain: end-entity + intermediates + trusted root - */ -#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) - -/** - * Verification chain as built by \c mbedtls_crt_verify_chain() - */ -typedef struct { - mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; - unsigned MBEDTLS_PRIVATE(len); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - /* This stores the list of potential trusted signers obtained from - * the CA callback used for the CRT verification, if configured. - * We must track it somewhere because the callback passes its - * ownership to the caller. */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -} mbedtls_x509_crt_verify_chain; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - -/** - * \brief Context for resuming X.509 verify operations - */ -typedef struct { - /* for check_signature() */ - mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk); - - /* for find_parent_in() */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */ - mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent); - int MBEDTLS_PRIVATE(fallback_signature_is_good); - - /* for find_parent() */ - int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */ - - /* for verify_chain() */ - enum { - x509_crt_rs_none, - x509_crt_rs_find_parent, - } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */ - int MBEDTLS_PRIVATE(self_cnt); - mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain); - -} mbedtls_x509_crt_restart_ctx; - -#else /* MBEDTLS_ECP_RESTARTABLE */ - -/* Now we can declare functions that take a pointer to that */ -typedef void mbedtls_x509_crt_restart_ctx; - -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/** - * Default security profile. Should provide a good balance between security - * and compatibility with current deployments. - * - * This profile permits: - * - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512. - * - Elliptic curves with 255 bits and above except secp256k1. - * - RSA with 2048 bits and above. - * - * New minor versions of Mbed TLS may extend this profile, for example if - * new algorithms are added to the library. New minor versions of Mbed TLS will - * not reduce this profile unless serious security concerns require it. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; - -/** - * Expected next default profile. Recommended for new deployments. - * Currently targets a 128-bit security level, except for allowing RSA-2048. - * This profile may change at any time. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; - -/** - * NSA Suite B profile. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; - -/** - * Empty profile that allows nothing. Useful as a basis for constructing - * custom profiles. - */ -extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none; - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * - * \note This function makes an internal copy of the CRT buffer - * \p buf. In particular, \p buf may be destroyed or reused - * after this call returns. To avoid duplicating the CRT - * buffer (at the cost of stricter lifetime constraints), - * use mbedtls_x509_crt_parse_der_nocopy() instead. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen); - -/** - * \brief The type of certificate extension callbacks. - * - * Callbacks of this type are passed to and used by the - * mbedtls_x509_crt_parse_der_with_ext_cb() routine when - * it encounters either an unsupported extension or a - * "certificate policies" extension containing any - * unsupported certificate policies. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \param p_ctx An opaque context passed to the callback. - * \param crt The certificate being parsed. - * \param oid The OID of the extension. - * \param critical Whether the extension is critical. - * \param p Pointer to the start of the extension value - * (the content of the OCTET STRING). - * \param end End of extension value. - * - * \note The callback must fail and return a negative error code - * if it can not parse or does not support the extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx, - mbedtls_x509_crt const *crt, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *p, - const unsigned char *end); - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * \param make_copy When not zero this function makes an internal copy of the - * CRT buffer \p buf. In particular, \p buf may be destroyed - * or reused after this call returns. - * When zero this function avoids duplicating the CRT buffer - * by taking temporary ownership thereof until the CRT - * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) - * \param cb A callback invoked for every unsupported certificate - * extension. - * \param p_ctx An opaque context passed to the callback. - * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), and/or - * mbedtls_x509_crt_parse_der_nocopy() - * but it calls the callback with every unsupported - * certificate extension and additionally the - * "certificate policies" extension if it contains any - * unsupported certificate policies. - * The callback must return a negative error code if it - * does not know how to handle such an extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx); - -/** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. This is a - * variant of mbedtls_x509_crt_parse_der() which takes - * temporary ownership of the CRT buffer until the CRT - * is destroyed. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The address of the readable buffer holding the DER encoded - * certificate to use. On success, this buffer must be - * retained and not be changed for the lifetime of the - * CRT chain \p chain, that is, until \p chain is destroyed - * through a call to mbedtls_x509_crt_free(). - * \param buflen The size in Bytes of \p buf. - * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), but it avoids creating a - * copy of the input buffer at the cost of stronger lifetime - * constraints. This is useful in constrained environments - * where duplication of the CRT cannot be tolerated. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen); - -/** - * \brief Parse one DER-encoded or one or more concatenated PEM-encoded - * certificates and add them to the chained list. - * - * For CRTs in PEM encoding, the function parses permissively: - * if at least one certificate can be parsed, the function - * returns the number of certificates for which parsing failed - * (hence \c 0 if all certificates were parsed successfully). - * If no certificate could be parsed, the function returns - * the first (negative) error encountered during parsing. - * - * PEM encoded certificates may be interleaved by other data - * such as human readable descriptions of their content, as - * long as the certificates are enclosed in the PEM specific - * '-----{BEGIN/END} CERTIFICATE-----' delimiters. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain The chain to which to add the parsed certificates. - * \param buf The buffer holding the certificate data in PEM or DER format. - * For certificates in PEM encoding, this may be a concatenation - * of multiple certificates; for DER encoding, the buffer must - * comprise exactly one certificate. - * \param buflen The size of \p buf, including the terminating \c NULL byte - * in case of PEM encoded data. - * - * \return \c 0 if all certificates were parsed successfully. - * \return The (positive) number of certificates that couldn't - * be parsed if parsing was partly successful (see above). - * \return A negative X509 or PEM error code otherwise. - * - */ -int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load one or more certificates and add them - * to the chained list. Parses permissively. If some - * certificates can be parsed, the result is the number - * of failed certificates it encountered. If none complete - * correctly, the first error is returned. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param chain points to the start of the chain - * \param path filename to read the certificates from - * - * \return 0 if all certificates parsed successfully, a positive number - * if partly successful or a specific X509 or PEM error code - */ -int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path); - -/** - * \brief Load one or more certificate files from a path and add them - * to the chained list. Parses permissively. If some - * certificates can be parsed, the result is the number - * of failed certificates it encountered. If none complete - * correctly, the first error is returned. - * - * \param chain points to the start of the chain - * \param path directory / folder to read the certificate files from - * - * \return 0 if all certificates parsed successfully, a positive number - * if partly successful or a specific X509 or PEM error code - */ -int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); - -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the - * certificate. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param crt The X509 certificate to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt); - -/** - * \brief Returns an informational string about the - * verification status of a certificate. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param flags Verification flags created by mbedtls_x509_crt_verify() - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, - uint32_t flags); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Verify a chain of certificates. - * - * The verify callback is a user-supplied callback that - * can clear / modify / add flags for a certificate. If set, - * the verification callback is called for each - * certificate in the chain (from the trust-ca down to the - * presented crt). The parameters for the callback are: - * (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, - * int *flags). With the flags representing current flags for - * that specific certificate and the certificate depth from - * the bottom (Peer cert depth = 0). - * - * All flags left after returning from the callback - * are also returned to the application. The function should - * return 0 for anything (including invalid certificates) - * other than fatal error, as a non-zero return code - * immediately aborts the verification process. For fatal - * errors, a specific error code should be used (different - * from #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not - * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR - * can be used if no better code is available. - * - * \note In case verification failed, the results can be displayed - * using \c mbedtls_x509_crt_verify_info() - * - * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the - * default security profile. - * - * \note It is your responsibility to provide up-to-date CRLs for - * all trusted CAs. If no CRL is provided for the CA that was - * used to sign the certificate, CRL verification is skipped - * silently, that is *without* setting any flag. - * - * \note The \c trust_ca list can contain two types of certificates: - * (1) those of trusted root CAs, so that certificates - * chaining up to those CAs will be trusted, and (2) - * self-signed end-entity certificates to be trusted (for - * specific peers you know) - in that case, the self-signed - * certificate doesn't need to have the CA bit set. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param cn The expected Common Name. This will be checked to be - * present in the certificate's subjectAltNames extension or, - * if this extension is absent, as a CN component in its - * Subject name. DNS names and IP addresses are fully - * supported, while the URI subtype is partially supported: - * only exact matching, without any normalization procedures - * described in 7.4 of RFC5280, will result in a positive - * URI verification. - * This may be \c NULL if the CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return \c 0 if the chain is valid with respect to the - * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the - * certificate chain verification failed. In this case, - * \c *flags will have one or more - * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX - * flags set. - * \return Another negative error code in case of a fatal error - * encountered during the verification process. - */ -int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); - -/** - * \brief Verify a chain of certificates with respect to - * a configurable security profile. - * - * \note Same as \c mbedtls_x509_crt_verify(), but with explicit - * security profile. - * - * \note The restrictions on keys (RSA minimum size, allowed curves - * for ECDSA) apply to all certificates: trusted root, - * intermediate CAs if any, and end entity certificate. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param profile The security profile to use for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return \c 0 if the chain is valid with respect to the - * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the - * certificate chain verification failed. In this case, - * \c *flags will have one or more - * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX - * flags set. - * \return Another negative error code in case of a fatal error - * encountered during the verification process. - */ -int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); - -/** - * \brief Restartable version of \c mbedtls_crt_verify_with_profile() - * - * \note Performs the same job as \c mbedtls_crt_verify_with_profile() - * but can return early and restart according to the limit - * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. - * - * \param crt The certificate chain to be verified. - * \param trust_ca The list of trusted CAs. - * \param ca_crl The list of CRLs for trusted CAs. - * \param profile The security profile to use for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * \param rs_ctx The restart context to use. This may be set to \c NULL - * to disable restartable ECC. - * - * \return See \c mbedtls_crt_verify_with_profile(), or - * \return #PSA_OPERATION_INCOMPLETE if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). - */ -int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx); - -/** - * \brief The type of trusted certificate callbacks. - * - * Callbacks of this type are passed to and used by the CRT - * verification routine mbedtls_x509_crt_verify_with_ca_cb() - * when looking for trusted signers of a given certificate. - * - * On success, the callback returns a list of trusted - * certificates to be considered as potential signers - * for the input certificate. - * - * \param p_ctx An opaque context passed to the callback. - * \param child The certificate for which to search a potential signer. - * This will point to a readable certificate. - * \param candidate_cas The address at which to store the address of the first - * entry in the generated linked list of candidate signers. - * This will not be \c NULL. - * - * \note The callback must only return a non-zero value on a - * fatal error. If, in contrast, the search for a potential - * signer completes without a single candidate, the - * callback must return \c 0 and set \c *candidate_cas - * to \c NULL. - * - * \return \c 0 on success. In this case, \c *candidate_cas points - * to a heap-allocated linked list of instances of - * ::mbedtls_x509_crt, and ownership of this list is passed - * to the caller. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx, - mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidate_cas); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/** - * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which - * uses a callback to acquire the list of trusted CA - * certificates. - * - * \param crt The certificate chain to be verified. - * \param f_ca_cb The callback to be used to query for potential signers - * of a given child certificate. See the documentation of - * ::mbedtls_x509_crt_ca_cb_t for more information. - * \param p_ca_cb The opaque context to be passed to \p f_ca_cb. - * \param profile The security profile for the verification. - * \param cn The expected Common Name. This may be \c NULL if the - * CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is - * set to (uint32_t) -1. - * \param f_vrfy The verification callback to use. See the documentation - * of mbedtls_x509_crt_verify() for more information. - * \param p_vrfy The context to be passed to \p f_vrfy. - * - * \return See \c mbedtls_crt_verify_with_profile(). - */ -int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy); - -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/** - * \brief Check usage of certificate against keyUsage extension. - * - * \param crt Leaf certificate used. - * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT - * before using the certificate to perform an RSA key - * exchange). - * - * \note Except for decipherOnly and encipherOnly, a bit set in the - * usage argument means this bit MUST be set in the - * certificate. For decipherOnly and encipherOnly, it means - * that bit MAY be set. - * - * \return 0 is these uses of the certificate are allowed, - * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension - * is present but does not match the usage argument. - * - * \note You should only call this function on leaf certificates, on - * (intermediate) CAs the keyUsage extension is automatically - * checked by \c mbedtls_x509_crt_verify(). - */ -int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, - unsigned int usage); - -/** - * \brief Check usage of certificate against extendedKeyUsage. - * - * \param crt Leaf certificate used. - * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or - * MBEDTLS_OID_CLIENT_AUTH). - * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). - * - * \return 0 if this use of the certificate is allowed, - * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. - * - * \note Usually only makes sense on leaf certificates. - */ -int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len); - -#if defined(MBEDTLS_X509_CRL_PARSE_C) -/** - * \brief Verify the certificate revocation status - * - * \param crt a certificate to be verified - * \param crl the CRL to verify against - * - * \return 1 if the certificate is revoked, 0 otherwise - * - */ -int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl); -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - -/** - * \brief Initialize a certificate (chain) - * - * \param crt Certificate chain to initialize - */ -void mbedtls_x509_crt_init(mbedtls_x509_crt *crt); - -/** - * \brief Unallocate all certificate data - * - * \param crt Certificate chain to free - */ -void mbedtls_x509_crt_free(mbedtls_x509_crt *crt); - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/** - * \brief Initialize a restart context - */ -void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx); - -/** - * \brief Free the components of a restart context - */ -void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx); -#endif /* MBEDTLS_ECP_RESTARTABLE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/** - * \brief Query certificate for given extension type - * - * \param[in] ctx Certificate context to be queried, must not be \c NULL - * \param ext_type Extension type being queried for, must be a valid - * extension type. Must be one of the MBEDTLS_X509_EXT_XXX - * values - * - * \return 0 if the given extension type is not present, - * non-zero otherwise - */ -static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, - int ext_type) -{ - return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type; -} - -/** - * \brief Access the ca_istrue field - * - * \param[in] crt Certificate to be queried, must not be \c NULL - * - * \return \c 1 if this a CA certificate \c 0 otherwise. - * \return MBEDTLS_ERR_X509_INVALID_EXTENSIONS if the certificate does not contain - * the Optional Basic Constraint extension. - * - */ -int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt); - -/** \} name Structures and functions for parsing and writing X.509 certificates */ - -#if defined(MBEDTLS_X509_CRT_WRITE_C) -/** - * \brief Initialize a CRT writing context - * - * \param ctx CRT context to initialize - */ -void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx); - -/** - * \brief Set the version for a Certificate - * Default: MBEDTLS_X509_CRT_VERSION_3 - * - * \param ctx CRT context to use - * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or - * MBEDTLS_X509_CRT_VERSION_3) - */ -void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version); - -/** - * \brief Set the serial number for a Certificate. - * - * \param ctx CRT context to use - * \param serial A raw array of bytes containing the serial number in big - * endian format - * \param serial_len Length of valid bytes (expressed in bytes) in \p serial - * input buffer - * - * \return 0 if successful, or - * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer - * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) - */ -int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - const unsigned char *serial, size_t serial_len); - -/** - * \brief Set the validity period for a Certificate - * Timestamps should be in string format for UTC timezone - * i.e. "YYYYMMDDhhmmss" - * e.g. "20131231235959" for December 31st 2013 - * at 23:59:59 - * - * \param ctx CRT context to use - * \param not_before not_before timestamp - * \param not_after not_after timestamp - * - * \return 0 if timestamp was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, - const char *not_after); - -/** - * \brief Set the issuer name for a Certificate - * Issuer names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=Mbed TLS CA" - * - * \param ctx CRT context to use - * \param issuer_name issuer name to set - * - * \return 0 if issuer name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, - const char *issuer_name); - -/** - * \brief Set the subject name for a Certificate - * Subject names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1" - * - * \param ctx CRT context to use - * \param subject_name subject name to set - * - * \return 0 if subject name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, - const char *subject_name); - -/** - * \brief Set the subject public key for the certificate - * - * \param ctx CRT context to use - * \param key public key to include - */ -void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); - -/** - * \brief Set the issuer key used for signing the certificate - * - * \param ctx CRT context to use - * \param key private key to sign with - */ -void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); - -/** - * \brief Set the MD algorithm to use for the signature - * (e.g. MBEDTLS_MD_SHA1) - * - * \param ctx CRT context to use - * \param md_alg MD algorithm to use - */ -void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg); - -/** - * \brief Generic function to add to or replace an extension in the - * CRT - * - * \param ctx CRT context to use - * \param oid OID of the extension - * \param oid_len length of the OID - * \param critical if the extension is critical (per the RFC's definition) - * \param val value of the extension OCTET STRING - * \param val_len length of the value data - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len); - -/** - * \brief Set the basicConstraints extension for a CRT - * - * \param ctx CRT context to use - * \param is_ca is this a CA certificate - * \param max_pathlen maximum length of certificate chains below this - * certificate (only for CA certificates, -1 is - * unlimited) - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen); - -#if defined(PSA_WANT_ALG_SHA_1) -/** - * \brief Set the subjectKeyIdentifier extension for a CRT - * Requires that mbedtls_x509write_crt_set_subject_key() has been - * called before - * - * \param ctx CRT context to use - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); - -/** - * \brief Set the authorityKeyIdentifier extension for a CRT - * Requires that mbedtls_x509write_crt_set_issuer_key() has been - * called before - * - * \param ctx CRT context to use - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); -#endif /* PSA_WANT_ALG_SHA_1 */ - -/** - * \brief Set the Key Usage Extension flags - * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) - * - * \param ctx CRT context to use - * \param key_usage key usage flags to set - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, - unsigned int key_usage); - -/** - * \brief Set the Extended Key Usage Extension - * (e.g. MBEDTLS_OID_SERVER_AUTH) - * - * \param ctx CRT context to use - * \param exts extended key usage extensions to set, a sequence of - * MBEDTLS_ASN1_OID objects - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, - const mbedtls_asn1_sequence *exts); - -/** - * \brief Set the Netscape Cert Type flags - * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) - * - * \param ctx CRT context to use - * \param ns_cert_type Netscape Cert Type flags to set - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type); - -/** - * \brief Free the contents of a CRT write context - * - * \param ctx CRT context to free - */ -void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); - -/** - * \brief Write a built up certificate to a X509 DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx certificate to write away - * \param buf buffer to write to - * \param size size of the buffer - * - * \return length of data written if successful, or a specific - * error code - */ -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a built up certificate to a X509 PEM string - * - * \param ctx certificate to write away - * \param buf buffer to write to - * \param size size of the buffer - * - * \return 0 if successful, or a specific error code - * - */ -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -#endif /* MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_X509_CRT_WRITE_C */ - -/** \} addtogroup x509_module */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_crt.h */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h deleted file mode 100644 index 60a553f55d..0000000000 --- a/include/mbedtls/x509_csr.h +++ /dev/null @@ -1,368 +0,0 @@ -/** - * \file x509_csr.h - * - * \brief X.509 certificate signing request parsing and writing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_CSR_H -#define MBEDTLS_X509_CSR_H -#include "mbedtls/private_access.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/x509.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \addtogroup x509_module - * \{ */ - -/** - * \name Structures and functions for X.509 Certificate Signing Requests (CSR) - * \{ - */ - -/** - * Certificate Signing Request (CSR) structure. - * - * Some fields of this structure are publicly readable. Do not modify - * them except via Mbed TLS library functions: the effect of modifying - * those fields or the data that those fields point to is unspecified. - */ -typedef struct mbedtls_x509_csr { - mbedtls_x509_buf raw; /**< The raw CSR data (DER). */ - mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ - - int version; /**< CSR version (1=v1). */ - - mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */ - mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ - - mbedtls_pk_context pk; /**< Container for the public key context. */ - - unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ - unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ - - int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ - - mbedtls_x509_buf sig_oid; - mbedtls_x509_buf MBEDTLS_PRIVATE(sig); - mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ -} -mbedtls_x509_csr; - -/** - * Container for writing a CSR - */ -typedef struct mbedtls_x509write_csr { - mbedtls_pk_context *MBEDTLS_PRIVATE(key); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); - mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); -} -mbedtls_x509write_csr; - -#if defined(MBEDTLS_X509_CSR_PARSE_C) -/** - * \brief Load a Certificate Signing Request (CSR) in DER format - * - * \note Any unsupported requested extensions are silently - * ignored, unless the critical flag is set, in which case - * the CSR is rejected. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * - * \return 0 if successful, or a specific X509 error code - */ -int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen); - -/** - * \brief The type of certificate extension callbacks. - * - * Callbacks of this type are passed to and used by the - * mbedtls_x509_csr_parse_der_with_ext_cb() routine when - * it encounters either an unsupported extension. - * Future versions of the library may invoke the callback - * in other cases, if and when the need arises. - * - * \param p_ctx An opaque context passed to the callback. - * \param csr The CSR being parsed. - * \param oid The OID of the extension. - * \param critical Whether the extension is critical. - * \param p Pointer to the start of the extension value - * (the content of the OCTET STRING). - * \param end End of extension value. - * - * \note The callback must fail and return a negative error code - * if it can not parse or does not support the extension. - * When the callback fails to parse a critical extension - * mbedtls_x509_csr_parse_der_with_ext_cb() also fails. - * When the callback fails to parse a non critical extension - * mbedtls_x509_csr_parse_der_with_ext_cb() simply skips - * the extension and continues parsing. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx, - mbedtls_x509_csr const *csr, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *p, - const unsigned char *end); - -/** - * \brief Load a Certificate Signing Request (CSR) in DER format - * - * \note Any unsupported requested extensions are silently - * ignored, unless the critical flag is set, in which case - * the result of the callback function decides whether - * CSR is rejected. - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * \param cb A callback invoked for every unsupported certificate - * extension. - * \param p_ctx An opaque context passed to the callback. - * - * \return 0 if successful, or a specific X509 error code - */ -int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx); - -/** - * \brief Load a Certificate Signing Request (CSR), DER or PEM format - * - * \note See notes for \c mbedtls_x509_csr_parse_der() - * - * \note The PSA crypto subsystem must have been initialized by - * calling psa_crypto_init() before calling this function. - * - * \param csr CSR context to fill - * \param buf buffer holding the CRL data - * \param buflen size of the buffer - * (including the terminating null byte for PEM data) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen); - -#if defined(MBEDTLS_FS_IO) -/** - * \brief Load a Certificate Signing Request (CSR) - * - * \note See notes for \c mbedtls_x509_csr_parse() - * - * \param csr CSR context to fill - * \param path filename to read the CSR from - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path); -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Returns an informational string about the - * CSR. - * - * \param buf Buffer to write to - * \param size Maximum size of buffer - * \param prefix A line prefix - * \param csr The X509 CSR to represent - * - * \return The length of the string written (not including the - * terminated nul byte), or a negative error code. - */ -int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/** - * \brief Initialize a CSR - * - * \param csr CSR to initialize - */ -void mbedtls_x509_csr_init(mbedtls_x509_csr *csr); - -/** - * \brief Unallocate all CSR data - * - * \param csr CSR to free - */ -void mbedtls_x509_csr_free(mbedtls_x509_csr *csr); -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - -/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */ - -#if defined(MBEDTLS_X509_CSR_WRITE_C) -/** - * \brief Initialize a CSR context - * - * \param ctx CSR context to initialize - */ -void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx); - -/** - * \brief Set the subject name for a CSR - * Subject names should contain a comma-separated list - * of OID types and values: - * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1" - * - * \param ctx CSR context to use - * \param subject_name subject name to set - * - * \return 0 if subject name was parsed successfully, or - * a specific error code - */ -int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, - const char *subject_name); - -/** - * \brief Set the key for a CSR (public key will be included, - * private key used to sign the CSR when writing it) - * - * \param ctx CSR context to use - * \param key Asymmetric key to include - */ -void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key); - -/** - * \brief Set the MD algorithm to use for the signature - * (e.g. MBEDTLS_MD_SHA1) - * - * \param ctx CSR context to use - * \param md_alg MD algorithm to use - */ -void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg); - -/** - * \brief Set the Key Usage Extension flags - * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) - * - * \param ctx CSR context to use - * \param key_usage key usage flags to set - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - * - * \note The decipherOnly flag from the Key Usage - * extension is represented by bit 8 (i.e. - * 0x8000), which cannot typically be represented - * in an unsigned char. Therefore, the flag - * decipherOnly (i.e. - * #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this - * function. - */ -int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage); - -/** - * \brief Set Subject Alternative Name - * - * \param ctx CSR context to use - * \param san_list List of SAN values - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - * - * \note Only "dnsName", "uniformResourceIdentifier" and "otherName", - * as defined in RFC 5280, are supported. - */ -int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx, - const mbedtls_x509_san_list *san_list); - -/** - * \brief Set the Netscape Cert Type flags - * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) - * - * \param ctx CSR context to use - * \param ns_cert_type Netscape Cert Type flags to set - * - * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type); - -/** - * \brief Generic function to add to or replace an extension in the - * CSR - * - * \param ctx CSR context to use - * \param oid OID of the extension - * \param oid_len length of the OID - * \param critical Set to 1 to mark the extension as critical, 0 otherwise. - * \param val value of the extension OCTET STRING - * \param val_len length of the value data - * - * \return 0 if successful, or a #PSA_ERROR_INSUFFICIENT_MEMORY - */ -int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len); - -/** - * \brief Free the contents of a CSR context - * - * \param ctx CSR context to free - */ -void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); - -/** - * \brief Write a CSR (Certificate Signing Request) to a - * DER structure - * Note: data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - * - * \param ctx CSR to write away - * \param buf buffer to write to - * \param size size of the buffer - * - * \return length of data written if successful, or a specific - * error code - * - */ -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); - -#if defined(MBEDTLS_PEM_WRITE_C) -/** - * \brief Write a CSR (Certificate Signing Request) to a - * PEM string - * - * \param ctx CSR to write away - * \param buf buffer to write to - * \param size size of the buffer - * - * \return 0 if successful, or a specific error code - * - */ -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); -#endif /* MBEDTLS_PEM_WRITE_C */ -#endif /* MBEDTLS_X509_CSR_WRITE_C */ - -/** \} addtogroup x509_module */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_x509_csr.h */ diff --git a/library/.gitignore b/library/.gitignore deleted file mode 100644 index 92a33de2bc..0000000000 --- a/library/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -libmbed* -*.sln -*.vcxproj - -###START_GENERATED_FILES### -/error.c -/mbedtls_config_check_before.h -/mbedtls_config_check_final.h -/mbedtls_config_check_user.h -/version_features.c -/ssl_debug_helpers_generated.c -###END_GENERATED_FILES### diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt deleted file mode 100644 index 5474e2cacf..0000000000 --- a/library/CMakeLists.txt +++ /dev/null @@ -1,376 +0,0 @@ -set(src_x509 - error.c - mbedtls_config.c - pkcs7.c - x509.c - x509_create.c - x509_crl.c - x509_crt.c - x509_csr.c - x509_oid.c - x509write.c - x509write_crt.c - x509write_csr.c -) - -set(src_tls - debug.c - mps_reader.c - mps_trace.c - net_sockets.c - ssl_cache.c - ssl_ciphersuites.c - ssl_client.c - ssl_cookie.c - ssl_debug_helpers_generated.c - ssl_msg.c - ssl_ticket.c - ssl_tls.c - ssl_tls12_client.c - ssl_tls12_server.c - ssl_tls13_keys.c - ssl_tls13_server.c - ssl_tls13_client.c - ssl_tls13_generic.c - timing.c - version.c - version_features.c -) - -if(GEN_FILES) - find_package(Perl REQUIRED) - - file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/*.h) - file(GLOB tls_error_headers ${MBEDTLS_DIR}/include/mbedtls/*.h) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/error.c - COMMAND - ${PERL_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls - ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files - ${CMAKE_CURRENT_BINARY_DIR}/${TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_DIR}/error.c - DEPENDS - ${MBEDTLS_DIR}/scripts/generate_errors.pl - ${crypto_error_headers} - ${tls_error_headers} - ${MBEDTLS_DIR}/scripts/data_files/error.fmt - ) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/version_features.c - COMMAND - ${PERL_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files - ${CMAKE_CURRENT_BINARY_DIR}/version_features.c - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_features.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt - ) - - execute_process( - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_DIR}/scripts/generate_config_checks.py - --list-for-cmake "${CMAKE_CURRENT_BINARY_DIR}" - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - OUTPUT_VARIABLE - MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS) - - add_custom_command( - OUTPUT ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_DIR}/scripts/generate_config_checks.py - ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS - ${MBEDTLS_DIR}/scripts/generate_config_checks.py - ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/config_checks_generator.py - ) - - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py - --mbedtls-root ${CMAKE_CURRENT_SOURCE_DIR}/.. - ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py - ${tls_error_headers} - ) - - add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target - DEPENDS - ${CMAKE_CURRENT_BINARY_DIR}/error.c - ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} - ) - - add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target - DEPENDS - ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c - ${CMAKE_CURRENT_BINARY_DIR}/version_features.c - ) - - # List generated headers as sources explicitly. Normally CMake finds - # headers by tracing include directives, but if that happens before the - # generated headers are generated, this process doesn't find them. - list(APPEND src_x509 - ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} - ) -endif() - -if(CMAKE_COMPILER_IS_GNUCC) - set(LIBS_C_FLAGS -Wmissing-declarations) -endif(CMAKE_COMPILER_IS_GNUCC) - -if(CMAKE_COMPILER_IS_CLANG) - set(LIBS_C_FLAGS -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) -endif(CMAKE_COMPILER_IS_CLANG) - -if(CMAKE_COMPILER_IS_MSVC) - option(MSVC_STATIC_RUNTIME "Build the libraries with /MT compiler flag" OFF) - if(MSVC_STATIC_RUNTIME) - foreach(flag_var - CMAKE_C_FLAGS CMAKE_C_FLAGS_DEBUG CMAKE_C_FLAGS_RELEASE - CMAKE_C_FLAGS_MINSIZEREL CMAKE_C_FLAGS_RELWITHDEBINFO - CMAKE_C_FLAGS_CHECK) - string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}") - endforeach(flag_var) - endif() -endif() - -if(CMAKE_C_COMPILER_ID MATCHES "AppleClang") - set(CMAKE_C_ARCHIVE_CREATE " Scr ") - set(CMAKE_C_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") -endif() -if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang") - set(CMAKE_CXX_ARCHIVE_CREATE " Scr ") - set(CMAKE_CXX_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") -endif() - -if(HAIKU) - set(libs ${libs} network) -endif(HAIKU) - -if(LINK_WITH_PTHREAD) - set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT}) -endif() - -if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) - message(FATAL_ERROR "Need to choose static or shared mbedtls build!") -endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) - -set(mbedtls_target "${MBEDTLS_TARGET_PREFIX}mbedtls") -set(mbedx509_target "${MBEDTLS_TARGET_PREFIX}mbedx509") - -set(mbedtls_target ${mbedtls_target} PARENT_SCOPE) -set(mbedx509_target ${mbedx509_target} PARENT_SCOPE) - -if (USE_STATIC_MBEDTLS_LIBRARY) - set(mbedtls_static_target ${mbedtls_target}) - set(mbedx509_static_target ${mbedx509_target}) -endif() - -set(target_libraries ${mbedx509_target} ${mbedtls_target}) - -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - string(APPEND mbedtls_static_target "_static") - string(APPEND mbedx509_static_target "_static") - - list(APPEND target_libraries - ${mbedx509_static_target} - ${mbedtls_static_target}) -endif() - -if(USE_STATIC_MBEDTLS_LIBRARY) - add_library(${mbedx509_static_target} STATIC ${src_x509}) - set_base_compile_options(${mbedx509_static_target}) - target_compile_options(${mbedx509_static_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) - target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${tfpsacrypto_static_target}) - - add_library(${mbedtls_static_target} STATIC ${src_tls}) - set_base_compile_options(${mbedtls_static_target}) - target_compile_options(${mbedtls_static_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) - target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) - - if(GEN_FILES) - add_dependencies(${mbedx509_static_target} - ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) - add_dependencies(${mbedtls_static_target} - ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) - endif() -endif(USE_STATIC_MBEDTLS_LIBRARY) - -if(USE_SHARED_MBEDTLS_LIBRARY) - add_library(${mbedx509_target} SHARED ${src_x509}) - set_base_compile_options(${mbedx509_target}) - target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_X509_SOVERSION}) - target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target}) - - add_library(${mbedtls_target} SHARED ${src_tls}) - set_base_compile_options(${mbedtls_target}) - target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_TLS_SOVERSION}) - target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) - - if(GEN_FILES) - add_dependencies(${mbedx509_target} - ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) - add_dependencies(${mbedtls_target} - ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) - endif() -endif(USE_SHARED_MBEDTLS_LIBRARY) - -foreach(target IN LISTS target_libraries) - add_library(MbedTLS::${target} ALIAS ${target}) # add_subdirectory support - # Include public header files from /include, /tf-psa-crypto/include/ and - # tf-psa-crypto/drivers/builtin/include/. Include private header files - # from /library, tf-psa-crypto/core/ and tf-psa-crypto/drivers/builtin/src/. - target_include_directories(${target} - PUBLIC $ - $ - $ - $ - PRIVATE ${MBEDTLS_DIR}/library/ - ${MBEDTLS_DIR}/tf-psa-crypto/core - ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src - # needed for generated headers - ${CMAKE_CURRENT_BINARY_DIR}) - set_config_files_compile_definitions(${target}) - install( - TARGETS ${target} - EXPORT MbedTLSTargets - ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} - LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} - RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) -endforeach(target) - -set(lib_target "${MBEDTLS_TARGET_PREFIX}lib") - -add_custom_target(${lib_target} DEPENDS ${mbedx509_target} ${mbedtls_target}) -if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - add_dependencies(${lib_target} ${mbedx509_static_target} ${mbedtls_static_target}) -endif() - -foreach(target IN LISTS tf_psa_crypto_library_targets) - get_target_property(target_type ${target} TYPE) - if (target_type STREQUAL STATIC_LIBRARY) - add_custom_command( - TARGET ${mbedtls_target} POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_if_different - $ - $ - COMMAND ${CMAKE_COMMAND} -E copy_if_different - $ - "libmbedcrypto.a" - ) - install(FILES $ - DESTINATION ${CMAKE_INSTALL_LIBDIR} - RENAME "libmbedcrypto.a" - ) - else() - # Copy the crypto shared library from tf-psa-crypto: - # - ".so." on Unix - # - ".dylib" on macOS - # - ".dll" on Windows - # The full path to the file is given by $. - # - # On systems that use .so versioning, also create the symbolic links - # ".so." and ".so", which correspond to - # $ and $, - # respectively. - # - # On Windows, also copy the ".lib" file, whose full path is - # $. - # - # Provide also the crypto libraries under their historical names: - # "libmbedcrypto.*" - add_custom_command( - TARGET ${mbedtls_target} POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_if_different - $ - $ - ) - if(APPLE) - add_custom_command( - TARGET ${mbedtls_target} POST_BUILD - COMMAND ${CMAKE_COMMAND} -E create_symlink - $ - libmbedcrypto.dylib - ) - install(FILES $ - DESTINATION ${CMAKE_INSTALL_LIBDIR} - RENAME "libmbedcrypto.dylib" - ) - elseif(WIN32 AND NOT CYGWIN) - add_custom_command( - TARGET ${mbedtls_target} POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_if_different - $ - libmbedcrypto.dll - ) - add_custom_command( - TARGET ${mbedtls_target} POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_if_different - $ - $ - COMMAND ${CMAKE_COMMAND} -E copy_if_different - $ - libmbedcrypto.lib - ) - install(FILES $ - DESTINATION ${CMAKE_INSTALL_BINDIR} - RENAME "libmbedcrypto.dll" - ) - install(FILES $ - DESTINATION ${CMAKE_INSTALL_LIBDIR} - RENAME "libmbedcrypto.lib" - ) - else() - add_custom_command( - TARGET ${mbedtls_target} POST_BUILD - COMMAND ${CMAKE_COMMAND} -E create_symlink - $ - $ - COMMAND ${CMAKE_COMMAND} -E create_symlink - $ - $ - COMMAND ${CMAKE_COMMAND} -E create_symlink - $ - libmbedcrypto.so.${MBEDTLS_VERSION} - COMMAND ${CMAKE_COMMAND} -E create_symlink - libmbedcrypto.so.${MBEDTLS_VERSION} - libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} - COMMAND ${CMAKE_COMMAND} -E create_symlink - libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} - libmbedcrypto.so - ) - install(FILES $ - DESTINATION ${CMAKE_INSTALL_LIBDIR} - RENAME "libmbedcrypto.so.${MBEDTLS_VERSION}" - ) - install(CODE " - set(_libdir \"\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}\") - - execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink - \"libmbedcrypto.so.${MBEDTLS_VERSION}\" - \${_libdir}/libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}) - execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink - \"libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}\" - \${_libdir}/libmbedcrypto.so) - ") - endif() - endif() -endforeach(target) diff --git a/library/Makefile b/library/Makefile deleted file mode 100644 index 9085ab481c..0000000000 --- a/library/Makefile +++ /dev/null @@ -1,379 +0,0 @@ -ifndef MBEDTLS_PATH -MBEDTLS_PATH := .. -endif - -TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core -TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src - -# List the generated files without running a script, so that this -# works with no tooling dependencies when GEN_FILES is disabled. -GENERATED_FILES := \ - mbedtls_config_check_before.h \ - mbedtls_config_check_final.h \ - mbedtls_config_check_user.h \ - error.c \ - version_features.c \ - ssl_debug_helpers_generated.c - -# Also list the generated files from crypto that are needed in the build, -# because we don't have the list in a consumable form. -GENERATED_FILES += \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h - -ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) - ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - define error_message -$(MBEDTLS_PATH)/framework/exported.make not found. -Run `git submodule update --init` to fetch the submodule contents. -This is a fatal error - endef - $(error $(error_message)) - endif - include $(MBEDTLS_PATH)/framework/exported.make -endif - -# Also see "include/mbedtls/mbedtls_config.h" - -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -LDFLAGS ?= - -# Include ../include, ../tf-psa-crypto/include and -# ../tf-psa-crypto/drivers/builtin/include for public headers and ., -# ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for -# private headers. -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../tf-psa-crypto/core \ - -I../tf-psa-crypto/drivers/builtin/src \ - -I../include -I../tf-psa-crypto/include \ - -I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = - -ifdef DEBUG -LOCAL_CFLAGS += -g3 -endif - -# MicroBlaze specific options: -# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift - -# To compile on Plan9: -# CFLAGS += -D_BSD_EXTENSION - -PERL ?= perl - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - -# if were running on Windows build for Windows -ifdef WINDOWS -WINDOWS_BUILD=1 -else ifeq ($(shell uname -s),Darwin) -ifeq ($(AR),ar) -APPLE_BUILD ?= 1 -endif -endif - -ifdef WINDOWS_BUILD -LOCAL_LDFLAGS += -lbcrypt -endif - -# To compile as a shared library: -ifdef SHARED -# all code is position-indep with mingw, avoid warning about useless flag -ifndef WINDOWS_BUILD -LOCAL_CFLAGS += -fPIC -fpic -endif -endif - -SOEXT_TLS?=so.21 -SOEXT_X509?=so.8 -SOEXT_CRYPTO?=so.16 - -# Set AR_DASH= (empty string) to use an ar implementation that does not accept -# the - prefix for command line options (e.g. llvm-ar) -AR_DASH ?= - - -ARFLAGS = $(AR_DASH)src -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) -ARFLAGS = $(AR_DASH)Src -RLFLAGS = -no_warning_for_no_symbols -c -RL ?= ranlib -endif -endif - -DLEXT ?= so -ifdef WINDOWS_BUILD -# Windows shared library extension: -DLEXT = dll -else ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) -# Mac OS X shared library extension: -DLEXT = dylib -endif -endif - -OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) -GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o -OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) -OBJS_CRYPTO += $(GENERATED_OBJS_CRYPTO) - -THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) -OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) - -OBJS_X509= \ - mbedtls_config.o \ - x509.o \ - x509_create.o \ - x509_crl.o \ - x509_crt.o \ - x509_csr.o \ - x509_oid.o \ - x509write.o \ - x509write_crt.o \ - x509write_csr.o \ - pkcs7.o \ - error.o \ - # This line is intentionally left blank - -OBJS_TLS= \ - debug.o \ - mps_reader.o \ - mps_trace.o \ - net_sockets.o \ - ssl_cache.o \ - ssl_ciphersuites.o \ - ssl_client.o \ - ssl_cookie.o \ - ssl_debug_helpers_generated.o \ - ssl_msg.o \ - ssl_ticket.o \ - ssl_tls.o \ - ssl_tls12_client.o \ - ssl_tls12_server.o \ - ssl_tls13_keys.o \ - ssl_tls13_client.o \ - ssl_tls13_server.o \ - ssl_tls13_generic.o \ - timing.o \ - version.o \ - version_features.o \ - # This line is intentionally left blank - -.SILENT: - -.PHONY: all static shared clean - -ifndef SHARED -all: static -else -all: shared static -endif - -static: libmbedcrypto.a libmbedx509.a libmbedtls.a - cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile - cd ../tf-psa-crypto/tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile - -shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) - -# Windows builds under Mingw can fail if make tries to create archives in the same -# directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002. -# This forces builds of the .a files to be serialised. -ifdef WINDOWS -libmbedtls.a: | libmbedx509.a -libmbedx509.a: | libmbedcrypto.a -endif - -# tls -libmbedtls.a: $(OBJS_TLS) - echo " AR $@" - $(AR) $(ARFLAGS) $@ $(OBJS_TLS) -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) - echo " RL $@" - $(RL) $(RLFLAGS) $@ -endif -endif - -libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -ifneq ($(SOEXT_TLS),so) -libmbedtls.so: libmbedtls.$(SOEXT_TLS) - echo " LN $@ -> $<" - ln -sf $< $@ -endif - -libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib - echo " LD $@" - $(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) - -# x509 -libmbedx509.a: $(OBJS_X509) - echo " AR $@" - $(AR) $(ARFLAGS) $@ $(OBJS_X509) -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) - echo " RL $@" - $(RL) $(RLFLAGS) $@ -endif -endif - -libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -ifneq ($(SOEXT_X509),so) -libmbedx509.so: libmbedx509.$(SOEXT_X509) - echo " LN $@ -> $<" - ln -sf $< $@ -endif - -libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib - echo " LD $@" - $(CC) -dynamiclib -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) - -libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) - -# crypto -libmbedcrypto.a: $(OBJS_CRYPTO) - echo " AR $@" - $(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO) -ifdef APPLE_BUILD -ifneq ($(APPLE_BUILD),0) - echo " RL $@" - $(RL) $(RLFLAGS) $@ -endif -endif - -libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO) - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS) - -ifneq ($(SOEXT_CRYPTO),so) -libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO) - echo " LN $@ -> $<" - ln -sf $< $@ -endif - -libmbedcrypto.dylib: $(OBJS_CRYPTO) - echo " LD $@" - $(CC) -dynamiclib -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS) - -libmbedcrypto.dll: $(OBJS_CRYPTO) - echo " LD $@" - $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) - -.c.o: - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -.c.s: - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $< - -.PHONY: generated_files -generated_files: $(GENERATED_FILES) - -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - -error.c: $(gen_file_dep) ../scripts/generate_errors.pl -error.c: $(gen_file_dep) ../scripts/data_files/error.fmt -error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) -error.c: - echo " Gen $@" - $(PERL) ../scripts/generate_errors.pl - -ssl_debug_helpers_generated.c: $(gen_file_dep) ../framework/scripts/generate_ssl_debug_helpers.py -ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) -ssl_debug_helpers_generated.c: - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_ssl_debug_helpers.py --mbedtls-root .. . - -version_features.c: $(gen_file_dep) ../scripts/generate_features.pl -version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt -## The generated file only depends on the options that are present in mbedtls_config.h, -## not on which options are set. To avoid regenerating this file all the time -## when switching between configurations, don't declare mbedtls_config.h as a -## dependency. Remove this file from your working tree if you've just added or -## removed an option in mbedtls_config.h. -#version_features.c: ../include/mbedtls/mbedtls_config.h -version_features.c: - echo " Gen $@" - $(PERL) ../scripts/generate_features.pl - -GENERATED_WRAPPER_FILES = \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja -$(GENERATED_WRAPPER_FILES): - echo " Gen $(GENERATED_WRAPPER_FILES)" - $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH) - -$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h - -GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .) -$(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ - ../framework/scripts/mbedtls_framework/config_checks_generator.py -$(GENERATED_CONFIG_CHECK_FILES): - echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" - $(PYTHON) ../scripts/generate_config_checks.py - -mbedtls_config.o: $(GENERATED_CONFIG_CHECK_FILES) - -TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ - --list $(TF_PSA_CRYPTO_CORE_PATH)) -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - ../scripts/generate_config_checks.py \ - ../framework/scripts/mbedtls_framework/config_checks_generator.py -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): - echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" - $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py - -$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) - -clean: -ifndef WINDOWS - rm -f *.o *.s libmbed* - rm -f $(OBJS_CRYPTO) $(OBJS_CRYPTO:.o=.s) -else - if exist *.o del /Q /F *.o - if exist *.s del /Q /F *.s - if exist libmbed* del /Q /F libmbed* - del /Q /F del_errors_out_if_the_file_list_is_empty_but_not_if_a_file_does_not_exist $(subst /,\,$(OBJS_CRYPTO)) -endif - -neat: clean -ifndef WINDOWS - rm -f $(GENERATED_FILES) -else - for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f -endif diff --git a/library/debug.c b/library/debug.c deleted file mode 100644 index 362c07981c..0000000000 --- a/library/debug.c +++ /dev/null @@ -1,490 +0,0 @@ -/* - * Debugging routines - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_DEBUG_C) - -#include "mbedtls/platform.h" - -#include "debug_internal.h" -#include "mbedtls/error.h" - -#include -#include -#include - -/* DEBUG_BUF_SIZE must be at least 2 */ -#define DEBUG_BUF_SIZE 512 - -static int debug_threshold = 0; - -void mbedtls_debug_set_threshold(int threshold) -{ - debug_threshold = threshold; -} - -/* - * All calls to f_dbg must be made via this function - */ -static inline void debug_send_line(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *str) -{ - /* - * If in a threaded environment, we need a thread identifier. - * Since there is no portable way to get one, use the address of the ssl - * context instead, as it shouldn't be shared between threads. - */ -#if defined(MBEDTLS_THREADING_C) - char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ - mbedtls_snprintf(idstr, sizeof(idstr), "%p: %s", (void *) ssl, str); - ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, idstr); -#else - ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, str); -#endif -} - -MBEDTLS_PRINTF_ATTRIBUTE(5, 6) -void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ...) -{ - va_list argp; - char str[DEBUG_BUF_SIZE]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_STATIC_ASSERT(DEBUG_BUF_SIZE >= 2, "DEBUG_BUF_SIZE too small"); - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - va_start(argp, format); - ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp); - va_end(argp); - - if (ret < 0) { - ret = 0; - } else { - if (ret >= DEBUG_BUF_SIZE - 1) { - ret = DEBUG_BUF_SIZE - 2; - } - } - str[ret] = '\n'; - str[ret + 1] = '\0'; - - debug_send_line(ssl, level, file, line, str); -} - -void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret) -{ - char str[DEBUG_BUF_SIZE]; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - /* - * With non-blocking I/O and examples that just retry immediately, - * the logs would be quickly flooded with WANT_READ, so ignore that. - * Don't ignore WANT_WRITE however, since it is usually rare. - */ - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - return; - } - - mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n", - text, ret, (unsigned int) -ret); - - debug_send_line(ssl, level, file, line, str); -} - -void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len) -{ - char str[DEBUG_BUF_SIZE]; - char txt[17]; - size_t i, idx = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n", - text, (unsigned int) len); - - debug_send_line(ssl, level, file, line, str); - - memset(txt, 0, sizeof(txt)); - for (i = 0; i < len; i++) { - if (i >= 4096) { - break; - } - - if (i % 16 == 0) { - if (i > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); - debug_send_line(ssl, level, file, line, str); - - idx = 0; - memset(txt, 0, sizeof(txt)); - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ", - (unsigned int) i); - - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", - (unsigned int) buf[i]); - txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.'; - } - - if (len > 0) { - for (/* i = i */; i % 16 != 0; i++) { - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); - } - - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); - debug_send_line(ssl, level, file, line, str); - } -} - -#if defined(MBEDTLS_BIGNUM_C) -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X) -{ - char str[DEBUG_BUF_SIZE]; - size_t bitlen; - size_t idx = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == X || - level > debug_threshold) { - return; - } - - bitlen = mbedtls_mpi_bitlen(X); - - mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", - text, (unsigned) bitlen); - debug_send_line(ssl, level, file, line, str); - - if (bitlen == 0) { - str[0] = ' '; str[1] = '0'; str[2] = '0'; - idx = 3; - } else { - int n; - for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { - size_t limb_offset = n / sizeof(mbedtls_mpi_uint); - size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); - unsigned char octet = - (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); - idx += 3; - /* Wrap lines after 16 octets that each take 3 columns */ - if (idx >= 3 * 16) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - idx = 0; - } - } - } - - if (idx != 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t bitlen) -{ - char str[DEBUG_BUF_SIZE]; - size_t i, len_bytes = PSA_BITS_TO_BYTES(bitlen), idx = 0; - - mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", - text, (unsigned int) bitlen); - - debug_send_line(ssl, level, file, line, str); - - for (i = 0; i < len_bytes; i++) { - if (i >= 4096) { - break; - } - - if (i % 16 == 0) { - if (i > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - - idx = 0; - } - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", - (unsigned int) buf[i]); - } - - if (len_bytes > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) -{ - char str[DEBUG_BUF_SIZE]; - const uint8_t *coord_start; - size_t coord_len; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - /* For the description of pk->pk_raw content please refer to the description - * psa_export_public_key() function. */ - coord_len = (pk->pub_raw_len - 1)/2; - - /* X coordinate */ - coord_start = pk->pub_raw + 1; - mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); - - /* Y coordinate */ - coord_start = coord_start + coord_len; - mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -static size_t debug_count_valid_bits(unsigned char **buf, size_t len) -{ - size_t i, bits; - - /* Ignore initial null bytes (if any). */ - while ((len > 0) && (**buf == 0x00)) { - (*buf)++; - len--; - } - - if (len == 0) { - return 0; - } - - bits = len * 8; - - /* Ignore initial null bits (if any). */ - for (i = 7; i > 0; i--) { - if ((**buf & (0x1 << i)) != 0) { - break; - } - bits--; - } - - return bits; -} - -static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) -{ - char str[DEBUG_BUF_SIZE]; - /* no-check-names will be removed in mbedtls#10229. */ - unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names - unsigned char *start_cur; - unsigned char *end_cur; - size_t len, bits; - int ret; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - if (pk->pub_raw_len > sizeof(key_der)) { - snprintf(str, sizeof(str), - "RSA public key too large: %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, - pk->pub_raw_len, sizeof(key_der)); - debug_send_line(ssl, level, file, line, str); - return; - } - - memcpy(key_der, pk->pub_raw, pk->pub_raw_len); - start_cur = key_der; - end_cur = key_der + pk->pub_raw_len; - - /* This integer parsing solution should be replaced with mbedtls_asn1_get_integer(). - * See #10238. */ - ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); - if (ret != 0) { - return; - } - - ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); - if (ret != 0) { - return; - } - - bits = debug_count_valid_bits(&start_cur, len); - if (bits == 0) { - return; - } - len = PSA_BITS_TO_BYTES(bits); - - mbedtls_snprintf(str, sizeof(str), "%s.N", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); - - start_cur += len; - - ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); - if (ret != 0) { - return; - } - - bits = debug_count_valid_bits(&start_cur, len); - if (bits == 0) { - return; - } - - mbedtls_snprintf(str, sizeof(str), "%s.E", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); -} -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ - -static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) -{ - size_t i; - mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS]; - char name[16]; - - memset(items, 0, sizeof(items)); - - if (mbedtls_pk_debug(pk, items) != 0) { - debug_send_line(ssl, level, file, line, - "invalid PK context\n"); - return; - } - - for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) { - if (items[i].type == MBEDTLS_PK_DEBUG_NONE) { - return; - } - - mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name); - name[sizeof(name) - 1] = '\0'; - -#if defined(MBEDTLS_RSA_C) - if (items[i].type == MBEDTLS_PK_DEBUG_MPI) { - mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); - } else -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) - if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { - mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); - } else -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { - mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); - } else -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - { debug_send_line(ssl, level, file, line, - "should not happen\n"); } - } -} - -static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text) -{ - char str[DEBUG_BUF_SIZE]; - const char *start, *cur; - - start = text; - for (cur = text; *cur != '\0'; cur++) { - if (*cur == '\n') { - size_t len = (size_t) (cur - start) + 1; - if (len > DEBUG_BUF_SIZE - 1) { - len = DEBUG_BUF_SIZE - 1; - } - - memcpy(str, start, len); - str[len] = '\0'; - - debug_send_line(ssl, level, file, line, str); - - start = cur + 1; - } - } -} - -void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt) -{ - char str[DEBUG_BUF_SIZE]; - int i = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == crt || - level > debug_threshold) { - return; - } - - while (crt != NULL) { - char buf[1024]; - - mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i); - debug_send_line(ssl, level, file, line, str); - - mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); - debug_print_line_by_line(ssl, level, file, line, buf); - - debug_print_pk(ssl, level, file, line, "crt->", &crt->pk); - - crt = crt->next; - } -} -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ - -#endif /* MBEDTLS_DEBUG_C */ diff --git a/library/debug_internal.h b/library/debug_internal.h deleted file mode 100644 index 79a4c4540c..0000000000 --- a/library/debug_internal.h +++ /dev/null @@ -1,115 +0,0 @@ -/** - * \file debug_internal.h - * - * \brief Internal part of the public "debug.h". - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_DEBUG_INTERNAL_H -#define MBEDTLS_DEBUG_INTERNAL_H - -#include "mbedtls/debug.h" - -/** - * \brief Print a message to the debug output. This function is always used - * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl - * context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the message has occurred in - * \param line line number the message has occurred at - * \param format format specifier, in printf format - * \param ... variables used by the format specifier - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); - -/** - * \brief Print the return value of a function to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text the name of the function that returned the error - * \param ret the return code value - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret); - -/** - * \brief Output a buffer of size len bytes to the debug output. This function - * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the buffer being dumped. Normally the - * variable or buffer name - * \param buf the buffer to be outputted - * \param len length of the buffer - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len); - -#if defined(MBEDTLS_BIGNUM_C) -/** - * \brief Print a MPI variable to the debug output. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the MPI being output. Normally the - * variable name - * \param X the MPI variable - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X); -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Print a X.509 certificate structure to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the certificate being output - * \param crt X.509 certificate structure - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt); -#endif - -#endif /* MBEDTLS_DEBUG_INTERNAL_H */ diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h deleted file mode 100644 index 3107c11077..0000000000 --- a/library/mbedtls_check_config.h +++ /dev/null @@ -1,369 +0,0 @@ -/** - * \file mbedtls/check_config.h - * - * \brief Consistency checks for configuration options - * - * This is an internal header. Do not include it directly. - * - * This header is included automatically by all public Mbed TLS headers - * (via mbedtls/build_info.h). Do not include it directly in a configuration - * file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE! - * It would run at the wrong time due to missing derived symbols. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_CHECK_CONFIG_H -#define MBEDTLS_CHECK_CONFIG_H - -/* *INDENT-OFF* */ - -#if !defined(MBEDTLS_CONFIG_IS_FINALIZED) -#warning "Do not include mbedtls/check_config.h manually! " \ - "This may cause spurious errors. " \ - "It is included automatically at the right point since Mbed TLS 3.0." -#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */ - -#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) -#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS" -#endif - -#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME) -#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" -#endif - -/* Limitations on ECC curves acceleration: partial curve acceleration is only - * supported with crypto excluding PK, X.509 or TLS. - * Note: no need to check X.509 as it depends on PK. */ -#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) -#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) -#if defined(MBEDTLS_SSL_TLS_C) -#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md" -#endif /* modules beyond what's supported */ -#endif /* not all curves accelerated */ -#endif /* some curve accelerated */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ - !defined(MBEDTLS_CAN_ECDH) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || \ - !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(PSA_WANT_ALG_JPAKE) || \ - !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ - !defined(PSA_WANT_ECC_SECP_R1_256) ) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif - -/* Use of EC J-PAKE in TLS requires SHA-256. */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !defined(PSA_WANT_ALG_SHA_256) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ - !defined(PSA_WANT_ALG_SHA_256) && \ - !defined(PSA_WANT_ALG_SHA_512) && \ - !defined(PSA_WANT_ALG_SHA_1) -#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1". -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - ( !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || !defined(PSA_WANT_ALG_RSA_OAEP) ) -#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" -#endif - -/* TLS 1.3 requires separate HKDF parts from PSA, - * and at least one ciphersuite, so at least SHA-256 or SHA-384 - * from PSA to use with HKDF. - * - * Note: for dependencies common with TLS 1.2 (running handshake hash), - * see MBEDTLS_SSL_TLS_C. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ - defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ - defined(PSA_WANT_ALG_HKDF_EXPAND) && \ - (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))) -#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ - defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(PSA_WANT_ALG_RSA_OAEP) ) ) -#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" -#endif -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#if !( defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) ) -#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites" -#endif -#endif - -/* - * The current implementation of TLS 1.3 requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#error "MBEDTLS_SSL_PROTO_TLS1_3 defined without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) -#error "One or more versions of the TLS protocol are enabled " \ - "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512)) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) && \ - ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ - ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ - !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) ) -#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \ - ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \ - (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX)) -#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)" -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && !defined(MBEDTLS_X509_CRT_PARSE_C) -#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites" -#endif - -/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */ -#if defined(MBEDTLS_SSL_TLS_C) && \ - !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)) -#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C) -#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) && \ - !( defined(MBEDTLS_SSL_PROTO_TLS1_2) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) -#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active" -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS) -#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \ - !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \ - MBEDTLS_SSL_CID_IN_LEN_MAX > 255 -#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \ - MBEDTLS_SSL_CID_OUT_LEN_MAX > 255 -#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) && \ - !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TICKET_C) && \ - !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \ - defined(PSA_WANT_ALG_CHACHA20_POLY1305) ) -#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \ - MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256 -#error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256" -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - !defined(MBEDTLS_X509_CRT_PARSE_C) -#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C) -#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_USE_C) && \ - (!defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_PK_PARSE_C)) -#error "MBEDTLS_X509_USE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CREATE_C) && \ - (!defined(MBEDTLS_ASN1_WRITE_C) || !defined(MBEDTLS_PK_PARSE_C)) -#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) && \ - ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) ) -#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && ( !defined(MBEDTLS_SSL_PROTO_TLS1_3) ) -#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \ - !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \ - defined(PSA_WANT_ALG_CHACHA20_POLY1305) ) -#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" -#endif - -/* Reject attempts to enable options that have been removed and that could - * cause a build to succeed but with features removed. */ - -#if defined(MBEDTLS_HAVEGE_C) //no-check-names -#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/2599" -#endif - -#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names -#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names -#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names -#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names -#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names -#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates." -#endif - -#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names -#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031" -#endif - -#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names -#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4313" -#endif - -#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names -#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335" -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names -#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335" -#endif - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names -#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341" -#endif - -#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ - ( !defined(MBEDTLS_PK_PARSE_C) ) || \ - ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \ - ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \ - ( !defined(MBEDTLS_MD_C) ) ) -#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" -#endif - -/* *INDENT-ON* */ -#endif /* MBEDTLS_CHECK_CONFIG_H */ diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c deleted file mode 100644 index a3deae3152..0000000000 --- a/library/mbedtls_config.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Mbed TLS configuration checks - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Apply the TF-PSA-Crypto configuration first. We need to do this - * before , because "mbedtls_config_check_before.h" - * needs to run after the crypto config (including derived macros) is - * finalized, but before the user's mbedtls config is applied. This way - * it is possible to differentiate macros set by the user's mbedtls config - * from macros set or derived by the crypto config. */ -#include - -/* Consistency checks on the user's configuration. - * Check that it doesn't define macros that we assume are under full - * control of the library, or options from past major versions that - * no longer have any effect. - * These headers are automatically generated. See - * framework/scripts/mbedtls_framework/config_checks_generator.py - */ -#include "mbedtls_config_check_before.h" -#define MBEDTLS_INCLUDE_AFTER_RAW_CONFIG "mbedtls_config_check_user.h" - -#include - -/* Consistency checks in the configuration: check for incompatible options, - * missing options when at least one of a set needs to be enabled, etc. */ -/* Manually written checks */ -#include "mbedtls_check_config.h" -/* Automatically generated checks */ -#include "mbedtls_config_check_final.h" diff --git a/library/mps_common.h b/library/mps_common.h deleted file mode 100644 index f9fe099880..0000000000 --- a/library/mps_common.h +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_common.h - * - * \brief Common functions and macros used by MPS - */ - -#ifndef MBEDTLS_MPS_COMMON_H -#define MBEDTLS_MPS_COMMON_H - -#include "mps_error.h" - -#include - -/** - * \name SECTION: MPS Configuration - * - * \{ - */ - -/*! This flag controls whether the MPS-internal components - * (reader, writer, Layer 1-3) perform validation of the - * expected abstract state at the entry of API calls. - * - * Context: All MPS API functions impose assumptions/preconditions on the - * context on which they operate. For example, every structure has a notion of - * state integrity which is established by `xxx_init()` and preserved by any - * calls to the MPS API which satisfy their preconditions and either succeed, - * or fail with an error code which is explicitly documented to not corrupt - * structure integrity (such as WANT_READ and WANT_WRITE); - * apart from `xxx_init()` any function assumes state integrity as a - * precondition (but usually more). If any of the preconditions is violated, - * the function's behavior is entirely undefined. - * In addition to state integrity, all MPS structures have a more refined - * notion of abstract state that the API operates on. For example, all layers - * have a notion of 'abstract read state' which indicates if incoming data has - * been passed to the user, e.g. through mps_l2_read_start() for Layer 2 - * or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to - * call these reading functions again until the incoming data has been - * explicitly 'consumed', e.g. through mps_l2_read_consume() for Layer 2 or - * mps_l3_read_consume() on Layer 3. However, even if it doesn't make sense, - * it's a design choice whether the API should fail gracefully on such - * non-sensical calls or not, and that's what this option is about: - * - * This option determines whether the expected abstract state - * is part of the API preconditions or not: If the option is set, - * then the abstract state is not part of the precondition and is - * thus required to be validated by the implementation. If an unexpected - * abstract state is encountered, the implementation must fail gracefully - * with error #MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED. - * Conversely, if this option is not set, then the expected abstract state - * is included in the preconditions of the respective API calls, and - * an implementation's behaviour is undefined if the abstract state is - * not as expected. - * - * For example: Enabling this makes mps_l2_read_done() fail if - * no incoming record is currently open; disabling this would - * lead to undefined behavior in this case. - * - * Comment this to remove state validation. - */ -#define MBEDTLS_MPS_STATE_VALIDATION - -/*! This flag enables/disables assertions on the internal state of MPS. - * - * Assertions are sanity checks that should never trigger when MPS - * is used within the bounds of its API and preconditions. - * - * Enabling this increases security by limiting the scope of - * potential bugs, but comes at the cost of increased code size. - * - * Note: So far, there is no guiding principle as to what - * expected conditions merit an assertion, and which don't. - * - * Comment this to disable assertions. - */ -#define MBEDTLS_MPS_ENABLE_ASSERTIONS - -/*! This flag controls whether tracing for MPS should be enabled. */ -//#define MBEDTLS_MPS_ENABLE_TRACE - -#if defined(MBEDTLS_MPS_STATE_VALIDATION) - -#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \ - do \ - { \ - if (!(cond)) \ - { \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \ - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED); \ - } \ - } while (0) - -#else /* MBEDTLS_MPS_STATE_VALIDATION */ - -#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string) \ - do \ - { \ - (cond); \ - } while (0) - -#endif /* MBEDTLS_MPS_STATE_VALIDATION */ - -#if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS) - -#define MBEDTLS_MPS_ASSERT_RAW(cond, string) \ - do \ - { \ - if (!(cond)) \ - { \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string); \ - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_INTERNAL_ERROR); \ - } \ - } while (0) - -#else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */ - -#define MBEDTLS_MPS_ASSERT_RAW(cond, string) do {} while (0) - -#endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */ - - -/* \} name SECTION: MPS Configuration */ - -/** - * \name SECTION: Common types - * - * Various common types used throughout MPS. - * \{ - */ - -/** \brief The type of buffer sizes and offsets used in MPS structures. - * - * This is an unsigned integer type that should be large enough to - * hold the length of any buffer or message processed by MPS. - * - * The reason to pick a value as small as possible here is - * to reduce the size of MPS structures. - * - * \warning Care has to be taken when using a narrower type - * than ::mbedtls_mps_size_t here because of - * potential truncation during conversion. - * - * \warning Handshake messages in TLS may be up to 2^24 ~ 16Mb in size. - * If mbedtls_mps_[opt_]stored_size_t is smaller than that, the - * maximum handshake message is restricted accordingly. - * - * For now, we use the default type of size_t throughout, and the use of - * smaller types or different types for ::mbedtls_mps_size_t and - * ::mbedtls_mps_stored_size_t is not yet supported. - * - */ -typedef size_t mbedtls_mps_stored_size_t; -#define MBEDTLS_MPS_STORED_SIZE_MAX (SIZE_MAX) - -/** \brief The type of buffer sizes and offsets used in the MPS API - * and implementation. - * - * This must be at least as wide as ::mbedtls_stored_size_t but - * may be chosen to be strictly larger if more suitable for the - * target architecture. - * - * For example, in a test build for ARM Thumb, using uint_fast16_t - * instead of uint16_t reduced the code size from 1060 Byte to 962 Byte, - * so almost 10%. - */ -typedef size_t mbedtls_mps_size_t; -#define MBEDTLS_MPS_SIZE_MAX (SIZE_MAX) - -#if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX -#error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t." -#endif - -/* \} SECTION: Common types */ - - -#endif /* MBEDTLS_MPS_COMMON_H */ diff --git a/library/mps_error.h b/library/mps_error.h deleted file mode 100644 index 016a84ce49..0000000000 --- a/library/mps_error.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_error.h - * - * \brief Error codes used by MPS - */ - -#ifndef MBEDTLS_MPS_ERROR_H -#define MBEDTLS_MPS_ERROR_H - - -/* TODO: The error code allocation needs to be revisited: - * - * - Should we make (some of) the MPS Reader error codes public? - * If so, we need to adjust MBEDTLS_MPS_READER_MAKE_ERROR() to hit - * a gap in the Mbed TLS public error space. - * If not, we have to make sure we don't forward those errors - * at the level of the public API -- no risk at the moment as - * long as MPS is an experimental component not accessible from - * public API. - */ - -/** - * \name SECTION: MPS general error codes - * - * \{ - */ - -#ifndef MBEDTLS_MPS_ERR_BASE -#define MBEDTLS_MPS_ERR_BASE (0) -#endif - -#define MBEDTLS_MPS_MAKE_ERROR(code) \ - (-(MBEDTLS_MPS_ERR_BASE | (code))) - -#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED MBEDTLS_MPS_MAKE_ERROR(0x1) -#define MBEDTLS_ERR_MPS_INTERNAL_ERROR MBEDTLS_MPS_MAKE_ERROR(0x2) - -/* \} name SECTION: MPS general error codes */ - -/** - * \name SECTION: MPS Reader error codes - * - * \{ - */ - -#ifndef MBEDTLS_MPS_READER_ERR_BASE -#define MBEDTLS_MPS_READER_ERR_BASE (1 << 8) -#endif - -#define MBEDTLS_MPS_READER_MAKE_ERROR(code) \ - (-(MBEDTLS_MPS_READER_ERR_BASE | (code))) - -/*! An attempt to reclaim the data buffer from a reader failed because - * the user hasn't yet read and committed all of it. */ -#define MBEDTLS_ERR_MPS_READER_DATA_LEFT MBEDTLS_MPS_READER_MAKE_ERROR(0x1) - -/*! An invalid argument was passed to the reader. */ -#define MBEDTLS_ERR_MPS_READER_INVALID_ARG MBEDTLS_MPS_READER_MAKE_ERROR(0x2) - -/*! An attempt to move a reader to consuming mode through mbedtls_mps_reader_feed() - * after pausing failed because the provided data is not sufficient to serve the - * read requests that led to the pausing. */ -#define MBEDTLS_ERR_MPS_READER_NEED_MORE MBEDTLS_MPS_READER_MAKE_ERROR(0x3) - -/*! A get request failed because not enough data is available in the reader. */ -#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA MBEDTLS_MPS_READER_MAKE_ERROR(0x4) - -/*!< A get request after pausing and reactivating the reader failed because - * the request is not in line with the request made prior to pausing. The user - * must not change it's 'strategy' after pausing and reactivating a reader. */ -#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR(0x5) - -/*! An attempt to reclaim the data buffer from a reader failed because the reader - * has no accumulator it can use to backup the data that hasn't been processed. */ -#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR MBEDTLS_MPS_READER_MAKE_ERROR(0x6) - -/*! An attempt to reclaim the data buffer from a reader failed because the - * accumulator passed to the reader is not large enough to hold both the - * data that hasn't been processed and the excess of the last read-request. */ -#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR(0x7) - -/* \} name SECTION: MPS Reader error codes */ - -#endif /* MBEDTLS_MPS_ERROR_H */ diff --git a/library/mps_reader.c b/library/mps_reader.c deleted file mode 100644 index 0fe7dfe95f..0000000000 --- a/library/mps_reader.c +++ /dev/null @@ -1,538 +0,0 @@ -/* - * Message Processing Stack, Reader implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "mps_reader.h" -#include "mps_common.h" -#include "mps_trace.h" - -#include - -#if defined(MBEDTLS_MPS_ENABLE_TRACE) -static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER; -#endif /* MBEDTLS_MPS_ENABLE_TRACE */ - -/* - * GENERAL NOTE ON CODING STYLE - * - * The following code intentionally separates memory loads - * and stores from other operations (arithmetic or branches). - * This leads to the introduction of many local variables - * and significantly increases the C-code line count, but - * should not increase the size of generated assembly. - * - * The reason for this is twofold: - * (1) It will ease verification efforts using the VST - * (Verified Software Toolchain) - * whose program logic cannot directly reason - * about instructions containing a load or store in - * addition to other operations (e.g. *p = *q or - * tmp = *p + 42). - * (2) Operating on local variables and writing the results - * back to the target contexts on success only - * allows to maintain structure invariants even - * on failure - this in turn has two benefits: - * (2.a) If for some reason an error code is not caught - * and operation continues, functions are nonetheless - * called with sane contexts, reducing the risk - * of dangerous behavior. - * (2.b) Randomized testing is easier if structures - * remain intact even in the face of failing - * and/or non-sensical calls. - * Moreover, it might even reduce code-size because - * the compiler need not write back temporary results - * to memory in case of failure. - * - */ - -static inline int mps_reader_is_accumulating( - mbedtls_mps_reader const *rd) -{ - mbedtls_mps_size_t acc_remaining; - if (rd->acc == NULL) { - return 0; - } - - acc_remaining = rd->acc_share.acc_remaining; - return acc_remaining > 0; -} - -static inline int mps_reader_is_producing( - mbedtls_mps_reader const *rd) -{ - unsigned char *frag = rd->frag; - return frag == NULL; -} - -static inline int mps_reader_is_consuming( - mbedtls_mps_reader const *rd) -{ - return !mps_reader_is_producing(rd); -} - -static inline mbedtls_mps_size_t mps_reader_get_fragment_offset( - mbedtls_mps_reader const *rd) -{ - unsigned char *acc = rd->acc; - mbedtls_mps_size_t frag_offset; - - if (acc == NULL) { - return 0; - } - - frag_offset = rd->acc_share.frag_offset; - return frag_offset; -} - -static inline mbedtls_mps_size_t mps_reader_serving_from_accumulator( - mbedtls_mps_reader const *rd) -{ - mbedtls_mps_size_t frag_offset, end; - - frag_offset = mps_reader_get_fragment_offset(rd); - end = rd->end; - - return end < frag_offset; -} - -static inline void mps_reader_zero(mbedtls_mps_reader *rd) -{ - /* A plain memset() would likely be more efficient, - * but the current way of zeroing makes it harder - * to overlook fields which should not be zero-initialized. - * It's also more suitable for FV efforts since it - * doesn't require reasoning about structs being - * interpreted as unstructured binary blobs. */ - static mbedtls_mps_reader const zero = - { .frag = NULL, - .frag_len = 0, - .commit = 0, - .end = 0, - .pending = 0, - .acc = NULL, - .acc_len = 0, - .acc_available = 0, - .acc_share = { .acc_remaining = 0 } }; - *rd = zero; -} - -int mbedtls_mps_reader_init(mbedtls_mps_reader *rd, - unsigned char *acc, - mbedtls_mps_size_t acc_len) -{ - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_init"); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Accumulator size: %u bytes", (unsigned) acc_len); - mps_reader_zero(rd); - rd->acc = acc; - rd->acc_len = acc_len; - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_free(mbedtls_mps_reader *rd) -{ - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_free"); - mps_reader_zero(rd); - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_feed(mbedtls_mps_reader *rd, - unsigned char *new_frag, - mbedtls_mps_size_t new_frag_len) -{ - mbedtls_mps_size_t copy_to_acc; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_feed"); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Fragment length: %u bytes", (unsigned) new_frag_len); - - if (new_frag == NULL) { - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_INVALID_ARG); - } - - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_producing( - rd), - "mbedtls_mps_reader_feed() requires reader to be in producing mode"); - - if (mps_reader_is_accumulating(rd)) { - unsigned char *acc = rd->acc; - mbedtls_mps_size_t acc_remaining = rd->acc_share.acc_remaining; - mbedtls_mps_size_t acc_available = rd->acc_available; - - /* Skip over parts of the accumulator that have already been filled. */ - acc += acc_available; - - copy_to_acc = acc_remaining; - if (copy_to_acc > new_frag_len) { - copy_to_acc = new_frag_len; - } - - /* Copy new contents to accumulator. */ - memcpy(acc, new_frag, copy_to_acc); - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Copy new data of size %u of %u into accumulator at offset %u", - (unsigned) copy_to_acc, (unsigned) new_frag_len, - (unsigned) acc_available); - - /* Check if, with the new fragment, we have enough data. */ - acc_remaining -= copy_to_acc; - if (acc_remaining > 0) { - /* We need to accumulate more data. Stay in producing mode. */ - acc_available += copy_to_acc; - rd->acc_share.acc_remaining = acc_remaining; - rd->acc_available = acc_available; - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_NEED_MORE); - } - - /* We have filled the accumulator: Move to consuming mode. */ - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Enough data available to serve user request"); - - /* Remember overlap of accumulator and fragment. */ - rd->acc_share.frag_offset = acc_available; - acc_available += copy_to_acc; - rd->acc_available = acc_available; - } else { /* Not accumulating */ - rd->acc_share.frag_offset = 0; - } - - rd->frag = new_frag; - rd->frag_len = new_frag_len; - rd->commit = 0; - rd->end = 0; - MBEDTLS_MPS_TRACE_RETURN(0); -} - - -int mbedtls_mps_reader_get(mbedtls_mps_reader *rd, - mbedtls_mps_size_t desired, - unsigned char **buffer, - mbedtls_mps_size_t *buflen) -{ - unsigned char *frag; - mbedtls_mps_size_t frag_len, frag_offset, end, frag_fetched, frag_remaining; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_get"); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "* Bytes requested: %u", (unsigned) desired); - - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( - rd), - "mbedtls_mps_reader_get() requires reader to be in consuming mode"); - - end = rd->end; - frag_offset = mps_reader_get_fragment_offset(rd); - - /* Check if we're still serving from the accumulator. */ - if (mps_reader_serving_from_accumulator(rd)) { - /* Illustration of supported and unsupported cases: - * - * - Allowed #1 - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end+desired - * | | - * +-----v-------v-------------+ - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * - Allowed #2 - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end+desired - * | | - * +----------v----------------v - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * - Not allowed #1 (could be served, but we don't actually use it): - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end+desired - * | | - * +------v-------------v------+ - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * - * - Not allowed #2 (can't be served with a contiguous buffer): - * - * +-----------------------------------+ - * | frag | - * +-----------------------------------+ - * - * end end + desired - * | | - * +------v--------------------+ v - * | acc | - * +---------------------------+ - * | | - * frag_offset acc_available - * - * In case of Allowed #2 we're switching to serve from - * `frag` starting from the next call to mbedtls_mps_reader_get(). - */ - - unsigned char *acc; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Serve the request from the accumulator"); - if (frag_offset - end < desired) { - mbedtls_mps_size_t acc_available; - acc_available = rd->acc_available; - if (acc_available - end != desired) { - /* It might be possible to serve some of these situations by - * making additional space in the accumulator, removing those - * parts that have already been committed. - * On the other hand, this brings additional complexity and - * enlarges the code size, while there doesn't seem to be a use - * case where we don't attempt exactly the same `get` calls when - * resuming on a reader than what we tried before pausing it. - * If we believe we adhere to this restricted usage throughout - * the library, this check is a good opportunity to - * validate this. */ - MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - } - } - - acc = rd->acc; - acc += end; - - *buffer = acc; - if (buflen != NULL) { - *buflen = desired; - } - - end += desired; - rd->end = end; - rd->pending = 0; - - MBEDTLS_MPS_TRACE_RETURN(0); - } - - /* Attempt to serve the request from the current fragment */ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Serve the request from the current fragment."); - - frag_len = rd->frag_len; - frag_fetched = end - frag_offset; /* The amount of data from the current - * fragment that has already been passed - * to the user. */ - frag_remaining = frag_len - frag_fetched; /* Remaining data in fragment */ - - /* Check if we can serve the read request from the fragment. */ - if (frag_remaining < desired) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There's not enough data in the current fragment " - "to serve the request."); - /* There's not enough data in the current fragment, - * so either just RETURN what we have or fail. */ - if (buflen == NULL) { - if (frag_remaining > 0) { - rd->pending = desired - frag_remaining; - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Remember to collect %u bytes before re-opening", - (unsigned) rd->pending); - } - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - } - - desired = frag_remaining; - } - - /* There's enough data in the current fragment to serve the - * (potentially modified) read request. */ - - frag = rd->frag; - frag += frag_fetched; - - *buffer = frag; - if (buflen != NULL) { - *buflen = desired; - } - - end += desired; - rd->end = end; - rd->pending = 0; - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_commit(mbedtls_mps_reader *rd) -{ - mbedtls_mps_size_t end; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_commit"); - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( - rd), - "mbedtls_mps_reader_commit() requires reader to be in consuming mode"); - - end = rd->end; - rd->commit = end; - - MBEDTLS_MPS_TRACE_RETURN(0); -} - -int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *rd, - int *paused) -{ - unsigned char *frag, *acc; - mbedtls_mps_size_t pending, commit; - mbedtls_mps_size_t acc_len, frag_offset, frag_len; - MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_reclaim"); - - if (paused != NULL) { - *paused = 0; - } - - MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming( - rd), - "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode"); - - frag = rd->frag; - acc = rd->acc; - pending = rd->pending; - commit = rd->commit; - frag_len = rd->frag_len; - - frag_offset = mps_reader_get_fragment_offset(rd); - - if (pending == 0) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "No unsatisfied read-request has been logged."); - - /* Check if there's data left to be consumed. */ - if (commit < frag_offset || commit - frag_offset < frag_len) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There is data left to be consumed."); - rd->end = commit; - MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_DATA_LEFT); - } - - rd->acc_available = 0; - rd->acc_share.acc_remaining = 0; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Fragment has been fully processed and committed."); - } else { - int overflow; - - mbedtls_mps_size_t acc_backup_offset; - mbedtls_mps_size_t acc_backup_len; - mbedtls_mps_size_t frag_backup_offset; - mbedtls_mps_size_t frag_backup_len; - - mbedtls_mps_size_t backup_len; - mbedtls_mps_size_t acc_len_needed; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "There has been an unsatisfied read with %u bytes overhead.", - (unsigned) pending); - - if (acc == NULL) { - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "No accumulator present"); - MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR); - } - acc_len = rd->acc_len; - - /* Check if the upper layer has already fetched - * and committed the contents of the accumulator. */ - if (commit < frag_offset) { - /* No, accumulator is still being processed. */ - frag_backup_offset = 0; - frag_backup_len = frag_len; - acc_backup_offset = commit; - acc_backup_len = frag_offset - commit; - } else { - /* Yes, the accumulator is already processed. */ - frag_backup_offset = commit - frag_offset; - frag_backup_len = frag_len - frag_backup_offset; - acc_backup_offset = 0; - acc_backup_len = 0; - } - - backup_len = acc_backup_len + frag_backup_len; - acc_len_needed = backup_len + pending; - - overflow = 0; - overflow |= (backup_len < acc_backup_len); - overflow |= (acc_len_needed < backup_len); - - if (overflow || acc_len < acc_len_needed) { - /* Except for the different return code, we behave as if - * there hadn't been a call to mbedtls_mps_reader_get() - * since the last commit. */ - rd->end = commit; - rd->pending = 0; - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, - "The accumulator is too small to handle the backup."); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, - "* Size: %u", (unsigned) acc_len); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, - "* Needed: %u (%u + %u)", - (unsigned) acc_len_needed, - (unsigned) backup_len, (unsigned) pending); - MBEDTLS_MPS_TRACE_RETURN( - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - } - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Fragment backup: %u", (unsigned) frag_backup_len); - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Accumulator backup: %u", (unsigned) acc_backup_len); - - /* Move uncommitted parts from the accumulator to the front - * of the accumulator. */ - memmove(acc, acc + acc_backup_offset, acc_backup_len); - - /* Copy uncommitted parts of the current fragment to the - * accumulator. */ - memcpy(acc + acc_backup_len, - frag + frag_backup_offset, frag_backup_len); - - rd->acc_available = backup_len; - rd->acc_share.acc_remaining = pending; - - if (paused != NULL) { - *paused = 1; - } - } - - rd->frag = NULL; - rd->frag_len = 0; - - rd->commit = 0; - rd->end = 0; - rd->pending = 0; - - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT, - "Final state: aa %u, al %u, ar %u", - (unsigned) rd->acc_available, (unsigned) rd->acc_len, - (unsigned) rd->acc_share.acc_remaining); - MBEDTLS_MPS_TRACE_RETURN(0); -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/mps_reader.h b/library/mps_reader.h deleted file mode 100644 index 3193a5e334..0000000000 --- a/library/mps_reader.h +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_reader.h - * - * \brief This file defines reader objects, which together with their - * sibling writer objects form the basis for the communication - * between the various layers of the Mbed TLS messaging stack, - * as well as the communication between the messaging stack and - * the (D)TLS handshake protocol implementation. - * - * Readers provide a means of transferring incoming data from - * a 'producer' providing it in chunks of arbitrary size, to - * a 'consumer' which fetches and processes it in chunks of - * again arbitrary, and potentially different, size. - * - * Readers can thus be seen as datagram-to-stream converters, - * and they abstract away the following two tasks from the user: - * 1. The pointer arithmetic of stepping through a producer- - * provided chunk in smaller chunks. - * 2. The merging of incoming data chunks in case the - * consumer requests data in larger chunks than what the - * producer provides. - * - * The basic abstract flow of operation is the following: - * - Initially, the reader is in 'producing mode'. - * - The producer hands an incoming data buffer to the reader, - * moving it from 'producing' to 'consuming' mode. - * - The consumer subsequently fetches and processes the buffer - * content. Once that's done -- or partially done and a consumer's - * request can't be fulfilled -- the producer revokes the reader's - * access to the incoming data buffer, putting the reader back to - * producing mode. - * - The producer subsequently gathers more incoming data and hands - * it to the reader until it switches back to consuming mode - * if enough data is available for the last consumer request to - * be satisfiable. - * - Repeat the above. - * - * The abstract states of the reader from the producer's and - * consumer's perspective are as follows: - * - * - From the perspective of the consumer, the state of the - * reader consists of the following: - * - A byte stream representing (concatenation of) the data - * received through calls to mbedtls_mps_reader_get(), - * - A marker within that byte stream indicating which data - * can be considered processed, and hence need not be retained, - * when the reader is passed back to the producer via - * mbedtls_mps_reader_reclaim(). - * The marker is set via mbedtls_mps_reader_commit() - * which places it at the end of the current byte stream. - * The consumer need not be aware of the distinction between consumer - * and producer mode, because it only interfaces with the reader - * when the latter is in consuming mode. - * - * - From the perspective of the producer, the reader's state is one of: - * - Attached: The reader is in consuming mode. - * - Unset: No incoming data buffer is currently managed by the reader, - * and all previously handed incoming data buffers have been - * fully processed. More data needs to be fed into the reader - * via mbedtls_mps_reader_feed(). - * - * - Accumulating: No incoming data buffer is currently managed by the - * reader, but some data from the previous incoming data - * buffer hasn't been processed yet and is internally - * held back. - * The Attached state belongs to consuming mode, while the Unset and - * Accumulating states belong to producing mode. - * - * Transitioning from the Unset or Accumulating state to Attached is - * done via successful calls to mbedtls_mps_reader_feed(), while - * transitioning from Attached to either Unset or Accumulating (depending - * on what has been processed) is done via mbedtls_mps_reader_reclaim(). - * - * The following diagram depicts the producer-state progression: - * - * +------------------+ reclaim - * | Unset +<-------------------------------------+ get - * +--------|---------+ | +------+ - * | | | | - * | | | | - * | feed +---------+---+--+ | - * +--------------------------------------> <---+ - * | Attached | - * +--------------------------------------> <---+ - * | feed, enough data available +---------+---+--+ | - * | to serve previous consumer request | | | - * | | | | - * +--------+---------+ | +------+ - * +----> Accumulating |<-------------------------------------+ commit - * | +---+--------------+ reclaim, previous read request - * | | couldn't be fulfilled - * | | - * +--------+ - * feed, need more data to serve - * previous consumer request - * | - * | - * producing mode | consuming mode - * | - * - */ - -#ifndef MBEDTLS_READER_H -#define MBEDTLS_READER_H - -#include - -#include "mps_common.h" -#include "mps_error.h" - -struct mbedtls_mps_reader; -typedef struct mbedtls_mps_reader mbedtls_mps_reader; - -/* - * Structure definitions - */ - -struct mbedtls_mps_reader { - unsigned char *frag; /*!< The fragment of incoming data managed by - * the reader; it is provided to the reader - * through mbedtls_mps_reader_feed(). The reader - * does not own the fragment and does not - * perform any allocation operations on it, - * but does have read and write access to it. - * - * The reader is in consuming mode if - * and only if \c frag is not \c NULL. */ - mbedtls_mps_stored_size_t frag_len; - /*!< The length of the current fragment. - * Must be 0 if \c frag == \c NULL. */ - mbedtls_mps_stored_size_t commit; - /*!< The offset of the last commit, relative - * to the first byte in the fragment, if - * no accumulator is present. If an accumulator - * is present, it is viewed as a prefix to the - * current fragment, and this variable contains - * an offset from the beginning of the accumulator. - * - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ - mbedtls_mps_stored_size_t end; - /*!< The offset of the end of the last chunk - * passed to the user through a call to - * mbedtls_mps_reader_get(), relative to the first - * byte in the fragment, if no accumulator is - * present. If an accumulator is present, it is - * viewed as a prefix to the current fragment, and - * this variable contains an offset from the - * beginning of the accumulator. - * - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ - mbedtls_mps_stored_size_t pending; - /*!< The amount of incoming data missing on the - * last call to mbedtls_mps_reader_get(). - * In particular, it is \c 0 if the last call - * was successful. - * If a reader is reclaimed after an - * unsuccessful call to mbedtls_mps_reader_get(), - * this variable is used to have the reader - * remember how much data should be accumulated - * so that the call to mbedtls_mps_reader_get() - * succeeds next time. - * This is only used when the reader is in - * consuming mode, i.e. \c frag != \c NULL; - * otherwise, its value is \c 0. */ - - /* The accumulator is only needed if we need to be able to pause - * the reader. A few bytes could be saved by moving this to a - * separate struct and using a pointer here. */ - - unsigned char *acc; /*!< The accumulator is used to gather incoming - * data if a read-request via mbedtls_mps_reader_get() - * cannot be served from the current fragment. */ - mbedtls_mps_stored_size_t acc_len; - /*!< The total size of the accumulator. */ - mbedtls_mps_stored_size_t acc_available; - /*!< The number of bytes currently gathered in - * the accumulator. This is both used in - * producing and in consuming mode: - * While producing, it is increased until - * it reaches the value of \c acc_remaining below. - * While consuming, it is used to judge if a - * get request can be served from the - * accumulator or not. - * Must not be larger than \c acc_len. */ - union { - mbedtls_mps_stored_size_t acc_remaining; - /*!< This indicates the amount of data still - * to be gathered in the accumulator. It is - * only used in producing mode. - * Must be at most acc_len - acc_available. */ - mbedtls_mps_stored_size_t frag_offset; - /*!< If an accumulator is present and in use, this - * field indicates the offset of the current - * fragment from the beginning of the - * accumulator. If no accumulator is present - * or the accumulator is not in use, this is \c 0. - * It is only used in consuming mode. - * Must not be larger than \c acc_available. */ - } acc_share; -}; - -/* - * API organization: - * A reader object is usually prepared and maintained - * by some lower layer and passed for usage to an upper - * layer, and the API naturally splits according to which - * layer is supposed to use the respective functions. - */ - -/* - * Maintenance API (Lower layer) - */ - -/** - * \brief Initialize a reader object - * - * \param reader The reader to be initialized. - * \param acc The buffer to be used as a temporary accumulator - * in case get requests through mbedtls_mps_reader_get() - * exceed the buffer provided by mbedtls_mps_reader_feed(). - * This buffer is owned by the caller and exclusive use - * for reading and writing is given to the reader for the - * duration of the reader's lifetime. It is thus the caller's - * responsibility to maintain (and not touch) the buffer for - * the lifetime of the reader, and to properly zeroize and - * free the memory after the reader has been destroyed. - * \param acc_len The size in Bytes of \p acc. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - */ -int mbedtls_mps_reader_init(mbedtls_mps_reader *reader, - unsigned char *acc, - mbedtls_mps_size_t acc_len); - -/** - * \brief Free a reader object - * - * \param reader The reader to be freed. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - */ -int mbedtls_mps_reader_free(mbedtls_mps_reader *reader); - -/** - * \brief Pass chunk of data for the reader to manage. - * - * \param reader The reader context to use. The reader must be - * in producing mode. - * \param buf The buffer to be managed by the reader. - * \param buflen The size in Bytes of \p buffer. - * - * \return \c 0 on success. In this case, the reader will be - * moved to consuming mode and obtains read access - * of \p buf until mbedtls_mps_reader_reclaim() - * is called. It is the responsibility of the caller - * to ensure that the \p buf persists and is not changed - * between successful calls to mbedtls_mps_reader_feed() - * and mbedtls_mps_reader_reclaim(). - * \return \c MBEDTLS_ERR_MPS_READER_NEED_MORE if more input data is - * required to fulfill a previous request to mbedtls_mps_reader_get(). - * In this case, the reader remains in producing mode and - * takes no ownership of the provided buffer (an internal copy - * is made instead). - * \return Another negative \c MBEDTLS_ERR_READER_XXX error code on - * different kinds of failures. - */ -int mbedtls_mps_reader_feed(mbedtls_mps_reader *reader, - unsigned char *buf, - mbedtls_mps_size_t buflen); - -/** - * \brief Reclaim reader's access to the current input buffer. - * - * \param reader The reader context to use. The reader must be - * in consuming mode. - * \param paused If not \c NULL, the integer at address \p paused will be - * modified to indicate whether the reader has been paused - * (value \c 1) or not (value \c 0). Pausing happens if there - * is uncommitted data and a previous request to - * mbedtls_mps_reader_get() has exceeded the bounds of the - * input buffer. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - */ -int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *reader, - int *paused); - -/* - * Usage API (Upper layer) - */ - -/** - * \brief Request data from the reader. - * - * \param reader The reader context to use. The reader must - * be in consuming mode. - * \param desired The desired amount of data to be read, in Bytes. - * \param buffer The address to store the buffer pointer in. - * This must not be \c NULL. - * \param buflen The address to store the actual buffer - * length in, or \c NULL. - * - * \return \c 0 on success. In this case, \c *buf holds the - * address of a buffer of size \c *buflen - * (if \c buflen != \c NULL) or \c desired - * (if \c buflen == \c NULL). The user has read access - * to the buffer and guarantee of stability of the data - * until the next call to mbedtls_mps_reader_reclaim(). - * \return #MBEDTLS_ERR_MPS_READER_OUT_OF_DATA if there is not enough - * data available to serve the get request. In this case, the - * reader remains intact and in consuming mode, and the consumer - * should retry the call after a successful cycle of - * mbedtls_mps_reader_reclaim() and mbedtls_mps_reader_feed(). - * If, after such a cycle, the consumer requests a different - * amount of data, the result is implementation-defined; - * progress is guaranteed only if the same amount of data - * is requested after a mbedtls_mps_reader_reclaim() and - * mbedtls_mps_reader_feed() cycle. - * \return Another negative \c MBEDTLS_ERR_READER_XXX error - * code for different kinds of failure. - * - * \note Passing \c NULL as \p buflen is a convenient way to - * indicate that fragmentation is not tolerated. - * It's functionally equivalent to passing a valid - * address as buflen and checking \c *buflen == \c desired - * afterwards. - */ -int mbedtls_mps_reader_get(mbedtls_mps_reader *reader, - mbedtls_mps_size_t desired, - unsigned char **buffer, - mbedtls_mps_size_t *buflen); - -/** - * \brief Mark data obtained from mbedtls_mps_reader_get() as processed. - * - * This call indicates that all data received from prior calls to - * mbedtls_mps_reader_get() has been or will have been - * processed when mbedtls_mps_reader_reclaim() is called, - * and thus need not be backed up. - * - * This function has no user observable effect until - * mbedtls_mps_reader_reclaim() is called. In particular, - * buffers received from mbedtls_mps_reader_get() remain - * valid until mbedtls_mps_reader_reclaim() is called. - * - * \param reader The reader context to use. - * - * \return \c 0 on success. - * \return A negative \c MBEDTLS_ERR_READER_XXX error code on failure. - * - */ -int mbedtls_mps_reader_commit(mbedtls_mps_reader *reader); - -#endif /* MBEDTLS_READER_H */ diff --git a/library/mps_trace.c b/library/mps_trace.c deleted file mode 100644 index 98449b5f77..0000000000 --- a/library/mps_trace.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Message Processing Stack, Trace module - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "mps_common.h" - -#if defined(MBEDTLS_MPS_ENABLE_TRACE) - -#include "mps_trace.h" -#include - -static int trace_depth = 0; - -#define color_default "\x1B[0m" -#define color_red "\x1B[1;31m" -#define color_green "\x1B[1;32m" -#define color_yellow "\x1B[1;33m" -#define color_blue "\x1B[1;34m" -#define color_magenta "\x1B[1;35m" -#define color_cyan "\x1B[1;36m" -#define color_white "\x1B[1;37m" - -static char const *colors[] = -{ - color_default, - color_green, - color_yellow, - color_magenta, - color_cyan, - color_blue, - color_white -}; - -#define MPS_TRACE_BUF_SIZE 100 - -void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...) -{ - int ret; - char str[MPS_TRACE_BUF_SIZE]; - va_list argp; - va_start(argp, format); - ret = mbedtls_vsnprintf(str, MPS_TRACE_BUF_SIZE, format, argp); - va_end(argp); - - if (ret >= 0 && ret < MPS_TRACE_BUF_SIZE) { - str[ret] = '\0'; - mbedtls_printf("[%d|L%d]: %s\n", id, line, str); - } -} - -int mbedtls_mps_trace_get_depth() -{ - return trace_depth; -} -void mbedtls_mps_trace_dec_depth() -{ - trace_depth--; -} -void mbedtls_mps_trace_inc_depth() -{ - trace_depth++; -} - -void mbedtls_mps_trace_color(int id) -{ - if (id > (int) (sizeof(colors) / sizeof(*colors))) { - return; - } - printf("%s", colors[id]); -} - -void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty) -{ - if (level > 0) { - while (--level) { - printf("| "); - } - - printf("| "); - } - - switch (ty) { - case MBEDTLS_MPS_TRACE_TYPE_COMMENT: - mbedtls_printf("@ "); - break; - - case MBEDTLS_MPS_TRACE_TYPE_CALL: - mbedtls_printf("+--> "); - break; - - case MBEDTLS_MPS_TRACE_TYPE_ERROR: - mbedtls_printf("E "); - break; - - case MBEDTLS_MPS_TRACE_TYPE_RETURN: - mbedtls_printf("< "); - break; - - default: - break; - } -} - -#endif /* MBEDTLS_MPS_ENABLE_TRACE */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/mps_trace.h b/library/mps_trace.h deleted file mode 100644 index ac2b75f6ba..0000000000 --- a/library/mps_trace.h +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * \file mps_trace.h - * - * \brief Tracing module for MPS - */ - -#ifndef MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H -#define MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H - -#include "ssl_misc.h" -#include "mps_common.h" -#include "mps_trace.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MPS_ENABLE_TRACE) - -/* - * Adapt this to enable/disable tracing output - * from the various layers of the MPS. - */ - -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_1 -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_2 -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_3 -#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_4 -#define MBEDTLS_MPS_TRACE_ENABLE_READER -#define MBEDTLS_MPS_TRACE_ENABLE_WRITER - -/* - * To use the existing trace module, only change - * MBEDTLS_MPS_TRACE_ENABLE_XXX above, but don't modify the - * rest of this file. - */ - -typedef enum { - MBEDTLS_MPS_TRACE_TYPE_COMMENT, - MBEDTLS_MPS_TRACE_TYPE_CALL, - MBEDTLS_MPS_TRACE_TYPE_ERROR, - MBEDTLS_MPS_TRACE_TYPE_RETURN -} mbedtls_mps_trace_type; - -#define MBEDTLS_MPS_TRACE_BIT_LAYER_1 1 -#define MBEDTLS_MPS_TRACE_BIT_LAYER_2 2 -#define MBEDTLS_MPS_TRACE_BIT_LAYER_3 3 -#define MBEDTLS_MPS_TRACE_BIT_LAYER_4 4 -#define MBEDTLS_MPS_TRACE_BIT_WRITER 5 -#define MBEDTLS_MPS_TRACE_BIT_READER 6 - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_1) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_2) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_3) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_4) -#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4) -#else -#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_READER) -#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER) -#else -#define MBEDTLS_MPS_TRACE_MASK_READER 0 -#endif - -#if defined(MBEDTLS_MPS_TRACE_ENABLE_WRITER) -#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER) -#else -#define MBEDTLS_MPS_TRACE_MASK_WRITER 0 -#endif - -#define MBEDTLS_MPS_TRACE_MASK (MBEDTLS_MPS_TRACE_MASK_LAYER_1 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_2 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_3 | \ - MBEDTLS_MPS_TRACE_MASK_LAYER_4 | \ - MBEDTLS_MPS_TRACE_MASK_READER | \ - MBEDTLS_MPS_TRACE_MASK_WRITER) - -/* We have to avoid globals because E-ACSL chokes on them... - * Wrap everything in stub functions. */ -int mbedtls_mps_trace_get_depth(void); -void mbedtls_mps_trace_inc_depth(void); -void mbedtls_mps_trace_dec_depth(void); - -void mbedtls_mps_trace_color(int id); -void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty); - -void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...); - -#define MBEDTLS_MPS_TRACE(type, ...) \ - do { \ - if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ - break; \ - mbedtls_mps_trace_indent(mbedtls_mps_trace_get_depth(), type); \ - mbedtls_mps_trace_color(mbedtls_mps_trace_id); \ - mbedtls_mps_trace_print_msg(mbedtls_mps_trace_id, __LINE__, __VA_ARGS__); \ - mbedtls_mps_trace_color(0); \ - } while (0) - -#define MBEDTLS_MPS_TRACE_INIT(...) \ - do { \ - if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ - break; \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__); \ - mbedtls_mps_trace_inc_depth(); \ - } while (0) - -#define MBEDTLS_MPS_TRACE_END(val) \ - do { \ - if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \ - break; \ - MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)", \ - (int) (val), -((unsigned) (val))); \ - mbedtls_mps_trace_dec_depth(); \ - } while (0) - -#define MBEDTLS_MPS_TRACE_RETURN(val) \ - do { \ - /* Breaks tail recursion. */ \ - int ret__ = val; \ - MBEDTLS_MPS_TRACE_END(ret__); \ - return ret__; \ - } while (0) - -#else /* MBEDTLS_MPS_TRACE */ - -#define MBEDTLS_MPS_TRACE(type, ...) do { } while (0) -#define MBEDTLS_MPS_TRACE_INIT(...) do { } while (0) -#define MBEDTLS_MPS_TRACE_END do { } while (0) - -#define MBEDTLS_MPS_TRACE_RETURN(val) return val; - -#endif /* MBEDTLS_MPS_TRACE */ - -#endif /* MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H */ diff --git a/library/net_sockets.c b/library/net_sockets.c deleted file mode 100644 index ca70f3797b..0000000000 --- a/library/net_sockets.c +++ /dev/null @@ -1,696 +0,0 @@ -/* - * TCP/IP or UDP/IP networking functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must - * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ -#ifndef _POSIX_C_SOURCE -#define _POSIX_C_SOURCE 200112L -#endif -#ifndef _XOPEN_SOURCE -#define _XOPEN_SOURCE 600 /* sockaddr_storage */ -#endif - -#include "ssl_misc.h" - -#if defined(MBEDTLS_NET_C) - -#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) -#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in mbedtls_config.h" -#endif - -#include "mbedtls/platform.h" - -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" - -#include - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - -#define IS_EINTR(ret) ((ret) == WSAEINTR) - -#include - -#include -#include -#if (_WIN32_WINNT < 0x0501) -#include -#endif - -#if defined(_MSC_VER) -#if defined(_WIN32_WCE) -#pragma comment( lib, "ws2.lib" ) -#else -#pragma comment( lib, "ws2_32.lib" ) -#endif -#endif /* _MSC_VER */ - -#define read(fd, buf, len) recv(fd, (char *) (buf), (int) (len), 0) -#define write(fd, buf, len) send(fd, (char *) (buf), (int) (len), 0) -#define close(fd) closesocket(fd) - -static int wsa_init_done = 0; - -#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define IS_EINTR(ret) ((ret) == EINTR) -#define SOCKET int - -#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -/* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard functions use socklen_t, so cast only for MSVC */ -#if defined(_MSC_VER) -#define MSVC_INT_CAST (int) -#else -#define MSVC_INT_CAST -#endif - -#include - -#if defined(MBEDTLS_HAVE_TIME) -#include -#endif - -#include - -/* - * Prepare for using the sockets interface - */ -static int net_prepare(void) -{ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - WSADATA wsaData; - - if (wsa_init_done == 0) { - if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) { - return MBEDTLS_ERR_NET_SOCKET_FAILED; - } - - wsa_init_done = 1; - } -#else -#if !defined(EFIX64) && !defined(EFI32) - signal(SIGPIPE, SIG_IGN); -#endif -#endif - return 0; -} - -/* - * Return 0 if the file descriptor is valid, an error otherwise. - * If for_select != 0, check whether the file descriptor is within the range - * allowed for fd_set used for the FD_xxx macros and the select() function. - */ -static int check_fd(int fd, int for_select) -{ - if (fd < 0) { - return MBEDTLS_ERR_NET_INVALID_CONTEXT; - } - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - (void) for_select; -#else - /* A limitation of select() is that it only works with file descriptors - * that are strictly less than FD_SETSIZE. This is a limitation of the - * fd_set type. Error out early, because attempting to call FD_SET on a - * large file descriptor is a buffer overflow on typical platforms. */ - if (for_select && fd >= FD_SETSIZE) { - return MBEDTLS_ERR_NET_POLL_FAILED; - } -#endif - - return 0; -} - -/* - * Initialize a context - */ -void mbedtls_net_init(mbedtls_net_context *ctx) -{ - ctx->fd = -1; -} - -/* - * Initiate a TCP connection with host:port and the given protocol - */ -int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, - const char *port, int proto) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - struct addrinfo hints, *addr_list, *cur; - - if ((ret = net_prepare()) != 0) { - return ret; - } - - /* Do name resolution with both IPv6 and IPv4 */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; - hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - - if (getaddrinfo(host, port, &hints, &addr_list) != 0) { - return MBEDTLS_ERR_NET_UNKNOWN_HOST; - } - - /* Try the sockaddrs until a connection succeeds */ - ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for (cur = addr_list; cur != NULL; cur = cur->ai_next) { - ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, - cur->ai_protocol); - if (ctx->fd < 0) { - ret = MBEDTLS_ERR_NET_SOCKET_FAILED; - continue; - } - - if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) { - ret = 0; - break; - } - - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_CONNECT_FAILED; - } - - freeaddrinfo(addr_list); - - return ret; -} - -/* - * Create a listening socket on bind_ip:port - */ -int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto) -{ - int n, ret; - struct addrinfo hints, *addr_list, *cur; - - if ((ret = net_prepare()) != 0) { - return ret; - } - - /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; - hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if (bind_ip == NULL) { - hints.ai_flags = AI_PASSIVE; - } - - if (getaddrinfo(bind_ip, port, &hints, &addr_list) != 0) { - return MBEDTLS_ERR_NET_UNKNOWN_HOST; - } - - /* Try the sockaddrs until a binding succeeds */ - ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for (cur = addr_list; cur != NULL; cur = cur->ai_next) { - ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, - cur->ai_protocol); - if (ctx->fd < 0) { - ret = MBEDTLS_ERR_NET_SOCKET_FAILED; - continue; - } - - n = 1; - if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &n, sizeof(n)) != 0) { - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_SOCKET_FAILED; - continue; - } - - if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) { - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_BIND_FAILED; - continue; - } - - /* Listen only makes sense for TCP */ - if (proto == MBEDTLS_NET_PROTO_TCP) { - if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) { - mbedtls_net_close(ctx); - ret = MBEDTLS_ERR_NET_LISTEN_FAILED; - continue; - } - } - - /* Bind was successful */ - ret = 0; - break; - } - - freeaddrinfo(addr_list); - - return ret; - -} - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) -/* - * Check if the requested operation would be blocking on a non-blocking socket - * and thus 'failed' with a negative return value. - */ -static int net_would_block(const mbedtls_net_context *ctx) -{ - ((void) ctx); - return WSAGetLastError() == WSAEWOULDBLOCK; -} -#else -/* - * Check if the requested operation would be blocking on a non-blocking socket - * and thus 'failed' with a negative return value. - * - * Note: on a blocking socket this function always returns 0! - */ -static int net_would_block(const mbedtls_net_context *ctx) -{ - int err = errno; - - /* - * Never return 'WOULD BLOCK' on a blocking socket - */ - if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) { - errno = err; - return 0; - } - - switch (errno = err) { -#if defined EAGAIN - case EAGAIN: -#endif -#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN - case EWOULDBLOCK: -#endif - return 1; - } - return 0; -} -#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -/* - * Accept a connection from a remote client - */ -int mbedtls_net_accept(mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *cip_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int type; - - struct sockaddr_storage client_addr; - -#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ - defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) - socklen_t n = (socklen_t) sizeof(client_addr); - socklen_t type_len = (socklen_t) sizeof(type); -#else - int n = (int) sizeof(client_addr); - int type_len = (int) sizeof(type); -#endif - - /* Is this a TCP or UDP socket? */ - if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE, - (void *) &type, &type_len) != 0 || - (type != SOCK_STREAM && type != SOCK_DGRAM)) { - return MBEDTLS_ERR_NET_ACCEPT_FAILED; - } - - if (type == SOCK_STREAM) { - /* TCP: actual accept() */ - ret = client_ctx->fd = (int) accept(bind_ctx->fd, - (struct sockaddr *) &client_addr, &n); - } else { - /* UDP: wait for a message, but keep it in the queue */ - char buf[1] = { 0 }; - - ret = (int) recvfrom(bind_ctx->fd, buf, sizeof(buf), MSG_PEEK, - (struct sockaddr *) &client_addr, &n); - -#if defined(_WIN32) - if (ret == SOCKET_ERROR && - WSAGetLastError() == WSAEMSGSIZE) { - /* We know buf is too small, thanks, just peeking here */ - ret = 0; - } -#endif - } - - if (ret < 0) { - if (net_would_block(bind_ctx) != 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - return MBEDTLS_ERR_NET_ACCEPT_FAILED; - } - - /* UDP: hijack the listening socket to communicate with the client, - * then bind a new socket to accept new connections */ - if (type != SOCK_STREAM) { - struct sockaddr_storage local_addr; - int one = 1; - - if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) { - return MBEDTLS_ERR_NET_ACCEPT_FAILED; - } - - client_ctx->fd = bind_ctx->fd; - bind_ctx->fd = -1; /* In case we exit early */ - - n = sizeof(struct sockaddr_storage); - if (getsockname(client_ctx->fd, - (struct sockaddr *) &local_addr, &n) != 0 || - (bind_ctx->fd = (int) socket(local_addr.ss_family, - SOCK_DGRAM, IPPROTO_UDP)) < 0 || - setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &one, sizeof(one)) != 0) { - return MBEDTLS_ERR_NET_SOCKET_FAILED; - } - - if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) { - return MBEDTLS_ERR_NET_BIND_FAILED; - } - } - - if (client_ip != NULL) { - if (client_addr.ss_family == AF_INET) { - struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; - *cip_len = sizeof(addr4->sin_addr.s_addr); - - if (buf_size < *cip_len) { - return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; - } - - memcpy(client_ip, &addr4->sin_addr.s_addr, *cip_len); - } else { - struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr; - *cip_len = sizeof(addr6->sin6_addr.s6_addr); - - if (buf_size < *cip_len) { - return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; - } - - memcpy(client_ip, &addr6->sin6_addr.s6_addr, *cip_len); - } - } - - return 0; -} - -/* - * Set the socket blocking or non-blocking - */ -int mbedtls_net_set_block(mbedtls_net_context *ctx) -{ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - u_long n = 0; - return ioctlsocket(ctx->fd, FIONBIO, &n); -#else - return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) & ~O_NONBLOCK); -#endif -} - -int mbedtls_net_set_nonblock(mbedtls_net_context *ctx) -{ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - u_long n = 1; - return ioctlsocket(ctx->fd, FIONBIO, &n); -#else - return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) | O_NONBLOCK); -#endif -} - -/* - * Check if data is available on the socket - */ - -int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - struct timeval tv; - - fd_set read_fds; - fd_set write_fds; - - int fd = ctx->fd; - - ret = check_fd(fd, 1); - if (ret != 0) { - return ret; - } - -#if defined(__has_feature) -#if __has_feature(memory_sanitizer) - /* Ensure that memory sanitizers consider read_fds and write_fds as - * initialized even on platforms such as Glibc/x86_64 where FD_ZERO - * is implemented in assembly. */ - memset(&read_fds, 0, sizeof(read_fds)); - memset(&write_fds, 0, sizeof(write_fds)); -#endif -#endif - - FD_ZERO(&read_fds); - if (rw & MBEDTLS_NET_POLL_READ) { - rw &= ~MBEDTLS_NET_POLL_READ; - FD_SET((SOCKET) fd, &read_fds); - } - - FD_ZERO(&write_fds); - if (rw & MBEDTLS_NET_POLL_WRITE) { - rw &= ~MBEDTLS_NET_POLL_WRITE; - FD_SET((SOCKET) fd, &write_fds); - } - - if (rw != 0) { - return MBEDTLS_ERR_NET_BAD_INPUT_DATA; - } - - tv.tv_sec = timeout / 1000; - tv.tv_usec = (timeout % 1000) * 1000; - - do { - ret = select(fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1 ? NULL : &tv); - } while (IS_EINTR(ret)); - - if (ret < 0) { - return MBEDTLS_ERR_NET_POLL_FAILED; - } - - ret = 0; - if (FD_ISSET(fd, &read_fds)) { - ret |= MBEDTLS_NET_POLL_READ; - } - if (FD_ISSET(fd, &write_fds)) { - ret |= MBEDTLS_NET_POLL_WRITE; - } - - return ret; -} - -/* - * Portable usleep helper - */ -void mbedtls_net_usleep(unsigned long usec) -{ -#if defined(_WIN32) - Sleep((usec + 999) / 1000); -#else - struct timeval tv; - tv.tv_sec = usec / 1000000; -#if (defined(__unix__) || defined(__unix) || \ - (defined(__APPLE__) && defined(__MACH__))) && !defined(__DJGPP__) - tv.tv_usec = (suseconds_t) usec % 1000000; -#else - tv.tv_usec = usec % 1000000; -#endif - select(0, NULL, NULL, NULL, &tv); -#endif -} - -/* - * Read at most 'len' characters - */ -int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int fd = ((mbedtls_net_context *) ctx)->fd; - - ret = check_fd(fd, 0); - if (ret != 0) { - return ret; - } - - ret = (int) read(fd, buf, len); - - if (ret < 0) { - if (net_would_block(ctx) != 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - if (WSAGetLastError() == WSAECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } -#else - if (errno == EPIPE || errno == ECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } - - if (errno == EINTR) { - return MBEDTLS_ERR_SSL_WANT_READ; - } -#endif - - return MBEDTLS_ERR_NET_RECV_FAILED; - } - - return ret; -} - -/* - * Read at most 'len' characters, blocking for at most 'timeout' ms - */ -int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, - size_t len, uint32_t timeout) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - struct timeval tv; - fd_set read_fds; - int fd = ((mbedtls_net_context *) ctx)->fd; - - ret = check_fd(fd, 1); - if (ret != 0) { - return ret; - } - - FD_ZERO(&read_fds); - FD_SET((SOCKET) fd, &read_fds); - - tv.tv_sec = timeout / 1000; - tv.tv_usec = (timeout % 1000) * 1000; - - ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv); - - /* Zero fds ready means we timed out */ - if (ret == 0) { - return MBEDTLS_ERR_SSL_TIMEOUT; - } - - if (ret < 0) { -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - if (WSAGetLastError() == WSAEINTR) { - return MBEDTLS_ERR_SSL_WANT_READ; - } -#else - if (errno == EINTR) { - return MBEDTLS_ERR_SSL_WANT_READ; - } -#endif - - return MBEDTLS_ERR_NET_RECV_FAILED; - } - - /* This call will not block */ - return mbedtls_net_recv(ctx, buf, len); -} - -/* - * Write at most 'len' characters - */ -int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int fd = ((mbedtls_net_context *) ctx)->fd; - - ret = check_fd(fd, 0); - if (ret != 0) { - return ret; - } - - ret = (int) write(fd, buf, len); - - if (ret < 0) { - if (net_would_block(ctx) != 0) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) - if (WSAGetLastError() == WSAECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } -#else - if (errno == EPIPE || errno == ECONNRESET) { - return MBEDTLS_ERR_NET_CONN_RESET; - } - - if (errno == EINTR) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } -#endif - - return MBEDTLS_ERR_NET_SEND_FAILED; - } - - return ret; -} - -/* - * Close the connection - */ -void mbedtls_net_close(mbedtls_net_context *ctx) -{ - if (ctx->fd == -1) { - return; - } - - close(ctx->fd); - - ctx->fd = -1; -} - -/* - * Gracefully close the connection - */ -void mbedtls_net_free(mbedtls_net_context *ctx) -{ - if (ctx == NULL || ctx->fd == -1) { - return; - } - - shutdown(ctx->fd, 2); - close(ctx->fd); - - ctx->fd = -1; -} - -#endif /* MBEDTLS_NET_C */ diff --git a/library/pkcs7.c b/library/pkcs7.c deleted file mode 100644 index 2cc7812bf0..0000000000 --- a/library/pkcs7.c +++ /dev/null @@ -1,772 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#include "x509_internal.h" - -#if defined(MBEDTLS_PKCS7_C) -#include "mbedtls/pkcs7.h" -#include "mbedtls/asn1.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" -#include "mbedtls/error.h" - -#if defined(MBEDTLS_FS_IO) -#include -#include -#endif - -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#if defined(MBEDTLS_HAVE_TIME_DATE) -#include -#endif - -/** - * Initializes the mbedtls_pkcs7 structure. - */ -void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7) -{ - memset(pkcs7, 0, sizeof(*pkcs7)); -} - -static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end, - size_t *len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_CONTEXT_SPECIFIC); - if (ret != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } else if ((size_t) (end - *p) != *len) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return ret; -} - -/** - * version Version - * Version ::= INTEGER - **/ -static int pkcs7_get_version(unsigned char **p, unsigned char *end, int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_asn1_get_int(p, end, ver); - if (ret != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_VERSION, ret); - } - - /* If version != 1, return invalid version */ - if (*ver != MBEDTLS_PKCS7_SUPPORTED_VERSION) { - ret = MBEDTLS_ERR_PKCS7_INVALID_VERSION; - } - - return ret; -} - -/** - * ContentInfo ::= SEQUENCE { - * contentType ContentType, - * content - * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } - **/ -static int pkcs7_get_content_info_type(unsigned char **p, unsigned char *end, - unsigned char **seq_end, - mbedtls_pkcs7_buf *pkcs7) -{ - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *start = *p; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - *p = start; - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - *seq_end = *p + len; - ret = mbedtls_asn1_get_tag(p, *seq_end, &len, MBEDTLS_ASN1_OID); - if (ret != 0) { - *p = start; - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - - pkcs7->tag = MBEDTLS_ASN1_OID; - pkcs7->len = len; - pkcs7->p = *p; - *p += len; - - return ret; -} - -/** - * DigestAlgorithmIdentifier ::= AlgorithmIdentifier - * - * This is from x509.h - **/ -static int pkcs7_get_digest_algorithm(unsigned char **p, unsigned char *end, - mbedtls_x509_buf *alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret); - } - - return ret; -} - -/** - * DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier - **/ -static int pkcs7_get_digest_algorithm_set(unsigned char **p, - unsigned char *end, - mbedtls_x509_buf *alg) -{ - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SET); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret); - } - - end = *p + len; - - ret = mbedtls_asn1_get_alg_null(p, end, alg); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret); - } - - /** For now, it assumes there is only one digest algorithm specified **/ - if (*p != end) { - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } - - return 0; -} - -/** - * certificates :: SET OF ExtendedCertificateOrCertificate, - * ExtendedCertificateOrCertificate ::= CHOICE { - * certificate Certificate -- x509, - * extendedCertificate[0] IMPLICIT ExtendedCertificate } - * Return number of certificates added to the signed data, - * 0 or higher is valid. - * Return negative error code for failure. - **/ -static int pkcs7_get_certificates(unsigned char **p, unsigned char *end, - mbedtls_x509_crt *certs) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len1 = 0; - size_t len2 = 0; - unsigned char *end_set, *end_cert, *start; - - ret = mbedtls_asn1_get_tag(p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_CONTEXT_SPECIFIC); - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return 0; - } - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); - } - start = *p; - end_set = *p + len1; - - ret = mbedtls_asn1_get_tag(p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CERT, ret); - } - - end_cert = *p + len2; - - /* - * This is to verify that there is only one signer certificate. It seems it is - * not easy to differentiate between the chain vs different signer's certificate. - * So, we support only the root certificate and the single signer. - * The behaviour would be improved with addition of multiple signer support. - */ - if (end_cert != end_set) { - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } - - if ((ret = mbedtls_x509_crt_parse_der(certs, start, len1)) < 0) { - return MBEDTLS_ERR_PKCS7_INVALID_CERT; - } - - *p = end_cert; - - /* - * Since in this version we strictly support single certificate, and reaching - * here implies we have parsed successfully, we return 1. - */ - return 1; -} - -/** - * EncryptedDigest ::= OCTET STRING - **/ -static int pkcs7_get_signature(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_buf *signature) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING); - if (ret != 0) { - return ret; - } - - signature->tag = MBEDTLS_ASN1_OCTET_STRING; - signature->len = len; - signature->p = *p; - - *p = *p + len; - - return 0; -} - -static void pkcs7_free_signer_info(mbedtls_pkcs7_signer_info *signer) -{ - mbedtls_x509_name *name_cur; - mbedtls_x509_name *name_prv; - - if (signer == NULL) { - return; - } - - name_cur = signer->issuer.next; - while (name_cur != NULL) { - name_prv = name_cur; - name_cur = name_cur->next; - mbedtls_free(name_prv); - } - signer->issuer.next = NULL; -} - -/** - * SignerInfo ::= SEQUENCE { - * version Version; - * issuerAndSerialNumber IssuerAndSerialNumber, - * digestAlgorithm DigestAlgorithmIdentifier, - * authenticatedAttributes - * [0] IMPLICIT Attributes OPTIONAL, - * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, - * encryptedDigest EncryptedDigest, - * unauthenticatedAttributes - * [1] IMPLICIT Attributes OPTIONAL, - * Returns 0 if the signerInfo is valid. - * Return negative error code for failure. - * Structure must not contain vales for authenticatedAttributes - * and unauthenticatedAttributes. - **/ -static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_signer_info *signer, - mbedtls_x509_buf *alg) -{ - unsigned char *end_signer, *end_issuer_and_sn; - int asn1_ret = 0, ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - asn1_ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (asn1_ret != 0) { - goto out; - } - - end_signer = *p + len; - - ret = pkcs7_get_version(p, end_signer, &signer->version); - if (ret != 0) { - goto out; - } - - asn1_ret = mbedtls_asn1_get_tag(p, end_signer, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (asn1_ret != 0) { - goto out; - } - - end_issuer_and_sn = *p + len; - /* Parsing IssuerAndSerialNumber */ - signer->issuer_raw.p = *p; - - asn1_ret = mbedtls_asn1_get_tag(p, end_issuer_and_sn, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (asn1_ret != 0) { - goto out; - } - - ret = mbedtls_x509_get_name(p, *p + len, &signer->issuer); - if (ret != 0) { - goto out; - } - - signer->issuer_raw.len = (size_t) (*p - signer->issuer_raw.p); - - ret = mbedtls_x509_get_serial(p, end_issuer_and_sn, &signer->serial); - if (ret != 0) { - goto out; - } - - /* ensure no extra or missing bytes */ - if (*p != end_issuer_and_sn) { - ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; - goto out; - } - - ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->alg_identifier); - if (ret != 0) { - goto out; - } - - /* Check that the digest algorithm used matches the one provided earlier */ - if (signer->alg_identifier.tag != alg->tag || - signer->alg_identifier.len != alg->len || - memcmp(signer->alg_identifier.p, alg->p, alg->len) != 0) { - ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; - goto out; - } - - /* Assume authenticatedAttributes is nonexistent */ - ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->sig_alg_identifier); - if (ret != 0) { - goto out; - } - - ret = pkcs7_get_signature(p, end_signer, &signer->sig); - if (ret != 0) { - goto out; - } - - /* Do not permit any unauthenticated attributes */ - if (*p != end_signer) { - ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; - } - -out: - if (asn1_ret != 0 || ret != 0) { - pkcs7_free_signer_info(signer); - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, - asn1_ret); - } - - return ret; -} - -/** - * SignerInfos ::= SET of SignerInfo - * Return number of signers added to the signed data, - * 0 or higher is valid. - * Return negative error code for failure. - **/ -static int pkcs7_get_signers_info_set(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_signer_info *signers_set, - mbedtls_x509_buf *digest_alg) -{ - unsigned char *end_set; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int count = 0; - size_t len = 0; - - ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SET); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, ret); - } - - /* Detect zero signers */ - if (len == 0) { - return 0; - } - - end_set = *p + len; - - ret = pkcs7_get_signer_info(p, end_set, signers_set, digest_alg); - if (ret != 0) { - return ret; - } - count++; - - mbedtls_pkcs7_signer_info *prev = signers_set; - while (*p != end_set) { - mbedtls_pkcs7_signer_info *signer = - mbedtls_calloc(1, sizeof(mbedtls_pkcs7_signer_info)); - if (!signer) { - ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; - goto cleanup; - } - - ret = pkcs7_get_signer_info(p, end_set, signer, digest_alg); - if (ret != 0) { - mbedtls_free(signer); - goto cleanup; - } - prev->next = signer; - prev = signer; - count++; - } - - return count; - -cleanup: - pkcs7_free_signer_info(signers_set); - mbedtls_pkcs7_signer_info *signer = signers_set->next; - while (signer != NULL) { - prev = signer; - signer = signer->next; - pkcs7_free_signer_info(prev); - mbedtls_free(prev); - } - signers_set->next = NULL; - return ret; -} - -/** - * SignedData ::= SEQUENCE { - * version Version, - * digestAlgorithms DigestAlgorithmIdentifiers, - * contentInfo ContentInfo, - * certificates - * [0] IMPLICIT ExtendedCertificatesAndCertificates - * OPTIONAL, - * crls - * [0] IMPLICIT CertificateRevocationLists OPTIONAL, - * signerInfos SignerInfos } - */ -static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, - mbedtls_pkcs7_signed_data *signed_data) -{ - unsigned char *p = buf; - unsigned char *end = buf + buflen; - unsigned char *end_content_info = NULL; - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_alg; - - ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); - } - - if (p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Get version of signed data */ - ret = pkcs7_get_version(&p, end, &signed_data->version); - if (ret != 0) { - return ret; - } - - /* Get digest algorithm */ - ret = pkcs7_get_digest_algorithm_set(&p, end, - &signed_data->digest_alg_identifiers); - if (ret != 0) { - return ret; - } - - ret = mbedtls_x509_oid_get_md_alg(&signed_data->digest_alg_identifiers, &md_alg); - if (ret != 0) { - return MBEDTLS_ERR_PKCS7_INVALID_ALG; - } - - mbedtls_pkcs7_buf content_type; - memset(&content_type, 0, sizeof(content_type)); - ret = pkcs7_get_content_info_type(&p, end, &end_content_info, &content_type); - if (ret != 0) { - return ret; - } - if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &content_type)) { - return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO; - } - - if (p != end_content_info) { - /* Determine if valid content is present */ - ret = mbedtls_asn1_get_tag(&p, - end_content_info, - &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - p += len; - if (p != end_content_info) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - /* Valid content is present - this is not supported */ - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } - - /* Look for certificates, there may or may not be any */ - mbedtls_x509_crt_init(&signed_data->certs); - ret = pkcs7_get_certificates(&p, end, &signed_data->certs); - if (ret < 0) { - return ret; - } - - signed_data->no_of_certs = ret; - - /* - * Currently CRLs are not supported. If CRL exist, the parsing will fail - * at next step of getting signers info and return error as invalid - * signer info. - */ - - signed_data->no_of_crls = 0; - - /* Get signers info */ - ret = pkcs7_get_signers_info_set(&p, - end, - &signed_data->signers, - &signed_data->digest_alg_identifiers); - if (ret < 0) { - return ret; - } - - signed_data->no_of_signers = ret; - - /* Don't permit trailing data */ - if (p != end) { - return MBEDTLS_ERR_PKCS7_INVALID_FORMAT; - } - - return 0; -} - -int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, - const size_t buflen) -{ - unsigned char *p; - unsigned char *end; - size_t len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (pkcs7 == NULL) { - return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - - /* make an internal copy of the buffer for parsing */ - pkcs7->raw.p = p = mbedtls_calloc(1, buflen); - if (pkcs7->raw.p == NULL) { - ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; - goto out; - } - memcpy(p, buf, buflen); - pkcs7->raw.len = buflen; - end = p + buflen; - - ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); - goto out; - } - - if ((size_t) (end - p) != len) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - goto out; - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { - if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - goto out; - } - p = pkcs7->raw.p; - len = buflen; - goto try_data; - } - - if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_DATA, p, len)) { - /* OID is not MBEDTLS_OID_PKCS7_SIGNED_DATA, which is the only supported feature */ - if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, p, len) - || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DIGESTED_DATA, p, len)) { - /* OID is valid according to the spec, but unsupported */ - ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } else { - /* OID is invalid according to the spec */ - ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - goto out; - } - - p += len; - - ret = pkcs7_get_next_content_len(&p, end, &len); - if (ret != 0) { - goto out; - } - - /* ensure no extra/missing data */ - if (p + len != end) { - ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - goto out; - } - -try_data: - ret = pkcs7_get_signed_data(p, len, &pkcs7->signed_data); - if (ret != 0) { - goto out; - } - - ret = MBEDTLS_PKCS7_SIGNED_DATA; - -out: - if (ret < 0) { - mbedtls_pkcs7_free(pkcs7); - } - - return ret; -} - -static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *data, - size_t datalen, - const int is_data_hash) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *hash; - mbedtls_pk_context pk_cxt = cert->pk; - const mbedtls_md_info_t *md_info; - mbedtls_md_type_t md_alg; - mbedtls_pkcs7_signer_info *signer; - - if (pkcs7->signed_data.no_of_signers == 0) { - return MBEDTLS_ERR_PKCS7_INVALID_CERT; - } - - if (mbedtls_x509_time_is_past(&cert->valid_to) || - mbedtls_x509_time_is_future(&cert->valid_from)) { - return MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID; - } - - ret = mbedtls_x509_oid_get_md_alg(&pkcs7->signed_data.digest_alg_identifiers, &md_alg); - if (ret != 0) { - return ret; - } - - md_info = mbedtls_md_info_from_type(md_alg); - if (md_info == NULL) { - return MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - } - - hash = mbedtls_calloc(mbedtls_md_get_size(md_info), 1); - if (hash == NULL) { - return MBEDTLS_ERR_PKCS7_ALLOC_FAILED; - } - - /* BEGIN must free hash before jumping out */ - if (is_data_hash) { - if (datalen != mbedtls_md_get_size(md_info)) { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - } else { - memcpy(hash, data, datalen); - } - } else { - ret = mbedtls_md(md_info, data, datalen, hash); - } - if (ret != 0) { - mbedtls_free(hash); - return MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - } - - /* assume failure */ - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - - /* - * Potential TODOs - * Currently we iterate over all signers and return success if any of them - * verify. - * - * However, we could make this better by checking against the certificate's - * identification and SignerIdentifier fields first. That would also allow - * us to distinguish between 'no signature for key' and 'signature for key - * failed to validate'. - */ - for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify_ext(cert->sig_pk, &pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len); - - if (ret == 0) { - break; - } - } - - mbedtls_free(hash); - /* END must free hash before jumping out */ - return ret; -} - -int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *data, - size_t datalen) -{ - if (data == NULL) { - return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, data, datalen, 0); -} - -int mbedtls_pkcs7_signed_hash_verify(mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *hash, - size_t hashlen) -{ - if (hash == NULL) { - return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - } - return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, hash, hashlen, 1); -} - -/* - * Unallocate all pkcs7 data - */ -void mbedtls_pkcs7_free(mbedtls_pkcs7 *pkcs7) -{ - mbedtls_pkcs7_signer_info *signer_cur; - mbedtls_pkcs7_signer_info *signer_prev; - - if (pkcs7 == NULL || pkcs7->raw.p == NULL) { - return; - } - - mbedtls_free(pkcs7->raw.p); - - mbedtls_x509_crt_free(&pkcs7->signed_data.certs); - mbedtls_x509_crl_free(&pkcs7->signed_data.crl); - - signer_cur = pkcs7->signed_data.signers.next; - pkcs7_free_signer_info(&pkcs7->signed_data.signers); - while (signer_cur != NULL) { - signer_prev = signer_cur; - signer_cur = signer_prev->next; - pkcs7_free_signer_info(signer_prev); - mbedtls_free(signer_prev); - } - - pkcs7->raw.p = NULL; -} - -#endif diff --git a/library/ssl_cache.c b/library/ssl_cache.c deleted file mode 100644 index 28d0cfbb7d..0000000000 --- a/library/ssl_cache.c +++ /dev/null @@ -1,409 +0,0 @@ -/* - * SSL session cache implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * These session callbacks use a simple chained list - * to store and retrieve the session information. - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CACHE_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_cache.h" -#include "mbedtls/error.h" - -#include - -void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache) -{ - memset(cache, 0, sizeof(mbedtls_ssl_cache_context)); - - cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT; - cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES; - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init(&cache->mutex); -#endif -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_cache_entry **dst) -{ - int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND; -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time(NULL); -#endif - mbedtls_ssl_cache_entry *cur; - - for (cur = cache->chain; cur != NULL; cur = cur->next) { -#if defined(MBEDTLS_HAVE_TIME) - if (cache->timeout != 0 && - (int) (t - cur->timestamp) > cache->timeout) { - continue; - } -#endif - - if (session_id_len != cur->session_id_len || - memcmp(session_id, cur->session_id, - cur->session_id_len) != 0) { - continue; - } - - break; - } - - if (cur != NULL) { - *dst = cur; - ret = 0; - } - - return ret; -} - - -int mbedtls_ssl_cache_get(void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; - mbedtls_ssl_cache_entry *entry; - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) { - return ret; - } -#endif - - ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_ssl_session_load(session, - entry->session, - entry->session_len); - if (ret != 0) { - goto exit; - } - - ret = 0; - -exit: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&cache->mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -/* zeroize a cache entry */ -static void ssl_cache_entry_zeroize(mbedtls_ssl_cache_entry *entry) -{ - if (entry == NULL) { - return; - } - - /* zeroize and free session structure */ - if (entry->session != NULL) { - mbedtls_zeroize_and_free(entry->session, entry->session_len); - } - - /* zeroize the whole entry structure */ - mbedtls_platform_zeroize(entry, sizeof(mbedtls_ssl_cache_entry)); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_cache_entry **dst) -{ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time(NULL), oldest = 0; -#endif /* MBEDTLS_HAVE_TIME */ - - mbedtls_ssl_cache_entry *old = NULL; - int count = 0; - mbedtls_ssl_cache_entry *cur, *last; - - /* Check 1: Is there already an entry with the given session ID? - * - * If yes, overwrite it. - * - * If not, `count` will hold the size of the session cache - * at the end of this loop, and `last` will point to the last - * entry, both of which will be used later. */ - - last = NULL; - for (cur = cache->chain; cur != NULL; cur = cur->next) { - count++; - if (session_id_len == cur->session_id_len && - memcmp(session_id, cur->session_id, cur->session_id_len) == 0) { - goto found; - } - last = cur; - } - - /* Check 2: Is there an outdated entry in the cache? - * - * If so, overwrite it. - * - * If not, remember the oldest entry in `old` for later. - */ - -#if defined(MBEDTLS_HAVE_TIME) - for (cur = cache->chain; cur != NULL; cur = cur->next) { - if (cache->timeout != 0 && - (int) (t - cur->timestamp) > cache->timeout) { - goto found; - } - - if (oldest == 0 || cur->timestamp < oldest) { - oldest = cur->timestamp; - old = cur; - } - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* Check 3: Is there free space in the cache? */ - - if (count < cache->max_entries) { - /* Create new entry */ - cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry)); - if (cur == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - /* Append to the end of the linked list. */ - if (last == NULL) { - cache->chain = cur; - } else { - last->next = cur; - } - - goto found; - } - - /* Last resort: The cache is full and doesn't contain any outdated - * elements. In this case, we evict the oldest one, judged by timestamp - * (if present) or cache-order. */ - -#if defined(MBEDTLS_HAVE_TIME) - if (old == NULL) { - /* This should only happen on an ill-configured cache - * with max_entries == 0. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#else /* MBEDTLS_HAVE_TIME */ - /* Reuse first entry in chain, but move to last place. */ - if (cache->chain == NULL) { - /* This should never happen */ - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - - old = cache->chain; - cache->chain = old->next; - old->next = NULL; - last->next = old; -#endif /* MBEDTLS_HAVE_TIME */ - - /* Now `old` points to the oldest entry to be overwritten. */ - cur = old; - -found: - - /* If we're reusing an entry, free it first. */ - if (cur->session != NULL) { - /* `ssl_cache_entry_zeroize` would break the chain, - * so we reuse `old` to record `next` temporarily. */ - old = cur->next; - ssl_cache_entry_zeroize(cur); - cur->next = old; - } - -#if defined(MBEDTLS_HAVE_TIME) - cur->timestamp = t; -#endif - - *dst = cur; - return 0; -} - -int mbedtls_ssl_cache_set(void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; - mbedtls_ssl_cache_entry *cur; - - size_t session_serialized_len = 0; - unsigned char *session_serialized = NULL; - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) { - return ret; - } -#endif - - ret = ssl_cache_pick_writing_slot(cache, - session_id, session_id_len, - &cur); - if (ret != 0) { - goto exit; - } - - /* Check how much space we need to serialize the session - * and allocate a sufficiently large buffer. */ - ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - goto exit; - } - - session_serialized = mbedtls_calloc(1, session_serialized_len); - if (session_serialized == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - - /* Now serialize the session into the allocated buffer. */ - ret = mbedtls_ssl_session_save(session, - session_serialized, - session_serialized_len, - &session_serialized_len); - if (ret != 0) { - goto exit; - } - - if (session_id_len > sizeof(cur->session_id)) { - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - goto exit; - } - cur->session_id_len = session_id_len; - memcpy(cur->session_id, session_id, session_id_len); - - cur->session = session_serialized; - cur->session_len = session_serialized_len; - session_serialized = NULL; - - ret = 0; - -exit: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&cache->mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - if (session_serialized != NULL) { - mbedtls_zeroize_and_free(session_serialized, session_serialized_len); - session_serialized = NULL; - } - - return ret; -} - -int mbedtls_ssl_cache_remove(void *data, - unsigned char const *session_id, - size_t session_id_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; - mbedtls_ssl_cache_entry *entry; - mbedtls_ssl_cache_entry *prev; - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) { - return ret; - } -#endif - - ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry); - /* No valid entry found, exit with success */ - if (ret != 0) { - ret = 0; - goto exit; - } - - /* Now we remove the entry from the chain */ - if (entry == cache->chain) { - cache->chain = entry->next; - goto free; - } - for (prev = cache->chain; prev->next != NULL; prev = prev->next) { - if (prev->next == entry) { - prev->next = entry->next; - break; - } - } - -free: - ssl_cache_entry_zeroize(entry); - mbedtls_free(entry); - ret = 0; - -exit: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&cache->mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -#if defined(MBEDTLS_HAVE_TIME) -void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout) -{ - if (timeout < 0) { - timeout = 0; - } - - cache->timeout = timeout; -} -#endif /* MBEDTLS_HAVE_TIME */ - -void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max) -{ - if (max < 0) { - max = 0; - } - - cache->max_entries = max; -} - -void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache) -{ - mbedtls_ssl_cache_entry *cur, *prv; - - cur = cache->chain; - - while (cur != NULL) { - prv = cur; - cur = cur->next; - - ssl_cache_entry_zeroize(prv); - mbedtls_free(prv); - } - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free(&cache->mutex); -#endif - cache->chain = NULL; -} - -#endif /* MBEDTLS_SSL_CACHE_C */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c deleted file mode 100644 index 2809a1424a..0000000000 --- a/library/ssl_ciphersuites.c +++ /dev/null @@ -1,996 +0,0 @@ -/** - * \file ssl_ciphersuites.c - * - * \brief SSL ciphersuites for Mbed TLS - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/ssl.h" -#include "ssl_misc.h" -#include "mbedtls/psa_util.h" - -#include - -/* - * Ordered from most preferred to least preferred in terms of security. - * - * Current rule (except weak and null which come last): - * 1. By key exchange: - * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK - * 2. By key length and cipher: - * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 - * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 - * 4. By hash function used when relevant - * 5. By key exchange/auth again: EC > non-EC - */ -static const int ciphersuite_preference[] = -{ -#if defined(MBEDTLS_SSL_CIPHERSUITES) - MBEDTLS_SSL_CIPHERSUITES, -#else -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* TLS 1.3 ciphersuites */ - MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS1_3_AES_256_GCM_SHA384, - MBEDTLS_TLS1_3_AES_128_GCM_SHA256, - MBEDTLS_TLS1_3_AES_128_CCM_SHA256, - MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* Chacha-Poly ephemeral suites */ - MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - - /* All AES-256 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, - - /* All CAMELLIA-256 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - - /* All ARIA-256 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - - /* All AES-128 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, - - /* All CAMELLIA-128 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - - /* All ARIA-128 ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - - /* The PSK ephemeral suites */ - MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - - /* The ECJPAKE suite */ - MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, - - /* The PSK suites */ - MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_PSK_WITH_AES_256_CCM, - MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, - MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, - - MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_128_CCM, - MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, - MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, - - /* NULL suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, - MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - - MBEDTLS_TLS_PSK_WITH_NULL_SHA384, - MBEDTLS_TLS_PSK_WITH_NULL_SHA256, - MBEDTLS_TLS_PSK_WITH_NULL_SHA, - -#endif /* MBEDTLS_SSL_CIPHERSUITES */ - 0 -}; - -static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = -{ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#endif /* PSA_WANT_ALG_GCM */ -#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, - { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, - "TLS1-3-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ - 0, - MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && - PSA_WANT_ALG_SHA_256 && - MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ - -#if defined(PSA_WANT_KEY_TYPE_ARIA) - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - -#endif /* PSA_WANT_KEY_TYPE_ARIA */ - - - { 0, "", - MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, - 0, 0, 0 } -}; - -#if defined(MBEDTLS_SSL_CIPHERSUITES) -const int *mbedtls_ssl_list_ciphersuites(void) -{ - return ciphersuite_preference; -} -#else -#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ - sizeof(ciphersuite_definitions[0]) -static int supported_ciphersuites[MAX_CIPHERSUITES]; -static int supported_init = 0; - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) -{ - (void) cs_info; - - return 0; -} - -const int *mbedtls_ssl_list_ciphersuites(void) -{ - /* - * On initial call filter out all ciphersuites not supported by current - * build based on presence in the ciphersuite_definitions. - */ - if (supported_init == 0) { - const int *p; - int *q; - - for (p = ciphersuite_preference, q = supported_ciphersuites; - *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; - p++) { - const mbedtls_ssl_ciphersuite_t *cs_info; - if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && - !ciphersuite_is_removed(cs_info)) { - *(q++) = *p; - } - } - *q = 0; - - supported_init = 1; - } - - return supported_ciphersuites; -} -#endif /* MBEDTLS_SSL_CIPHERSUITES */ - -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( - const char *ciphersuite_name) -{ - const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - - if (NULL == ciphersuite_name) { - return NULL; - } - - while (cur->id != 0) { - if (0 == strcmp(cur->name, ciphersuite_name)) { - return cur; - } - - cur++; - } - - return NULL; -} - -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - - while (cur->id != 0) { - if (cur->id == ciphersuite) { - return cur; - } - - cur++; - } - - return NULL; -} - -const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) -{ - const mbedtls_ssl_ciphersuite_t *cur; - - cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - - if (cur == NULL) { - return "unknown"; - } - - return cur->name; -} - -int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) -{ - const mbedtls_ssl_ciphersuite_t *cur; - - cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); - - if (cur == NULL) { - return 0; - } - - return cur->id; -} - -size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t key_type; - psa_algorithm_t alg; - size_t key_bits; - - status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher, - info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, - &alg, &key_type, &key_bits); - - if (status != PSA_SUCCESS) { - return 0; - } - - return key_bits; -} - -#if defined(MBEDTLS_PK_C) -mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; - - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_SIGALG_ECDSA; - - default: - return MBEDTLS_PK_SIGALG_NONE; - } -} - -psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); - - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); - - default: - return PSA_ALG_NONE; - } -} - -psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_KEY_USAGE_SIGN_HASH; - - default: - return 0; - } -} - -mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; - - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_SIGALG_ECDSA; - - default: - return MBEDTLS_PK_SIGALG_NONE; - } -} - -#endif /* MBEDTLS_PK_C */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h deleted file mode 100644 index 9a9b42b998..0000000000 --- a/library/ssl_ciphersuites_internal.h +++ /dev/null @@ -1,111 +0,0 @@ -/** - * \file ssl_ciphersuites_internal.h - * - * \brief Internal part of the public "ssl_ciphersuites.h". - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H -#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#if defined(MBEDTLS_PK_C) -mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); -psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); -psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); -mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); -#endif /* MBEDTLS_PK_C */ - -int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); -int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} - -static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_server_signature( - const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - -#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */ diff --git a/library/ssl_client.c b/library/ssl_client.c deleted file mode 100644 index 6fe6dd8fe6..0000000000 --- a/library/ssl_client.c +++ /dev/null @@ -1,1015 +0,0 @@ -/* - * TLS 1.2 and 1.3 client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CLI_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#include - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" - -#include "ssl_client.h" -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t hostname_len; - - *olen = 0; - - if (ssl->hostname == NULL) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding server name extension: %s", - ssl->hostname)); - - hostname_len = strlen(ssl->hostname); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9); - - /* - * Sect. 3, RFC 6066 (TLS Extensions Definitions) - * - * In order to provide any of the server names, clients MAY include an - * extension of type "server_name" in the (extended) client hello. The - * "extension_data" field of this extension SHALL contain - * "ServerNameList" where: - * - * struct { - * NameType name_type; - * select (name_type) { - * case host_name: HostName; - * } name; - * } ServerName; - * - * enum { - * host_name(0), (255) - * } NameType; - * - * opaque HostName<1..2^16-1>; - * - * struct { - * ServerName server_name_list<1..2^16-1> - * } ServerNameList; - * - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SERVERNAME, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(hostname_len + 5, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(hostname_len + 3, p, 0); - p += 2; - - *p++ = MBEDTLS_BYTE_0(MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME); - - MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); - p += 2; - - memcpy(p, ssl->hostname, hostname_len); - - *olen = hostname_len + 9; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - return 0; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) -/* - * ssl_write_alpn_ext() - * - * Structure of the application_layer_protocol_negotiation extension in - * ClientHello: - * - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - - *out_len = 0; - - if (ssl->conf->alpn_list == NULL) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding alpn extension")); - - - /* Check we have enough space for the extension type (2 bytes), the - * extension length (2 bytes) and the protocol_name_list length (2 bytes). - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0); - /* Skip writing extension and list length for now */ - p += 6; - - /* - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - */ - for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) { - /* - * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of - * protocol names is less than 255. - */ - size_t protocol_name_len = strlen(*cur); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + protocol_name_len); - *p++ = (unsigned char) protocol_name_len; - memcpy(p, *cur, protocol_name_len); - p += protocol_name_len; - } - - *out_len = (size_t) (p - buf); - - /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - MBEDTLS_PUT_UINT16_BE(*out_len - 6, buf, 4); - - /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */ - MBEDTLS_PUT_UINT16_BE(*out_len - 4, buf, 2); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - return 0; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* - * Function for writing a supported groups (TLS 1.3) or supported elliptic - * curves (TLS 1.2) extension. - * - * The "extension_data" field of a supported groups extension contains a - * "NamedGroupList" value (TLS 1.3 RFC8446): - * enum { - * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), - * x25519(0x001D), x448(0x001E), - * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), - * ffdhe6144(0x0103), ffdhe8192(0x0104), - * ffdhe_private_use(0x01FC..0x01FF), - * ecdhe_private_use(0xFE00..0xFEFF), - * (0xFFFF) - * } NamedGroup; - * struct { - * NamedGroup named_group_list<2..2^16-1>; - * } NamedGroupList; - * - * The "extension_data" field of a supported elliptic curves extension contains - * a "NamedCurveList" value (TLS 1.2 RFC 8422): - * enum { - * deprecated(1..22), - * secp256r1 (23), secp384r1 (24), secp521r1 (25), - * x25519(29), x448(30), - * reserved (0xFE00..0xFEFF), - * deprecated(0xFF01..0xFF02), - * (0xFFFF) - * } NamedCurve; - * struct { - * NamedCurve named_curve_list<2..2^16-1> - * } NamedCurveList; - * - * The TLS 1.3 supported groups extension was defined to be a compatible - * generalization of the TLS 1.2 supported elliptic curves extension. They both - * share the same extension identifier. - * - */ -#define SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG 1 -#define SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG 2 - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - int flags, - size_t *out_len) -{ - unsigned char *p = buf; - unsigned char *named_group_list; /* Start of named_group_list */ - size_t named_group_list_len; /* Length of named_group_list */ - const uint16_t *group_list = ssl->conf->group_list; - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding supported_groups extension")); - - /* Check if we have space for header and length fields: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - named_group_list_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - - named_group_list = p; - - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *group_list != 0; group_list++) { - int propose_group = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("got supported group(%04x)", *group_list)); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG) { -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list) && - (mbedtls_ssl_get_ecp_group_id_from_tls_id(*group_list) != - MBEDTLS_ECP_DP_NONE)) { - propose_group = 1; - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) { - propose_group = 1; - } -#endif - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) - if ((flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG) && - mbedtls_ssl_tls12_named_group_is_ecdhe(*group_list) && - (mbedtls_ssl_get_ecp_group_id_from_tls_id(*group_list) != - MBEDTLS_ECP_DP_NONE)) { - propose_group = 1; - } -#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC */ - - if (propose_group) { - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(*group_list, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )", - mbedtls_ssl_named_group_to_str(*group_list), - *group_list)); - } - } - - /* Length of named_group_list */ - named_group_list_len = (size_t) (p - named_group_list); - if (named_group_list_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No group available.")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Write extension_type */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0); - /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE(named_group_list_len + 2, buf, 2); - /* Write length of named_group_list */ - MBEDTLS_PUT_UINT16_BE(named_group_list_len, buf, 4); - - MBEDTLS_SSL_DEBUG_BUF(3, "Supported groups extension", - buf + 4, named_group_list_len + 2); - - *out_len = (size_t) (p - buf); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC || - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_hello_cipher_suites( - mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - int *tls12_uses_ec, - size_t *out_len) -{ - unsigned char *p = buf; - const int *ciphersuite_list; - unsigned char *cipher_suites; /* Start of the cipher_suites list */ - size_t cipher_suites_len; - - *tls12_uses_ec = 0; - *out_len = 0; - - /* - * Ciphersuite list - * - * This is a list of the symmetric cipher options supported by - * the client, specifically the record protection algorithm - * ( including secret key length ) and a hash to be used with - * HKDF, in descending order of client preference. - */ - ciphersuite_list = ssl->conf->ciphersuite_list; - - /* Check there is space for the cipher suite list length (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p += 2; - - /* Write cipher_suites - * CipherSuite cipher_suites<2..2^16-2>; - */ - cipher_suites = p; - for (size_t i = 0; ciphersuite_list[i] != 0; i++) { - int cipher_suite = ciphersuite_list[i]; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite); - - if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, - ssl->handshake->min_tls_version, - ssl->tls_version) != 0) { - continue; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) - *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); -#endif - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, add ciphersuite: %04x, %s", - (unsigned int) cipher_suite, - ciphersuite_info->name)); - - /* Check there is space for the cipher suite identifier (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(cipher_suite, p, 0); - p += 2; - } - - /* - * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV - */ - int renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); -#endif - if (!renegotiating) { - MBEDTLS_SSL_DEBUG_MSG(3, ("adding EMPTY_RENEGOTIATION_INFO_SCSV")); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0); - p += 2; - } - - /* Write the cipher_suites length in number of bytes */ - cipher_suites_len = (size_t) (p - cipher_suites); - MBEDTLS_PUT_UINT16_BE(cipher_suites_len, buf, 0); - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", - cipher_suites_len/2)); - - /* Output the total length of cipher_suites field. */ - *out_len = (size_t) (p - buf); - - return 0; -} - -/* - * Structure of the TLS 1.3 ClientHello message: - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * Random random; - * opaque legacy_session_id<0..32>; - * CipherSuite cipher_suites<2..2^16-2>; - * opaque legacy_compression_methods<1..2^8-1>; - * Extension extensions<8..2^16-1>; - * } ClientHello; - * - * Structure of the (D)TLS 1.2 ClientHello message: - * - * struct { - * ProtocolVersion client_version; - * Random random; - * SessionID session_id; - * opaque cookie<0..2^8-1>; // DTLS 1.2 ONLY - * CipherSuite cipher_suites<2..2^16-2>; - * CompressionMethod compression_methods<1..2^8-1>; - * select (extensions_present) { - * case false: - * struct {}; - * case true: - * Extension extensions<0..2^16-1>; - * }; - * } ClientHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len, - size_t *binders_len) -{ - int ret; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - unsigned char *p = buf; - unsigned char *p_extensions_len; /* Pointer to extensions length */ - size_t output_len; /* Length of buffer used by function */ - size_t extensions_len; /* Length of the list of extensions*/ - int tls12_uses_ec = 0; - - *out_len = 0; - *binders_len = 0; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - unsigned char propose_tls12 = - (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) - && - (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version); -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - unsigned char propose_tls13 = - (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3) - && - (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version); -#endif - - /* - * Write client_version (TLS 1.2) or legacy_version (TLS 1.3) - * - * In all cases this is the TLS 1.2 version. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - mbedtls_ssl_write_version(p, ssl->conf->transport, - MBEDTLS_SSL_VERSION_TLS1_2); - p += 2; - - /* ... - * Random random; - * ... - * - * The random bytes have been prepared by ssl_prepare_client_hello() into - * the handshake->randbytes buffer and are copied here into the output - * buffer. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - memcpy(p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", - p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - - /* TLS 1.2: - * ... - * SessionID session_id; - * ... - * with - * opaque SessionID<0..32>; - * - * TLS 1.3: - * ... - * opaque legacy_session_id<0..32>; - * ... - * - * The (legacy) session identifier bytes have been prepared by - * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer - * and are copied here into the output buffer. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1); - *p++ = (unsigned char) ssl->session_negotiate->id_len; - memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); - p += ssl->session_negotiate->id_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - - /* DTLS 1.2 ONLY - * ... - * opaque cookie<0..2^8-1>; - * ... - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint8_t cookie_len = 0; -#else - uint16_t cookie_len = 0; -#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (handshake->cookie != NULL) { - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", - handshake->cookie, - handshake->cookie_len); - cookie_len = handshake->cookie_len; - } - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, cookie_len + 1); - *p++ = (unsigned char) cookie_len; - if (cookie_len > 0) { - memcpy(p, handshake->cookie, cookie_len); - p += cookie_len; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ - - /* Write cipher_suites */ - ret = ssl_write_client_hello_cipher_suites(ssl, p, end, - &tls12_uses_ec, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - - /* Write legacy_compression_methods (TLS 1.3) or - * compression_methods (TLS 1.2) - * - * For every TLS 1.3 ClientHello, this vector MUST contain exactly - * one byte set to zero, which corresponds to the 'null' compression - * method in prior versions of TLS. - * - * For TLS 1.2 ClientHello, for security reasons we do not support - * compression anymore, thus also just the 'null' compression method. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - *p++ = 1; - *p++ = MBEDTLS_SSL_COMPRESS_NULL; - - /* Write extensions */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* Keeping track of the included extensions */ - handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; -#endif - - /* First write extensions, then the total length */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /* Write server name extension */ - ret = ssl_write_hostname_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) - ret = ssl_write_alpn_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (propose_tls13) { - ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif - -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) || \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - { - int ssl_write_supported_groups_ext_flags = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - ssl_write_supported_groups_ext_flags |= - SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG; - } -#endif -#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) - if (propose_tls12 && tls12_uses_ec) { - ssl_write_supported_groups_ext_flags |= - SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_2_FLAG; - } -#endif - if (ssl_write_supported_groups_ext_flags != 0) { - ret = ssl_write_supported_groups_ext(ssl, p, end, - ssl_write_supported_groups_ext_flags, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } - } -#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC || - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - int write_sig_alg_ext = 0; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - write_sig_alg_ext = write_sig_alg_ext || - (propose_tls13 && mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl)); -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - write_sig_alg_ext = write_sig_alg_ext || propose_tls12; -#endif - - if (write_sig_alg_ext) { - ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (propose_tls12) { - ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end, - tls12_uses_ec, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* The "pre_shared_key" extension (RFC 8446 Section 4.2.11) - * MUST be the last extension in the ClientHello. - */ - if (propose_tls13 && mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { - ret = mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( - ssl, p, end, &output_len, binders_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - - /* Write the length of the list of extensions. */ - extensions_len = (size_t) (p - p_extensions_len) - 2; - - if (extensions_len == 0) { - p = p_extensions_len; - } else { - MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, total extension length: %" \ - MBEDTLS_PRINTF_SIZET, extensions_len)); - MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", - p_extensions_len, extensions_len); - } - - *out_len = (size_t) (p - buf); - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_generate_random(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *randbytes = ssl->handshake->randbytes; - size_t gmt_unix_time_len = 0; - - /* - * Generate the random bytes - * - * TLS 1.2 case: - * struct { - * uint32 gmt_unix_time; - * opaque random_bytes[28]; - * } Random; - * - * TLS 1.3 case: - * opaque Random[32]; - */ - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t gmt_unix_time = mbedtls_time(NULL); - MBEDTLS_PUT_UINT32_BE(gmt_unix_time, randbytes, 0); - gmt_unix_time_len = 4; - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) gmt_unix_time)); -#endif /* MBEDTLS_HAVE_TIME */ - } - - ret = psa_generate_random(randbytes + gmt_unix_time_len, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) -{ - int ret; - size_t session_id_len; - mbedtls_ssl_session *session_negotiate = ssl->session_negotiate; - - if (session_negotiate == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_HAVE_TIME) - - /* Check if a tls13 ticket has been configured. */ - if (ssl->handshake->resume != 0 && - session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - session_negotiate->ticket != NULL) { - mbedtls_ms_time_t now = mbedtls_ms_time(); - mbedtls_ms_time_t age = now - session_negotiate->ticket_reception_time; - if (age < 0 || - age > (mbedtls_ms_time_t) session_negotiate->ticket_lifetime * 1000) { - /* Without valid ticket, disable session resumption.*/ - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket expired, disable session resumption")); - ssl->handshake->resume = 0; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_HAVE_TIME */ - - /* Bet on the highest configured version if we are not in a TLS 1.2 - * renegotiation or session resumption. - */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - ssl->handshake->min_tls_version = ssl->tls_version; - } else -#endif - { - if (ssl->handshake->resume) { - ssl->tls_version = session_negotiate->tls_version; - ssl->handshake->min_tls_version = ssl->tls_version; - } else { - ssl->handshake->min_tls_version = ssl->conf->min_tls_version; - } - } - - /* - * Generate the random bytes, except when responding to a verify request - * where we MUST reuse the previously generated random bytes - * (RFC 6347 4.2.1). - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->handshake->cookie == NULL)) -#endif - { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (!ssl->handshake->hello_retry_request_flag) -#endif - { - ret = ssl_generate_random(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret); - return ret; - } - } - } - - /* - * Prepare session identifier. At that point, the length of the session - * identifier in the SSL context `ssl->session_negotiate->id_len` is equal - * to zero, except in the case of a TLS 1.2 session renegotiation or - * session resumption. - */ - session_id_len = session_negotiate->id_len; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - if (session_id_len < 16 || session_id_len > 32 || -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || -#endif - ssl->handshake->resume == 0) { - session_id_len = 0; - } - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - /* - * RFC 5077 section 3.4: "When presenting a ticket, the client MAY - * generate and include a Session ID in the TLS ClientHello." - */ - int renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - renegotiating = 1; - } -#endif - if (!renegotiating) { - if ((session_negotiate->ticket != NULL) && - (session_negotiate->ticket_len != 0)) { - session_id_len = 32; - } - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* - * Create a legacy session identifier for the purpose of middlebox - * compatibility only if one has not been created already, which is - * the case if we are here for the TLS 1.3 second ClientHello. - * - * Versions of TLS before TLS 1.3 supported a "session resumption" - * feature which has been merged with pre-shared keys in TLS 1.3 - * version. A client which has a cached session ID set by a pre-TLS 1.3 - * server SHOULD set this field to that value. In compatibility mode, - * this field MUST be non-empty, so a client not offering a pre-TLS 1.3 - * session MUST generate a new 32-byte value. This value need not be - * random but SHOULD be unpredictable to avoid implementations fixating - * on a specific value (also known as ossification). Otherwise, it MUST - * be set as a zero-length vector ( i.e., a zero-valued single byte - * length field ). - */ - session_id_len = 32; - } -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - if (session_id_len != session_negotiate->id_len) { - session_negotiate->id_len = session_id_len; - if (session_id_len > 0) { - - ret = psa_generate_random(session_negotiate->id, - session_id_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); - return ret; - } - } - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - ssl->handshake->resume) { - int hostname_mismatch = ssl->hostname != NULL || - session_negotiate->hostname != NULL; - if (ssl->hostname != NULL && session_negotiate->hostname != NULL) { - hostname_mismatch = strcmp( - ssl->hostname, session_negotiate->hostname) != 0; - } - - if (hostname_mismatch) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Hostname mismatch the session ticket, " - "disable session resumption.")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } else { - return mbedtls_ssl_session_set_hostname(session_negotiate, - ssl->hostname); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - return 0; -} -/* - * Write ClientHello handshake message. - * Handler for MBEDTLS_SSL_CLIENT_HELLO - */ -int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) -{ - int ret = 0; - unsigned char *buf; - size_t buf_len, msg_len, binders_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client hello")); - - MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf, - buf + buf_len, - &msg_len, - &binders_len)); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_msglen = msg_len + 4; - mbedtls_ssl_send_flight_completed(ssl); - - /* - * The two functions below may try to send data on the network and - * can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they - * fail to do so and the transmission has to be retried later. In that - * case as in fatal error cases, we return immediately. But we must have - * set the handshake state to the next state at that point to ensure - * that we will not write and send again a ClientHello when we - * eventually succeed in sending the pending data. - */ - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ - { - - ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, - MBEDTLS_SSL_HS_CLIENT_HELLO, - msg_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_add_hs_hdr_to_checksum", ret); - return ret; - } - ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (binders_len > 0) { - MBEDTLS_SSL_PROC_CHK( - mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( - ssl, buf + msg_len - binders_len, buf + msg_len)); - ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, - binders_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, - buf_len, - msg_len)); - - /* - * Set next state. Note that if TLS 1.3 is proposed, this may be - * overwritten by mbedtls_ssl_tls13_finalize_client_hello(). - */ - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && - MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version) { - ret = mbedtls_ssl_tls13_finalize_client_hello(ssl); - } -#endif - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions); -#endif - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello")); - return ret; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_PROTO_TLS1_2 */ -#endif /* MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_client.h b/library/ssl_client.h deleted file mode 100644 index 56e9bf8575..0000000000 --- a/library/ssl_client.h +++ /dev/null @@ -1,18 +0,0 @@ -/** - * TLS 1.2 and 1.3 client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_SSL_CLIENT_H -#define MBEDTLS_SSL_CLIENT_H - -#include "ssl_misc.h" - -#include - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl); - -#endif /* MBEDTLS_SSL_CLIENT_H */ diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c deleted file mode 100644 index 11811ee30f..0000000000 --- a/library/ssl_cookie.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - * DTLS cookie callbacks implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * These session callbacks use a simple chained list - * to store and retrieve the session information. - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_COOKIE_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/constant_time.h" - -#include - -#include "mbedtls/psa_util.h" -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -/* - * If DTLS is in use, then at least one of SHA-256 or SHA-384 is - * available. Try SHA-256 first as 384 wastes resources - */ -#if defined(PSA_WANT_ALG_SHA_256) -#define COOKIE_MD MBEDTLS_MD_SHA256 -#define COOKIE_MD_OUTLEN 32 -#define COOKIE_HMAC_LEN 28 -#elif defined(PSA_WANT_ALG_SHA_384) -#define COOKIE_MD MBEDTLS_MD_SHA384 -#define COOKIE_MD_OUTLEN 48 -#define COOKIE_HMAC_LEN 28 -#else -#error "DTLS hello verify needs SHA-256 or SHA-384" -#endif - -/* - * Cookies are formed of a 4-bytes timestamp (or serial number) and - * an HMAC of timestamp and client ID. - */ -#define COOKIE_LEN (4 + COOKIE_HMAC_LEN) - -void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx) -{ - ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT; -#if !defined(MBEDTLS_HAVE_TIME) - ctx->serial = 0; -#endif - ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT; - -} - -void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay) -{ - ctx->timeout = delay; -} - -void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) -{ - if (ctx == NULL) { - return; - } - - psa_destroy_key(ctx->psa_hmac_key); - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx)); -} - -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - - - alg = mbedtls_md_psa_alg_from_type(COOKIE_MD); - if (alg == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(alg), - COOKIE_HMAC_LEN); - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE | - PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, ctx->psa_hmac_alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(COOKIE_MD_OUTLEN)); - - if ((status = psa_generate_key(&attributes, - &ctx->psa_hmac_key)) != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - return 0; -} - - -/* - * Generate cookie for DTLS ClientHello verification - */ -int mbedtls_ssl_cookie_write(void *p_ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len) -{ - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t sign_mac_length = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; - unsigned long t; - - if (ctx == NULL || cli_id == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_LEN); - -#if defined(MBEDTLS_HAVE_TIME) - t = (unsigned long) mbedtls_time(NULL); -#else - t = ctx->serial++; -#endif - - MBEDTLS_PUT_UINT32_BE(t, *p, 0); - *p += 4; - - status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key, - ctx->psa_hmac_alg); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, *p - 4, 4); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, cli_id, cli_id_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN, - &sign_mac_length); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - *p += COOKIE_HMAC_LEN; - - ret = 0; - -exit: - status = psa_mac_abort(&operation); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - return ret; -} - -/* - * Check a cookie - */ -int mbedtls_ssl_cookie_check(void *p_ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len) -{ - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - int ret = 0; - mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; - unsigned long cur_time, cookie_time; - - if (ctx == NULL || cli_id == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (cookie_len != COOKIE_LEN) { - return -1; - } - - status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key, - ctx->psa_hmac_alg); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, cookie, 4); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_update(&operation, cli_id, - cli_id_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_verify_finish(&operation, cookie + 4, - COOKIE_HMAC_LEN); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - ret = 0; - -#if defined(MBEDTLS_HAVE_TIME) - cur_time = (unsigned long) mbedtls_time(NULL); -#else - cur_time = ctx->serial; -#endif - - cookie_time = (unsigned long) MBEDTLS_GET_UINT32_BE(cookie, 0); - - if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) { - ret = -1; - goto exit; - } - -exit: - status = psa_mac_abort(&operation); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - return ret; -} -#endif /* MBEDTLS_SSL_COOKIE_C */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h deleted file mode 100644 index 6f843404c7..0000000000 --- a/library/ssl_debug_helpers.h +++ /dev/null @@ -1,81 +0,0 @@ -/** - * \file ssl_debug_helpers.h - * - * \brief Automatically generated helper functions for debugging - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_SSL_DEBUG_HELPERS_H -#define MBEDTLS_SSL_DEBUG_HELPERS_H - -#include "ssl_misc.h" - -#if defined(MBEDTLS_DEBUG_C) - -#include "mbedtls/ssl.h" - -const char *mbedtls_ssl_states_str(mbedtls_ssl_states in); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -const char *mbedtls_ssl_early_data_status_str(mbedtls_ssl_early_data_status in); -const char *mbedtls_ssl_early_data_state_str(mbedtls_ssl_early_data_state in); -#endif - -const char *mbedtls_ssl_protocol_version_str(mbedtls_ssl_protocol_version in); - -const char *mbedtls_tls_prf_types_str(mbedtls_tls_prf_types in); - -const char *mbedtls_ssl_key_export_type_str(mbedtls_ssl_key_export_type in); - -const char *mbedtls_ssl_sig_alg_to_str(uint16_t in); - -const char *mbedtls_ssl_named_group_to_str(uint16_t in); - -const char *mbedtls_ssl_get_extension_name(unsigned int extension_type); - -void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, uint32_t extensions_mask, - const char *extra); - -void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, unsigned int extension_type, - const char *extra_msg0, const char *extra_msg1); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - unsigned int flags); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask) \ - mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__, \ - hs_msg_type, extensions_mask, NULL) - -#define MBEDTLS_SSL_PRINT_EXT(level, hs_msg_type, extension_type, extra) \ - mbedtls_ssl_print_extension(ssl, level, __FILE__, __LINE__, \ - hs_msg_type, extension_type, \ - extra, NULL) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define MBEDTLS_SSL_PRINT_TICKET_FLAGS(level, flags) \ - mbedtls_ssl_print_ticket_flags(ssl, level, __FILE__, __LINE__, flags) -#endif - -#else - -#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extension_mask) - -#define MBEDTLS_SSL_PRINT_EXT(level, hs_msg_type, extension_type, extra) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define MBEDTLS_SSL_PRINT_TICKET_FLAGS(level, flags) -#endif - -#endif /* MBEDTLS_DEBUG_C */ - -#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h deleted file mode 100644 index 083a5adc31..0000000000 --- a/library/ssl_misc.h +++ /dev/null @@ -1,2873 +0,0 @@ -/** - * \file ssl_misc.h - * - * \brief Internal functions shared by the SSL modules - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_SSL_MISC_H -#define MBEDTLS_SSL_MISC_H - -#include "tf_psa_crypto_common.h" -#include "mbedtls/build_info.h" - -#include "mbedtls/error.h" - -#include "mbedtls/ssl.h" -#include "mbedtls/debug.h" -#include "debug_internal.h" - -#include "mbedtls/private/cipher.h" - -#include "psa/crypto.h" -#include "psa_util_internal.h" -extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; - -#if defined(PSA_WANT_ALG_MD5) -#include "mbedtls/private/md5.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_1) -#include "mbedtls/private/sha1.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_256) -#include "mbedtls/private/sha256.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_512) -#include "mbedtls/private/sha512.h" -#endif - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include "ssl_ciphersuites_internal.h" -#include "x509_internal.h" -#include "pk_internal.h" - -/* Shorthand for restartable ECC */ -#if defined(MBEDTLS_ECP_RESTARTABLE) && \ - defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED -#endif - -/** Flag values for mbedtls_ssl_context::flags. */ -typedef enum { - /** Set if mbedtls_ssl_set_hostname() has been called. */ - MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1, -} mbedtls_ssl_context_flags_t; - -/** Flags from ::mbedtls_ssl_context_flags_t to keep in - * mbedtls_ssl_session_reset(). - * - * The flags that are in this list are kept until explicitly updated or - * until mbedtls_ssl_free(). The flags that are not listed here are - * reset to 0 in mbedtls_ssl_session_reset(). - */ -#define MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION \ - (MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) - -#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 -#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ -#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ -#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ - -/* Faked handshake message identity for HelloRetryRequest. */ -#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST (-MBEDTLS_SSL_HS_SERVER_HELLO) - -/* - * Internal identity of handshake extensions - */ -#define MBEDTLS_SSL_EXT_ID_UNRECOGNIZED 0 -#define MBEDTLS_SSL_EXT_ID_SERVERNAME 1 -#define MBEDTLS_SSL_EXT_ID_SERVERNAME_HOSTNAME 1 -#define MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH 2 -#define MBEDTLS_SSL_EXT_ID_STATUS_REQUEST 3 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS 4 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_ELLIPTIC_CURVES 4 -#define MBEDTLS_SSL_EXT_ID_SIG_ALG 5 -#define MBEDTLS_SSL_EXT_ID_USE_SRTP 6 -#define MBEDTLS_SSL_EXT_ID_HEARTBEAT 7 -#define MBEDTLS_SSL_EXT_ID_ALPN 8 -#define MBEDTLS_SSL_EXT_ID_SCT 9 -#define MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE 10 -#define MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE 11 -#define MBEDTLS_SSL_EXT_ID_PADDING 12 -#define MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY 13 -#define MBEDTLS_SSL_EXT_ID_EARLY_DATA 14 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS 15 -#define MBEDTLS_SSL_EXT_ID_COOKIE 16 -#define MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES 17 -#define MBEDTLS_SSL_EXT_ID_CERT_AUTH 18 -#define MBEDTLS_SSL_EXT_ID_OID_FILTERS 19 -#define MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH 20 -#define MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT 21 -#define MBEDTLS_SSL_EXT_ID_KEY_SHARE 22 -#define MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC 23 -#define MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS 24 -#define MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC 25 -#define MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET 26 -#define MBEDTLS_SSL_EXT_ID_SESSION_TICKET 27 -#define MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT 28 - -/* Utility for translating IANA extension type. */ -uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type); -uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); -/* Macros used to define mask constants */ -#define MBEDTLS_SSL_EXT_MASK(id) (1ULL << (MBEDTLS_SSL_EXT_ID_##id)) -/* Reset value of extension mask */ -#define MBEDTLS_SSL_EXT_MASK_NONE 0 - -/* In messages containing extension requests, we should ignore unrecognized - * extensions. In messages containing extension responses, unrecognized - * extensions should result in handshake abortion. Messages containing - * extension requests include ClientHello, CertificateRequest and - * NewSessionTicket. Messages containing extension responses include - * ServerHello, HelloRetryRequest, EncryptedExtensions and Certificate. - * - * RFC 8446 section 4.1.3 - * - * The ServerHello MUST only include extensions which are required to establish - * the cryptographic context and negotiate the protocol version. - * - * RFC 8446 section 4.2 - * - * If an implementation receives an extension which it recognizes and which is - * not specified for the message in which it appears, it MUST abort the handshake - * with an "illegal_parameter" alert. - */ - -/* Extensions that are not recognized by TLS 1.3 */ -#define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED \ - (MBEDTLS_SSL_EXT_MASK(SUPPORTED_POINT_FORMATS) | \ - MBEDTLS_SSL_EXT_MASK(ENCRYPT_THEN_MAC) | \ - MBEDTLS_SSL_EXT_MASK(EXTENDED_MASTER_SECRET) | \ - MBEDTLS_SSL_EXT_MASK(SESSION_TICKET) | \ - MBEDTLS_SSL_EXT_MASK(TRUNCATED_HMAC) | \ - MBEDTLS_SSL_EXT_MASK(UNRECOGNIZED)) - -/* RFC 8446 section 4.2. Allowed extensions for ClientHello */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH \ - (MBEDTLS_SSL_EXT_MASK(SERVERNAME) | \ - MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH) | \ - MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG) | \ - MBEDTLS_SSL_EXT_MASK(USE_SRTP) | \ - MBEDTLS_SSL_EXT_MASK(HEARTBEAT) | \ - MBEDTLS_SSL_EXT_MASK(ALPN) | \ - MBEDTLS_SSL_EXT_MASK(SCT) | \ - MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(PADDING) | \ - MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \ - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | \ - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES) | \ - MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \ - MBEDTLS_SSL_EXT_MASK(COOKIE) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS) | \ - MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \ - MBEDTLS_SSL_EXT_MASK(POST_HANDSHAKE_AUTH) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \ - MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED) - -/* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE \ - (MBEDTLS_SSL_EXT_MASK(SERVERNAME) | \ - MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | \ - MBEDTLS_SSL_EXT_MASK(USE_SRTP) | \ - MBEDTLS_SSL_EXT_MASK(HEARTBEAT) | \ - MBEDTLS_SSL_EXT_MASK(ALPN) | \ - MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE) | \ - MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \ - MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) - -/* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR \ - (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG) | \ - MBEDTLS_SSL_EXT_MASK(SCT) | \ - MBEDTLS_SSL_EXT_MASK(CERT_AUTH) | \ - MBEDTLS_SSL_EXT_MASK(OID_FILTERS) | \ - MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED) - -/* RFC 8446 section 4.2. Allowed extensions for Certificate */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT \ - (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST) | \ - MBEDTLS_SSL_EXT_MASK(SCT)) - -/* RFC 8446 section 4.2. Allowed extensions for ServerHello */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH \ - (MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \ - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS)) - -/* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR \ - (MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | \ - MBEDTLS_SSL_EXT_MASK(COOKIE) | \ - MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS)) - -/* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */ -#define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST \ - (MBEDTLS_SSL_EXT_MASK(EARLY_DATA) | \ - MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED) - -/* - * Helper macros for function call with return check. - */ -/* - * Exit when return non-zero value - */ -#define MBEDTLS_SSL_PROC_CHK(f) \ - do { \ - ret = (f); \ - if (ret != 0) \ - { \ - goto cleanup; \ - } \ - } while (0) -/* - * Exit when return negative value - */ -#define MBEDTLS_SSL_PROC_CHK_NEG(f) \ - do { \ - ret = (f); \ - if (ret < 0) \ - { \ - goto cleanup; \ - } \ - } while (0) - -/* - * DTLS retransmission states, see RFC 6347 4.2.4 - * - * The SENDING state is merged in PREPARING for initial sends, - * but is distinct for resends. - * - * Note: initial state is wrong for server, but is not used anyway. - */ -#define MBEDTLS_SSL_RETRANS_PREPARING 0 -#define MBEDTLS_SSL_RETRANS_SENDING 1 -#define MBEDTLS_SSL_RETRANS_WAITING 2 -#define MBEDTLS_SSL_RETRANS_FINISHED 3 - -/* - * Allow extra bytes for record, authentication and encryption overhead: - * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). - */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -/* This macro determines whether CBC is supported. */ -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - (defined(PSA_WANT_KEY_TYPE_AES) || \ - defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \ - defined(PSA_WANT_KEY_TYPE_ARIA)) -#define MBEDTLS_SSL_SOME_SUITES_USE_CBC -#endif - -/* This macro determines whether a ciphersuite using a - * stream cipher can be used. */ -#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) -#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM -#endif - -/* This macro determines whether the CBC construct used in TLS 1.2 is supported. */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC -#endif - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) -#define MBEDTLS_SSL_SOME_SUITES_USE_MAC -#endif - -/* This macro determines whether a ciphersuite uses Encrypt-then-MAC with CBC */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM -#endif - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -/* Ciphersuites using HMAC */ -#if defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ -#elif defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ -#else -#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ -#endif -#else /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ -/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ -#define MBEDTLS_SSL_MAC_ADD 16 -#endif - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#define MBEDTLS_SSL_PADDING_ADD 256 -#else -#define MBEDTLS_SSL_PADDING_ADD 0 -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY -#else -#define MBEDTLS_SSL_MAX_CID_EXPANSION 0 -#endif - -#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH + \ - MBEDTLS_SSL_MAC_ADD + \ - MBEDTLS_SSL_PADDING_ADD + \ - MBEDTLS_SSL_MAX_CID_EXPANSION \ - ) - -#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ - (MBEDTLS_SSL_IN_CONTENT_LEN)) - -#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ - (MBEDTLS_SSL_OUT_CONTENT_LEN)) - -/* The maximum number of buffered handshake messages. */ -#define MBEDTLS_SSL_MAX_BUFFERED_HS 4 - -/* Maximum length we can advertise as our max content length for - RFC 6066 max_fragment_length extension negotiation purposes - (the lesser of both sizes, if they are unequal.) - */ -#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \ - (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ - ? (MBEDTLS_SSL_OUT_CONTENT_LEN) \ - : (MBEDTLS_SSL_IN_CONTENT_LEN) \ - ) - -/* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ -#define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534 - -/* Minimum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ -#define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2 - -/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ -#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 - -#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20 - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(sig, hash) ((hash << 8) | sig) -#define MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg & 0xFF) -#define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8) -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Check that we obey the standard's message size bounds - */ - -#if MBEDTLS_SSL_IN_CONTENT_LEN > 16384 -#error "Bad configuration - incoming record content too large." -#endif - -#if MBEDTLS_SSL_OUT_CONTENT_LEN > 16384 -#error "Bad configuration - outgoing record content too large." -#endif - -#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_IN_CONTENT_LEN + 2048 -#error "Bad configuration - incoming protected record payload too large." -#endif - -#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN + 2048 -#error "Bad configuration - outgoing protected record payload too large." -#endif - -/* Calculate buffer sizes */ - -/* Note: Even though the TLS record header is only 5 bytes - long, we're internally using 8 bytes to store the - implicit sequence number. */ -#define MBEDTLS_SSL_HEADER_LEN 13 - -#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_IN_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN)) -#else -#define MBEDTLS_SSL_IN_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \ - + (MBEDTLS_SSL_CID_IN_LEN_MAX)) -#endif - -#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define MBEDTLS_SSL_OUT_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN)) -#else -#define MBEDTLS_SSL_OUT_BUFFER_LEN \ - ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN) \ - + (MBEDTLS_SSL_CID_OUT_LEN_MAX)) -#endif - -#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 -#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32 - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/** - * \brief Return the maximum fragment length (payload, in bytes) for - * the output buffer. For the client, this is the configured - * value. For the server, it is the minimum of two - the - * configured value and the negotiated one. - * - * \sa mbedtls_ssl_conf_max_frag_len() - * \sa mbedtls_ssl_get_max_out_record_payload() - * - * \param ssl SSL context - * - * \return Current maximum fragment length for the output buffer. - */ -size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl); - -/** - * \brief Return the maximum fragment length (payload, in bytes) for - * the input buffer. This is the negotiated maximum fragment - * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN. - * If it is not defined either, the value is 2^14. This function - * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). - * - * \sa mbedtls_ssl_conf_max_frag_len() - * \sa mbedtls_ssl_get_max_in_record_payload() - * - * \param ssl SSL context - * - * \return Current maximum fragment length for the output buffer. - */ -size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) -/** - * \brief Get the size limit in bytes for the protected outgoing records - * as defined in RFC 8449 - * - * \param ssl SSL context - * - * \return The size limit in bytes for the protected outgoing - * records as defined in RFC 8449. - */ -size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) -static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx) -{ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_output_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_OUT_LEN_MAX; -#else - return mbedtls_ssl_get_output_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; -#endif -} - -static inline size_t mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx) -{ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_input_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_IN_LEN_MAX; -#else - return mbedtls_ssl_get_input_max_frag_len(ctx) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; -#endif -} -#endif - -/* - * TLS extension flags (for extensions with outgoing ServerHello content - * that need it (e.g. for RENEGOTIATION_INFO the server already knows because - * of state of the renegotiation flag, so no indicator is required) - */ -#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) -#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) - -/** - * \brief This function checks if the remaining size in a buffer is - * greater or equal than a needed space. - * - * \param cur Pointer to the current position in the buffer. - * \param end Pointer to one past the end of the buffer. - * \param need Needed space in bytes. - * - * \return Zero if the needed space is available in the buffer, non-zero - * otherwise. - */ -#if !defined(MBEDTLS_TEST_HOOKS) -static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, - const uint8_t *end, size_t need) -{ - return (cur > end) || (need > (size_t) (end - cur)); -} -#else -typedef struct { - const uint8_t *cur; - const uint8_t *end; - size_t need; -} mbedtls_ssl_chk_buf_ptr_args; - -void mbedtls_ssl_set_chk_buf_ptr_fail_args( - const uint8_t *cur, const uint8_t *end, size_t need); -void mbedtls_ssl_reset_chk_buf_ptr_fail_args(void); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_cmp_chk_buf_ptr_fail_args(mbedtls_ssl_chk_buf_ptr_args *args); - -static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, - const uint8_t *end, size_t need) -{ - if ((cur > end) || (need > (size_t) (end - cur))) { - mbedtls_ssl_set_chk_buf_ptr_fail_args(cur, end, need); - return 1; - } - return 0; -} -#endif /* MBEDTLS_TEST_HOOKS */ - -/** - * \brief This macro checks if the remaining size in a buffer is - * greater or equal than a needed space. If it is not the case, - * it returns an SSL_BUFFER_TOO_SMALL error. - * - * \param cur Pointer to the current position in the buffer. - * \param end Pointer to one past the end of the buffer. - * \param need Needed space in bytes. - * - */ -#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need) \ - do { \ - if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ - { \ - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; \ - } \ - } while (0) - -/** - * \brief This macro checks if the remaining length in an input buffer is - * greater or equal than a needed length. If it is not the case, it - * returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a - * #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message. - * - * This is a function-like macro. It is guaranteed to evaluate each - * argument exactly once. - * - * \param cur Pointer to the current position in the buffer. - * \param end Pointer to one past the end of the buffer. - * \param need Needed length in bytes. - * - */ -#define MBEDTLS_SSL_CHK_BUF_READ_PTR(cur, end, need) \ - do { \ - if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \ - { \ - MBEDTLS_SSL_DEBUG_MSG(1, \ - ("missing input data in %s", __func__)); \ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ - MBEDTLS_ERR_SSL_DECODE_ERROR); \ - return MBEDTLS_ERR_SSL_DECODE_ERROR; \ - } \ - } while (0) - -#ifdef __cplusplus -extern "C" { -#endif - -typedef int mbedtls_ssl_tls_prf_cb(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -/* cipher.h exports the maximum IV, key and block length from - * all ciphers enabled in the config, regardless of whether those - * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled - * in the default configuration and uses 64 Byte keys, but it is - * not used for record protection in SSL/TLS. - * - * In order to prevent unnecessary inflation of key structures, - * we introduce SSL-specific variants of the max-{key,block,IV} - * macros here which are meant to only take those ciphers into - * account which can be negotiated in SSL/TLS. - * - * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH - * in cipher.h are rough overapproximations of the real maxima, here - * we content ourselves with replicating those overapproximations - * for the maximum block and IV length, and excluding XTS from the - * computation of the maximum key length. */ -#define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16 -#define MBEDTLS_SSL_MAX_IV_LENGTH 16 -#define MBEDTLS_SSL_MAX_KEY_LENGTH 32 - -/** - * \brief The data structure holding the cryptographic material (key and IV) - * used for record protection in TLS 1.3. - */ -struct mbedtls_ssl_key_set { - /*! The key for client->server records. */ - unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH]; - /*! The key for server->client records. */ - unsigned char server_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH]; - /*! The IV for client->server records. */ - unsigned char client_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH]; - /*! The IV for server->client records. */ - unsigned char server_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH]; - - size_t key_len; /*!< The length of client_write_key and - * server_write_key, in Bytes. */ - size_t iv_len; /*!< The length of client_write_iv and - * server_write_iv, in Bytes. */ -}; -typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; - -typedef struct { - unsigned char binder_key[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char client_early_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char early_exporter_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; -} mbedtls_ssl_tls13_early_secrets; - -typedef struct { - unsigned char client_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char server_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; -} mbedtls_ssl_tls13_handshake_secrets; - -/* - * This structure contains the parameters only needed during handshake. - */ -struct mbedtls_ssl_handshake_params { - /* Frequently-used boolean or byte fields (placed early to take - * advantage of smaller code size for indirect access on Arm Thumb) */ - uint8_t resume; /*!< session resume indicator*/ - uint8_t cli_exts; /*!< client extension presence*/ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - uint8_t sni_authmode; /*!< authmode from SNI callback */ -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - /* Flag indicating if a CertificateRequest message has been sent - * to the client or not. */ - uint8_t certificate_request_sent; -#if defined(MBEDTLS_SSL_EARLY_DATA) - /* Flag indicating if the server has accepted early data or not. */ - uint8_t early_data_accepted; -#endif -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - uint8_t new_session_ticket; /*!< use NewSessionTicket? */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) - /** Minimum TLS version to be negotiated. - * - * It is set up in the ClientHello writing preparation stage and used - * throughout the ClientHello writing. Not relevant anymore as soon as - * the protocol version has been negotiated thus as soon as the - * ServerHello is received. - * For a fresh handshake not linked to any previous handshake, it is - * equal to the configured minimum minor version to be negotiated. When - * renegotiating or resuming a session, it is equal to the previously - * negotiated minor version. - * - * There is no maximum TLS version field in this handshake context. - * From the start of the handshake, we need to define a current protocol - * version for the record layer which we define as the maximum TLS - * version to be negotiated. The `tls_version` field of the SSL context is - * used to store this maximum value until it contains the actual - * negotiated value. - */ - mbedtls_ssl_protocol_version min_tls_version; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - uint8_t extended_ms; /*!< use Extended Master Secret? */ -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - uint8_t async_in_progress; /*!< an asynchronous operation is in progress */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - unsigned char retransmit_state; /*!< Retransmission state */ -#endif - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - uint8_t ecrs_enabled; /*!< Handshake supports EC restart? */ - enum { /* this complements ssl->state with info on intra-state operations */ - ssl_ecrs_none = 0, /*!< nothing going on (yet) */ - ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */ - ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */ - ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */ - ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */ - } ecrs_state; /*!< current (or last) operation */ - mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */ - size_t ecrs_n; /*!< place for saving a length */ -#endif - - mbedtls_ssl_ciphersuite_t const *ciphersuite_info; - - MBEDTLS_CHECK_RETURN_CRITICAL - int (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); - MBEDTLS_CHECK_RETURN_CRITICAL - int (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *); - MBEDTLS_CHECK_RETURN_CRITICAL - int (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); - mbedtls_ssl_tls_prf_cb *tls_prf; - - /* - * Handshake specific crypto variables - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint8_t key_exchange_mode; /*!< Selected key exchange mode */ - - /** - * Flag indicating if, in the course of the current handshake, an - * HelloRetryRequest message has been sent by the server or received by - * the client (<> 0) or not (0). - */ - uint8_t hello_retry_request_flag; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /** - * Flag indicating if, in the course of the current handshake, a dummy - * change_cipher_spec (CCS) record has already been sent. Used to send only - * one CCS per handshake while not complicating the handshake state - * transitions for that purpose. - */ - uint8_t ccs_sent; -#endif - -#if defined(MBEDTLS_SSL_SRV_C) -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ -#endif - /** selected_group of key_share extension in HelloRetryRequest message. */ - uint16_t hrr_selected_group; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - uint16_t new_session_tickets_count; /*!< number of session tickets */ -#endif -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) - psa_key_type_t xxdh_psa_type; - size_t xxdh_psa_bits; - mbedtls_svc_key_id_t xxdh_psa_privkey; - uint8_t xxdh_psa_privkey_is_external; - unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - size_t xxdh_psa_peerkey_len; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - psa_pake_operation_t psa_pake_ctx; /*!< EC J-PAKE key exchange */ - mbedtls_svc_key_id_t psa_pake_password; - uint8_t psa_pake_ctx_is_ok; -#if defined(MBEDTLS_SSL_CLI_C) - unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ - size_t ecjpake_cache_len; /*!< Length of cached data */ -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */ -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */ - uint8_t psk_opaque_is_internal; - uint16_t selected_identity; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ - mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ - mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */ -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - struct { - size_t total_bytes_buffered; /*!< Cumulative size of heap allocated - * buffers used for message buffering. */ - - uint8_t seen_ccs; /*!< Indicates if a CCS message has - * been seen in the current flight. */ - - struct mbedtls_ssl_hs_buffer { - unsigned is_valid : 1; - unsigned is_fragmented : 1; - unsigned is_complete : 1; - unsigned char *data; - size_t data_len; - } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; - - struct { - unsigned char *data; - size_t len; - unsigned epoch; - } future_record; - - } buffering; - -#if defined(MBEDTLS_SSL_CLI_C) && \ - (defined(MBEDTLS_SSL_PROTO_DTLS) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_3)) - unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS - * HelloRetryRequest cookie for TLS 1.3 */ -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* RFC 6347 page 15 - ... - opaque cookie<0..2^8-1>; - ... - */ - uint8_t cookie_len; -#else - /* RFC 8446 page 39 - ... - opaque cookie<0..2^16-1>; - ... - If TLS1_3 is enabled, the max length is 2^16 - 1 - */ - uint16_t cookie_len; /*!< DTLS: HelloVerifyRequest cookie length - * TLS1_3: HelloRetryRequest cookie length */ -#endif -#endif /* MBEDTLS_SSL_CLI_C && - ( MBEDTLS_SSL_PROTO_DTLS || - MBEDTLS_SSL_PROTO_TLS1_3 ) */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_DTLS) - unsigned char cookie_verify_result; /*!< Srv: flag for sending a cookie */ -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ - unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ - - uint32_t retransmit_timeout; /*!< Current value of timeout */ - mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ - mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ - unsigned char *cur_msg_p; /*!< Position in current message */ - unsigned int in_flight_start_seq; /*!< Minimum message sequence in the - flight being received */ - mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for - resending messages */ - unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Alternative record epoch/counter - for resending messages */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* The state of CID configuration in this handshake. */ - - uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension - * has been negotiated. Possible values are - * #MBEDTLS_SSL_CID_ENABLED and - * #MBEDTLS_SSL_CID_DISABLED. */ - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; /*! The peer's CID */ - uint8_t peer_cid_len; /*!< The length of - * \c peer_cid. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * Checksum contexts - */ -#if defined(PSA_WANT_ALG_SHA_256) - psa_hash_operation_t fin_sha256_psa; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - psa_hash_operation_t fin_sha384_psa; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint16_t offered_group_id; /* The NamedGroup value for the group - * that is being used for ephemeral - * key exchange. - * - * On the client: Defaults to the first - * entry in the client's group list, - * but can be overwritten by the HRR. */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_CLI_C) - uint8_t client_auth; /*!< used to check if CertificateRequest has been - received from server side. If CertificateRequest - has been received, Certificate and CertificateVerify - should be sent to server */ -#endif /* MBEDTLS_SSL_CLI_C */ - /* - * State-local variables used during the processing - * of a specific handshake state. - */ - union { - /* Outgoing Finished message */ - struct { - uint8_t preparation_done; - - /* Buffer holding digest of the handshake up to - * but excluding the outgoing finished message. */ - unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t digest_len; - } finished_out; - - /* Incoming Finished message */ - struct { - uint8_t preparation_done; - - /* Buffer holding digest of the handshake up to but - * excluding the peer's incoming finished message. */ - unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t digest_len; - } finished_in; - - } state_local; - - /* End of state-local variables. */ - - unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN + - MBEDTLS_SERVER_HELLO_RANDOM_LEN]; - /*!< random bytes */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; - /*!< premaster secret */ - size_t pmslen; /*!< premaster length */ -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint32_t sent_extensions; /*!< extensions sent by endpoint */ - uint32_t received_extensions; /*!< extensions received by endpoint */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - unsigned char certificate_request_context_len; - unsigned char *certificate_request_context; -#endif - - /** TLS 1.3 transform for encrypted handshake messages. */ - mbedtls_ssl_transform *transform_handshake; - union { - unsigned char early[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char app[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - } tls13_master_secrets; - - mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; -#if defined(MBEDTLS_SSL_EARLY_DATA) - /** TLS 1.3 transform for early data and handshake messages. */ - mbedtls_ssl_transform *transform_earlydata; -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /** Asynchronous operation context. This field is meant for use by the - * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, - * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). - * The library does not use it internally. */ - void *user_async_ctx; -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const unsigned char *sni_name; /*!< raw SNI */ - size_t sni_name_len; /*!< raw SNI len */ -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - const mbedtls_x509_crt *dn_hints; /*!< acceptable client cert issuers */ -#endif -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -}; - -typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; - -/* - * Representation of decryption/encryption transformations on records - * - * There are the following general types of record transformations: - * - Stream transformations (TLS versions == 1.2 only) - * Transformation adding a MAC and applying a stream-cipher - * to the authenticated message. - * - CBC block cipher transformations ([D]TLS versions == 1.2 only) - * For TLS 1.2, no IV is generated at key extraction time, but every - * encrypted record is explicitly prefixed by the IV with which it was - * encrypted. - * - AEAD transformations ([D]TLS versions == 1.2 only) - * These come in two fundamentally different versions, the first one - * used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second - * one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3. - * In the first transformation, the IV to be used for a record is obtained - * as the concatenation of an explicit, static 4-byte IV and the 8-byte - * record sequence number, and explicitly prepending this sequence number - * to the encrypted record. In contrast, in the second transformation - * the IV is obtained by XOR'ing a static IV obtained at key extraction - * time with the 8-byte record sequence number, without prepending the - * latter to the encrypted record. - * - * Additionally, DTLS 1.2 + CID as well as TLS 1.3 use an inner plaintext - * which allows to add flexible length padding and to hide a record's true - * content type. - * - * In addition to type and version, the following parameters are relevant: - * - The symmetric cipher algorithm to be used. - * - The (static) encryption/decryption keys for the cipher. - * - For stream/CBC, the type of message digest to be used. - * - For stream/CBC, (static) encryption/decryption keys for the digest. - * - For AEAD transformations, the size (potentially 0) of an explicit, - * random initialization vector placed in encrypted records. - * - For some transformations (currently AEAD) an implicit IV. It is static - * and (if present) is combined with the explicit IV in a transformation- - * -dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3). - * - For stream/CBC, a flag determining the order of encryption and MAC. - * - The details of the transformation depend on the SSL/TLS version. - * - The length of the authentication tag. - * - * The struct below refines this abstract view as follows: - * - The cipher underlying the transformation is managed in - * cipher contexts cipher_ctx_{enc/dec}, which must have the - * same cipher type. The mode of these cipher contexts determines - * the type of the transformation in the sense above: e.g., if - * the type is MBEDTLS_CIPHER_AES_256_CBC resp. MBEDTLS_CIPHER_AES_192_GCM - * then the transformation has type CBC resp. AEAD. - * - The cipher keys are never stored explicitly but - * are maintained within cipher_ctx_{enc/dec}. - * - For stream/CBC transformations, the message digest contexts - * used for the MAC's are stored in md_ctx_{enc/dec}. These contexts - * are unused for AEAD transformations. - * - For stream/CBC transformations, the MAC keys are not stored explicitly - * but maintained within md_ctx_{enc/dec}. - * - The mac_enc and mac_dec fields are unused for EAD transformations. - * - For transformations using an implicit IV maintained within - * the transformation context, its contents are stored within - * iv_{enc/dec}. - * - The value of ivlen indicates the length of the IV. - * This is redundant in case of stream/CBC transformations - * which always use 0 resp. the cipher's block length as the - * IV length, but is needed for AEAD ciphers and may be - * different from the underlying cipher's block length - * in this case. - * - The field fixed_ivlen is nonzero for AEAD transformations only - * and indicates the length of the static part of the IV which is - * constant throughout the communication, and which is stored in - * the first fixed_ivlen bytes of the iv_{enc/dec} arrays. - * - tls_version denotes the 2-byte TLS version - * - For stream/CBC transformations, maclen denotes the length of the - * authentication tag, while taglen is unused and 0. - * - For AEAD transformations, taglen denotes the length of the - * authentication tag, while maclen is unused and 0. - * - For CBC transformations, encrypt_then_mac determines the - * order of encryption and authentication. This field is unused - * in other transformations. - * - */ -struct mbedtls_ssl_transform { - /* - * Session specific crypto layer - */ - size_t minlen; /*!< min. ciphertext length */ - size_t ivlen; /*!< IV length */ - size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ - size_t maclen; /*!< MAC(CBC) len */ - size_t taglen; /*!< TAG(AEAD) len */ - - unsigned char iv_enc[16]; /*!< IV (encryption) */ - unsigned char iv_dec[16]; /*!< IV (decryption) */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - - mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */ - mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */ - psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int encrypt_then_mac; /*!< flag for EtM activation */ -#endif - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - mbedtls_ssl_protocol_version tls_version; - - mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ - mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */ - psa_algorithm_t psa_alg; /*!< psa algorithm */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t in_cid_len; - uint8_t out_cid_len; - unsigned char in_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_KEEP_RANDBYTES) - /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info and for the keying material - * exporter in TLS 1.2. - * See ssl_tls12_populate_transform() */ - unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + - MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - /*!< ServerHello.random+ClientHello.random */ -#endif /* defined(MBEDTLS_SSL_KEEP_RANDBYTES) */ -}; - -/* - * Return 1 if the transform uses an AEAD cipher, 0 otherwise. - * Equivalently, return 0 if a separate MAC is used, 1 otherwise. - */ -static inline int mbedtls_ssl_transform_uses_aead( - const mbedtls_ssl_transform *transform) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - return transform->maclen == 0 && transform->taglen != 0; -#else - (void) transform; - return 1; -#endif -} - -/* - * Internal representation of record frames - * - * Instances come in two flavors: - * (1) Encrypted - * These always have data_offset = 0 - * (2) Unencrypted - * These have data_offset set to the amount of - * pre-expansion during record protection. Concretely, - * this is the length of the fixed part of the explicit IV - * used for encryption, or 0 if no explicit IV is used - * (e.g. for stream ciphers). - * - * The reason for the data_offset in the unencrypted case - * is to allow for in-place conversion of an unencrypted to - * an encrypted record. If the offset wasn't included, the - * encrypted content would need to be shifted afterwards to - * make space for the fixed IV. - * - */ -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX -#else -#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX -#endif - -typedef struct { - uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /* In TLS: The implicit record sequence number. - * In DTLS: The 2-byte epoch followed by - * the 6-byte sequence number. - * This is stored as a raw big endian byte array - * as opposed to a uint64_t because we rarely - * need to perform arithmetic on this, but do - * need it as a Byte array for the purpose of - * MAC computations. */ - uint8_t type; /* The record content type. */ - uint8_t ver[2]; /* SSL/TLS version as present on the wire. - * Convert to internal presentation of versions - * using mbedtls_ssl_read_version() and - * mbedtls_ssl_write_version(). - * Keep wire-format for MAC computations. */ - - unsigned char *buf; /* Memory buffer enclosing the record content */ - size_t buf_len; /* Buffer length */ - size_t data_offset; /* Offset of record content */ - size_t data_len; /* Length of record content */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t cid_len; /* Length of the CID (0 if not present) */ - unsigned char cid[MBEDTLS_SSL_CID_LEN_MAX]; /* The CID */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -} mbedtls_record; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/* - * List of certificate + private key pairs - */ -struct mbedtls_ssl_key_cert { - mbedtls_x509_crt *cert; /*!< cert */ - mbedtls_pk_context *key; /*!< private key */ - mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ -}; -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -/* - * List of handshake messages kept around for resending - */ -struct mbedtls_ssl_flight_item { - unsigned char *p; /*!< message, including handshake headers */ - size_t len; /*!< length of p */ - unsigned char type; /*!< type of the message: handshake or CCS */ - mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ -}; -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.2 specific extensions of the ClientHello message. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the extensions - * \param[in] end End address of the buffer where to write the extensions - * \param uses_ec Whether one proposed ciphersuite uses an elliptic curve - * (<> 0) or not ( 0 ). - * \param[out] out_len Length of the data written into the buffer \p buf - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - int uses_ec, - size_t *out_len); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -/** - * \brief Find the preferred hash for a given signature algorithm. - * - * \param[in] ssl SSL context - * \param[in] sig_alg A signature algorithm identifier as defined in the - * TLS 1.2 SignatureAlgorithm enumeration. - * - * \return The preferred hash algorithm for \p sig_alg. It is a hash algorithm - * identifier as defined in the TLS 1.2 HashAlgorithm enumeration. - */ -unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - mbedtls_ssl_context *ssl, - unsigned int sig_alg); - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && - MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -/** - * \brief Free referenced items in an SSL transform context and clear - * memory - * - * \param transform SSL transform context - */ -void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform); - -/** - * \brief Free referenced items in an SSL handshake context and clear - * memory - * - * \param ssl SSL context - */ -void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl); - -/* set inbound transform of ssl context */ -void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform); - -/* set outbound transform of ssl context */ -void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); -void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_DEBUG_C) -/* Declared in "ssl_debug_helpers.h". We can't include this file from - * "ssl_misc.h" because it includes "ssl_misc.h" because it needs some - * type definitions. TODO: split the type definitions and the helper - * functions into different headers. - */ -const char *mbedtls_ssl_states_str(mbedtls_ssl_states state); -#endif - -static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_states state) -{ - MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", - ssl->state, mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), - (int) state, mbedtls_ssl_states_str(state))); - ssl->state = (int) state; -} - -static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_set_state(ssl, (mbedtls_ssl_states) (ssl->state + 1)); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl); - -/** - * \brief Update record layer - * - * This function roughly separates the implementation - * of the logic of (D)TLS from the implementation - * of the secure transport. - * - * \param ssl The SSL context to use. - * \param update_hs_digest This indicates if the handshake digest - * should be automatically updated in case - * a handshake message is found. - * - * \return 0 or non-zero error code. - * - * \note A clarification on what is called 'record layer' here - * is in order, as many sensible definitions are possible: - * - * The record layer takes as input an untrusted underlying - * transport (stream or datagram) and transforms it into - * a serially multiplexed, secure transport, which - * conceptually provides the following: - * - * (1) Three datagram based, content-agnostic transports - * for handshake, alert and CCS messages. - * (2) One stream- or datagram-based transport - * for application data. - * (3) Functionality for changing the underlying transform - * securing the contents. - * - * The interface to this functionality is given as follows: - * - * a Updating - * [Currently implemented by mbedtls_ssl_read_record] - * - * Check if and on which of the four 'ports' data is pending: - * Nothing, a controlling datagram of type (1), or application - * data (2). In any case data is present, internal buffers - * provide access to the data for the user to process it. - * Consumption of type (1) datagrams is done automatically - * on the next update, invalidating that the internal buffers - * for previous datagrams, while consumption of application - * data (2) is user-controlled. - * - * b Reading of application data - * [Currently manual adaption of ssl->in_offt pointer] - * - * As mentioned in the last paragraph, consumption of data - * is different from the automatic consumption of control - * datagrams (1) because application data is treated as a stream. - * - * c Tracking availability of application data - * [Currently manually through decreasing ssl->in_msglen] - * - * For efficiency and to retain datagram semantics for - * application data in case of DTLS, the record layer - * provides functionality for checking how much application - * data is still available in the internal buffer. - * - * d Changing the transformation securing the communication. - * - * Given an opaque implementation of the record layer in the - * above sense, it should be possible to implement the logic - * of (D)TLS on top of it without the need to know anything - * about the record layer's internals. This is done e.g. - * in all the handshake handling functions, and in the - * application data reading function mbedtls_ssl_read. - * - * \note The above tries to give a conceptual picture of the - * record layer, but the current implementation deviates - * from it in some places. For example, our implementation of - * the update functionality through mbedtls_ssl_read_record - * discards datagrams depending on the current state, which - * wouldn't fall under the record layer's responsibility - * following the above definition. - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, - unsigned update_hs_digest); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want); - -/* - * Write handshake message header - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type, - unsigned char **buf, size_t *buf_len); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, - int update_checksum, - int force_flush); -/* - * Write handshake message tail - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl, - size_t buf_len, size_t msg_len); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl); - -void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info); - -/* - * Update checksum of handshake messages. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char const *msg, - size_t msg_len); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_SSL_CLI_C) || defined(MBEDTLS_SSL_SRV_C) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf); -#endif -/** - * Get the first defined opaque PSK by order of precedence: - * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK - * callback - * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque() - * Return an opaque PSK - */ -static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( - const mbedtls_ssl_context *ssl) -{ - if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - return ssl->handshake->psk_opaque; - } - - if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) { - return ssl->conf->psk_opaque; - } - - return MBEDTLS_SVC_KEY_ID_INIT; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_PK_C) -unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); -mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig); -#endif - -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); -unsigned char mbedtls_ssl_hash_from_md_alg(int md); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md); -#endif - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id); -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id); -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -/** - * \brief Return PSA EC info for the specified TLS ID. - * - * \param tls_id The TLS ID to look for - * \param type If the TLD ID is supported, then proper \c psa_key_type_t - * value is returned here. Can be NULL. - * \param bits If the TLD ID is supported, then proper bit size is returned - * here. Can be NULL. - * \return PSA_SUCCESS if the TLS ID is supported, - * PSA_ERROR_NOT_SUPPORTED otherwise - * - * \note If either \c family or \c bits parameters are NULL, then - * the corresponding value is not returned. - * The function can be called with both parameters as NULL - * simply to check if a specific TLS ID is supported. - */ -int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id, - psa_key_type_t *type, - size_t *bits); - -/** - * \brief Return \c mbedtls_ecp_group_id for the specified TLS ID. - * - * \param tls_id The TLS ID to look for - * \return Proper \c mbedtls_ecp_group_id if the TLS ID is supported, - * or MBEDTLS_ECP_DP_NONE otherwise - */ -mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id); - -/** - * \brief Return TLS ID for the specified \c mbedtls_ecp_group_id. - * - * \param grp_id The \c mbedtls_ecp_group_id ID to look for - * \return Proper TLS ID if the \c mbedtls_ecp_group_id is supported, - * or 0 otherwise - */ -uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id); - -#if defined(MBEDTLS_DEBUG_C) -/** - * \brief Return EC's name for the specified TLS ID. - * - * \param tls_id The TLS ID to look for - * \return A pointer to a const string with the proper name. If TLS - * ID is not supported, a NULL pointer is returned instead. - */ -const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id); -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value - (const uint16_t srtp_profile_value) -{ - switch (srtp_profile_value) { - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return srtp_profile_value; - default: break; - } - return MBEDTLS_TLS_SRTP_UNSET; -} -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_key_cert *key_cert; - - if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { - key_cert = ssl->handshake->key_cert; - } else { - key_cert = ssl->conf->key_cert; - } - - return key_cert == NULL ? NULL : key_cert->key; -} - -static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_key_cert *key_cert; - - if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) { - key_cert = ssl->handshake->key_cert; - } else { - key_cert = ssl->conf->key_cert; - } - - return key_cert == NULL ? NULL : key_cert->cert; -} - -/* - * Verify a certificate. - * - * [in/out] ssl: misc. things read - * ssl->session_negotiate->verify_result updated - * [in] authmode: one of MBEDTLS_SSL_VERIFY_{NONE,OPTIONAL,REQUIRED} - * [in] chain: the certificate chain to verify (ie the peer's chain) - * [in] ciphersuite_info: For TLS 1.2, this session's ciphersuite; - * for TLS 1.3, may be left NULL. - * [in] rs_ctx: restart context if restartable ECC is in use; - * leave NULL for no restartable behaviour. - * - * Return: - * - 0 if the handshake should continue. Depending on the - * authmode it means: - * - REQUIRED: the certificate was found to be valid, trusted & acceptable. - * ssl->session_negotiate->verify_result is 0. - * - OPTIONAL: the certificate may or may not be acceptable, but - * ssl->session_negotiate->verify_result was updated with the result. - * - NONE: the certificate wasn't even checked. - * - MBEDTLS_ERR_X509_CERT_VERIFY_FAILED or MBEDTLS_ERR_SSL_BAD_CERTIFICATE if - * the certificate was found to be invalid/untrusted/unacceptable and the - * handshake should be aborted (can only happen with REQUIRED). - * - another error code if another error happened (out-of-memory, etc.) - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info, - void *rs_ctx); - -/* - * Check usage of a certificate wrt usage extensions: - * keyUsage and extendedKeyUsage. - * (Note: nSCertType is deprecated and not standard, we don't check it.) - * - * Note: if tls_version is 1.3, ciphersuite is ignored and can be NULL. - * - * Note: recv_endpoint is the receiver's endpoint. - * - * Return 0 if everything is OK, -1 if not. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int recv_endpoint, - mbedtls_ssl_protocol_version tls_version, - uint32_t *flags); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -void mbedtls_ssl_write_version(unsigned char version[2], int transport, - mbedtls_ssl_protocol_version tls_version); -uint16_t mbedtls_ssl_read_version(const unsigned char version[2], - int transport); - -static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl) -{ -#if !defined(MBEDTLS_SSL_PROTO_DTLS) - ((void) ssl); -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 13; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - return 5; - } -} - -static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl) -{ - return (size_t) (ssl->out_iv - ssl->out_hdr); -} - -static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 12; - } -#else - ((void) ssl); -#endif - return 4; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl); -void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_resend(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl); -#endif - -/* Visible for testing purposes only */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl); -void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl); -#endif - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#ifdef __cplusplus -} -#endif - -void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec); - -/* Length of the "epoch" field in the record header */ -static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 2; - } -#else - ((void) ssl); -#endif - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); - -void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl); -void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl); -void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial); -void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, - int partial); - -/* - * Send pending alert - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl); - -/* - * Set pending fatal alert flag. - */ -void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl, - unsigned char alert_type, - int alert_reason); - -/* Alias of mbedtls_ssl_pend_fatal_alert */ -#define MBEDTLS_SSL_PEND_FATAL_ALERT(type, user_return_value) \ - mbedtls_ssl_pend_fatal_alert(ssl, type, user_return_value) - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl); -#endif - -void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl); -void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl); -void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/** - * ssl utils functions for checking configuration. - */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_conf_is_tls13_only(const mbedtls_ssl_config *conf) -{ - return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static inline int mbedtls_ssl_conf_is_tls12_only(const mbedtls_ssl_config *conf) -{ - return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -static inline int mbedtls_ssl_conf_is_tls13_enabled(const mbedtls_ssl_config *conf) -{ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && - conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3; -#else - ((void) conf); - return 0; -#endif -} - -static inline int mbedtls_ssl_conf_is_tls12_enabled(const mbedtls_ssl_config *conf) -{ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 && - conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2; -#else - ((void) conf); - return 0; -#endif -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13(const mbedtls_ssl_config *conf) -{ - return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ - MBEDTLS_SERVER_HELLO_RANDOM_LEN]; -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl); -void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl); - -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.3 specific extensions of the ClientHello message. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the extensions - * \param[in] end End address of the buffer where to write the extensions - * \param[out] out_len Length of the data written into the buffer \p buf - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len); - -/** - * \brief TLS 1.3 client side state machine entry - * - * \param ssl SSL context - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl); - -/** - * \brief TLS 1.3 server side state machine entry - * - * \param ssl SSL context - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl); - - -/* - * Helper functions around key exchange modes. - */ -static inline int mbedtls_ssl_conf_tls13_is_kex_mode_enabled(mbedtls_ssl_context *ssl, - int kex_mode_mask) -{ - return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0; -} - -static inline int mbedtls_ssl_conf_tls13_is_psk_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); -} - -static inline int mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); -} - -static inline int mbedtls_ssl_conf_tls13_is_ephemeral_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); -} - -static inline int mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); -} - -static inline int mbedtls_ssl_conf_tls13_is_some_psk_enabled(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_conf_tls13_is_kex_mode_enabled(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); -} - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/** - * Given a list of key exchange modes, check if at least one of them is - * supported by peer. - * - * \param[in] ssl SSL context - * \param kex_modes_mask Mask of the key exchange modes to check - * - * \return Non-zero if at least one of the key exchange modes is supported by - * the peer, otherwise \c 0. - */ -static inline int mbedtls_ssl_tls13_is_kex_mode_supported(mbedtls_ssl_context *ssl, - int kex_modes_mask) -{ - return (ssl->handshake->tls13_kex_modes & kex_modes_mask) != 0; -} - -static inline int mbedtls_ssl_tls13_is_psk_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK); -} - -static inline int mbedtls_ssl_tls13_is_psk_ephemeral_supported( - mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); -} - -static inline int mbedtls_ssl_tls13_is_ephemeral_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL); -} - -static inline int mbedtls_ssl_tls13_is_some_ephemeral_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); -} - -static inline int mbedtls_ssl_tls13_is_some_psk_supported(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_is_kex_mode_supported(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); -} -#endif /* MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -/* - * Helper functions for extensions checking. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_check_received_extension( - mbedtls_ssl_context *ssl, - int hs_msg_type, - unsigned int received_extension_type, - uint32_t hs_msg_allowed_extensions_mask); - -static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask( - mbedtls_ssl_context *ssl, unsigned int extension_type) -{ - ssl->handshake->sent_extensions |= - mbedtls_ssl_get_extension_mask(extension_type); -} - -/* - * Helper functions to check the selected key exchange mode. - */ -static inline int mbedtls_ssl_tls13_key_exchange_mode_check( - mbedtls_ssl_context *ssl, int kex_mask) -{ - return (ssl->handshake->key_exchange_mode & kex_mask) != 0; -} - -static inline int mbedtls_ssl_tls13_key_exchange_mode_with_psk( - mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_key_exchange_mode_check(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); -} - -static inline int mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( - mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_tls13_key_exchange_mode_check(ssl, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL); -} - -/* - * Fetch TLS 1.3 handshake message header - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buf_len); - -/** - * \brief Detect if a list of extensions contains a supported_versions - * extension or not. - * - * \param[in] ssl SSL context - * \param[in] buf Address of the first byte of the extensions vector. - * \param[in] end End of the buffer containing the list of extensions. - * \param[out] supported_versions_data If the extension is present, address of - * its first byte of data, NULL otherwise. - * \param[out] supported_versions_data_end If the extension is present, address - * of the first byte immediately - * following the extension data, NULL - * otherwise. - * \return 0 if the list of extensions does not contain a supported_versions - * extension. - * \return 1 if the list of extensions contains a supported_versions - * extension. - * \return A negative value if an error occurred while parsing the - * extensions. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - mbedtls_ssl_context *ssl, - const unsigned char *buf, const unsigned char *end, - const unsigned char **supported_versions_data, - const unsigned char **supported_versions_data_end); - -/* - * Handler of TLS 1.3 server certificate message - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * Handler of TLS 1.3 write Certificate message - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl); - -/* - * Handler of TLS 1.3 write Certificate Verify message - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl); - -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * Generic handler of Certificate Verify - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl); - -/* - * Write of dummy-CCS's for middlebox compatibility - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl); - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - mbedtls_ssl_context *ssl, - uint16_t named_group, - unsigned char *buf, - unsigned char *end, - size_t *out_len); -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, - int in_new_session_ticket, - unsigned char *buf, - const unsigned char *end, - size_t *out_len); - -int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, - size_t early_data_len); - -typedef enum { -/* - * The client has not sent the first ClientHello yet, the negotiation of early - * data has not started yet. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_IDLE, - -/* - * In its ClientHello, the client has not included an early data indication - * extension. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT, - -/* - * The client has sent an early data indication extension in its first - * ClientHello, it has not received the response (ServerHello or - * HelloRetryRequest) from the server yet. The transform to protect early data - * is not set either as for middlebox compatibility a dummy CCS may have to be - * sent in clear. Early data cannot be sent to the server yet. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT, - -/* - * The client has sent an early data indication extension in its first - * ClientHello, it has not received the response (ServerHello or - * HelloRetryRequest) from the server yet. The transform to protect early data - * has been set and early data can be written now. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, - -/* - * The client has indicated the use of early data and the server has accepted - * it. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED, - -/* - * The client has indicated the use of early data but the server has rejected - * it. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED, - -/* - * The client has sent an early data indication extension in its first - * ClientHello, the server has accepted them and the client has received the - * server Finished message. It cannot send early data to the server anymore. - */ - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED, - -} mbedtls_ssl_early_data_state; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* - * Write Signature Algorithm extension - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, - const unsigned char *end, size_t *out_len); -/* - * Parse TLS Signature Algorithm extension - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* Get handshake transcript */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, - const mbedtls_md_type_t md, - unsigned char *dst, - size_t dst_len, - size_t *olen); - -/* - * Helper functions for NamedGroup. - */ -static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group) -{ - /* - * RFC 8422 section 5.1.1 - */ - return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 || - /* Below deprecated curves should be removed with notice to users */ - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1; -} - -static inline int mbedtls_ssl_tls13_named_group_is_ecdhe(uint16_t named_group) -{ - return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448; -} - -static inline int mbedtls_ssl_tls13_named_group_is_ffdh(uint16_t named_group) -{ - return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 && - named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192; -} - -static inline int mbedtls_ssl_named_group_is_offered( - const mbedtls_ssl_context *ssl, uint16_t named_group) -{ - const uint16_t *group_list = ssl->conf->group_list; - - if (group_list == NULL) { - return 0; - } - - for (; *group_list != 0; group_list++) { - if (*group_list == named_group) { - return 1; - } - } - - return 0; -} - -static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) -{ -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) { - if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) != - MBEDTLS_ECP_DP_NONE) { - return 1; - } - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { - return 1; - } -#endif -#if !defined(PSA_WANT_ALG_ECDH) && !defined(PSA_WANT_ALG_FFDH) - (void) named_group; -#endif - return 0; -} - -/* - * Return supported signature algorithms. - */ -static inline const void *mbedtls_ssl_get_sig_algs( - const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - - return ssl->conf->sig_algs; - -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - ((void) ssl); - return NULL; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -static inline int mbedtls_ssl_sig_alg_is_received(const mbedtls_ssl_context *ssl, - uint16_t own_sig_alg) -{ - const uint16_t *sig_alg = ssl->handshake->received_sig_algs; - if (sig_alg == NULL) { - return 0; - } - - for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) { - if (*sig_alg == own_sig_alg) { - return 1; - } - } - return 0; -} - -static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( - const uint16_t sig_alg) -{ - switch (sig_alg) { -#if defined(PSA_HAVE_ALG_SOME_ECDSA) -#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - break; -#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ECC_SECP_R1_256 */ -#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - break; -#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ECC_SECP_R1_384 */ -#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - break; -#endif /* PSA_WANT_ALG_SHA_512 && PSA_WANT_ECC_SECP_R1_521 */ -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - -#if defined(PSA_WANT_ALG_RSA_PSS) -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - break; -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - break; -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - break; -#endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* PSA_WANT_ALG_RSA_PSS */ - default: - return 0; - } - return 1; - -} - -static inline int mbedtls_ssl_tls13_sig_alg_is_supported( - const uint16_t sig_alg) -{ - switch (sig_alg) { -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - break; -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - break; -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - break; -#endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ - default: - return mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( - sig_alg); - } - return 1; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg, - mbedtls_pk_context *key); -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, - uint16_t proposed_sig_alg) -{ - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl); - if (sig_alg == NULL) { - return 0; - } - - for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) { - if (*sig_alg == proposed_sig_alg) { - return 1; - } - } - return 0; -} - -static inline int mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( - uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg) -{ - *pk_type = mbedtls_ssl_pk_sig_alg_from_sig(sig_alg & 0xff); - *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff); - - if (*pk_type != MBEDTLS_PK_SIGALG_NONE && *md_alg != MBEDTLS_MD_NONE) { - return 0; - } - - switch (sig_alg) { -#if defined(PSA_WANT_ALG_RSA_PSS) -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; - break; -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; - break; -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; - break; -#endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* PSA_WANT_ALG_RSA_PSS */ - default: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static inline int mbedtls_ssl_tls12_sig_alg_is_supported( - const uint16_t sig_alg) -{ - /* High byte is hash */ - unsigned char hash = MBEDTLS_BYTE_1(sig_alg); - unsigned char sig = MBEDTLS_BYTE_0(sig_alg); - - switch (hash) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_SSL_HASH_MD5: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_SSL_HASH_SHA1: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_SSL_HASH_SHA224: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_HASH_SHA256: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_HASH_SHA384: - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_SSL_HASH_SHA512: - break; -#endif - - default: - return 0; - } - - switch (sig) { -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: - break; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - case MBEDTLS_SSL_SIG_ECDSA: - break; -#endif - - default: - return 0; - } - - return 1; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -static inline int mbedtls_ssl_sig_alg_is_supported( - const mbedtls_ssl_context *ssl, - const uint16_t sig_alg) -{ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - return mbedtls_ssl_tls12_sig_alg_is_supported(sig_alg); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - return mbedtls_ssl_tls13_sig_alg_is_supported(sig_alg); - } -#endif - ((void) ssl); - ((void) sig_alg); - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. - * Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is - * guaranteed to not be a valid PSA algorithm identifier. - */ -#define MBEDTLS_SSL_NULL_CIPHER 0x04000000 - -/** - * \brief Translate mbedtls cipher type/taglen pair to psa: - * algorithm, key type and key size. - * - * \param mbedtls_cipher_type [in] given mbedtls cipher type - * \param taglen [in] given tag length - * 0 - default tag length - * \param alg [out] corresponding PSA alg - * There is no corresponding PSA - * alg for MBEDTLS_CIPHER_NULL, so - * in this case MBEDTLS_SSL_NULL_CIPHER - * is returned via this parameter - * \param key_type [out] corresponding PSA key type - * \param key_size [out] corresponding PSA key size - * - * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if - * conversion is not supported. - */ -psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type, - size_t taglen, - psa_algorithm_t *alg, - psa_key_type_t *key_type, - size_t *key_size); - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - -typedef enum { - MBEDTLS_ECJPAKE_ROUND_ONE, - MBEDTLS_ECJPAKE_ROUND_TWO -} mbedtls_ecjpake_rounds_t; - -/** - * \brief Parse the provided input buffer for getting the first round - * of key exchange. This code is common between server and client - * - * \param pake_ctx [in] the PAKE's operation/context structure - * \param buf [in] input buffer to parse - * \param len [in] length of the input buffer - * \param round [in] either MBEDTLS_ECJPAKE_ROUND_ONE or - * MBEDTLS_ECJPAKE_ROUND_TWO - * - * \return 0 on success or a negative error code in case of failure - */ -int mbedtls_psa_ecjpake_read_round( - psa_pake_operation_t *pake_ctx, - const unsigned char *buf, - size_t len, mbedtls_ecjpake_rounds_t round); - -/** - * \brief Write the first round of key exchange into the provided output - * buffer. This code is common between server and client - * - * \param pake_ctx [in] the PAKE's operation/context structure - * \param buf [out] the output buffer in which data will be written to - * \param len [in] length of the output buffer - * \param olen [out] the length of the data really written on the buffer - * \param round [in] either MBEDTLS_ECJPAKE_ROUND_ONE or - * MBEDTLS_ECJPAKE_ROUND_TWO - * - * \return 0 on success or a negative error code in case of failure - */ -int mbedtls_psa_ecjpake_write_round( - psa_pake_operation_t *pake_ctx, - unsigned char *buf, - size_t len, size_t *olen, - mbedtls_ecjpake_rounds_t round); - -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -/** - * \brief TLS record protection modes - */ -typedef enum { - MBEDTLS_SSL_MODE_STREAM = 0, - MBEDTLS_SSL_MODE_CBC, - MBEDTLS_SSL_MODE_CBC_ETM, - MBEDTLS_SSL_MODE_AEAD -} mbedtls_ssl_mode_t; - -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( - const mbedtls_ssl_transform *transform); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( - int encrypt_then_mac, - const mbedtls_ssl_ciphersuite_t *suite); -#else -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( - const mbedtls_ssl_ciphersuite_t *suite); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t buf_len); - -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - -static inline int mbedtls_ssl_tls13_cipher_suite_is_offered( - mbedtls_ssl_context *ssl, int cipher_suite) -{ - const int *ciphersuite_list = ssl->conf->ciphersuite_list; - - /* Check whether we have offered this ciphersuite */ - for (size_t i = 0; ciphersuite_list[i] != 0; i++) { - if (ciphersuite_list[i] == cipher_suite) { - return 1; - } - } - return 0; -} - -/** - * \brief Validate cipher suite against config in SSL context. - * - * \param ssl SSL context - * \param suite_info Cipher suite to validate - * \param min_tls_version Minimal TLS version to accept a cipher suite - * \param max_tls_version Maximal TLS version to accept a cipher suite - * - * \return 0 if valid, negative value otherwise. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_validate_ciphersuite( - const mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *suite_info, - mbedtls_ssl_protocol_version min_tls_version, - mbedtls_ssl_protocol_version max_tls_version); - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) -#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH (2) -#define MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN (64) /* As defined in RFC 8449 */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len); -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); - - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len); -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_context *ssl, - const unsigned char *cli_id, size_t cli_id_len, - const unsigned char *in, size_t in_len, - unsigned char *obuf, size_t buf_len, size_t *olen); -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.3 specific Pre-Shared key extension. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the extension - * \param[in] end End address of the buffer where to write the extension - * \param[out] out_len Length in bytes of the Pre-Shared key extension: data - * written into the buffer \p buf by this function plus - * the length of the binders to be written. - * \param[out] binders_len Length of the binders to be written at the end of - * the extension. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, unsigned char *end, - size_t *out_len, size_t *binders_len); - -/** - * \brief Given an SSL context and its associated configuration, write the TLS - * 1.3 specific Pre-Shared key extension binders at the end of the - * ClientHello. - * - * \param[in] ssl SSL context - * \param[in] buf Base address of the buffer where to write the binders - * \param[in] end End address of the buffer where to write the binders - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, unsigned char *end); -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - defined(MBEDTLS_SSL_CLI_C) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, - const char *hostname); -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) && \ - defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session, - const char *alpn); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - -#define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800) - -static inline unsigned int mbedtls_ssl_tls13_session_get_ticket_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - return session->ticket_flags & - (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -} - -/** - * Check if at least one of the given flags is set in - * the session ticket. See the definition of - * `MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK` to get all - * permitted flags. - */ -static inline int mbedtls_ssl_tls13_session_ticket_has_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - return mbedtls_ssl_tls13_session_get_ticket_flags(session, flags) != 0; -} - -static inline int mbedtls_ssl_tls13_session_ticket_allow_psk( - mbedtls_ssl_session *session) -{ - return mbedtls_ssl_tls13_session_ticket_has_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); -} - -static inline int mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral( - mbedtls_ssl_session *session) -{ - return mbedtls_ssl_tls13_session_ticket_has_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); -} - -static inline unsigned int mbedtls_ssl_tls13_session_ticket_allow_early_data( - mbedtls_ssl_session *session) -{ - return mbedtls_ssl_tls13_session_ticket_has_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); -} - -static inline void mbedtls_ssl_tls13_session_set_ticket_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - session->ticket_flags |= (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -} - -static inline void mbedtls_ssl_tls13_session_clear_ticket_flags( - mbedtls_ssl_session *session, unsigned int flags) -{ - session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl); -#endif - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - -/** Compute the HMAC of variable-length data with constant flow. - * - * This function computes the HMAC of the concatenation of \p add_data and \p - * data, and does with a code flow and memory access pattern that does not - * depend on \p data_len_secret, but only on \p min_data_len and \p - * max_data_len. In particular, this function always reads exactly \p - * max_data_len bytes from \p data. - * - * \param key The HMAC key. - * \param mac_alg The hash algorithm. - * Must be one of SHA-384, SHA-256, SHA-1 or MD-5. - * \param add_data The first part of the message whose HMAC is being - * calculated. This must point to a readable buffer - * of \p add_data_len bytes. - * \param add_data_len The length of \p add_data in bytes. - * \param data The buffer containing the second part of the - * message. This must point to a readable buffer - * of \p max_data_len bytes. - * \param data_len_secret The length of the data to process in \p data. - * This must be no less than \p min_data_len and no - * greater than \p max_data_len. - * \param min_data_len The minimal length of the second part of the - * message, read from \p data. - * \param max_data_len The maximal length of the second part of the - * message, read from \p data. - * \param output The HMAC will be written here. This must point to - * a writable buffer of sufficient size to hold the - * HMAC value. - * - * \retval 0 on success. - * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED - * The hardware accelerator failed. - */ -int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, - psa_algorithm_t mac_alg, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output); -#endif /* MBEDTLS_TEST_HOOKS && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) */ - -#endif /* ssl_misc.h */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c deleted file mode 100644 index e1198fa627..0000000000 --- a/library/ssl_msg.c +++ /dev/null @@ -1,6168 +0,0 @@ -/* - * Generic SSL/TLS messaging layer functions - * (record layer + retransmission state machine) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * http://www.ietf.org/rfc/rfc2246.txt - * http://www.ietf.org/rfc/rfc4346.txt - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/version.h" -#include "constant_time_internal.h" -#include "mbedtls/constant_time.h" - -#include - -#include "psa_util_internal.h" -#include "psa/crypto.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" -#endif - -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - - -#if defined(PSA_WANT_ALG_SHA_384) -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384) -#elif defined(PSA_WANT_ALG_SHA_256) -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_256) -#else /* See check_config.h */ -#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_1) -#endif - -MBEDTLS_STATIC_TESTABLE -int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, - psa_algorithm_t mac_alg, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output) -{ - /* - * This function breaks the HMAC abstraction and uses psa_hash_clone() - * extension in order to get constant-flow behaviour. - * - * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means - * concatenation, and okey/ikey are the XOR of the key with some fixed bit - * patterns (see RFC 2104, sec. 2). - * - * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by - * hashing up to minlen, then cloning the context, and for each byte up - * to maxlen finishing up the hash computation, keeping only the - * correct result. - * - * Then we only need to compute HASH(okey + inner_hash) and we're done. - */ - psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(mac_alg); - const size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg); - unsigned char key_buf[MAX_HASH_BLOCK_LENGTH]; - const size_t hash_size = PSA_HASH_LENGTH(hash_alg); - psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; - size_t hash_length; - - unsigned char aux_out[PSA_HASH_MAX_SIZE]; - psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT; - size_t offset; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t mac_key_length; - size_t i; - -#define PSA_CHK(func_call) \ - do { \ - status = (func_call); \ - if (status != PSA_SUCCESS) \ - goto cleanup; \ - } while (0) - - /* Export MAC key - * We assume key length is always exactly the output size - * which is never more than the block size, thus we use block_size - * as the key buffer size. - */ - PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length)); - - /* Calculate ikey */ - for (i = 0; i < mac_key_length; i++) { - key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36); - } - for (; i < block_size; ++i) { - key_buf[i] = 0x36; - } - - PSA_CHK(psa_hash_setup(&operation, hash_alg)); - - /* Now compute inner_hash = HASH(ikey + msg) */ - PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); - PSA_CHK(psa_hash_update(&operation, add_data, add_data_len)); - PSA_CHK(psa_hash_update(&operation, data, min_data_len)); - - /* Fill the hash buffer in advance with something that is - * not a valid hash (barring an attack on the hash and - * deliberately-crafted input), in case the caller doesn't - * check the return status properly. */ - memset(output, '!', hash_size); - - /* For each possible length, compute the hash up to that point */ - for (offset = min_data_len; offset <= max_data_len; offset++) { - PSA_CHK(psa_hash_clone(&operation, &aux_operation)); - PSA_CHK(psa_hash_finish(&aux_operation, aux_out, - PSA_HASH_MAX_SIZE, &hash_length)); - /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret), - output, aux_out, NULL, hash_size); - - if (offset < max_data_len) { - PSA_CHK(psa_hash_update(&operation, data + offset, 1)); - } - } - - /* Abort current operation to prepare for final operation */ - PSA_CHK(psa_hash_abort(&operation)); - - /* Calculate okey */ - for (i = 0; i < mac_key_length; i++) { - key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C); - } - for (; i < block_size; ++i) { - key_buf[i] = 0x5C; - } - - /* Now compute HASH(okey + inner_hash) */ - PSA_CHK(psa_hash_setup(&operation, hash_alg)); - PSA_CHK(psa_hash_update(&operation, key_buf, block_size)); - PSA_CHK(psa_hash_update(&operation, output, hash_size)); - PSA_CHK(psa_hash_finish(&operation, output, hash_size, &hash_length)); - -#undef PSA_CHK - -cleanup: - mbedtls_platform_zeroize(key_buf, MAX_HASH_BLOCK_LENGTH); - mbedtls_platform_zeroize(aux_out, PSA_HASH_MAX_SIZE); - - psa_hash_abort(&operation); - psa_hash_abort(&aux_operation); - return PSA_TO_MBEDTLS_ERR(status); -} - -#undef MAX_HASH_BLOCK_LENGTH - - -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); - -/* - * Start a timer. - * Passing millisecs = 0 cancels a running timer. - */ -void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs) -{ - if (ssl->f_set_timer == NULL) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("set_timer to %d ms", (int) millisecs)); - ssl->f_set_timer(ssl->p_timer, millisecs / 4, millisecs); -} - -/* - * Return -1 is timer is expired, 0 if it isn't. - */ -int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl) -{ - if (ssl->f_get_timer == NULL) { - return 0; - } - - if (ssl->f_get_timer(ssl->p_timer) == 2) { - MBEDTLS_SSL_DEBUG_MSG(3, ("timer expired")); - return -1; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec); - -int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen) -{ - int ret = 0; - MBEDTLS_SSL_DEBUG_MSG(3, ("=> mbedtls_ssl_check_record")); - MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen); - - /* We don't support record checking in TLS because - * there doesn't seem to be a usecase for it. - */ - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - goto exit; - } -#if defined(MBEDTLS_SSL_PROTO_DTLS) - else { - mbedtls_record rec; - - ret = ssl_parse_record_header(ssl, buf, buflen, &rec); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(3, "ssl_parse_record_header", ret); - goto exit; - } - - if (ssl->transform_in != NULL) { - ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, &rec); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(3, "mbedtls_ssl_decrypt_buf", ret); - goto exit; - } - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -exit: - /* On success, we have decrypted the buffer in-place, so make - * sure we don't leak any plaintext data. */ - mbedtls_platform_zeroize(buf, buflen); - - /* For the purpose of this API, treat messages with unexpected CID - * as well as such from future epochs as unexpected. */ - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID || - ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { - ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("<= mbedtls_ssl_check_record")); - return ret; -} - -#define SSL_DONT_FORCE_FLUSH 0 -#define SSL_FORCE_FLUSH 1 - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -/* Forward declarations for functions related to message buffering. */ -static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, - uint8_t slot); -static void ssl_free_buffered_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, - mbedtls_record const *rec); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl); - -static size_t ssl_get_maximum_datagram_size(mbedtls_ssl_context const *ssl) -{ - size_t mtu = mbedtls_ssl_get_current_mtu(ssl); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len; -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - - if (mtu != 0 && mtu < out_buf_len) { - return mtu; - } - - return out_buf_len; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_remaining_space_in_datagram(mbedtls_ssl_context const *ssl) -{ - size_t const bytes_written = ssl->out_left; - size_t const mtu = ssl_get_maximum_datagram_size(ssl); - - /* Double-check that the write-index hasn't gone - * past what we can transmit in a single datagram. */ - if (bytes_written > mtu) { - /* Should never happen... */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return (int) (mtu - bytes_written); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_remaining_payload_in_datagram(mbedtls_ssl_context const *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t remaining, expansion; - size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - - if (max_len > mfl) { - max_len = mfl; - } - - /* By the standard (RFC 6066 Sect. 4), the MFL extension - * only limits the maximum record payload size, so in theory - * we would be allowed to pack multiple records of payload size - * MFL into a single datagram. However, this would mean that there's - * no way to explicitly communicate MTU restrictions to the peer. - * - * The following reduction of max_len makes sure that we never - * write datagrams larger than MFL + Record Expansion Overhead. - */ - if (max_len <= ssl->out_left) { - return 0; - } - - max_len -= ssl->out_left; -#endif - - ret = ssl_get_remaining_space_in_datagram(ssl); - if (ret < 0) { - return ret; - } - remaining = (size_t) ret; - - ret = mbedtls_ssl_get_record_expansion(ssl); - if (ret < 0) { - return ret; - } - expansion = (size_t) ret; - - if (remaining <= expansion) { - return 0; - } - - remaining -= expansion; - if (remaining >= max_len) { - remaining = max_len; - } - - return (int) remaining; -} - -/* - * Double the retransmit timeout value, within the allowed range, - * returning -1 if the maximum value has already been reached. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_double_retransmit_timeout(mbedtls_ssl_context *ssl) -{ - uint32_t new_timeout; - - if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) { - return -1; - } - - /* Implement the final paragraph of RFC 6347 section 4.1.1.1 - * in the following way: after the initial transmission and a first - * retransmission, back off to a temporary estimated MTU of 508 bytes. - * This value is guaranteed to be deliverable (if not guaranteed to be - * delivered) of any compliant IPv4 (and IPv6) network, and should work - * on most non-IP stacks too. */ - if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) { - ssl->handshake->mtu = 508; - MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu)); - } - - new_timeout = 2 * ssl->handshake->retransmit_timeout; - - /* Avoid arithmetic overflow and range overflow */ - if (new_timeout < ssl->handshake->retransmit_timeout || - new_timeout > ssl->conf->hs_timeout_max) { - new_timeout = ssl->conf->hs_timeout_max; - } - - ssl->handshake->retransmit_timeout = new_timeout; - MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout)); - - return 0; -} - -static void ssl_reset_retransmit_timeout(mbedtls_ssl_context *ssl) -{ - ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; - MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout)); -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/* - * Encryption/decryption functions - */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || defined(MBEDTLS_SSL_PROTO_TLS1_3) - -static size_t ssl_compute_padding_length(size_t len, - size_t granularity) -{ - return (granularity - (len + 1) % granularity) % granularity; -} - -/* This functions transforms a (D)TLS plaintext fragment and a record content - * type into an instance of the (D)TLSInnerPlaintext structure. This is used - * in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect - * a record's content type. - * - * struct { - * opaque content[DTLSPlaintext.length]; - * ContentType real_type; - * uint8 zeros[length_of_padding]; - * } (D)TLSInnerPlaintext; - * - * Input: - * - `content`: The beginning of the buffer holding the - * plaintext to be wrapped. - * - `*content_size`: The length of the plaintext in Bytes. - * - `max_len`: The number of Bytes available starting from - * `content`. This must be `>= *content_size`. - * - `rec_type`: The desired record content type. - * - * Output: - * - `content`: The beginning of the resulting (D)TLSInnerPlaintext structure. - * - `*content_size`: The length of the resulting (D)TLSInnerPlaintext structure. - * - * Returns: - * - `0` on success. - * - A negative error code if `max_len` didn't offer enough space - * for the expansion. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_build_inner_plaintext(unsigned char *content, - size_t *content_size, - size_t remaining, - uint8_t rec_type, - size_t pad) -{ - size_t len = *content_size; - - /* Write real content type */ - if (remaining == 0) { - return -1; - } - content[len] = rec_type; - len++; - remaining--; - - if (remaining < pad) { - return -1; - } - memset(content + len, 0, pad); - len += pad; - remaining -= pad; - - *content_size = len; - return 0; -} - -/* This function parses a (D)TLSInnerPlaintext structure. - * See ssl_build_inner_plaintext() for details. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_inner_plaintext(unsigned char const *content, - size_t *content_size, - uint8_t *rec_type) -{ - size_t remaining = *content_size; - - /* Determine length of padding by skipping zeroes from the back. */ - do { - if (remaining == 0) { - return -1; - } - remaining--; - } while (content[remaining] == 0); - - *content_size = remaining; - *rec_type = content[remaining]; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* The size of the `add_data` structure depends on various - * factors, namely - * - * 1) CID functionality disabled - * - * additional_data = - * 8: seq_num + - * 1: type + - * 2: version + - * 2: length of inner plaintext + - * - * size = 13 bytes - * - * 2) CID functionality based on RFC 9146 enabled - * - * size = 8 + 1 + 1 + 1 + 2 + 2 + 6 + 2 + CID-length - * = 23 + CID-length - * - * 3) CID functionality based on legacy CID version - according to draft-ietf-tls-dtls-connection-id-05 - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05 - * - * size = 13 + 1 + CID-length - * - * More information about the CID usage: - * - * Per Section 5.3 of draft-ietf-tls-dtls-connection-id-05 the - * size of the additional data structure is calculated as: - * - * additional_data = - * 8: seq_num + - * 1: tls12_cid + - * 2: DTLSCipherText.version + - * n: cid + - * 1: cid_length + - * 2: length_of_DTLSInnerPlaintext - * - * Per RFC 9146 the size of the add_data structure is calculated as: - * - * additional_data = - * 8: seq_num_placeholder + - * 1: tls12_cid + - * 1: cid_length + - * 1: tls12_cid + - * 2: DTLSCiphertext.version + - * 2: epoch + - * 6: sequence_number + - * n: cid + - * 2: length_of_DTLSInnerPlaintext - * - */ -static void ssl_extract_add_data_from_record(unsigned char *add_data, - size_t *add_data_len, - mbedtls_record *rec, - mbedtls_ssl_protocol_version - tls_version, - size_t taglen) -{ - /* Several types of ciphers have been defined for use with TLS and DTLS, - * and the MAC calculations for those ciphers differ slightly. Further - * variants were added when the CID functionality was added with RFC 9146. - * This implementations also considers the use of a legacy version of the - * CID specification published in draft-ietf-tls-dtls-connection-id-05, - * which is used in deployments. - * - * We will distinguish between the non-CID and the CID cases below. - * - * --- Non-CID cases --- - * - * Quoting RFC 5246 (TLS 1.2): - * - * additional_data = seq_num + TLSCompressed.type + - * TLSCompressed.version + TLSCompressed.length; - * - * For TLS 1.3, the record sequence number is dropped from the AAD - * and encoded within the nonce of the AEAD operation instead. - * Moreover, the additional data involves the length of the TLS - * ciphertext, not the TLS plaintext as in earlier versions. - * Quoting RFC 8446 (TLS 1.3): - * - * additional_data = TLSCiphertext.opaque_type || - * TLSCiphertext.legacy_record_version || - * TLSCiphertext.length - * - * We pass the tag length to this function in order to compute the - * ciphertext length from the inner plaintext length rec->data_len via - * - * TLSCiphertext.length = TLSInnerPlaintext.length + taglen. - * - * --- CID cases --- - * - * RFC 9146 uses a common pattern when constructing the data - * passed into a MAC / AEAD cipher. - * - * Data concatenation for MACs used with block ciphers with - * Encrypt-then-MAC Processing (with CID): - * - * data = seq_num_placeholder + - * tls12_cid + - * cid_length + - * tls12_cid + - * DTLSCiphertext.version + - * epoch + - * sequence_number + - * cid + - * DTLSCiphertext.length + - * IV + - * ENC(content + padding + padding_length) - * - * Data concatenation for MACs used with block ciphers (with CID): - * - * data = seq_num_placeholder + - * tls12_cid + - * cid_length + - * tls12_cid + - * DTLSCiphertext.version + - * epoch + - * sequence_number + - * cid + - * length_of_DTLSInnerPlaintext + - * DTLSInnerPlaintext.content + - * DTLSInnerPlaintext.real_type + - * DTLSInnerPlaintext.zeros - * - * AEAD ciphers use the following additional data calculation (with CIDs): - * - * additional_data = seq_num_placeholder + - * tls12_cid + - * cid_length + - * tls12_cid + - * DTLSCiphertext.version + - * epoch + - * sequence_number + - * cid + - * length_of_DTLSInnerPlaintext - * - * Section 5.3 of draft-ietf-tls-dtls-connection-id-05 (for legacy CID use) - * defines the additional data calculation as follows: - * - * additional_data = seq_num + - * tls12_cid + - * DTLSCipherText.version + - * cid + - * cid_length + - * length_of_DTLSInnerPlaintext - */ - - unsigned char *cur = add_data; - size_t ad_len_field = rec->data_len; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* In TLS 1.3, the AAD contains the length of the TLSCiphertext, - * which differs from the length of the TLSInnerPlaintext - * by the length of the authentication tag. */ - ad_len_field += taglen; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - { - ((void) tls_version); - ((void) taglen); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec->cid_len != 0) { - // seq_num_placeholder - memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder)); - cur += sizeof(seq_num_placeholder); - - // tls12_cid type - *cur = rec->type; - cur++; - - // cid_length - *cur = rec->cid_len; - cur++; - } else -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - { - // epoch + sequence number - memcpy(cur, rec->ctr, sizeof(rec->ctr)); - cur += sizeof(rec->ctr); - } - } - - // type - *cur = rec->type; - cur++; - - // version - memcpy(cur, rec->ver, sizeof(rec->ver)); - cur += sizeof(rec->ver); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - - if (rec->cid_len != 0) { - // epoch + sequence number - memcpy(cur, rec->ctr, sizeof(rec->ctr)); - cur += sizeof(rec->ctr); - - // CID - memcpy(cur, rec->cid, rec->cid_len); - cur += rec->cid_len; - - // length of inner plaintext - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } else -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - { - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } - - *add_data_len = (size_t) (cur - add_data); -} - -#if defined(MBEDTLS_SSL_HAVE_AEAD) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_transform_aead_dynamic_iv_is_explicit( - mbedtls_ssl_transform const *transform) -{ - return transform->ivlen != transform->fixed_ivlen; -} - -/* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV ) - * - * Concretely, this occurs in two variants: - * - * a) Fixed and dynamic IV lengths add up to total IV length, giving - * IV = fixed_iv || dynamic_iv - * - * This variant is used in TLS 1.2 when used with GCM or CCM. - * - * b) Fixed IV lengths matches total IV length, giving - * IV = fixed_iv XOR ( 0 || dynamic_iv ) - * - * This variant occurs in TLS 1.3 and for TLS 1.2 when using ChaChaPoly. - * - * See also the documentation of mbedtls_ssl_transform. - * - * This function has the precondition that - * - * dst_iv_len >= max( fixed_iv_len, dynamic_iv_len ) - * - * which has to be ensured by the caller. If this precondition - * violated, the behavior of this function is undefined. - */ -static void ssl_build_record_nonce(unsigned char *dst_iv, - size_t dst_iv_len, - unsigned char const *fixed_iv, - size_t fixed_iv_len, - unsigned char const *dynamic_iv, - size_t dynamic_iv_len) -{ - /* Start with Fixed IV || 0 */ - memset(dst_iv, 0, dst_iv_len); - memcpy(dst_iv, fixed_iv, fixed_iv_len); - - dst_iv += dst_iv_len - dynamic_iv_len; - mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len); -} -#endif /* MBEDTLS_SSL_HAVE_AEAD */ - -int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec) -{ - mbedtls_ssl_mode_t ssl_mode; - int auth_done = 0; - unsigned char *data; - /* For an explanation of the additional data length see - * the description of ssl_extract_add_data_from_record(). - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char add_data[23 + MBEDTLS_SSL_CID_OUT_LEN_MAX]; -#else - unsigned char add_data[13]; -#endif - size_t add_data_len; - size_t post_avail; - - /* The SSL context is only used for debugging purposes! */ -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for debug */ - ((void) ssl); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); - - if (transform == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no transform provided to encrypt_buf")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - if (rec == NULL - || rec->buf == NULL - || rec->buf_len < rec->data_offset - || rec->buf_len - rec->data_offset < rec->data_len -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - || rec->cid_len != 0 -#endif - ) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to encrypt_buf")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); - - data = rec->buf + rec->data_offset; - post_avail = rec->buf_len - (rec->data_len + rec->data_offset); - MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload", - data, rec->data_len); - - if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET - " too large, maximum %" MBEDTLS_PRINTF_SIZET, - rec->data_len, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* The following two code paths implement the (D)TLSInnerPlaintext - * structure present in TLS 1.3 and DTLS 1.2 + CID. - * - * See ssl_build_inner_plaintext() for more information. - * - * Note that this changes `rec->data_len`, and hence - * `post_avail` needs to be recalculated afterwards. - * - * Note also that the two code paths cannot occur simultaneously - * since they apply to different versions of the protocol. There - * is hence no risk of double-addition of the inner plaintext. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - size_t padding = - ssl_compute_padding_length(rec->data_len, - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - if (ssl_build_inner_plaintext(data, - &rec->data_len, - post_avail, - rec->type, - padding) != 0) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* - * Add CID information - */ - rec->cid_len = transform->out_cid_len; - memcpy(rec->cid, transform->out_cid, transform->out_cid_len); - MBEDTLS_SSL_DEBUG_BUF(3, "CID", rec->cid, rec->cid_len); - - if (rec->cid_len != 0) { - size_t padding = - ssl_compute_padding_length(rec->data_len, - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - /* - * Wrap plaintext into DTLSInnerPlaintext structure. - * See ssl_build_inner_plaintext() for more information. - * - * Note that this changes `rec->data_len`, and hence - * `post_avail` needs to be recalculated afterwards. - */ - if (ssl_build_inner_plaintext(data, - &rec->data_len, - post_avail, - rec->type, - padding) != 0) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - rec->type = MBEDTLS_SSL_MSG_CID; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - post_avail = rec->buf_len - (rec->data_len + rec->data_offset); - - /* - * Add MAC before if needed - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || - ssl_mode == MBEDTLS_SSL_MODE_CBC) { - if (post_avail < transform->maclen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - unsigned char mac[MBEDTLS_SSL_MAC_ADD]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t sign_mac_length = 0; - - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - - status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, - transform->psa_mac_alg); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } - - status = psa_mac_update(&operation, add_data, add_data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } - - status = psa_mac_update(&operation, data, rec->data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } - - status = psa_mac_sign_finish(&operation, mac, MBEDTLS_SSL_MAC_ADD, - &sign_mac_length); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_disabled; - } - - memcpy(data + rec->data_len, mac, transform->maclen); -#endif - - MBEDTLS_SSL_DEBUG_BUF(4, "computed mac", data + rec->data_len, - transform->maclen); - - rec->data_len += transform->maclen; - post_avail -= transform->maclen; - auth_done++; - -hmac_failed_etm_disabled: - mbedtls_platform_zeroize(mac, transform->maclen); - ret = PSA_TO_MBEDTLS_ERR(status); - status = psa_mac_abort(&operation); - if (ret == 0 && status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_hmac_xxx", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - /* - * Encrypt - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { - MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %d bytes of padding", - rec->data_len, 0)); - - /* The only supported stream cipher is "NULL", - * so there's nothing to do here.*/ - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ - -#if defined(MBEDTLS_SSL_HAVE_AEAD) - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - unsigned char iv[12]; - unsigned char *dynamic_iv; - size_t dynamic_iv_len; - int dynamic_iv_is_explicit = - ssl_transform_aead_dynamic_iv_is_explicit(transform); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Check that there's space for the authentication tag. */ - if (post_avail < transform->taglen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Build nonce for AEAD encryption. - * - * Note: In the case of CCM and GCM in TLS 1.2, the dynamic - * part of the IV is prepended to the ciphertext and - * can be chosen freely - in particular, it need not - * agree with the record sequence number. - * However, since ChaChaPoly as well as all AEAD modes - * in TLS 1.3 use the record sequence number as the - * dynamic part of the nonce, we uniformly use the - * record sequence number here in all cases. - */ - dynamic_iv = rec->ctr; - dynamic_iv_len = sizeof(rec->ctr); - - ssl_build_record_nonce(iv, sizeof(iv), - transform->iv_enc, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len); - - /* - * Build additional data for AEAD encryption. - * This depends on the TLS version. - */ - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - - MBEDTLS_SSL_DEBUG_BUF(4, "IV used (internal)", - iv, transform->ivlen); - MBEDTLS_SSL_DEBUG_BUF(4, "IV used (transmitted)", - dynamic_iv, - dynamic_iv_is_explicit ? dynamic_iv_len : 0); - MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", - add_data, add_data_len); - MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including 0 bytes of padding", - rec->data_len)); - - /* - * Encrypt and authenticate - */ - status = psa_aead_encrypt(transform->psa_key_enc, - transform->psa_alg, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len, - data, rec->buf_len - (data - rec->buf), - &rec->data_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag", - data + rec->data_len - transform->taglen, - transform->taglen); - /* Account for authentication tag. */ - post_avail -= transform->taglen; - - /* - * Prefix record content with dynamic IV in case it is explicit. - */ - if (dynamic_iv_is_explicit != 0) { - if (rec->data_offset < dynamic_iv_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - memcpy(data - dynamic_iv_len, dynamic_iv, dynamic_iv_len); - rec->data_offset -= dynamic_iv_len; - rec->data_len += dynamic_iv_len; - } - - auth_done++; - } else -#endif /* MBEDTLS_SSL_HAVE_AEAD */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC || - ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t padlen, i; - size_t olen; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t part_len; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; - - /* Currently we're always using minimal padding - * (up to 255 bytes would be allowed). */ - padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; - if (padlen == transform->ivlen) { - padlen = 0; - } - - /* Check there's enough space in the buffer for the padding. */ - if (post_avail < padlen + 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - for (i = 0; i <= padlen; i++) { - data[rec->data_len + i] = (unsigned char) padlen; - } - - rec->data_len += padlen + 1; - post_avail -= padlen + 1; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Prepend per-record IV for block cipher in TLS v1.2 as per - * Method 1 (6.2.3.2. in RFC4346 and RFC5246) - */ - - if (rec->data_offset < transform->ivlen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Generate IV - */ - ret = psa_generate_random(transform->iv_enc, transform->ivlen); - if (ret != 0) { - return ret; - } - - memcpy(data - transform->ivlen, transform->iv_enc, transform->ivlen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %" - MBEDTLS_PRINTF_SIZET - " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", - rec->data_len, transform->ivlen, - padlen + 1)); - - status = psa_cipher_encrypt_setup(&cipher_op, - transform->psa_key_enc, transform->psa_alg); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_encrypt_setup", ret); - return ret; - } - - status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret); - return ret; - - } - - status = psa_cipher_update(&cipher_op, - data, rec->data_len, - data, rec->data_len, &olen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret); - return ret; - - } - - status = psa_cipher_finish(&cipher_op, - data + olen, rec->data_len - olen, - &part_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret); - return ret; - - } - - olen += part_len; - - if (rec->data_len != olen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - data -= transform->ivlen; - rec->data_offset -= transform->ivlen; - rec->data_len += transform->ivlen; - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (auth_done == 0) { - unsigned char mac[MBEDTLS_SSL_MAC_ADD]; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - size_t sign_mac_length = 0; - - /* MAC(MAC_write_key, add_data, IV, ENC(content + padding + padding_length)) - */ - - if (post_avail < transform->maclen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl_extract_add_data_from_record(add_data, &add_data_len, - rec, transform->tls_version, - transform->taglen); - - MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); - MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, - add_data_len); - status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, - transform->psa_mac_alg); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, add_data, add_data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, data, rec->data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_sign_finish(&operation, mac, MBEDTLS_SSL_MAC_ADD, - &sign_mac_length); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - memcpy(data + rec->data_len, mac, transform->maclen); - - rec->data_len += transform->maclen; - post_avail -= transform->maclen; - auth_done++; - -hmac_failed_etm_enabled: - mbedtls_platform_zeroize(mac, transform->maclen); - ret = PSA_TO_MBEDTLS_ERR(status); - status = psa_mac_abort(&operation); - if (ret == 0 && status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "HMAC calculation failed", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Make extra sure authentication was performed, exactly once */ - if (auth_done != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= encrypt buf")); - - return 0; -} - -int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_SSL_HAVE_AEAD) - size_t olen; -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_SSL_HAVE_AEAD */ - mbedtls_ssl_mode_t ssl_mode; - int ret; - - int auth_done = 0; -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - size_t padlen = 0; - mbedtls_ct_condition_t correct = MBEDTLS_CT_TRUE; -#endif - unsigned char *data; - /* For an explanation of the additional data length see - * the description of ssl_extract_add_data_from_record(). - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char add_data[23 + MBEDTLS_SSL_CID_IN_LEN_MAX]; -#else - unsigned char add_data[13]; -#endif - size_t add_data_len; - -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for debug */ - ((void) ssl); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> decrypt buf")); - if (rec == NULL || - rec->buf == NULL || - rec->buf_len < rec->data_offset || - rec->buf_len - rec->data_offset < rec->data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to decrypt_buf")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - data = rec->buf + rec->data_offset; - ssl_mode = mbedtls_ssl_get_mode_from_transform(transform); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* - * Match record's CID with incoming CID. - */ - if (rec->cid_len != transform->in_cid_len || - memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { - return MBEDTLS_ERR_SSL_UNEXPECTED_CID; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { - if (rec->data_len < transform->maclen) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Record too short for MAC:" - " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET, - rec->data_len, transform->maclen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - /* The only supported stream cipher is "NULL", - * so there's no encryption to do here.*/ - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_SSL_HAVE_AEAD) - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - unsigned char iv[12]; - unsigned char *dynamic_iv; - size_t dynamic_iv_len; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - /* - * Extract dynamic part of nonce for AEAD decryption. - * - * Note: In the case of CCM and GCM in TLS 1.2, the dynamic - * part of the IV is prepended to the ciphertext and - * can be chosen freely - in particular, it need not - * agree with the record sequence number. - */ - dynamic_iv_len = sizeof(rec->ctr); - if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { - if (rec->data_len < dynamic_iv_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - dynamic_iv_len)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - dynamic_iv = data; - - data += dynamic_iv_len; - rec->data_offset += dynamic_iv_len; - rec->data_len -= dynamic_iv_len; - } else { - dynamic_iv = rec->ctr; - } - - /* Check that there's space for the authentication tag. */ - if (rec->data_len < transform->taglen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - transform->taglen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - rec->data_len -= transform->taglen; - - /* - * Prepare nonce from dynamic and static parts. - */ - ssl_build_record_nonce(iv, sizeof(iv), - transform->iv_dec, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len); - - /* - * Build additional data for AEAD encryption. - * This depends on the TLS version. - */ - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", - add_data, add_data_len); - - /* Because of the check above, we know that there are - * explicit_iv_len Bytes preceding data, and taglen - * bytes following data + data_len. This justifies - * the debug message and the invocation of - * mbedtls_cipher_auth_decrypt_ext() below. */ - - MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); - MBEDTLS_SSL_DEBUG_BUF(4, "TAG used", data + rec->data_len, - transform->taglen); - - /* - * Decrypt and authenticate - */ - status = psa_aead_decrypt(transform->psa_key_dec, - transform->psa_alg, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, - data, rec->buf_len - (data - rec->buf), - &olen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret); - return ret; - } - - auth_done++; - - /* Double-check that AEAD decryption doesn't change content length. */ - if (olen != rec->data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - } else -#endif /* MBEDTLS_SSL_HAVE_AEAD */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC || - ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - size_t minlen = 0; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t part_len; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; - - /* - * Check immediate ciphertext sanity - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* The ciphertext is prefixed with the CBC IV. */ - minlen += transform->ivlen; -#endif - - /* Size considerations: - * - * - The CBC cipher text must not be empty and hence - * at least of size transform->ivlen. - * - * Together with the potential IV-prefix, this explains - * the first of the two checks below. - * - * - The record must contain a MAC, either in plain or - * encrypted, depending on whether Encrypt-then-MAC - * is used or not. - * - If it is, the message contains the IV-prefix, - * the CBC ciphertext, and the MAC. - * - If it is not, the padded plaintext, and hence - * the CBC ciphertext, has at least length maclen + 1 - * because there is at least the padding length byte. - * - * As the CBC ciphertext is not empty, both cases give the - * lower bound minlen + maclen + 1 on the record size, which - * we test for in the second check below. - */ - if (rec->data_len < minlen + transform->ivlen || - rec->data_len < minlen + transform->maclen + 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET - "), maclen (%" MBEDTLS_PRINTF_SIZET ") " - "+ 1 ) ( + expl IV )", - rec->data_len, - transform->ivlen, - transform->maclen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - /* - * Authenticate before decrypt if enabled - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - - MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); - - /* Update data_len in tandem with add_data. - * - * The subtraction is safe because of the previous check - * data_len >= minlen + maclen + 1. - * - * Afterwards, we know that data + data_len is followed by at - * least maclen Bytes, which justifies the call to - * mbedtls_ct_memcmp() below. - * - * Further, we still know that data_len > minlen */ - rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - - /* Calculate expected MAC. */ - MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, - add_data_len); - status = psa_mac_verify_setup(&operation, transform->psa_mac_dec, - transform->psa_mac_alg); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, add_data, add_data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - status = psa_mac_update(&operation, data, rec->data_len); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - - /* Compare expected MAC with MAC at the end of the record. */ - status = psa_mac_verify_finish(&operation, data + rec->data_len, - transform->maclen); - if (status != PSA_SUCCESS) { - goto hmac_failed_etm_enabled; - } - auth_done++; - -hmac_failed_etm_enabled: - ret = PSA_TO_MBEDTLS_ERR(status); - status = psa_mac_abort(&operation); - if (ret == 0 && status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - if (ret != 0) { - if (ret != MBEDTLS_ERR_SSL_INVALID_MAC) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_hmac_xxx", ret); - } - return ret; - } - } -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - - /* - * Check length sanity - */ - - /* We know from above that data_len > minlen >= 0, - * so the following check in particular implies that - * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ - if (rec->data_len % transform->ivlen != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", - rec->data_len, transform->ivlen)); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Initialize for prepended IV for block cipher in TLS v1.2 - */ - /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */ - memcpy(transform->iv_dec, data, transform->ivlen); - - data += transform->ivlen; - rec->data_offset += transform->ivlen; - rec->data_len -= transform->ivlen; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ - - status = psa_cipher_decrypt_setup(&cipher_op, - transform->psa_key_dec, transform->psa_alg); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_decrypt_setup", ret); - return ret; - } - - status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret); - return ret; - } - - status = psa_cipher_update(&cipher_op, - data, rec->data_len, - data, rec->data_len, &olen); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret); - return ret; - } - - status = psa_cipher_finish(&cipher_op, - data + olen, rec->data_len - olen, - &part_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret); - return ret; - } - - olen += part_len; - - /* Double-check that length hasn't changed during decryption. */ - if (rec->data_len != olen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Safe since data_len >= minlen + maclen + 1, so after having - * subtracted at most minlen and maclen up to this point, - * data_len > 0 (because of data_len % ivlen == 0, it's actually - * >= ivlen ). */ - padlen = data[rec->data_len - 1]; - - if (auth_done == 1) { - const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( - rec->data_len, - padlen + 1); - correct = mbedtls_ct_bool_and(ge, correct); - padlen = mbedtls_ct_size_if_else_0(ge, padlen); - } else { -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (rec->data_len < transform->maclen + padlen + 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET - ") < maclen (%" MBEDTLS_PRINTF_SIZET - ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", - rec->data_len, - transform->maclen, - padlen + 1)); - } -#endif - const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( - rec->data_len, - transform->maclen + padlen + 1); - correct = mbedtls_ct_bool_and(ge, correct); - padlen = mbedtls_ct_size_if_else_0(ge, padlen); - } - - padlen++; - - /* Regardless of the validity of the padding, - * we have data_len >= padlen here. */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* The padding check involves a series of up to 256 - * consecutive memory reads at the end of the record - * plaintext buffer. In order to hide the length and - * validity of the padding, always perform exactly - * `min(256,plaintext_len)` reads (but take into account - * only the last `padlen` bytes for the padding check). */ - size_t pad_count = 0; - volatile unsigned char * const check = data; - - /* Index of first padding byte; it has been ensured above - * that the subtraction is safe. */ - size_t const padding_idx = rec->data_len - padlen; - size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256; - size_t const start_idx = rec->data_len - num_checks; - size_t idx; - - for (idx = start_idx; idx < rec->data_len; idx++) { - /* pad_count += (idx >= padding_idx) && - * (check[idx] == padlen - 1); - */ - const mbedtls_ct_condition_t a = mbedtls_ct_uint_ge(idx, padding_idx); - size_t increment = mbedtls_ct_size_if_else_0(a, 1); - const mbedtls_ct_condition_t b = mbedtls_ct_uint_eq(check[idx], padlen - 1); - increment = mbedtls_ct_size_if_else_0(b, increment); - pad_count += increment; - } - correct = mbedtls_ct_bool_and(mbedtls_ct_uint_eq(pad_count, padlen), correct); - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (padlen > 0 && correct == MBEDTLS_CT_FALSE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected")); - } -#endif - padlen = mbedtls_ct_size_if_else_0(correct, padlen); - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - /* If the padding was found to be invalid, padlen == 0 - * and the subtraction is safe. If the padding was found valid, - * padlen hasn't been changed and the previous assertion - * data_len >= padlen still holds. */ - rec->data_len -= padlen; - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF(4, "raw buffer after decryption", - data, rec->data_len); -#endif - - /* - * Authenticate if not done yet. - * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (auth_done == 0) { - unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 }; - unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 }; - - /* For CBC+MAC, If the initial value of padlen was such that - * data_len < maclen + padlen + 1, then padlen - * got reset to 1, and the initial check - * data_len >= minlen + maclen + 1 - * guarantees that at this point we still - * have at least data_len >= maclen. - * - * If the initial value of padlen was such that - * data_len >= maclen + padlen + 1, then we have - * subtracted either padlen + 1 (if the padding was correct) - * or 0 (if the padding was incorrect) since then, - * hence data_len >= maclen in any case. - * - * For stream ciphers, we checked above that - * data_len >= maclen. - */ - rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record(add_data, &add_data_len, rec, - transform->tls_version, - transform->taglen); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * The next two sizes are the minimum and maximum values of - * data_len over all padlen values. - * - * They're independent of padlen, since we previously did - * data_len -= padlen. - * - * Note that max_len + maclen is never more than the buffer - * length, as we previously did in_msglen -= maclen too. - */ - const size_t max_len = rec->data_len + padlen; - const size_t min_len = (max_len > 256) ? max_len - 256 : 0; - - ret = mbedtls_ct_hmac(transform->psa_mac_dec, - transform->psa_mac_alg, - add_data, add_data_len, - data, rec->data_len, min_len, max_len, - mac_expect); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ct_hmac", ret); - goto hmac_failed_etm_disabled; - } - - mbedtls_ct_memcpy_offset(mac_peer, data, - rec->data_len, - min_len, max_len, - transform->maclen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); - MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); -#endif - - if (mbedtls_ct_memcmp(mac_peer, mac_expect, - transform->maclen) != 0) { -#if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); -#endif - correct = MBEDTLS_CT_FALSE; - } - auth_done++; - -hmac_failed_etm_disabled: - mbedtls_platform_zeroize(mac_peer, transform->maclen); - mbedtls_platform_zeroize(mac_expect, transform->maclen); - if (ret != 0) { - return ret; - } - } - - /* - * Finally check the correct flag - */ - if (correct == MBEDTLS_CT_FALSE) { - return MBEDTLS_ERR_SSL_INVALID_MAC; - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - /* Make extra sure authentication was performed, exactly once */ - if (auth_done != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* Remove inner padding and infer true content type. */ - ret = ssl_parse_inner_plaintext(data, &rec->data_len, - &rec->type); - - if (ret != 0) { - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec->cid_len != 0) { - ret = ssl_parse_inner_plaintext(data, &rec->data_len, - &rec->type); - if (ret != 0) { - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= decrypt buf")); - - return 0; -} - -#undef MAC_NONE -#undef MAC_PLAINTEXT -#undef MAC_CIPHERTEXT - -/* - * Fill the input message buffer by appending data to it. - * The amount of data already fetched is in ssl->in_left. - * - * If we return 0, is it guaranteed that (at least) nb_want bytes are - * available (from this read and/or a previous one). Otherwise, an error code - * is returned (possibly EOF or WANT_READ). - * - * With stream transport (TLS) on success ssl->in_left == nb_want, but - * with datagram transport (DTLS) on success ssl->in_left >= nb_want, - * since we always read a whole datagram at once. - * - * For DTLS, it is up to the caller to set ssl->next_record_offset when - * they're done reading a record. - */ -int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> fetch input")); - - if (ssl->f_recv == NULL && ssl->f_recv_timeout == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() ")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (nb_want > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("requesting more data than fits")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - uint32_t timeout; - - /* - * The point is, we need to always read a full datagram at once, so we - * sometimes read more then requested, and handle the additional data. - * It could be the rest of the current record (while fetching the - * header) and/or some other records in the same datagram. - */ - - /* - * Move to the next record in the already read datagram if applicable - */ - if (ssl->next_record_offset != 0) { - if (ssl->in_left < ssl->next_record_offset) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->in_left -= ssl->next_record_offset; - - if (ssl->in_left != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("next record in same datagram, offset: %" - MBEDTLS_PRINTF_SIZET, - ssl->next_record_offset)); - memmove(ssl->in_hdr, - ssl->in_hdr + ssl->next_record_offset, - ssl->in_left); - } - - ssl->next_record_offset = 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want)); - - /* - * Done if we already have enough data. - */ - if (nb_want <= ssl->in_left) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); - return 0; - } - - /* - * A record can't be split across datagrams. If we need to read but - * are not at the beginning of a new record, the caller did something - * wrong. - */ - if (ssl->in_left != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * Don't even try to read if time's out already. - * This avoids by-passing the timer when repeatedly receiving messages - * that will end up being dropped. - */ - if (mbedtls_ssl_check_timer(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired")); - ret = MBEDTLS_ERR_SSL_TIMEOUT; - } else { - len = in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf); - - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - timeout = ssl->handshake->retransmit_timeout; - } else { - timeout = ssl->conf->read_timeout; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("f_recv_timeout: %lu ms", (unsigned long) timeout)); - - if (ssl->f_recv_timeout != NULL) { - ret = ssl->f_recv_timeout(ssl->p_bio, ssl->in_hdr, len, - timeout); - } else { - ret = ssl->f_recv(ssl->p_bio, ssl->in_hdr, len); - } - - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - - if (ret == 0) { - return MBEDTLS_ERR_SSL_CONN_EOF; - } - } - - if (ret == MBEDTLS_ERR_SSL_TIMEOUT) { - MBEDTLS_SSL_DEBUG_MSG(2, ("timeout")); - mbedtls_ssl_set_timer(ssl, 0); - - if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - if (ssl_double_retransmit_timeout(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake timeout")); - return MBEDTLS_ERR_SSL_TIMEOUT; - } - - if ((ret = mbedtls_ssl_resend(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); - return ret; - } - - return MBEDTLS_ERR_SSL_WANT_READ; - } -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", - ret); - return ret; - } - - return MBEDTLS_ERR_SSL_WANT_READ; - } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ - } - - if (ret < 0) { - return ret; - } - - ssl->in_left = ret; - } else -#endif - { - MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want)); - - while (ssl->in_left < nb_want) { - len = nb_want - ssl->in_left; - - if (mbedtls_ssl_check_timer(ssl) != 0) { - ret = MBEDTLS_ERR_SSL_TIMEOUT; - } else { - if (ssl->f_recv_timeout != NULL) { - ret = ssl->f_recv_timeout(ssl->p_bio, - ssl->in_hdr + ssl->in_left, len, - ssl->conf->read_timeout); - } else { - ret = ssl->f_recv(ssl->p_bio, - ssl->in_hdr + ssl->in_left, len); - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want)); - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - - if (ret == 0) { - return MBEDTLS_ERR_SSL_CONN_EOF; - } - - if (ret < 0) { - return ret; - } - - if ((size_t) ret > len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET - " were requested", - ret, len)); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->in_left += ret; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); - - return 0; -} - -/* - * Flush any data not yet written - */ -int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> flush output")); - - if (ssl->f_send == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() ")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Avoid incrementing counter if data is flushed */ - if (ssl->out_left == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); - return 0; - } - - while (ssl->out_left > 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("message length: %" MBEDTLS_PRINTF_SIZET - ", out_left: %" MBEDTLS_PRINTF_SIZET, - mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left)); - - buf = ssl->out_hdr - ssl->out_left; - ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left); - - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret); - - if (ret <= 0) { - return ret; - } - - if ((size_t) ret > ssl->out_left) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET - " bytes were sent", - ret, ssl->out_left)); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->out_left -= ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_hdr = ssl->out_buf; - } else -#endif - { - ssl->out_hdr = ssl->out_buf + 8; - } - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); - - return 0; -} - -/* - * Functions to handle the DTLS retransmission state machine - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) -/* - * Append current handshake message to current outgoing flight - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_flight_append(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_flight_item *msg; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_flight_append")); - MBEDTLS_SSL_DEBUG_BUF(4, "message appended to flight", - ssl->out_msg, ssl->out_msglen); - - /* Allocate space for current message */ - if ((msg = mbedtls_calloc(1, sizeof(mbedtls_ssl_flight_item))) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - sizeof(mbedtls_ssl_flight_item))); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - if ((msg->p = mbedtls_calloc(1, ssl->out_msglen)) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - ssl->out_msglen)); - mbedtls_free(msg); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - /* Copy current handshake message with headers */ - memcpy(msg->p, ssl->out_msg, ssl->out_msglen); - msg->len = ssl->out_msglen; - msg->type = ssl->out_msgtype; - msg->next = NULL; - - /* Append to the current flight */ - if (ssl->handshake->flight == NULL) { - ssl->handshake->flight = msg; - } else { - mbedtls_ssl_flight_item *cur = ssl->handshake->flight; - while (cur->next != NULL) { - cur = cur->next; - } - cur->next = msg; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_flight_append")); - return 0; -} - -/* - * Free the current flight of handshake messages - */ -void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight) -{ - mbedtls_ssl_flight_item *cur = flight; - mbedtls_ssl_flight_item *next; - - while (cur != NULL) { - next = cur->next; - - mbedtls_free(cur->p); - mbedtls_free(cur); - - cur = next; - } -} - -/* - * Swap transform_out and out_ctr with the alternative ones - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_swap_epochs(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_transform *tmp_transform; - unsigned char tmp_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; - - if (ssl->transform_out == ssl->handshake->alt_transform_out) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip swap epochs")); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("swap epochs")); - - /* Swap transforms */ - tmp_transform = ssl->transform_out; - ssl->transform_out = ssl->handshake->alt_transform_out; - ssl->handshake->alt_transform_out = tmp_transform; - - /* Swap epoch + sequence_number */ - memcpy(tmp_out_ctr, ssl->cur_out_ctr, sizeof(tmp_out_ctr)); - memcpy(ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, - sizeof(ssl->cur_out_ctr)); - memcpy(ssl->handshake->alt_out_ctr, tmp_out_ctr, - sizeof(ssl->handshake->alt_out_ctr)); - - /* Adjust to the newly activated transform */ - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - - return 0; -} - -/* - * Retransmit the current flight of messages. - */ -int mbedtls_ssl_resend(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_resend")); - - ret = mbedtls_ssl_flight_transmit(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_resend")); - - return ret; -} - -/* - * Transmit or retransmit the current flight of messages. - * - * Need to remember the current message in case flush_output returns - * WANT_WRITE, causing us to exit this function and come back later. - * This function must be called until state is no longer SENDING. - */ -int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_flight_transmit")); - - if (ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING) { - MBEDTLS_SSL_DEBUG_MSG(2, ("initialise flight transmission")); - - ssl->handshake->cur_msg = ssl->handshake->flight; - ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; - ret = ssl_swap_epochs(ssl); - if (ret != 0) { - return ret; - } - - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; - } - - while (ssl->handshake->cur_msg != NULL) { - size_t max_frag_len; - const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg; - - int const is_finished = - (cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && - cur->p[0] == MBEDTLS_SSL_HS_FINISHED); - - int const force_flush = ssl->disable_datagram_packing == 1 ? - SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; - - /* Swap epochs before sending Finished: we can't do it after - * sending ChangeCipherSpec, in case write returns WANT_READ. - * Must be done before copying, may change out_msg pointer */ - if (is_finished && ssl->handshake->cur_msg_p == (cur->p + 12)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("swap epochs to send finished message")); - ret = ssl_swap_epochs(ssl); - if (ret != 0) { - return ret; - } - } - - ret = ssl_get_remaining_payload_in_datagram(ssl); - if (ret < 0) { - return ret; - } - max_frag_len = (size_t) ret; - - /* CCS is copied as is, while HS messages may need fragmentation */ - if (cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - if (max_frag_len == 0) { - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - continue; - } - - memcpy(ssl->out_msg, cur->p, cur->len); - ssl->out_msglen = cur->len; - ssl->out_msgtype = cur->type; - - /* Update position inside current message */ - ssl->handshake->cur_msg_p += cur->len; - } else { - const unsigned char * const p = ssl->handshake->cur_msg_p; - const size_t hs_len = cur->len - 12; - const size_t frag_off = (size_t) (p - (cur->p + 12)); - const size_t rem_len = hs_len - frag_off; - size_t cur_hs_frag_len, max_hs_frag_len; - - if ((max_frag_len < 12) || (max_frag_len == 12 && hs_len != 0)) { - if (is_finished) { - ret = ssl_swap_epochs(ssl); - if (ret != 0) { - return ret; - } - } - - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - continue; - } - max_hs_frag_len = max_frag_len - 12; - - cur_hs_frag_len = rem_len > max_hs_frag_len ? - max_hs_frag_len : rem_len; - - if (frag_off == 0 && cur_hs_frag_len != hs_len) { - MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)", - (unsigned) cur_hs_frag_len, - (unsigned) max_hs_frag_len)); - } - - /* Messages are stored with handshake headers as if not fragmented, - * copy beginning of headers then fill fragmentation fields. - * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ - memcpy(ssl->out_msg, cur->p, 6); - - ssl->out_msg[6] = MBEDTLS_BYTE_2(frag_off); - ssl->out_msg[7] = MBEDTLS_BYTE_1(frag_off); - ssl->out_msg[8] = MBEDTLS_BYTE_0(frag_off); - - ssl->out_msg[9] = MBEDTLS_BYTE_2(cur_hs_frag_len); - ssl->out_msg[10] = MBEDTLS_BYTE_1(cur_hs_frag_len); - ssl->out_msg[11] = MBEDTLS_BYTE_0(cur_hs_frag_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "handshake header", ssl->out_msg, 12); - - /* Copy the handshake message content and set records fields */ - memcpy(ssl->out_msg + 12, p, cur_hs_frag_len); - ssl->out_msglen = cur_hs_frag_len + 12; - ssl->out_msgtype = cur->type; - - /* Update position inside current message */ - ssl->handshake->cur_msg_p += cur_hs_frag_len; - } - - /* If done with the current message move to the next one if any */ - if (ssl->handshake->cur_msg_p >= cur->p + cur->len) { - if (cur->next != NULL) { - ssl->handshake->cur_msg = cur->next; - ssl->handshake->cur_msg_p = cur->next->p + 12; - } else { - ssl->handshake->cur_msg = NULL; - ssl->handshake->cur_msg_p = NULL; - } - } - - /* Actually send the message out */ - if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); - return ret; - } - } - - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - /* Update state and set timer */ - if (mbedtls_ssl_is_handshake_over(ssl) == 1) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_flight_transmit")); - - return 0; -} - -/* - * To be called when the last message of an incoming flight is received. - */ -void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl) -{ - /* We won't need to resend that one any more */ - mbedtls_ssl_flight_free(ssl->handshake->flight); - ssl->handshake->flight = NULL; - ssl->handshake->cur_msg = NULL; - - /* The next incoming flight will start with this msg_seq */ - ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq; - - /* We don't want to remember CCS's across flight boundaries. */ - ssl->handshake->buffering.seen_ccs = 0; - - /* Clear future message buffering structure. */ - mbedtls_ssl_buffering_free(ssl); - - /* Cancel timer */ - mbedtls_ssl_set_timer(ssl, 0); - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; - } -} - -/* - * To be called when the last message of an outgoing flight is send. - */ -void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl) -{ - ssl_reset_retransmit_timeout(ssl); - mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - } -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/* - * Handshake layer functions - */ -int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type, - unsigned char **buf, size_t *buf_len) -{ - /* - * Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 ) - * ... - * HandshakeType msg_type; - * uint24 length; - * ... - */ - *buf = ssl->out_msg + 4; - *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4; - - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = hs_type; - - return 0; -} - -/* - * Write (DTLS: or queue) current handshake (including CCS) message. - * - * - fill in handshake headers - * - update handshake checksum - * - DTLS: save message for resending - * - then pass to the record layer - * - * DTLS: except for HelloRequest, messages are only queued, and will only be - * actually sent when calling flight_transmit() or resend(). - * - * Inputs: - * - ssl->out_msglen: 4 + actual handshake message len - * (4 is the size of handshake headers for TLS) - * - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc) - * - ssl->out_msg + 4: the handshake message body - * - * Outputs, ie state before passing to flight_append() or write_record(): - * - ssl->out_msglen: the length of the record contents - * (including handshake headers but excluding record headers) - * - ssl->out_msg: the record contents (handshake headers + content) - */ -int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, - int update_checksum, - int force_flush) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const size_t hs_len = ssl->out_msglen - 4; - const unsigned char hs_type = ssl->out_msg[0]; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message")); - - /* - * Sanity checks - */ - if (ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Whenever we send anything different from a - * HelloRequest we should be in a handshake - double check. */ - if (!(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST) && - ssl->handshake == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif - - /* Double-check that we did not exceed the bounds - * of the outgoing record buffer. - * This should never fail as the various message - * writing functions must obey the bounds of the - * outgoing record buffer, but better be safe. - * - * Note: We deliberately do not check for the MTU or MFL here. - */ - if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: " - "size %" MBEDTLS_PRINTF_SIZET - ", maximum %" MBEDTLS_PRINTF_SIZET, - ssl->out_msglen, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * Fill handshake headers - */ - if (ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { - ssl->out_msg[1] = MBEDTLS_BYTE_2(hs_len); - ssl->out_msg[2] = MBEDTLS_BYTE_1(hs_len); - ssl->out_msg[3] = MBEDTLS_BYTE_0(hs_len); - - /* - * DTLS has additional fields in the Handshake layer, - * between the length field and the actual payload: - * uint16 message_seq; - * uint24 fragment_offset; - * uint24 fragment_length; - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Make room for the additional DTLS fields */ - if (MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS handshake message too large: " - "size %" MBEDTLS_PRINTF_SIZET ", maximum %" - MBEDTLS_PRINTF_SIZET, - hs_len, - (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - 12))); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memmove(ssl->out_msg + 12, ssl->out_msg + 4, hs_len); - ssl->out_msglen += 8; - - /* Write message_seq and update it, except for HelloRequest */ - if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) { - MBEDTLS_PUT_UINT16_BE(ssl->handshake->out_msg_seq, ssl->out_msg, 4); - ++(ssl->handshake->out_msg_seq); - } else { - ssl->out_msg[4] = 0; - ssl->out_msg[5] = 0; - } - - /* Handshake hashes are computed without fragmentation, - * so set frag_offset = 0 and frag_len = hs_len for now */ - memset(ssl->out_msg + 6, 0x00, 3); - memcpy(ssl->out_msg + 9, ssl->out_msg + 1, 3); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* Update running hashes of handshake messages seen */ - if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0) { - ret = ssl->handshake->update_checksum(ssl, ssl->out_msg, - ssl->out_msglen); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - } - } - - /* Either send now, or just save to be sent (and resent) later */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - !(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST)) { - if ((ret = ssl_flight_append(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_flight_append", ret); - return ret; - } - } else -#endif - { - if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_record", ret); - return ret; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write handshake message")); - - return 0; -} - -int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl, - size_t buf_len, size_t msg_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t msg_with_header_len; - ((void) buf_len); - - /* Add reserved 4 bytes for handshake header */ - msg_with_header_len = msg_len + 4; - ssl->out_msglen = msg_with_header_len; - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_handshake_msg_ext(ssl, 0, 0)); - -cleanup: - return ret; -} - -/* - * Record layer functions - */ - -/* - * Write current record. - * - * Uses: - * - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS) - * - ssl->out_msglen: length of the record content (excl headers) - * - ssl->out_msg: record content - */ -int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush) -{ - int ret, done = 0; - size_t len = ssl->out_msglen; - int flush = force_flush; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write record")); - - if (!done) { - unsigned i; - size_t protected_record_size; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len; -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - /* Skip writing the record content type to after the encryption, - * as it may change when using the CID extension. */ - mbedtls_ssl_protocol_version tls_ver = ssl->tls_version; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* TLS 1.3 still uses the TLS 1.2 version identifier - * for backwards compatibility. */ - if (tls_ver == MBEDTLS_SSL_VERSION_TLS1_3) { - tls_ver = MBEDTLS_SSL_VERSION_TLS1_2; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - mbedtls_ssl_write_version(ssl->out_hdr + 1, ssl->conf->transport, - tls_ver); - - memcpy(ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); - MBEDTLS_PUT_UINT16_BE(len, ssl->out_len, 0); - - if (ssl->transform_out != NULL) { - mbedtls_record rec; - - rec.buf = ssl->out_iv; - rec.buf_len = out_buf_len - (size_t) (ssl->out_iv - ssl->out_buf); - rec.data_len = ssl->out_msglen; - rec.data_offset = (size_t) (ssl->out_msg - rec.buf); - - memcpy(&rec.ctr[0], ssl->out_ctr, sizeof(rec.ctr)); - mbedtls_ssl_write_version(rec.ver, ssl->conf->transport, tls_ver); - rec.type = ssl->out_msgtype; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* The CID is set by mbedtls_ssl_encrypt_buf(). */ - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); - return ret; - } - - if (rec.data_offset != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Update the record content type and CID. */ - ssl->out_msgtype = rec.type; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - memcpy(ssl->out_cid, rec.cid, rec.cid_len); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->out_msglen = len = rec.data_len; - MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->out_len, 0); - } - - protected_record_size = len + mbedtls_ssl_out_hdr_len(ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - /* In case of DTLS, double-check that we don't exceed - * the remaining space in the datagram. */ - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ret = ssl_get_remaining_space_in_datagram(ssl); - if (ret < 0) { - return ret; - } - - if (protected_record_size > (size_t) ret) { - /* Should never happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* Now write the potentially updated record content type. */ - ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; - - MBEDTLS_SSL_DEBUG_MSG(3, ("output record: msgtype = %u, " - "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, - ssl->out_hdr[0], ssl->out_hdr[1], - ssl->out_hdr[2], len)); - - MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", - ssl->out_hdr, protected_record_size); - - ssl->out_left += protected_record_size; - ssl->out_hdr += protected_record_size; - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - - for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) { - if (++ssl->cur_out_ctr[i - 1] != 0) { - break; - } - } - - /* The loop goes to its end if the counter is wrapping */ - if (i == mbedtls_ssl_ep_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("outgoing message counter would wrap")); - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - flush == SSL_DONT_FORCE_FLUSH) { - size_t remaining; - ret = ssl_get_remaining_payload_in_datagram(ssl); - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_remaining_payload_in_datagram", - ret); - return ret; - } - - remaining = (size_t) ret; - if (remaining == 0) { - flush = SSL_FORCE_FLUSH; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Still %u bytes available in current datagram", - (unsigned) remaining)); - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if ((flush == SSL_FORCE_FLUSH) && - (ret = mbedtls_ssl_flush_output(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write record")); - - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl) -{ - if (ssl->in_msglen < ssl->in_hslen || - memcmp(ssl->in_msg + 6, "\0\0\0", 3) != 0 || - memcmp(ssl->in_msg + 9, ssl->in_msg + 1, 3) != 0) { - return 1; - } - return 0; -} - -static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl) -{ - return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9); -} - -static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl) -{ - return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_hs_header(mbedtls_ssl_context const *ssl) -{ - uint32_t msg_len, frag_off, frag_len; - - msg_len = ssl_get_hs_total_len(ssl); - frag_off = ssl_get_hs_frag_off(ssl); - frag_len = ssl_get_hs_frag_len(ssl); - - if (frag_off > msg_len) { - return -1; - } - - if (frag_len > msg_len - frag_off) { - return -1; - } - - if (frag_len + 12 > ssl->in_msglen) { - return -1; - } - - return 0; -} - -/* - * Mark bits in bitmask (used for DTLS HS reassembly) - */ -static void ssl_bitmask_set(unsigned char *mask, size_t offset, size_t len) -{ - unsigned int start_bits, end_bits; - - start_bits = 8 - (offset % 8); - if (start_bits != 8) { - size_t first_byte_idx = offset / 8; - - /* Special case */ - if (len <= start_bits) { - for (; len != 0; len--) { - mask[first_byte_idx] |= 1 << (start_bits - len); - } - - /* Avoid potential issues with offset or len becoming invalid */ - return; - } - - offset += start_bits; /* Now offset % 8 == 0 */ - len -= start_bits; - - for (; start_bits != 0; start_bits--) { - mask[first_byte_idx] |= 1 << (start_bits - 1); - } - } - - end_bits = len % 8; - if (end_bits != 0) { - size_t last_byte_idx = (offset + len) / 8; - - len -= end_bits; /* Now len % 8 == 0 */ - - for (; end_bits != 0; end_bits--) { - mask[last_byte_idx] |= 1 << (8 - end_bits); - } - } - - memset(mask + offset / 8, 0xFF, len / 8); -} - -/* - * Check that bitmask is full - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_bitmask_check(unsigned char *mask, size_t len) -{ - size_t i; - - for (i = 0; i < len / 8; i++) { - if (mask[i] != 0xFF) { - return -1; - } - } - - for (i = 0; i < len % 8; i++) { - if ((mask[len / 8] & (1 << (7 - i))) == 0) { - return -1; - } - } - - return 0; -} - -/* msg_len does not include the handshake header */ -static size_t ssl_get_reassembly_buffer_size(size_t msg_len, - unsigned add_bitmap) -{ - size_t alloc_len; - - alloc_len = 12; /* Handshake header */ - alloc_len += msg_len; /* Content buffer */ - - if (add_bitmap) { - alloc_len += msg_len / 8 + (msg_len % 8 != 0); /* Bitmap */ - - } - return alloc_len; -} - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) -{ - return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1); -} - -int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) -{ - if (ssl->in_hsfraglen == 0) { - /* The handshake message must at least include the header. - * We may not have the full message yet in case of fragmentation. - * To simplify the code, we insist on having the header (and in - * particular the handshake message length) in the first - * fragment. */ - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" - " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" - MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen)); - - if (ssl->transform_in != NULL) { - MBEDTLS_SSL_DEBUG_MSG(4, ("decrypted handshake message:" - " iv-buf=%d hdr-buf=%d hdr-buf=%d", - (int) (ssl->in_iv - ssl->in_buf), - (int) (ssl->in_hdr - ssl->in_buf), - (int) (ssl->in_msg - ssl->in_buf))); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - - if (ssl_check_hs_header(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header")); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - if (ssl->handshake != NULL && - ((mbedtls_ssl_is_handshake_over(ssl) == 0 && - recv_msg_seq != ssl->handshake->in_msg_seq) || - (mbedtls_ssl_is_handshake_over(ssl) == 1 && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO))) { - if (recv_msg_seq > ssl->handshake->in_msg_seq) { - MBEDTLS_SSL_DEBUG_MSG(2, - ( - "received future handshake message of sequence number %u (next %u)", - recv_msg_seq, - ssl->handshake->in_msg_seq)); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } - - /* Retransmit only on last message from previous flight, to avoid - * too many retransmissions. - * Besides, No sane server ever retransmits HelloVerifyRequest */ - if (recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && - ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { - MBEDTLS_SSL_DEBUG_MSG(2, ("received message from last flight, " - "message_seq = %u, start_of_flight = %u", - recv_msg_seq, - ssl->handshake->in_flight_start_seq)); - - if ((ret = mbedtls_ssl_resend(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); - return ret; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("dropping out-of-sequence message: " - "message_seq = %u, expected = %u", - recv_msg_seq, - ssl->handshake->in_msg_seq)); - } - - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } - /* Wait until message completion to increment in_msg_seq */ - - /* Message reassembly is handled alongside buffering of future - * messages; the commonality is that both handshake fragments and - * future messages cannot be forwarded immediately to the - * handshake logic layer. */ - if (ssl_hs_is_proper_fragment(ssl) == 1) { - MBEDTLS_SSL_DEBUG_MSG(2, ("found fragmented DTLS handshake message")); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - unsigned char *const reassembled_record_start = - ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - unsigned char *const payload_start = - reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl); - unsigned char *payload_end = payload_start + ssl->in_hsfraglen; - /* How many more bytes we want to have a complete handshake message. */ - const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - /* How many bytes of the current record are part of the first - * handshake message. There may be more handshake messages (possibly - * incomplete) in the same record; if so, we leave them after the - * current record, and ssl_consume_current_message() will take - * care of consuming the next handshake message. */ - const size_t hs_this_fragment_len = - ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; - (void) hs_this_fragment_len; - - MBEDTLS_SSL_DEBUG_MSG(3, - ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - (ssl->in_hsfraglen != 0 ? - "subsequent" : - hs_this_fragment_len == ssl->in_hslen ? - "sole" : - "initial"), - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + hs_this_fragment_len, - ssl->in_hslen)); - - /* Move the received handshake fragment to have the whole message - * (at least the part received so far) in a single segment at a - * known offset in the input buffer. - * - When receiving a non-initial handshake fragment, append it to - * the initial segment. - * - Even the initial handshake fragment is moved, if it was - * encrypted with an explicit IV: decryption leaves the payload - * after the explicit IV, but here we move it to start where the - * IV was. - */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t const in_buf_len = ssl->in_buf_len; -#else - size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; -#endif - if (payload_end + ssl->in_msglen > ssl->in_buf + in_buf_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: no room to move handshake fragment %" - MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" - MBEDTLS_PRINTF_SIZET ")", - ssl->in_msglen, - (void *) ssl->in_msg, (void *) payload_end, - (void *) ssl->in_buf, in_buf_len)); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - memmove(payload_end, ssl->in_msg, ssl->in_msglen); - - ssl->in_hsfraglen += ssl->in_msglen; - payload_end += ssl->in_msglen; - - if (ssl->in_hsfraglen < ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments %" - MBEDTLS_PRINTF_SIZET "/%" - MBEDTLS_PRINTF_SIZET, - ssl->in_hsfraglen, ssl->in_hslen)); - ssl->in_hdr = payload_end; - ssl->in_msglen = 0; - mbedtls_ssl_update_in_pointers(ssl); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } else { - ssl->in_msglen = ssl->in_hsfraglen; - ssl->in_hsfraglen = 0; - ssl->in_hdr = reassembled_record_start; - mbedtls_ssl_update_in_pointers(ssl); - - /* Update the record length in the fully reassembled record */ - if (ssl->in_msglen > 0xffff) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: in_msglen=%" - MBEDTLS_PRINTF_SIZET " > 0xffff", - ssl->in_msglen)); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); - - size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen; - (void) record_len; - MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", - ssl->in_hdr, record_len); - if (ssl->in_hslen < ssl->in_msglen) { - MBEDTLS_SSL_DEBUG_MSG(3, - ("More handshake messages in the record: " - "%" MBEDTLS_PRINTF_SIZET " + %" MBEDTLS_PRINTF_SIZET, - ssl->in_hslen, - ssl->in_msglen - ssl->in_hslen)); - } - } - } - - return 0; -} - -int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - if (mbedtls_ssl_is_handshake_over(ssl) == 0 && hs != NULL) { - ret = ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - } - - /* Handshake message is complete, increment counter */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL) { - unsigned offset; - mbedtls_ssl_hs_buffer *hs_buf; - - /* Increment handshake sequence number */ - hs->in_msg_seq++; - - /* - * Clear up handshake buffering and reassembly structure. - */ - - /* Free first entry */ - ssl_buffering_free_slot(ssl, 0); - - /* Shift all other entries */ - for (offset = 0, hs_buf = &hs->buffering.hs[0]; - offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS; - offset++, hs_buf++) { - *hs_buf = *(hs_buf + 1); - } - - /* Create a fresh last entry */ - memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); - } -#endif - return 0; -} - -/* - * DTLS anti-replay: RFC 6347 4.1.2.6 - * - * in_window is a field of bits numbered from 0 (lsb) to 63 (msb). - * Bit n is set iff record number in_window_top - n has been seen. - * - * Usually, in_window_top is the last record number seen and the lsb of - * in_window is set. The only exception is the initial state (record number 0 - * not seen yet). - */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl) -{ - ssl->in_window_top = 0; - ssl->in_window = 0; -} - -static inline uint64_t ssl_load_six_bytes(unsigned char *buf) -{ - return ((uint64_t) buf[0] << 40) | - ((uint64_t) buf[1] << 32) | - ((uint64_t) buf[2] << 24) | - ((uint64_t) buf[3] << 16) | - ((uint64_t) buf[4] << 8) | - ((uint64_t) buf[5]); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int mbedtls_ssl_dtls_record_replay_check(mbedtls_ssl_context *ssl, uint8_t *record_in_ctr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *original_in_ctr; - - // save original in_ctr - original_in_ctr = ssl->in_ctr; - - // use counter from record - ssl->in_ctr = record_in_ctr; - - ret = mbedtls_ssl_dtls_replay_check((mbedtls_ssl_context const *) ssl); - - // restore the counter - ssl->in_ctr = original_in_ctr; - - return ret; -} - -/* - * Return 0 if sequence number is acceptable, -1 otherwise - */ -int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl) -{ - uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); - uint64_t bit; - - if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) { - return 0; - } - - if (rec_seqnum > ssl->in_window_top) { - return 0; - } - - bit = ssl->in_window_top - rec_seqnum; - - if (bit >= 64) { - return -1; - } - - if ((ssl->in_window & ((uint64_t) 1 << bit)) != 0) { - return -1; - } - - return 0; -} - -/* - * Update replay window on new validated record - */ -void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl) -{ - uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); - - if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) { - return; - } - - if (rec_seqnum > ssl->in_window_top) { - /* Update window_top and the contents of the window */ - uint64_t shift = rec_seqnum - ssl->in_window_top; - - if (shift >= 64) { - ssl->in_window = 1; - } else { - ssl->in_window <<= shift; - ssl->in_window |= 1; - } - - ssl->in_window_top = rec_seqnum; - } else { - /* Mark that number as seen in the current window */ - uint64_t bit = ssl->in_window_top - rec_seqnum; - - if (bit < 64) { /* Always true, but be extra sure */ - ssl->in_window |= (uint64_t) 1 << bit; - } - } -} -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) -/* - * Check if a datagram looks like a ClientHello with a valid cookie, - * and if it doesn't, generate a HelloVerifyRequest message. - * Both input and output include full DTLS headers. - * - * - if cookie is valid, return 0 - * - if ClientHello looks superficially valid but cookie is not, - * fill obuf and set olen, then - * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED - * - otherwise return a specific error code - */ -MBEDTLS_CHECK_RETURN_CRITICAL -MBEDTLS_STATIC_TESTABLE -int mbedtls_ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_context *ssl, - const unsigned char *cli_id, size_t cli_id_len, - const unsigned char *in, size_t in_len, - unsigned char *obuf, size_t buf_len, size_t *olen) -{ - size_t sid_len, cookie_len, epoch, fragment_offset; - unsigned char *p; - - /* - * Structure of ClientHello with record and handshake headers, - * and expected values. We don't need to check a lot, more checks will be - * done when actually parsing the ClientHello - skipping those checks - * avoids code duplication and does not make cookie forging any easier. - * - * 0-0 ContentType type; copied, must be handshake - * 1-2 ProtocolVersion version; copied - * 3-4 uint16 epoch; copied, must be 0 - * 5-10 uint48 sequence_number; copied - * 11-12 uint16 length; (ignored) - * - * 13-13 HandshakeType msg_type; (ignored) - * 14-16 uint24 length; (ignored) - * 17-18 uint16 message_seq; copied - * 19-21 uint24 fragment_offset; copied, must be 0 - * 22-24 uint24 fragment_length; (ignored) - * - * 25-26 ProtocolVersion client_version; (ignored) - * 27-58 Random random; (ignored) - * 59-xx SessionID session_id; 1 byte len + sid_len content - * 60+ opaque cookie<0..2^8-1>; 1 byte len + content - * ... - * - * Minimum length is 61 bytes. - */ - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: in_len=%u", - (unsigned) in_len)); - MBEDTLS_SSL_DEBUG_BUF(4, "cli_id", cli_id, cli_id_len); - if (in_len < 61) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: record too short")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - epoch = MBEDTLS_GET_UINT16_BE(in, 3); - fragment_offset = MBEDTLS_GET_UINT24_BE(in, 19); - - if (in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || epoch != 0 || - fragment_offset != 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: not a good ClientHello")); - MBEDTLS_SSL_DEBUG_MSG(4, (" type=%u epoch=%u fragment_offset=%u", - in[0], (unsigned) epoch, - (unsigned) fragment_offset)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - sid_len = in[59]; - if (59 + 1 + sid_len + 1 > in_len) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: sid_len=%u > %u", - (unsigned) sid_len, - (unsigned) in_len - 61)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - MBEDTLS_SSL_DEBUG_BUF(4, "sid received from network", - in + 60, sid_len); - - cookie_len = in[60 + sid_len]; - if (59 + 1 + sid_len + 1 + cookie_len > in_len) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: cookie_len=%u > %u", - (unsigned) cookie_len, - (unsigned) (in_len - sid_len - 61))); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "cookie received from network", - in + sid_len + 61, cookie_len); - if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, - in + sid_len + 61, cookie_len, - cli_id, cli_id_len) == 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: valid")); - return 0; - } - - /* - * If we get here, we've got an invalid cookie, let's prepare HVR. - * - * 0-0 ContentType type; copied - * 1-2 ProtocolVersion version; copied - * 3-4 uint16 epoch; copied - * 5-10 uint48 sequence_number; copied - * 11-12 uint16 length; olen - 13 - * - * 13-13 HandshakeType msg_type; hello_verify_request - * 14-16 uint24 length; olen - 25 - * 17-18 uint16 message_seq; copied - * 19-21 uint24 fragment_offset; copied - * 22-24 uint24 fragment_length; olen - 25 - * - * 25-26 ProtocolVersion server_version; 0xfe 0xff - * 27-27 opaque cookie<0..2^8-1>; cookie_len = olen - 27, cookie - * - * Minimum length is 28. - */ - if (buf_len < 28) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* Copy most fields and adapt others */ - memcpy(obuf, in, 25); - obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; - obuf[25] = 0xfe; - obuf[26] = 0xff; - - /* Generate and write actual cookie */ - p = obuf + 28; - if (ssl->conf->f_cookie_write(ssl->conf->p_cookie, - &p, obuf + buf_len, - cli_id, cli_id_len) != 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - *olen = (size_t) (p - obuf); - - /* Go back and fill length fields */ - obuf[27] = (unsigned char) (*olen - 28); - - obuf[14] = obuf[22] = MBEDTLS_BYTE_2(*olen - 25); - obuf[15] = obuf[23] = MBEDTLS_BYTE_1(*olen - 25); - obuf[16] = obuf[24] = MBEDTLS_BYTE_0(*olen - 25); - - MBEDTLS_PUT_UINT16_BE(*olen - 13, obuf, 11); - - return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED; -} - -/* - * Handle possible client reconnect with the same UDP quadruplet - * (RFC 6347 Section 4.2.8). - * - * Called by ssl_parse_record_header() in case we receive an epoch 0 record - * that looks like a ClientHello. - * - * - if the input looks like a ClientHello without cookies, - * send back HelloVerifyRequest, then return 0 - * - if the input looks like a ClientHello with a valid cookie, - * reset the session of the current context, and - * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT - * - if anything goes wrong, return a specific error code - * - * This function is called (through ssl_check_client_reconnect()) when an - * unexpected record is found in ssl_get_next_record(), which will discard the - * record if we return 0, and bubble up the return value otherwise (this - * includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected - * errors, and is the right thing to do in both cases). - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - if (ssl->conf->f_cookie_write == NULL || - ssl->conf->f_cookie_check == NULL) { - /* If we can't use cookies to verify reachability of the peer, - * drop the record. */ - MBEDTLS_SSL_DEBUG_MSG(1, ("no cookie callbacks, " - "can't check reconnect validity")); - return 0; - } - - ret = mbedtls_ssl_check_dtls_clihlo_cookie( - ssl, - ssl->cli_id, ssl->cli_id_len, - ssl->in_buf, ssl->in_left, - ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len); - - MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret); - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - int send_ret; - MBEDTLS_SSL_DEBUG_MSG(1, ("sending HelloVerifyRequest")); - MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", - ssl->out_buf, len); - /* Don't check write errors as we can't do anything here. - * If the error is permanent we'll catch it later, - * if it's not, then hopefully it'll work next time. */ - send_ret = ssl->f_send(ssl->p_bio, ssl->out_buf, len); - MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", send_ret); - (void) send_ret; - - return 0; - } - - if (ret == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cookie is valid, resetting context")); - if ((ret = mbedtls_ssl_session_reset_int(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "reset", ret); - return ret; - } - - return MBEDTLS_ERR_SSL_CLIENT_RECONNECT; - } - - return ret; -} -#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_record_type(uint8_t record_type) -{ - if (record_type != MBEDTLS_SSL_MSG_HANDSHAKE && - record_type != MBEDTLS_SSL_MSG_ALERT && - record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - return 0; -} - -/* - * ContentType type; - * ProtocolVersion version; - * uint16 epoch; // DTLS only - * uint48 sequence_number; // DTLS only - * uint16 length; - * - * Return 0 if header looks sane (and, for DTLS, the record is expected) - * MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad, - * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected. - * - * With DTLS, mbedtls_ssl_read_record() will: - * 1. proceed with the record if this function returns 0 - * 2. drop only the current record if this function returns UNEXPECTED_RECORD - * 3. return CLIENT_RECONNECT if this function return that value - * 4. drop the whole datagram if this function returns anything else. - * Point 2 is needed when the peer is resending, and we have already received - * the first record from a datagram but are still waiting for the others. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec) -{ - mbedtls_ssl_protocol_version tls_version; - - size_t const rec_hdr_type_offset = 0; - size_t const rec_hdr_type_len = 1; - - size_t const rec_hdr_version_offset = rec_hdr_type_offset + - rec_hdr_type_len; - size_t const rec_hdr_version_len = 2; - - size_t const rec_hdr_ctr_len = 8; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint32_t rec_epoch; - size_t const rec_hdr_ctr_offset = rec_hdr_version_offset + - rec_hdr_version_len; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - size_t const rec_hdr_cid_offset = rec_hdr_ctr_offset + - rec_hdr_ctr_len; - size_t rec_hdr_cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - size_t rec_hdr_len_offset; /* To be determined */ - size_t const rec_hdr_len_len = 2; - - /* - * Check minimum lengths for record header. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - rec_hdr_len_offset = rec_hdr_ctr_offset + rec_hdr_ctr_len; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - rec_hdr_len_offset = rec_hdr_version_offset + rec_hdr_version_len; - } - - if (len < rec_hdr_len_offset + rec_hdr_len_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "datagram of length %u too small to hold DTLS record header of length %u", - (unsigned) len, - (unsigned) (rec_hdr_len_len + rec_hdr_len_len))); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* - * Parse and validate record content type - */ - - rec->type = buf[rec_hdr_type_offset]; - - /* Check record content type */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec->cid_len = 0; - - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->cid_len != 0 && - rec->type == MBEDTLS_SSL_MSG_CID) { - /* Shift pointers to account for record header including CID - * struct { - * ContentType outer_type = tls12_cid; - * ProtocolVersion version; - * uint16 epoch; - * uint48 sequence_number; - * opaque cid[cid_length]; // Additional field compared to - * // default DTLS record format - * uint16 length; - * opaque enc_content[DTLSCiphertext.length]; - * } DTLSCiphertext; - */ - - /* So far, we only support static CID lengths - * fixed in the configuration. */ - rec_hdr_cid_len = ssl->conf->cid_len; - rec_hdr_len_offset += rec_hdr_cid_len; - - if (len < rec_hdr_len_offset + rec_hdr_len_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "datagram of length %u too small to hold DTLS record header including CID, length %u", - (unsigned) len, - (unsigned) (rec_hdr_len_offset + rec_hdr_len_len))); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* configured CID len is guaranteed at most 255, see - * MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */ - rec->cid_len = (uint8_t) rec_hdr_cid_len; - memcpy(rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len); - } else -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - { - if (ssl_check_record_type(rec->type)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type %u", - (unsigned) rec->type)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } - - /* - * Parse and validate record version - */ - rec->ver[0] = buf[rec_hdr_version_offset + 0]; - rec->ver[1] = buf[rec_hdr_version_offset + 1]; - tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version( - buf + rec_hdr_version_offset, - ssl->conf->transport); - - if (tls_version > ssl->conf->max_tls_version) { - MBEDTLS_SSL_DEBUG_MSG(1, ("TLS version mismatch: got %u, expected max %u", - (unsigned) tls_version, - (unsigned) ssl->conf->max_tls_version)); - - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - /* - * Parse/Copy record sequence number. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Copy explicit record sequence number from input buffer. */ - memcpy(&rec->ctr[0], buf + rec_hdr_ctr_offset, - rec_hdr_ctr_len); - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - /* Copy implicit record sequence number from SSL context structure. */ - memcpy(&rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len); - } - - /* - * Parse record length. - */ - - rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = MBEDTLS_GET_UINT16_BE(buf, rec_hdr_len_offset); - MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset); - - MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, " - "version = [0x%x], msglen = %" MBEDTLS_PRINTF_SIZET, - rec->type, (unsigned) tls_version, rec->data_len)); - - rec->buf = buf; - rec->buf_len = rec->data_offset + rec->data_len; - - if (rec->data_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("rejecting empty record")); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* - * DTLS-related tests. - * Check epoch before checking length constraint because - * the latter varies with the epoch. E.g., if a ChangeCipherSpec - * message gets duplicated before the corresponding Finished message, - * the second ChangeCipherSpec should be discarded because it belongs - * to an old epoch, but not because its length is shorter than - * the minimum record length for packets using the new record transform. - * Note that these two kinds of failures are handled differently, - * as an unexpected record is silently skipped but an invalid - * record leads to the entire datagram being dropped. - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - rec_epoch = MBEDTLS_GET_UINT16_BE(rec->ctr, 0); - - /* Check that the datagram is large enough to contain a record - * of the advertised length. */ - if (len < rec->data_offset + rec->data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "Datagram of length %u too small to contain record of advertised length %u.", - (unsigned) len, - (unsigned) (rec->data_offset + rec->data_len))); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - /* Records from other, non-matching epochs are silently discarded. - * (The case of same-port Client reconnects must be considered in - * the caller). */ - if (rec_epoch != ssl->in_epoch) { - MBEDTLS_SSL_DEBUG_MSG(1, ("record from another epoch: " - "expected %u, received %lu", - ssl->in_epoch, (unsigned long) rec_epoch)); - - /* Records from the next epoch are considered for buffering - * (concretely: early Finished messages). */ - if (rec_epoch == (unsigned) ssl->in_epoch + 1) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Consider record for buffering")); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } - - return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - /* For records from the correct epoch, check whether their - * sequence number has been seen before. */ - else if (mbedtls_ssl_dtls_record_replay_check((mbedtls_ssl_context *) ssl, - &rec->ctr[0]) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record")); - return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } -#endif - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - return 0; -} - - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl) -{ - unsigned int rec_epoch = MBEDTLS_GET_UINT16_BE(ssl->in_ctr, 0); - - /* - * Check for an epoch 0 ClientHello. We can't use in_msg here to - * access the first byte of record content (handshake type), as we - * have an active transform (possibly iv_len != 0), so use the - * fact that the record header len is 13 instead. - */ - if (rec_epoch == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - mbedtls_ssl_is_handshake_over(ssl) == 1 && - ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_left > 13 && - ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("possible client reconnect " - "from the same port")); - return ssl_handle_possible_reconnect(ssl); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ - -/* - * If applicable, decrypt record content - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_record_content(mbedtls_ssl_context *ssl, - mbedtls_record *rec) -{ - int ret, done = 0; - - MBEDTLS_SSL_DEBUG_BUF(4, "input record from network", - rec->buf, rec->buf_len); - - /* - * In TLS 1.3, always treat ChangeCipherSpec records - * as unencrypted. The only thing we do with them is - * check the length and content and ignore them. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->transform_in != NULL && - ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - if (rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - done = 1; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (!done && ssl->transform_in != NULL) { - unsigned char const old_msg_type = rec->type; - - if ((ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, - rec)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - /* - * Although the server rejected early data, it might receive early - * data as long as it has not received the client Finished message. - * It is encrypted with early keys and should be ignored as stated - * in section 4.2.10 of RFC 8446: - * - * "Ignore the extension and return a regular 1-RTT response. The - * server then skips past early data by attempting to deprotect - * received records using the handshake traffic key, discarding - * records which fail deprotection (up to the configured - * max_early_data_size). Once a record is deprotected successfully, - * it is treated as the start of the client's second flight and the - * server proceeds as with an ordinary 1-RTT handshake." - */ - if ((old_msg_type == MBEDTLS_SSL_MSG_APPLICATION_DATA) && - (ssl->discard_early_data_record == - MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD)) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("EarlyData: deprotect and discard app data records.")); - - ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len); - if (ret != 0) { - return ret; - } - ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && - ssl->conf->ignore_unexpected_cid - == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ignoring unexpected CID")); - ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * The decryption of the record failed, no reason to ignore it, - * return in error with the decryption error code. - */ - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - /* - * If the server were discarding protected records that it fails to - * deprotect because it has rejected early data, as we have just - * deprotected successfully a record, the server has to resume normal - * operation and fail the connection if the deprotection of a record - * fails. - */ - if (ssl->discard_early_data_record == - MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD) { - ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ - - if (old_msg_type != rec->type) { - MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d", - old_msg_type, rec->type)); - } - - MBEDTLS_SSL_DEBUG_BUF(4, "input payload after decrypt", - rec->buf + rec->data_offset, rec->data_len); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* We have already checked the record content type - * in ssl_parse_record_header(), failing or silently - * dropping the record in the case of an unknown type. - * - * Since with the use of CIDs, the record content type - * might change during decryption, re-check the record - * content type, but treat a failure as fatal this time. */ - if (ssl_check_record_type(rec->type)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type")); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if (rec->data_len == 0) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 - && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - /* TLS v1.2 explicitly disallows zero-length messages which are not application data */ - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid zero-length message type: %d", ssl->in_msgtype)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - ssl->nb_zero++; - - /* - * Three or more empty messages may be a DoS attack - * (excessive CPU consumption). - */ - if (ssl->nb_zero > 3) { - MBEDTLS_SSL_DEBUG_MSG(1, ("received four consecutive empty " - "messages, possible DoS attack")); - /* Treat the records as if they were not properly authenticated, - * thereby failing the connection if we see more than allowed - * by the configured bad MAC threshold. */ - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - } else { - ssl->nb_zero = 0; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ; /* in_ctr read from peer, not maintained internally */ - } else -#endif - { - unsigned i; - for (i = MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - i > mbedtls_ssl_ep_len(ssl); i--) { - if (++ssl->in_ctr[i - 1] != 0) { - break; - } - } - - /* The loop goes to its end iff the counter is wrapping */ - if (i == mbedtls_ssl_ep_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("incoming message counter would wrap")); - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } - - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) - /* - * Although the server rejected early data because it needed to send an - * HelloRetryRequest message, it might receive early data as long as it has - * not received the client Finished message. - * The early data is encrypted with early keys and should be ignored as - * stated in section 4.2.10 of RFC 8446 (second case): - * - * "The server then ignores early data by skipping all records with an - * external content type of "application_data" (indicating that they are - * encrypted), up to the configured max_early_data_size. Ignore application - * data message before 2nd ClientHello when early_data was received in 1st - * ClientHello." - */ - if (ssl->discard_early_data_record == MBEDTLS_SSL_EARLY_DATA_DISCARD) { - if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - - ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len); - if (ret != 0) { - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG( - 3, ("EarlyData: Ignore application message before 2nd ClientHello")); - - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) { - ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; - } - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_dtls_replay_update(ssl); - } -#endif - - /* Check actual (decrypted) record content length against - * configured maximum. */ - if (rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length")); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - return 0; -} - -/* - * Read a record. - * - * Silently ignore non-fatal alert (and for DTLS, invalid records as well, - * RFC 6347 4.1.2.7) and continue reading until a valid record is found. - * - */ - -/* Helper functions for mbedtls_ssl_read_record(). */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_consume_current_message(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_next_record(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl); - -int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, - unsigned update_hs_digest) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> read record")); - - if (ssl->keep_current_message == 0) { - do { - - ret = ssl_consume_current_message(ssl); - if (ret != 0) { - return ret; - } - - if (ssl_record_is_in_progress(ssl) == 0) { - int dtls_have_buffered = 0; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - - /* We only check for buffered messages if the - * current datagram is fully consumed. */ - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl_next_record_is_in_datagram(ssl) == 0) { - if (ssl_load_buffered_message(ssl) == 0) { - dtls_have_buffered = 1; - } - } - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - if (dtls_have_buffered == 0) { - ret = ssl_get_next_record(ssl); - if (ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) { - continue; - } - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_get_next_record"), ret); - return ret; - } - } - } - - ret = mbedtls_ssl_handle_message_type(ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { - /* Buffer future message */ - ret = ssl_buffer_message(ssl); - if (ret != 0) { - return ret; - } - - ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - } while (MBEDTLS_ERR_SSL_NON_FATAL == ret || - MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret); - - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_handle_message_type"), ret); - return ret; - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - update_hs_digest == 1) { - ret = mbedtls_ssl_update_handshake_status(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); - return ret; - } - } - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message")); - ssl->keep_current_message = 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= read record")); - - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl) -{ - if (ssl->in_left > ssl->next_record_offset) { - return 1; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - mbedtls_ssl_hs_buffer *hs_buf; - int ret = 0; - - if (hs == NULL) { - return -1; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_message")); - - if (ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || - ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { - /* Check if we have seen a ChangeCipherSpec before. - * If yes, synthesize a CCS record. */ - if (!hs->buffering.seen_ccs) { - MBEDTLS_SSL_DEBUG_MSG(2, ("CCS not seen in the current flight")); - ret = -1; - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Injecting buffered CCS message")); - ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; - ssl->in_msglen = 1; - ssl->in_msg[0] = 1; - - /* As long as they are equal, the exact value doesn't matter. */ - ssl->in_left = 0; - ssl->next_record_offset = 0; - - hs->buffering.seen_ccs = 0; - goto exit; - } - -#if defined(MBEDTLS_DEBUG_C) - /* Debug only */ - { - unsigned offset; - for (offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { - hs_buf = &hs->buffering.hs[offset]; - if (hs_buf->is_valid == 1) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Future message with sequence number %u %s buffered.", - hs->in_msg_seq + offset, - hs_buf->is_complete ? "fully" : "partially")); - } - } - } -#endif /* MBEDTLS_DEBUG_C */ - - /* Check if we have buffered and/or fully reassembled the - * next handshake message. */ - hs_buf = &hs->buffering.hs[0]; - if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) { - /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = MBEDTLS_GET_UINT24_BE(hs_buf->data, 1); - - /* Double-check that we haven't accidentally buffered - * a message that doesn't fit into the input buffer. */ - if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load")); - MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)", - hs_buf->data, msg_len + 12); - - ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->in_hslen = msg_len + 12; - ssl->in_msglen = msg_len + 12; - memcpy(ssl->in_msg, hs_buf->data, ssl->in_hslen); - - ret = 0; - goto exit; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially buffered", - hs->in_msg_seq)); - } - - ret = -1; - -exit: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_message")); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_make_space(mbedtls_ssl_context *ssl, - size_t desired) -{ - int offset; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - MBEDTLS_SSL_DEBUG_MSG(2, ("Attempt to free buffered messages to have %u bytes available", - (unsigned) desired)); - - /* Get rid of future records epoch first, if such exist. */ - ssl_free_buffered_record(ssl); - - /* Check if we have enough space available now. */ - if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing future epoch record")); - return 0; - } - - /* We don't have enough space to buffer the next expected handshake - * message. Remove buffers used for future messages to gain space, - * starting with the most distant one. */ - for (offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; - offset >= 0; offset--) { - MBEDTLS_SSL_DEBUG_MSG(2, - ( - "Free buffering slot %d to make space for reassembly of next handshake message", - offset)); - - ssl_buffering_free_slot(ssl, (uint8_t) offset); - - /* Check if we have enough space available now. */ - if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing buffered HS messages")); - return 0; - } - } - - return -1; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_message(mbedtls_ssl_context *ssl) -{ - int ret = 0; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - if (hs == NULL) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_buffer_message")); - - switch (ssl->in_msgtype) { - case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: - MBEDTLS_SSL_DEBUG_MSG(2, ("Remember CCS message")); - - hs->buffering.seen_ccs = 1; - break; - - case MBEDTLS_SSL_MSG_HANDSHAKE: - { - unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - mbedtls_ssl_hs_buffer *hs_buf; - size_t msg_len = ssl->in_hslen - 12; - - /* We should never receive an old handshake - * message - double-check nonetheless. */ - if (recv_msg_seq < ssl->handshake->in_msg_seq) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq; - if (recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS) { - /* Silently ignore -- message too far in the future */ - MBEDTLS_SSL_DEBUG_MSG(2, - ("Ignore future HS message with sequence number %u, " - "buffering window %u - %u", - recv_msg_seq, ssl->handshake->in_msg_seq, - ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - - 1)); - - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering HS message with sequence number %u, offset %u ", - recv_msg_seq, recv_msg_seq_offset)); - - hs_buf = &hs->buffering.hs[recv_msg_seq_offset]; - - /* Check if the buffering for this seq nr has already commenced. */ - if (!hs_buf->is_valid) { - size_t reassembly_buf_sz; - - hs_buf->is_fragmented = - (ssl_hs_is_proper_fragment(ssl) == 1); - - /* We copy the message back into the input buffer - * after reassembly, so check that it's not too large. - * This is an implementation-specific limitation - * and not one from the standard, hence it is not - * checked in ssl_check_hs_header(). */ - if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { - /* Ignore message */ - goto exit; - } - - /* Check if we have enough space to buffer the message. */ - if (hs->buffering.total_bytes_buffered > - MBEDTLS_SSL_DTLS_MAX_BUFFERING) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - reassembly_buf_sz = ssl_get_reassembly_buffer_size(msg_len, - hs_buf->is_fragmented); - - if (reassembly_buf_sz > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - if (recv_msg_seq_offset > 0) { - /* If we can't buffer a future message because - * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG(2, - ("Buffering of future message of size %" - MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" - MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - goto exit; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Buffering of future message of size %" - MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" - MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- attempt to make space by freeing buffered future messages\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - } - - if (ssl_buffer_make_space(ssl, reassembly_buf_sz) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Reassembly of next message of size %" - MBEDTLS_PRINTF_SIZET - " (%" MBEDTLS_PRINTF_SIZET - " with bitmap) would exceed" - " the compile-time limit %" - MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- fail\n", - msg_len, - reassembly_buf_sz, - (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - goto exit; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, - ("initialize reassembly, total length = %" - MBEDTLS_PRINTF_SIZET, - msg_len)); - - hs_buf->data = mbedtls_calloc(1, reassembly_buf_sz); - if (hs_buf->data == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - hs_buf->data_len = reassembly_buf_sz; - - /* Prepare final header: copy msg_type, length and message_seq, - * then add standardised fragment_offset and fragment_length */ - memcpy(hs_buf->data, ssl->in_msg, 6); - memset(hs_buf->data + 6, 0, 3); - memcpy(hs_buf->data + 9, hs_buf->data + 1, 3); - - hs_buf->is_valid = 1; - - hs->buffering.total_bytes_buffered += reassembly_buf_sz; - } else { - /* Make sure msg_type and length are consistent */ - if (memcmp(hs_buf->data, ssl->in_msg, 4) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Fragment header mismatch - ignore")); - /* Ignore */ - goto exit; - } - } - - if (!hs_buf->is_complete) { - size_t frag_len, frag_off; - unsigned char * const msg = hs_buf->data + 12; - - /* - * Check and copy current fragment - */ - - /* Validation of header fields already done in - * mbedtls_ssl_prepare_handshake_record(). */ - frag_off = ssl_get_hs_frag_off(ssl); - frag_len = ssl_get_hs_frag_len(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("adding fragment, offset = %" MBEDTLS_PRINTF_SIZET - ", length = %" MBEDTLS_PRINTF_SIZET, - frag_off, frag_len)); - memcpy(msg + frag_off, ssl->in_msg + 12, frag_len); - - if (hs_buf->is_fragmented) { - unsigned char * const bitmask = msg + msg_len; - ssl_bitmask_set(bitmask, frag_off, frag_len); - hs_buf->is_complete = (ssl_bitmask_check(bitmask, - msg_len) == 0); - } else { - hs_buf->is_complete = 1; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("message %scomplete", - hs_buf->is_complete ? "" : "not yet ")); - } - - break; - } - - default: - /* We don't buffer other types of messages. */ - break; - } - -exit: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_buffer_message")); - return ret; -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_consume_current_message(mbedtls_ssl_context *ssl) -{ - /* - * Consume last content-layer message and potentially - * update in_msglen which keeps track of the contents' - * consumption state. - * - * (1) Handshake messages: - * Remove last handshake message, move content - * and adapt in_msglen. - * - * (2) Alert messages: - * Consume whole record content, in_msglen = 0. - * - * (3) Change cipher spec: - * Consume whole record content, in_msglen = 0. - * - * (4) Application data: - * Don't do anything - the record layer provides - * the application data as a stream transport - * and consumes through mbedtls_ssl_read only. - * - */ - - /* Case (1): Handshake messages */ - if (ssl->in_hslen != 0) { - /* Hard assertion to be sure that no application data - * is in flight, as corrupting ssl->in_msglen during - * ssl->in_offt != NULL is fatal. */ - if (ssl->in_offt != NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (ssl->in_hsfraglen != 0) { - /* Not all handshake fragments have arrived, do not consume. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("Consume: waiting for more handshake fragments %" - MBEDTLS_PRINTF_SIZET "/%" MBEDTLS_PRINTF_SIZET, - ssl->in_hsfraglen, ssl->in_hslen)); - return 0; - } - - /* - * Get next Handshake message in the current record - */ - - /* Notes: - * (1) in_hslen is not necessarily the size of the - * current handshake content: If DTLS handshake - * fragmentation is used, that's the fragment - * size instead. Using the total handshake message - * size here is faulty and should be changed at - * some point. - * (2) While it doesn't seem to cause problems, one - * has to be very careful not to assume that in_hslen - * is always <= in_msglen in a sensible communication. - * Again, it's wrong for DTLS handshake fragmentation. - * The following check is therefore mandatory, and - * should not be treated as a silently corrected assertion. - * Additionally, ssl->in_hslen might be arbitrarily out of - * bounds after handling a DTLS message with an unexpected - * sequence number, see mbedtls_ssl_prepare_handshake_record. - */ - if (ssl->in_hslen < ssl->in_msglen) { - ssl->in_msglen -= ssl->in_hslen; - memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen, - ssl->in_msglen); - MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); - - MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record", - ssl->in_msg, ssl->in_msglen); - } else { - ssl->in_msglen = 0; - } - - ssl->in_hslen = 0; - } - /* Case (4): Application data */ - else if (ssl->in_offt != NULL) { - return 0; - } - /* Everything else (CCS & Alerts) */ - else { - ssl->in_msglen = 0; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl) -{ - if (ssl->in_msglen > 0) { - return 1; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -static void ssl_free_buffered_record(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if (hs == NULL) { - return; - } - - if (hs->buffering.future_record.data != NULL) { - hs->buffering.total_bytes_buffered -= - hs->buffering.future_record.len; - - mbedtls_free(hs->buffering.future_record.data); - hs->buffering.future_record.data = NULL; - } -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_load_buffered_record(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - unsigned char *rec; - size_t rec_len; - unsigned rec_epoch; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; -#endif - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } - - if (hs == NULL) { - return 0; - } - - rec = hs->buffering.future_record.data; - rec_len = hs->buffering.future_record.len; - rec_epoch = hs->buffering.future_record.epoch; - - if (rec == NULL) { - return 0; - } - - /* Only consider loading future records if the - * input buffer is empty. */ - if (ssl_next_record_is_in_datagram(ssl) == 1) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_record")); - - if (rec_epoch != ssl->in_epoch) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffered record not from current epoch.")); - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("Found buffered record from current epoch - load")); - - /* Double-check that the record is not too large */ - if (rec_len > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(ssl->in_hdr, rec, rec_len); - ssl->in_left = rec_len; - ssl->next_record_offset = 0; - - ssl_free_buffered_record(ssl); - -exit: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_record")); - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, - mbedtls_record const *rec) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - /* Don't buffer future records outside handshakes. */ - if (hs == NULL) { - return 0; - } - - /* Only buffer handshake records (we are only interested - * in Finished messages). */ - if (rec->type != MBEDTLS_SSL_MSG_HANDSHAKE) { - return 0; - } - - /* Don't buffer more than one future epoch record. */ - if (hs->buffering.future_record.data != NULL) { - return 0; - } - - /* Don't buffer record if there's not enough buffering space remaining. */ - if (rec->buf_len > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered)); - return 0; - } - - /* Buffer record */ - MBEDTLS_SSL_DEBUG_MSG(2, ("Buffer record from epoch %u", - ssl->in_epoch + 1U)); - MBEDTLS_SSL_DEBUG_BUF(3, "Buffered record", rec->buf, rec->buf_len); - - /* ssl_parse_record_header() only considers records - * of the next epoch as candidates for buffering. */ - hs->buffering.future_record.epoch = ssl->in_epoch + 1; - hs->buffering.future_record.len = rec->buf_len; - - hs->buffering.future_record.data = - mbedtls_calloc(1, hs->buffering.future_record.len); - if (hs->buffering.future_record.data == NULL) { - /* If we run out of RAM trying to buffer a - * record from the next epoch, just ignore. */ - return 0; - } - - memcpy(hs->buffering.future_record.data, rec->buf, rec->buf_len); - - hs->buffering.total_bytes_buffered += rec->buf_len; - return 0; -} - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_next_record(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_record rec; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - /* We might have buffered a future record; if so, - * and if the epoch matches now, load it. - * On success, this call will set ssl->in_left to - * the length of the buffered record, so that - * the calls to ssl_fetch_input() below will - * essentially be no-ops. */ - ret = ssl_load_buffered_record(ssl); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* Ensure that we have enough space available for the default form - * of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS, - * with no space for CIDs counted in). */ - ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl)); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - - ret = ssl_parse_record_header(ssl, ssl->in_hdr, ssl->in_left, &rec); - if (ret != 0) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { - ret = ssl_buffer_future_record(ssl, &rec); - if (ret != 0) { - return ret; - } - - /* Fall through to handling of unexpected records */ - ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } - - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) - /* Reset in pointers to default state for TLS/DTLS records, - * assuming no CID and no offset between record content and - * record plaintext. */ - mbedtls_ssl_update_in_pointers(ssl); - - /* Setup internal message pointers from record structure. */ - ssl->in_msgtype = rec.type; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_len = ssl->in_cid + rec.cid_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_msg = ssl->in_len + 2; - ssl->in_msglen = rec.data_len; - - ret = ssl_check_client_reconnect(ssl); - MBEDTLS_SSL_DEBUG_RET(2, "ssl_check_client_reconnect", ret); - if (ret != 0) { - return ret; - } -#endif - - /* Skip unexpected record (but not whole datagram) */ - ssl->next_record_offset = rec.buf_len; - - MBEDTLS_SSL_DEBUG_MSG(1, ("discarding unexpected record " - "(header)")); - } else { - /* Skip invalid record and the rest of the datagram */ - ssl->next_record_offset = 0; - ssl->in_left = 0; - - MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record " - "(header)")); - } - - /* Get next record */ - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } else -#endif - { - return ret; - } - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Remember offset of next record within datagram. */ - ssl->next_record_offset = rec.buf_len; - if (ssl->next_record_offset < ssl->in_left) { - MBEDTLS_SSL_DEBUG_MSG(3, ("more than one record within datagram")); - } - } else -#endif - { - /* - * Fetch record contents from underlying transport. - */ - ret = mbedtls_ssl_fetch_input(ssl, rec.buf_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - - ssl->in_left = 0; - } - - /* - * Decrypt record contents. - */ - - if ((ret = ssl_prepare_record_content(ssl, &rec)) != 0) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Silently discard invalid records */ - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - /* Except when waiting for Finished as a bad mac here - * probably means something went wrong in the handshake - * (eg wrong psk used, mitm downgrade attempt, etc.) */ - if (ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || - ssl->state == MBEDTLS_SSL_SERVER_FINISHED) { -#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); - } -#endif - return ret; - } - - if (ssl->conf->badmac_limit != 0 && - ++ssl->badmac_seen >= ssl->conf->badmac_limit) { - MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC")); - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - /* As above, invalid records cause - * dismissal of the whole datagram. */ - - ssl->next_record_offset = 0; - ssl->in_left = 0; - - MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record (mac)")); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } - - return ret; - } else -#endif - { - /* Error out (and send alert) on invalid records */ -#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); - } -#endif - return ret; - } - } - - - /* Reset in pointers to default state for TLS/DTLS records, - * assuming no CID and no offset between record content and - * record plaintext. */ - mbedtls_ssl_update_in_pointers(ssl); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_len = ssl->in_cid + rec.cid_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_len + 2; - - /* The record content type may change during decryption, - * so re-read it. */ - ssl->in_msgtype = rec.type; - /* Also update the input buffer, because unfortunately - * the server-side ssl_parse_client_hello() reparses the - * record header when receiving a ClientHello initiating - * a renegotiation. */ - ssl->in_hdr[0] = rec.type; - ssl->in_msg = rec.buf + rec.data_offset; - ssl->in_msglen = rec.data_len; - MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0); - - return 0; -} - -int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* If we're in the middle of a fragmented TLS handshake message, - * we don't accept any other message type. For TLS 1.3, the spec forbids - * interleaving other message types between handshake fragments. For TLS - * 1.2, the spec does not forbid it but we do. */ - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM && - ssl->in_hsfraglen != 0 && - ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-handshake message in the middle" - " of a fragmented handshake message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* - * Handle particular types of records - */ - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { - if ((ret = mbedtls_ssl_prepare_handshake_record(ssl)) != 0) { - return ret; - } - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - if (ssl->in_msglen != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - if (ssl->in_msg[0] != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, content: %02x", - ssl->in_msg[0])); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { - if (ssl->handshake == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("dropping ChangeCipherSpec outside handshake")); - return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("received out-of-order ChangeCipherSpec - remember")); - return MBEDTLS_ERR_SSL_EARLY_MESSAGE; - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("Ignore ChangeCipherSpec in TLS 1.3 compatibility mode")); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { - if (ssl->in_msglen != 2) { - /* Note: Standard allows for more than one 2 byte alert - to be packed in a single message, but Mbed TLS doesn't - currently support this. */ - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("got an alert message, type: [%u:%u]", - ssl->in_msg[0], ssl->in_msg[1])); - - /* - * Ignore non-fatal alerts, except close_notify and no_renegotiation - */ - if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)", - ssl->in_msg[1])); - return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE; - } - - if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY) { - MBEDTLS_SSL_DEBUG_MSG(2, ("is a close notify message")); - return MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) - if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION) { - MBEDTLS_SSL_DEBUG_MSG(2, ("is a no renegotiation alert")); - /* Will be handled when trying to parse ServerHello */ - return 0; - } -#endif - /* Silently ignore: fetch new message */ - return MBEDTLS_ERR_SSL_NON_FATAL; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Drop unexpected ApplicationData records, - * except at the beginning of renegotiations */ - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && - mbedtls_ssl_is_handshake_over(ssl) == 0 -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && !(ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->state == MBEDTLS_SSL_SERVER_HELLO) -#endif - ) { - MBEDTLS_SSL_DEBUG_MSG(1, ("dropping unexpected ApplicationData")); - return MBEDTLS_ERR_SSL_NON_FATAL; - } - - if (ssl->handshake != NULL && - mbedtls_ssl_is_handshake_over(ssl) == 1) { - mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - return 0; -} - -int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); -} - -int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->out_left != 0) { - return mbedtls_ssl_flush_output(ssl); - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> send alert message")); - MBEDTLS_SSL_DEBUG_MSG(3, ("send alert level=%u message=%u", level, message)); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; - ssl->out_msglen = 2; - ssl->out_msg[0] = level; - ssl->out_msg[1] = message; - - if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_MSG(2, ("<= send alert message")); - - return 0; -} - -int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; - ssl->out_msglen = 1; - ssl->out_msg[0] = 1; - - mbedtls_ssl_handshake_increment_state(ssl); - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); - - return 0; -} - -int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse change cipher spec")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad change cipher spec message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* CCS records are only accepted if they have length 1 and content '1', - * so we don't need to check this here. */ - - /* - * Switch to our negotiated transform and session parameters for inbound - * data. - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for inbound data")); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - ssl->transform_in = ssl->transform_negotiate; -#endif - ssl->session_in = ssl->session_negotiate; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset(ssl); -#endif - - /* Increment epoch */ - if (++ssl->in_epoch == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); - /* This is highly unlikely to happen for legitimate reasons, so - treat it as an attack and don't send an alert. */ - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); - - mbedtls_ssl_update_in_pointers(ssl); - - mbedtls_ssl_handshake_increment_state(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); - - return 0; -} - -/* Once ssl->out_hdr as the address of the beginning of the - * next outgoing record is set, deduce the other pointers. - * - * Note: For TLS, we save the implicit record sequence number - * (entering MAC computation) in the 8 bytes before ssl->out_hdr, - * and the caller has to make sure there's space for this. - */ - -static size_t ssl_transform_get_explicit_iv_len( - mbedtls_ssl_transform const *transform) -{ - return transform->ivlen - transform->fixed_ivlen; -} - -void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_ctr = ssl->out_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - ssl->out_len = ssl->out_cid; - if (transform != NULL) { - ssl->out_len += transform->out_cid_len; - } -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->out_iv = ssl->out_len + 2; - } else -#endif - { - ssl->out_len = ssl->out_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->out_cid = ssl->out_len; -#endif - ssl->out_iv = ssl->out_hdr + 5; - } - - ssl->out_msg = ssl->out_iv; - /* Adjust out_msg to make space for explicit IV, if used. */ - if (transform != NULL) { - ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); - } -} - -/* Once ssl->in_hdr as the address of the beginning of the - * next incoming record is set, deduce the other pointers. - * - * Note: For TLS, we save the implicit record sequence number - * (entering MAC computation) in the 8 bytes before ssl->in_hdr, - * and the caller has to make sure there's space for this. - */ - -void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) -{ - /* This function sets the pointers to match the case - * of unprotected TLS/DTLS records, with both ssl->in_iv - * and ssl->in_msg pointing to the beginning of the record - * content. - * - * When decrypting a protected record, ssl->in_msg - * will be shifted to point to the beginning of the - * record plaintext. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* This sets the header pointers to match records - * without CID. When we receive a record containing - * a CID, the fields are shifted accordingly in - * ssl_parse_record_header(). */ - ssl->in_ctr = ssl->in_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - ssl->in_len = ssl->in_cid; /* Default: no CID */ -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_len + 2; - } else -#endif - { - ssl->in_ctr = ssl->in_buf; - ssl->in_len = ssl->in_hdr + 3; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl->in_cid = ssl->in_len; -#endif - ssl->in_iv = ssl->in_hdr + 5; - } - - /* This will be adjusted at record decryption time. */ - ssl->in_msg = ssl->in_iv; -} - -/* - * Setup an SSL context - */ - -void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->in_hdr = ssl->in_buf; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - } - - /* Derive other internal pointers. */ - mbedtls_ssl_update_in_pointers(ssl); -} - -void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl) -{ - /* Set the incoming and outgoing record pointers. */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->out_hdr = ssl->out_buf; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - ssl->out_ctr = ssl->out_buf; - ssl->out_hdr = ssl->out_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - } - /* Derive other internal pointers. */ - mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); -} - -/* - * SSL get accessors - */ -size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl) -{ - return ssl->in_offt == NULL ? 0 : ssl->in_msglen; -} - -int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl) -{ - /* - * Case A: We're currently holding back - * a message for further processing. - */ - - if (ssl->keep_current_message == 1) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: record held back for processing")); - return 1; - } - - /* - * Case B: Further records are pending in the current datagram. - */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->in_left > ssl->next_record_offset) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: more records within current datagram")); - return 1; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * Case C: A handshake message is being processed. - */ - - if (ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen) { - MBEDTLS_SSL_DEBUG_MSG(3, - ("ssl_check_pending: more handshake messages within current record")); - return 1; - } - - /* - * Case D: An application data message is being processed - */ - if (ssl->in_offt != NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: application data record is being processed")); - return 1; - } - - /* - * In all other cases, the rest of the message can be dropped. - * As in ssl_get_next_record, this needs to be adapted if - * we implement support for multiple alerts in single records. - */ - - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: nothing pending")); - return 0; -} - - -int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl) -{ - size_t transform_expansion = 0; - const mbedtls_ssl_transform *transform = ssl->transform_out; - unsigned block_size; - psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - - size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl); - - if (transform == NULL) { - return (int) out_hdr_len; - } - - - if (transform->psa_alg == PSA_ALG_GCM || - transform->psa_alg == PSA_ALG_CCM || - transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) || - transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 || - transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) { - transform_expansion = transform->minlen; - } else if (transform->psa_alg == PSA_ALG_CBC_NO_PADDING) { - (void) psa_get_key_attributes(transform->psa_key_enc, &attr); - key_type = psa_get_key_type(&attr); - - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type); - - /* Expansion due to the addition of the MAC. */ - transform_expansion += transform->maclen; - - /* Expansion due to the addition of CBC padding; - * Theoretically up to 256 bytes, but we never use - * more than the block size of the underlying cipher. */ - transform_expansion += block_size; - - /* For TLS 1.2 or higher, an explicit IV is added - * after the record header. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - transform_expansion += block_size; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - } else { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (transform->out_cid_len != 0) { - transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - return (int) (out_hdr_len + transform_expansion); -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -/* - * Check record counters and renegotiate if they're above the limit. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl) -{ - size_t ep_len = mbedtls_ssl_ep_len(ssl); - int in_ctr_cmp; - int out_ctr_cmp; - - if (mbedtls_ssl_is_handshake_over(ssl) == 0 || - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || - ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED) { - return 0; - } - - in_ctr_cmp = memcmp(ssl->in_ctr + ep_len, - &ssl->conf->renego_period[ep_len], - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN - ep_len); - out_ctr_cmp = memcmp(&ssl->cur_out_ctr[ep_len], - &ssl->conf->renego_period[ep_len], - sizeof(ssl->cur_out_ctr) - ep_len); - - if (in_ctr_cmp <= 0 && out_ctr_cmp <= 0) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("record counter limit reached: renegotiate")); - return mbedtls_ssl_renegotiate(ssl); -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_CLI_C) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_is_new_session_ticket(mbedtls_ssl_context *ssl) -{ - - if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) || - (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)) { - return 0; - } - - return 1; -} -#endif /* MBEDTLS_SSL_CLI_C */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) -{ - - MBEDTLS_SSL_DEBUG_MSG(3, ("received post-handshake message")); - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - if (ssl_tls13_is_new_session_ticket(ssl)) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received")); - ssl->keep_current_message = 1; - - mbedtls_ssl_handshake_set_state(ssl, - MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); - return MBEDTLS_ERR_SSL_WANT_READ; -#else - MBEDTLS_SSL_DEBUG_MSG(3, ("Ignore NewSessionTicket, not supported.")); - return 0; -#endif - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - /* Fail in all other cases. */ - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* This function is called from mbedtls_ssl_read() when a handshake message is - * received after the initial handshake. In this context, handshake messages - * may only be sent for the purpose of initiating renegotiations. - * - * This function is introduced as a separate helper since the handling - * of post-handshake handshake messages changes significantly in TLS 1.3, - * and having a helper function allows to distinguish between TLS <= 1.2 and - * TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read(). - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * - For client-side, expect SERVER_HELLO_REQUEST. - * - For server-side, expect CLIENT_HELLO. - * - Fail (TLS) or silently drop record (DTLS) in other cases. - */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - (ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl))) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not HelloRequest)")); - - /* With DTLS, drop the packet (probably from last handshake) */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } -#endif - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not ClientHello)")); - - /* With DTLS, drop the packet (probably from last handshake) */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } -#endif - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - /* Determine whether renegotiation attempt should be accepted */ - if (!(ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || - (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION))) { - /* - * Accept renegotiation request - */ - - /* DTLS clients need to know renego is server-initiated */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; - } -#endif - ret = mbedtls_ssl_start_renegotiation(ssl); - if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", - ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - /* - * Refuse renegotiation - */ - - MBEDTLS_SSL_DEBUG_MSG(3, ("refusing renegotiation, sending alert")); - - if ((ret = mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION)) != 0) { - return ret; - } - } - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) -{ - /* Check protocol version and dispatch accordingly. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - return ssl_tls13_handle_hs_message_post_handshake(ssl); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) { - return ssl_tls12_handle_hs_message_post_handshake(ssl); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - /* Should never happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -/* - * brief Read at most 'len' application data bytes from the input - * buffer. - * - * param ssl SSL context: - * - First byte of application data not read yet in the input - * buffer located at address `in_offt`. - * - The number of bytes of data not read yet is `in_msglen`. - * param buf buffer that will hold the data - * param len maximum number of bytes to read - * - * note The function updates the fields `in_offt` and `in_msglen` - * according to the number of bytes read. - * - * return The number of bytes read. - */ -static int ssl_read_application_data( - mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - size_t n = (len < ssl->in_msglen) ? len : ssl->in_msglen; - - if (len != 0) { - memcpy(buf, ssl->in_offt, n); - ssl->in_msglen -= n; - } - - /* Zeroising the plaintext buffer to erase unused application data - from the memory. */ - mbedtls_platform_zeroize(ssl->in_offt, n); - - if (ssl->in_msglen == 0) { - /* all bytes consumed */ - ssl->in_offt = NULL; - ssl->keep_current_message = 0; - } else { - /* more data available */ - ssl->in_offt += n; - } - - return (int) n; -} - -/* - * Receive application data decrypted from the SSL layer - */ -int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> read")); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - - if (ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { - if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - return ret; - } - } - } -#endif - - /* - * Check if renegotiation is necessary and/or handshake is - * in process. If yes, perform/continue, and fall through - * if an unexpected packet is received while the client - * is waiting for the ServerHello. - * - * (There is no equivalent to the last condition on - * the server-side as it is not treated as within - * a handshake while waiting for the ClientHello - * after a renegotiation request.) - */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ret = ssl_check_ctr_renegotiate(ssl); - if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); - return ret; - } -#endif - - if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ret = mbedtls_ssl_handshake(ssl); - if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } - - /* Loop as long as no application data record is available */ - while (ssl->in_offt == NULL) { - /* Start timer if not already running */ - if (ssl->f_get_timer != NULL && - ssl->f_get_timer(ssl->p_timer) == -1) { - mbedtls_ssl_set_timer(ssl, ssl->conf->read_timeout); - } - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - if (ret == MBEDTLS_ERR_SSL_CONN_EOF) { - return 0; - } - - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msglen == 0 && - ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - /* - * OpenSSL sends empty messages to randomize the IV - */ - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - if (ret == MBEDTLS_ERR_SSL_CONN_EOF) { - return 0; - } - - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { - ret = ssl_handle_hs_message_post_handshake(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_handle_hs_message_post_handshake", - ret); - return ret; - } - - /* At this point, we don't know whether the renegotiation triggered - * by the post-handshake message has been completed or not. The cases - * to consider are the following: - * 1) The renegotiation is complete. In this case, no new record - * has been read yet. - * 2) The renegotiation is incomplete because the client received - * an application data record while awaiting the ServerHello. - * 3) The renegotiation is incomplete because the client received - * a non-handshake, non-application data message while awaiting - * the ServerHello. - * - * In each of these cases, looping will be the proper action: - * - For 1), the next iteration will read a new record and check - * if it's application data. - * - For 2), the loop condition isn't satisfied as application data - * is present, hence continue is the same as break - * - For 3), the loop condition is satisfied and read_record - * will re-deliver the message that was held back by the client - * when expecting the ServerHello. - */ - - continue; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if (ssl->conf->renego_max_records >= 0) { - if (++ssl->renego_records_seen > ssl->conf->renego_max_records) { - MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation requested, " - "but not honored by client")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - } - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { - MBEDTLS_SSL_DEBUG_MSG(2, ("ignoring non-fatal non-closure alert")); - return MBEDTLS_ERR_SSL_WANT_READ; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad application data message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - ssl->in_offt = ssl->in_msg; - - /* We're going to return something now, cancel timer, - * except if handshake (renegotiation) is in progress */ - if (mbedtls_ssl_is_handshake_over(ssl) == 1) { - mbedtls_ssl_set_timer(ssl, 0); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - /* If we requested renego but received AppData, resend HelloRequest. - * Do it now, after setting in_offt, to avoid taking this branch - * again if ssl_write_hello_request() returns WANT_WRITE */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", - ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - } - - ret = ssl_read_application_data(ssl, buf, len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= read")); - - return ret; -} - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) -int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, - unsigned char *buf, size_t len) -{ - if (ssl == NULL || (ssl->conf == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * The server may receive early data only while waiting for the End of - * Early Data handshake message. - */ - if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) || - (ssl->in_offt == NULL)) { - return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA; - } - - return ssl_read_application_data(ssl, buf, len); -} -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA */ - -/* - * Send application data to be encrypted by the SSL layer, taking care of max - * fragment length and buffer size. - * - * According to RFC 5246 Section 6.2.1: - * - * Zero-length fragments of Application data MAY be sent as they are - * potentially useful as a traffic analysis countermeasure. - * - * Therefore, it is possible that the input message length is 0 and the - * corresponding return code is 0 on success. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_real(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - int ret = mbedtls_ssl_get_max_out_record_payload(ssl); - const size_t max_len = (size_t) ret; - - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_max_out_record_payload", ret); - return ret; - } - - if (len > max_len) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("fragment larger than the (negotiated) " - "maximum fragment length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - len, max_len)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } else -#endif - len = max_len; - } - - if (ssl->out_left != 0) { - /* - * The user has previously tried to send the data and - * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially - * written. In this case, we expect the high-level write function - * (e.g. mbedtls_ssl_write()) to be called with the same parameters - */ - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); - return ret; - } - } else { - /* - * The user is trying to send a message the first time, so we need to - * copy the data into the internal buffers and setup the data structure - * to keep track of partial writes - */ - ssl->out_msglen = len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; - if (len > 0) { - memcpy(ssl->out_msg, buf, len); - } - - if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); - return ret; - } - } - - return (int) len; -} - -/* - * Write application data (public-facing wrapper) - */ -int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write")); - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if ((ret = ssl_check_ctr_renegotiate(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); - return ret; - } -#endif - - if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } - - ret = ssl_write_real(ssl, buf, len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write")); - - return ret; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const struct mbedtls_ssl_config *conf; - uint32_t remaining; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write early_data")); - - if (ssl == NULL || (conf = ssl->conf) == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) || - (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - /* - * If we are at the beginning of the handshake, the early data state being - * equal to MBEDTLS_SSL_EARLY_DATA_STATE_IDLE or - * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT advance the handshake just - * enough to be able to send early data if possible. That way, we can - * guarantee that when starting the handshake with this function we will - * send at least one record of early data. Note that when the state is - * MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT and not yet - * MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE, we cannot send early data - * as the early data outbound transform has not been set as we may have to - * first send a dummy CCS in clear. - */ - if ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) || - (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) { - while ((ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IDLE) || - (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT)) { - ret = mbedtls_ssl_handshake_step(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake_step", ret); - return ret; - } - - ret = mbedtls_ssl_flush_output(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); - return ret; - } - } - remaining = ssl->session_negotiate->max_early_data_size; - } else { - /* - * If we are past the point where we can send early data or we have - * already reached the maximum early data size, return immediately. - * Otherwise, progress the handshake as much as possible to not delay - * it too much. If we reach a point where we can still send early data, - * then we will send some. - */ - if ((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) && - (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED)) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - remaining = ssl->session_negotiate->max_early_data_size - - ssl->total_early_data_size; - - if (remaining == 0) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - ret = mbedtls_ssl_handshake(ssl); - if ((ret != 0) && (ret != MBEDTLS_ERR_SSL_WANT_READ)) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } - - if (((ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE) && - (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED)) - || (remaining == 0)) { - return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; - } - - if (len > remaining) { - len = remaining; - } - - ret = ssl_write_real(ssl, buf, len); - if (ret >= 0) { - ssl->total_early_data_size += ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write early_data, ret=%d", ret)); - - return ret; -} -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ - -/* - * Notify the peer that the connection is being closed - */ -int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write close notify")); - - if (mbedtls_ssl_is_handshake_over(ssl) == 1) { - if ((ret = mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_send_alert_message", ret); - return ret; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write close notify")); - - return 0; -} - -void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) -{ - if (transform == NULL) { - return; - } - - psa_destroy_key(transform->psa_key_enc); - psa_destroy_key(transform->psa_key_dec); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - psa_destroy_key(transform->psa_mac_enc); - psa_destroy_key(transform->psa_mac_dec); -#endif - - mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); -} - -void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform) -{ - ssl->transform_in = transform; - memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); -} - -void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform) -{ - ssl->transform_out = transform; - memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl) -{ - unsigned offset; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - - if (hs == NULL) { - return; - } - - ssl_free_buffered_record(ssl); - - for (offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { - ssl_buffering_free_slot(ssl, offset); - } -} - -static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, - uint8_t slot) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot]; - - if (slot >= MBEDTLS_SSL_MAX_BUFFERED_HS) { - return; - } - - if (hs_buf->is_valid == 1) { - hs->buffering.total_bytes_buffered -= hs_buf->data_len; - mbedtls_zeroize_and_free(hs_buf->data, hs_buf->data_len); - memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); - } -} - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -/* - * Convert version numbers to/from wire format - * and, for DTLS, to/from TLS equivalent. - * - * For TLS this is the identity. - * For DTLS, map as follows, then use 1's complement (v -> ~v): - * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) - * DTLS 1.0 is stored as TLS 1.1 internally - */ -void mbedtls_ssl_write_version(unsigned char version[2], int transport, - mbedtls_ssl_protocol_version tls_version) -{ - uint16_t tls_version_formatted; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - tls_version_formatted = - ~(tls_version - (tls_version == 0x0302 ? 0x0202 : 0x0201)); - } else -#else - ((void) transport); -#endif - { - tls_version_formatted = (uint16_t) tls_version; - } - MBEDTLS_PUT_UINT16_BE(tls_version_formatted, version, 0); -} - -uint16_t mbedtls_ssl_read_version(const unsigned char version[2], - int transport) -{ - uint16_t tls_version = MBEDTLS_GET_UINT16_BE(version, 0); -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - tls_version = - ~(tls_version - (tls_version == 0xfeff ? 0x0202 : 0x0201)); - } -#else - ((void) transport); -#endif - return tls_version; -} - -/* - * Send pending fatal alert. - * 0, No alert message. - * !0, if mbedtls_ssl_send_alert_message() returned in error, the error code it - * returned, ssl->alert_reason otherwise. - */ -int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl) -{ - int ret; - - /* No pending alert, return success*/ - if (ssl->send_alert == 0) { - return 0; - } - - ret = mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - ssl->alert_type); - - /* If mbedtls_ssl_send_alert_message() returned with MBEDTLS_ERR_SSL_WANT_WRITE, - * do not clear the alert to be able to send it later. - */ - if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - ssl->send_alert = 0; - } - - if (ret != 0) { - return ret; - } - - return ssl->alert_reason; -} - -/* - * Set pending fatal alert flag. - */ -void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl, - unsigned char alert_type, - int alert_reason) -{ - ssl->send_alert = 1; - ssl->alert_type = alert_type; - ssl->alert_reason = alert_reason; -} - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c deleted file mode 100644 index 7b0391924a..0000000000 --- a/library/ssl_ticket.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * TLS server tickets callbacks implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TICKET_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl_ticket.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" - -#include - -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -/* - * Initialize context - */ -void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx) -{ - memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context)); - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init(&ctx->mutex); -#endif -} - -#define MAX_KEY_BYTES MBEDTLS_SSL_TICKET_MAX_KEY_BYTES - -#define TICKET_KEY_NAME_BYTES MBEDTLS_SSL_TICKET_KEY_NAME_BYTES -#define TICKET_IV_BYTES 12 -#define TICKET_CRYPT_LEN_BYTES 2 -#define TICKET_AUTH_TAG_BYTES 16 - -#define TICKET_MIN_LEN (TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES + \ - TICKET_AUTH_TAG_BYTES) -#define TICKET_ADD_DATA_LEN (TICKET_KEY_NAME_BYTES + \ - TICKET_IV_BYTES + \ - TICKET_CRYPT_LEN_BYTES) - -/* - * Generate/update a key - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, - unsigned char index) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char buf[MAX_KEY_BYTES] = { 0 }; - mbedtls_ssl_ticket_key *key = ctx->keys + index; - - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - -#if defined(MBEDTLS_HAVE_TIME) - key->generation_time = mbedtls_time(NULL); -#endif - /* The lifetime of a key is the configured lifetime of the tickets when - * the key is created. - */ - key->lifetime = ctx->ticket_lifetime; - - if ((ret = psa_generate_random(key->name, sizeof(key->name))) != 0) { - return ret; - } - - if ((ret = psa_generate_random(buf, sizeof(buf))) != 0) { - return ret; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, key->alg); - psa_set_key_type(&attributes, key->key_type); - psa_set_key_bits(&attributes, key->key_bits); - - ret = PSA_TO_MBEDTLS_ERR( - psa_import_key(&attributes, buf, - PSA_BITS_TO_BYTES(key->key_bits), - &key->key)); - - mbedtls_platform_zeroize(buf, sizeof(buf)); - - return ret; -} - -/* - * Rotate/generate keys if necessary - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) -{ -#if !defined(MBEDTLS_HAVE_TIME) - ((void) ctx); -#else - mbedtls_ssl_ticket_key * const key = ctx->keys + ctx->active; - if (key->lifetime != 0) { - mbedtls_time_t current_time = mbedtls_time(NULL); - mbedtls_time_t key_time = key->generation_time; - - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - if (current_time >= key_time && - (uint64_t) (current_time - key_time) < key->lifetime) { - return 0; - } - - ctx->active = 1 - ctx->active; - - if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - return ssl_ticket_gen_key(ctx, ctx->active); - } else -#endif /* MBEDTLS_HAVE_TIME */ - return 0; -} - -/* - * Rotate active session ticket encryption key - */ -int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, - const unsigned char *name, size_t nlength, - const unsigned char *k, size_t klength, - uint32_t lifetime) -{ - const unsigned char idx = 1 - ctx->active; - mbedtls_ssl_ticket_key * const key = ctx->keys + idx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - const size_t bitlen = key->key_bits; - - if (nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t) bitlen) { - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; - } - - if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - return ret; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, key->alg); - psa_set_key_type(&attributes, key->key_type); - psa_set_key_bits(&attributes, key->key_bits); - - if ((status = psa_import_key(&attributes, k, - PSA_BITS_TO_BYTES(key->key_bits), - &key->key)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - return ret; - } - - ctx->active = idx; - ctx->ticket_lifetime = lifetime; - memcpy(key->name, name, TICKET_KEY_NAME_BYTES); -#if defined(MBEDTLS_HAVE_TIME) - key->generation_time = mbedtls_time(NULL); -#endif - key->lifetime = lifetime; - - return 0; -} - -/* - * Setup context for actual use - */ -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, - uint32_t lifetime) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (PSA_ALG_IS_AEAD(alg) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (key_bits > 8 * MAX_KEY_BYTES) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ctx->ticket_lifetime = lifetime; - - ctx->keys[0].alg = alg; - ctx->keys[0].key_type = key_type; - ctx->keys[0].key_bits = key_bits; - - ctx->keys[1].alg = alg; - ctx->keys[1].key_type = key_type; - ctx->keys[1].key_bits = key_bits; - - if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 || - (ret = ssl_ticket_gen_key(ctx, 1)) != 0) { - return ret; - } - - return 0; -} - -/* - * Create session ticket, with the following structure: - * - * struct { - * opaque key_name[4]; - * opaque iv[12]; - * opaque encrypted_state<0..2^16-1>; - * opaque tag[16]; - * } ticket; - * - * The key_name, iv, and length of encrypted_state are the additional - * authenticated data. - */ - -int mbedtls_ssl_ticket_write(void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *ticket_lifetime) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_ticket_context *ctx = p_ticket; - mbedtls_ssl_ticket_key *key; - unsigned char *key_name = start; - unsigned char *iv = start + TICKET_KEY_NAME_BYTES; - unsigned char *state_len_bytes = iv + TICKET_IV_BYTES; - unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES; - size_t clear_len, ciph_len; - - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - *tlen = 0; - - if (ctx == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, - * in addition to session itself, that will be checked when writing it. */ - MBEDTLS_SSL_CHK_BUF_PTR(start, end, TICKET_MIN_LEN); - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return ret; - } -#endif - - if ((ret = ssl_ticket_update_keys(ctx)) != 0) { - goto cleanup; - } - - key = &ctx->keys[ctx->active]; - - *ticket_lifetime = key->lifetime; - - memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - - if ((ret = psa_generate_random(iv, TICKET_IV_BYTES)) != 0) { - goto cleanup; - } - - /* Dump session state */ - if ((ret = mbedtls_ssl_session_save(session, - state, (size_t) (end - state), - &clear_len)) != 0 || - (unsigned long) clear_len > 65535) { - goto cleanup; - } - MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0); - - /* Encrypt and authenticate */ - if ((status = psa_aead_encrypt(key->key, key->alg, iv, TICKET_IV_BYTES, - key_name, TICKET_ADD_DATA_LEN, - state, clear_len, - state, end - state, - &ciph_len)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) { - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - *tlen = TICKET_MIN_LEN + ciph_len - TICKET_AUTH_TAG_BYTES; - -cleanup: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - return MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -/* - * Select key based on name - */ -static mbedtls_ssl_ticket_key *ssl_ticket_select_key( - mbedtls_ssl_ticket_context *ctx, - const unsigned char name[4]) -{ - unsigned char i; - - for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) { - if (memcmp(name, ctx->keys[i].name, 4) == 0) { - return &ctx->keys[i]; - } - } - - return NULL; -} - -/* - * Load session ticket (see mbedtls_ssl_ticket_write for structure) - */ -int mbedtls_ssl_ticket_parse(void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_ticket_context *ctx = p_ticket; - mbedtls_ssl_ticket_key *key; - unsigned char *key_name = buf; - unsigned char *iv = buf + TICKET_KEY_NAME_BYTES; - unsigned char *enc_len_p = iv + TICKET_IV_BYTES; - unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES; - size_t enc_len, clear_len; - - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - if (ctx == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (len < TICKET_MIN_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return ret; - } -#endif - - if ((ret = ssl_ticket_update_keys(ctx)) != 0) { - goto cleanup; - } - - enc_len = MBEDTLS_GET_UINT16_BE(enc_len_p, 0); - - if (len != TICKET_MIN_LEN + enc_len) { - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - goto cleanup; - } - - /* Select key */ - if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) { - /* We can't know for sure but this is a likely option unless we're - * under attack - this is only informative anyway */ - ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - goto cleanup; - } - - /* Decrypt and authenticate */ - if ((status = psa_aead_decrypt(key->key, key->alg, iv, TICKET_IV_BYTES, - key_name, TICKET_ADD_DATA_LEN, - ticket, enc_len + TICKET_AUTH_TAG_BYTES, - ticket, enc_len, &clear_len)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - if (clear_len != enc_len) { - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - /* Actually load session */ - if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) { - goto cleanup; - } - -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t ticket_creation_time, ticket_age; - mbedtls_ms_time_t ticket_lifetime = - (mbedtls_ms_time_t) key->lifetime * 1000; - - ret = mbedtls_ssl_session_get_ticket_creation_time(session, - &ticket_creation_time); - if (ret != 0) { - goto cleanup; - } - - ticket_age = mbedtls_ms_time() - ticket_creation_time; - if (ticket_age < 0 || ticket_age > ticket_lifetime) { - ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - goto cleanup; - } -#endif - -cleanup: -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - return MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif - - return ret; -} - -/* - * Free context - */ -void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx) -{ - if (ctx == NULL) { - return; - } - - psa_destroy_key(ctx->keys[0].key); - psa_destroy_key(ctx->keys[1].key); - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free(&ctx->mutex); -#endif - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context)); -} - -#endif /* MBEDTLS_SSL_TICKET_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c deleted file mode 100644 index 550f79de29..0000000000 --- a/library/ssl_tls.c +++ /dev/null @@ -1,9002 +0,0 @@ -/* - * TLS shared functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * http://www.ietf.org/rfc/rfc2246.txt - * http://www.ietf.org/rfc/rfc4346.txt - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "ssl_client.h" -#include "ssl_debug_helpers.h" -#include "ssl_tls13_keys.h" - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/version.h" -#include "mbedtls/constant_time.h" - -#include - -#include "mbedtls/psa_util.h" -#include "md_psa.h" -#include "psa_util_internal.h" -#include "psa/crypto.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" -#endif - -/* Define local translating functions to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -#if defined(MBEDTLS_TEST_HOOKS) -static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; - -void mbedtls_ssl_set_chk_buf_ptr_fail_args( - const uint8_t *cur, const uint8_t *end, size_t need) -{ - chk_buf_ptr_fail_args.cur = cur; - chk_buf_ptr_fail_args.end = end; - chk_buf_ptr_fail_args.need = need; -} - -void mbedtls_ssl_reset_chk_buf_ptr_fail_args(void) -{ - memset(&chk_buf_ptr_fail_args, 0, sizeof(chk_buf_ptr_fail_args)); -} - -int mbedtls_ssl_cmp_chk_buf_ptr_fail_args(mbedtls_ssl_chk_buf_ptr_args *args) -{ - return (chk_buf_ptr_fail_args.cur != args->cur) || - (chk_buf_ptr_fail_args.end != args->end) || - (chk_buf_ptr_fail_args.need != args->need); -} -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -/* Top-level Connection ID API */ - -int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, - size_t len, - int ignore_other_cid) -{ - if (len > MBEDTLS_SSL_CID_IN_LEN_MAX) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL && - ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->ignore_unexpected_cid = ignore_other_cid; - conf->cid_len = len; - return 0; -} - -int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len) -{ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->negotiate_cid = enable; - if (enable == MBEDTLS_SSL_CID_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Disable use of CID extension.")); - return 0; - } - MBEDTLS_SSL_DEBUG_MSG(3, ("Enable use of CID extension.")); - MBEDTLS_SSL_DEBUG_BUF(3, "Own CID", own_cid, own_cid_len); - - if (own_cid_len != ssl->conf->cid_len) { - MBEDTLS_SSL_DEBUG_MSG(3, ("CID length %u does not match CID length %u in config", - (unsigned) own_cid_len, - (unsigned) ssl->conf->cid_len)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(ssl->own_cid, own_cid, own_cid_len); - /* Truncation is not an issue here because - * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */ - ssl->own_cid_len = (uint8_t) own_cid_len; - - return 0; -} - -int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], - size_t *own_cid_len) -{ - *enabled = MBEDTLS_SSL_CID_DISABLED; - - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is - * zero as this is indistinguishable from not requesting to use - * the CID extension. */ - if (ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - return 0; - } - - if (own_cid_len != NULL) { - *own_cid_len = ssl->own_cid_len; - if (own_cid != NULL) { - memcpy(own_cid, ssl->own_cid, ssl->own_cid_len); - } - } - - *enabled = MBEDTLS_SSL_CID_ENABLED; - - return 0; -} - -int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], - size_t *peer_cid_len) -{ - *enabled = MBEDTLS_SSL_CID_DISABLED; - - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - mbedtls_ssl_is_handshake_over(ssl) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions - * were used, but client and server requested the empty CID. - * This is indistinguishable from not using the CID extension - * in the first place. */ - if (ssl->transform_in->in_cid_len == 0 && - ssl->transform_in->out_cid_len == 0) { - return 0; - } - - if (peer_cid_len != NULL) { - *peer_cid_len = ssl->transform_in->out_cid_len; - if (peer_cid != NULL) { - memcpy(peer_cid, ssl->transform_in->out_cid, - ssl->transform_in->out_cid_len); - } - } - - *enabled = MBEDTLS_SSL_CID_ENABLED; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/* - * Convert max_fragment_length codes to length. - * RFC 6066 says: - * enum{ - * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) - * } MaxFragmentLength; - * and we add 0 -> extension unused - */ -static unsigned int ssl_mfl_code_to_length(int mfl) -{ - switch (mfl) { - case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; - case MBEDTLS_SSL_MAX_FRAG_LEN_512: - return 512; - case MBEDTLS_SSL_MAX_FRAG_LEN_1024: - return 1024; - case MBEDTLS_SSL_MAX_FRAG_LEN_2048: - return 2048; - case MBEDTLS_SSL_MAX_FRAG_LEN_4096: - return 4096; - default: - return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN; - } -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src) -{ - mbedtls_ssl_session_free(dst); - memcpy(dst, src, sizeof(mbedtls_ssl_session)); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - dst->ticket = NULL; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - dst->hostname = NULL; -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN) && \ - defined(MBEDTLS_SSL_EARLY_DATA) - dst->ticket_alpn = NULL; -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (src->peer_cert != NULL) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - dst->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (dst->peer_cert == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - mbedtls_x509_crt_init(dst->peer_cert); - - if ((ret = mbedtls_x509_crt_parse_der(dst->peer_cert, src->peer_cert->raw.p, - src->peer_cert->raw.len)) != 0) { - mbedtls_free(dst->peer_cert); - dst->peer_cert = NULL; - return ret; - } - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (src->peer_cert_digest != NULL) { - dst->peer_cert_digest = - mbedtls_calloc(1, src->peer_cert_digest_len); - if (dst->peer_cert_digest == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(dst->peer_cert_digest, src->peer_cert_digest, - src->peer_cert_digest_len); - dst->peer_cert_digest_type = src->peer_cert_digest_type; - dst->peer_cert_digest_len = src->peer_cert_digest_len; - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN) && \ - defined(MBEDTLS_SSL_EARLY_DATA) - { - int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn); - if (ret != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_ALPN && MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if (src->ticket != NULL) { - dst->ticket = mbedtls_calloc(1, src->ticket_len); - if (dst->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(dst->ticket, src->ticket, src->ticket_len); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (src->endpoint == MBEDTLS_SSL_IS_CLIENT) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ssl_session_set_hostname(dst, src->hostname); - if (ret != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - return 0; -} - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old) -{ - unsigned char *resized_buffer = mbedtls_calloc(1, len_new); - if (resized_buffer == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - /* We want to copy len_new bytes when downsizing the buffer, and - * len_old bytes when upsizing, so we choose the smaller of two sizes, - * to fit one buffer into another. Size checks, ensuring that no data is - * lost, are done outside of this function. */ - memcpy(resized_buffer, *buffer, - (len_new < *len_old) ? len_new : *len_old); - mbedtls_zeroize_and_free(*buffer, *len_old); - - *buffer = resized_buffer; - *len_old = len_new; - - return 0; -} - -static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, - size_t in_buf_new_len, - size_t out_buf_new_len) -{ - int modified = 0; - size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0; - size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; - if (ssl->in_buf != NULL) { - written_in = ssl->in_msg - ssl->in_buf; - iv_offset_in = ssl->in_iv - ssl->in_buf; - len_offset_in = ssl->in_len - ssl->in_buf; - hdr_in = ssl->in_hdr - ssl->in_buf; - if (downsizing ? - ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : - ssl->in_buf_len < in_buf_new_len) { - if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory")); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, - in_buf_new_len)); - modified = 1; - } - } - } - - if (ssl->out_buf != NULL) { - written_out = ssl->out_msg - ssl->out_buf; - iv_offset_out = ssl->out_iv - ssl->out_buf; - len_offset_out = ssl->out_len - ssl->out_buf; - if (downsizing ? - ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len : - ssl->out_buf_len < out_buf_new_len) { - if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory")); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, - out_buf_new_len)); - modified = 1; - } - } - } - if (modified) { - /* Update pointers here to avoid doing it twice. */ - ssl->in_hdr = ssl->in_buf + hdr_in; - mbedtls_ssl_update_in_pointers(ssl); - mbedtls_ssl_reset_out_pointers(ssl); - - /* Fields below might not be properly updated with record - * splitting or with CID, so they are manually updated here. */ - ssl->out_msg = ssl->out_buf + written_out; - ssl->out_len = ssl->out_buf + len_offset_out; - ssl->out_iv = ssl->out_buf + iv_offset_out; - - ssl->in_msg = ssl->in_buf + written_in; - ssl->in_len = ssl->in_buf + len_offset_in; - ssl->in_iv = ssl->in_buf + iv_offset_in; - } -} -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -typedef int (*tls_prf_fn)(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id); - -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -/* Type for the TLS PRF */ -typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, - const unsigned char *, size_t, - unsigned char *, size_t); - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, - int ciphersuite, - const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ssl_tls_prf_t tls_prf, - const unsigned char randbytes[64], - mbedtls_ssl_protocol_version tls_version, - unsigned endpoint, - const mbedtls_ssl_context *ssl); - -#if defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha256(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); -static int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *); -static int ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int); - -#endif /* PSA_WANT_ALG_SHA_256*/ - -#if defined(PSA_WANT_ALG_SHA_384) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha384(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen); - -static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *); -static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); -#endif /* PSA_WANT_ALG_SHA_384*/ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -static int ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t); - -#if defined(PSA_WANT_ALG_SHA_256) -static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t); -#endif /* PSA_WANT_ALG_SHA_256*/ - -#if defined(PSA_WANT_ALG_SHA_384) -static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t); -#endif /* PSA_WANT_ALG_SHA_384*/ - -int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - mbedtls_ssl_tls_prf_cb *tls_prf = NULL; - - switch (prf) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_TLS_PRF_SHA384: - tls_prf = tls_prf_sha384; - break; -#endif /* PSA_WANT_ALG_SHA_384*/ -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_TLS_PRF_SHA256: - tls_prf = tls_prf_sha256; - break; -#endif /* PSA_WANT_ALG_SHA_256*/ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - default: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - return tls_prf(secret, slen, label, random, rlen, dstbuf, dlen); -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -static void ssl_clear_peer_cert(mbedtls_ssl_session *session) -{ -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (session->peer_cert != NULL) { - mbedtls_x509_crt_free(session->peer_cert); - mbedtls_free(session->peer_cert); - session->peer_cert = NULL; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (session->peer_cert_digest != NULL) { - /* Zeroization is not necessary. */ - mbedtls_free(session->peer_cert_digest); - session->peer_cert_digest = NULL; - session->peer_cert_digest_type = MBEDTLS_MD_NONE; - session->peer_cert_digest_len = 0; - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type) -{ - switch (extension_type) { - case MBEDTLS_TLS_EXT_SERVERNAME: - return MBEDTLS_SSL_EXT_ID_SERVERNAME; - - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - return MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH; - - case MBEDTLS_TLS_EXT_STATUS_REQUEST: - return MBEDTLS_SSL_EXT_ID_STATUS_REQUEST; - - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - return MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS; - - case MBEDTLS_TLS_EXT_SIG_ALG: - return MBEDTLS_SSL_EXT_ID_SIG_ALG; - - case MBEDTLS_TLS_EXT_USE_SRTP: - return MBEDTLS_SSL_EXT_ID_USE_SRTP; - - case MBEDTLS_TLS_EXT_HEARTBEAT: - return MBEDTLS_SSL_EXT_ID_HEARTBEAT; - - case MBEDTLS_TLS_EXT_ALPN: - return MBEDTLS_SSL_EXT_ID_ALPN; - - case MBEDTLS_TLS_EXT_SCT: - return MBEDTLS_SSL_EXT_ID_SCT; - - case MBEDTLS_TLS_EXT_CLI_CERT_TYPE: - return MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE; - - case MBEDTLS_TLS_EXT_SERV_CERT_TYPE: - return MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE; - - case MBEDTLS_TLS_EXT_PADDING: - return MBEDTLS_SSL_EXT_ID_PADDING; - - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - return MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY; - - case MBEDTLS_TLS_EXT_EARLY_DATA: - return MBEDTLS_SSL_EXT_ID_EARLY_DATA; - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - return MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS; - - case MBEDTLS_TLS_EXT_COOKIE: - return MBEDTLS_SSL_EXT_ID_COOKIE; - - case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: - return MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES; - - case MBEDTLS_TLS_EXT_CERT_AUTH: - return MBEDTLS_SSL_EXT_ID_CERT_AUTH; - - case MBEDTLS_TLS_EXT_OID_FILTERS: - return MBEDTLS_SSL_EXT_ID_OID_FILTERS; - - case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: - return MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH; - - case MBEDTLS_TLS_EXT_SIG_ALG_CERT: - return MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT; - - case MBEDTLS_TLS_EXT_KEY_SHARE: - return MBEDTLS_SSL_EXT_ID_KEY_SHARE; - - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - return MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC; - - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - return MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS; - - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - return MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC; - - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - return MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET; - - case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: - return MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT; - - case MBEDTLS_TLS_EXT_SESSION_TICKET: - return MBEDTLS_SSL_EXT_ID_SESSION_TICKET; - - } - - return MBEDTLS_SSL_EXT_ID_UNRECOGNIZED; -} - -uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type) -{ - return 1 << mbedtls_ssl_get_extension_id(extension_type); -} - -#if defined(MBEDTLS_DEBUG_C) -static const char *extension_name_table[] = { - [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = "unrecognized", - [MBEDTLS_SSL_EXT_ID_SERVERNAME] = "server_name", - [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = "max_fragment_length", - [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = "status_request", - [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = "supported_groups", - [MBEDTLS_SSL_EXT_ID_SIG_ALG] = "signature_algorithms", - [MBEDTLS_SSL_EXT_ID_USE_SRTP] = "use_srtp", - [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = "heartbeat", - [MBEDTLS_SSL_EXT_ID_ALPN] = "application_layer_protocol_negotiation", - [MBEDTLS_SSL_EXT_ID_SCT] = "signed_certificate_timestamp", - [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = "client_certificate_type", - [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = "server_certificate_type", - [MBEDTLS_SSL_EXT_ID_PADDING] = "padding", - [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = "pre_shared_key", - [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = "early_data", - [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = "supported_versions", - [MBEDTLS_SSL_EXT_ID_COOKIE] = "cookie", - [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = "psk_key_exchange_modes", - [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = "certificate_authorities", - [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = "oid_filters", - [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = "post_handshake_auth", - [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = "signature_algorithms_cert", - [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = "key_share", - [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = "truncated_hmac", - [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = "supported_point_formats", - [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = "encrypt_then_mac", - [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = "extended_master_secret", - [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket", - [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit" -}; - -static const unsigned int extension_type_table[] = { - [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, - [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, - [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, - [MBEDTLS_SSL_EXT_ID_STATUS_REQUEST] = MBEDTLS_TLS_EXT_STATUS_REQUEST, - [MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS] = MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, - [MBEDTLS_SSL_EXT_ID_SIG_ALG] = MBEDTLS_TLS_EXT_SIG_ALG, - [MBEDTLS_SSL_EXT_ID_USE_SRTP] = MBEDTLS_TLS_EXT_USE_SRTP, - [MBEDTLS_SSL_EXT_ID_HEARTBEAT] = MBEDTLS_TLS_EXT_HEARTBEAT, - [MBEDTLS_SSL_EXT_ID_ALPN] = MBEDTLS_TLS_EXT_ALPN, - [MBEDTLS_SSL_EXT_ID_SCT] = MBEDTLS_TLS_EXT_SCT, - [MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE] = MBEDTLS_TLS_EXT_CLI_CERT_TYPE, - [MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE] = MBEDTLS_TLS_EXT_SERV_CERT_TYPE, - [MBEDTLS_SSL_EXT_ID_PADDING] = MBEDTLS_TLS_EXT_PADDING, - [MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY] = MBEDTLS_TLS_EXT_PRE_SHARED_KEY, - [MBEDTLS_SSL_EXT_ID_EARLY_DATA] = MBEDTLS_TLS_EXT_EARLY_DATA, - [MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS] = MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, - [MBEDTLS_SSL_EXT_ID_COOKIE] = MBEDTLS_TLS_EXT_COOKIE, - [MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES] = MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, - [MBEDTLS_SSL_EXT_ID_CERT_AUTH] = MBEDTLS_TLS_EXT_CERT_AUTH, - [MBEDTLS_SSL_EXT_ID_OID_FILTERS] = MBEDTLS_TLS_EXT_OID_FILTERS, - [MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH] = MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH, - [MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT] = MBEDTLS_TLS_EXT_SIG_ALG_CERT, - [MBEDTLS_SSL_EXT_ID_KEY_SHARE] = MBEDTLS_TLS_EXT_KEY_SHARE, - [MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC] = MBEDTLS_TLS_EXT_TRUNCATED_HMAC, - [MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS] = MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, - [MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC] = MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, - [MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET] = MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, - [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET, - [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT -}; - -const char *mbedtls_ssl_get_extension_name(unsigned int extension_type) -{ - return extension_name_table[ - mbedtls_ssl_get_extension_id(extension_type)]; -} - -static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) -{ - switch (hs_msg_type) { - case MBEDTLS_SSL_HS_CLIENT_HELLO: - return "ClientHello"; - case MBEDTLS_SSL_HS_SERVER_HELLO: - return "ServerHello"; - case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: - return "HelloRetryRequest"; - case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: - return "NewSessionTicket"; - case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: - return "EncryptedExtensions"; - case MBEDTLS_SSL_HS_CERTIFICATE: - return "Certificate"; - case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: - return "CertificateRequest"; - } - return "Unknown"; -} - -void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, unsigned int extension_type, - const char *extra_msg0, const char *extra_msg1) -{ - const char *extra_msg; - if (extra_msg0 && extra_msg1) { - mbedtls_debug_print_msg( - ssl, level, file, line, - "%s: %s(%u) extension %s %s.", - ssl_tls13_get_hs_msg_name(hs_msg_type), - mbedtls_ssl_get_extension_name(extension_type), - extension_type, - extra_msg0, extra_msg1); - return; - } - - extra_msg = extra_msg0 ? extra_msg0 : extra_msg1; - if (extra_msg) { - mbedtls_debug_print_msg( - ssl, level, file, line, - "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name(hs_msg_type), - mbedtls_ssl_get_extension_name(extension_type), extension_type, - extra_msg); - return; - } - - mbedtls_debug_print_msg( - ssl, level, file, line, - "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name(hs_msg_type), - mbedtls_ssl_get_extension_name(extension_type), extension_type); -} - -void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - int hs_msg_type, uint32_t extensions_mask, - const char *extra) -{ - - for (unsigned i = 0; - i < sizeof(extension_name_table) / sizeof(extension_name_table[0]); - i++) { - mbedtls_ssl_print_extension( - ssl, level, file, line, hs_msg_type, extension_type_table[i], - extensions_mask & (1 << i) ? "exists" : "does not exist", extra); - } -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -static const char *ticket_flag_name_table[] = -{ - [0] = "ALLOW_PSK_RESUMPTION", - [2] = "ALLOW_PSK_EPHEMERAL_RESUMPTION", - [3] = "ALLOW_EARLY_DATA", -}; - -void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl, - int level, const char *file, int line, - unsigned int flags) -{ - size_t i; - - mbedtls_debug_print_msg(ssl, level, file, line, - "print ticket_flags (0x%02x)", flags); - - flags = flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK; - - for (i = 0; i < ARRAY_LENGTH(ticket_flag_name_table); i++) { - if ((flags & (1 << i))) { - mbedtls_debug_print_msg(ssl, level, file, line, "- %s is set.", - ticket_flag_name_table[i]); - } - } -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ - -#endif /* MBEDTLS_DEBUG_C */ - -void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info) -{ - ((void) ciphersuite_info); - -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - ssl->handshake->update_checksum = ssl_update_checksum_sha384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - if (ciphersuite_info->mac != MBEDTLS_MD_SHA384) { - ssl->handshake->update_checksum = ssl_update_checksum_sha256; - } else -#endif - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return; - } -} - -int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len) -{ - unsigned char hs_hdr[4]; - - /* Build HS header for checksum update. */ - hs_hdr[0] = MBEDTLS_BYTE_0(hs_type); - hs_hdr[1] = MBEDTLS_BYTE_2(total_hs_len); - hs_hdr[2] = MBEDTLS_BYTE_1(total_hs_len); - hs_hdr[3] = MBEDTLS_BYTE_0(total_hs_len); - - return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr)); -} - -int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char const *msg, - size_t msg_len) -{ - int ret; - ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len); - if (ret != 0) { - return ret; - } - return ssl->handshake->update_checksum(ssl, msg, msg_len); -} - -int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) -{ -#if defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384) - psa_status_t status; -#else /* SHA-256 or SHA-384 */ - ((void) ssl); -#endif /* SHA-256 or SHA-384 */ -#if defined(PSA_WANT_ALG_SHA_256) - status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } - status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#endif -#if defined(PSA_WANT_ALG_SHA_384) - status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } - status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#endif - return 0; -} - -static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ -#if defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384) - psa_status_t status; -#else /* SHA-256 or SHA-384 */ - ((void) ssl); - (void) buf; - (void) len; -#endif /* SHA-256 or SHA-384 */ -#if defined(PSA_WANT_ALG_SHA_256) - status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#endif -#if defined(PSA_WANT_ALG_SHA_384) - status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); - if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); - } -#endif - return 0; -} - -#if defined(PSA_WANT_ALG_SHA_256) -static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha256_psa, buf, len)); -} -#endif - -#if defined(PSA_WANT_ALG_SHA_384) -static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha384_psa, buf, len)); -} -#endif - -static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) -{ - memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params)); - -#if defined(PSA_WANT_ALG_SHA_256) - handshake->fin_sha256_psa = psa_hash_operation_init(); -#endif -#if defined(PSA_WANT_ALG_SHA_384) - handshake->fin_sha384_psa = psa_hash_operation_init(); -#endif - - handshake->update_checksum = ssl_update_checksum_start; - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - handshake->psa_pake_ctx = psa_pake_operation_init(); - handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; -#if defined(MBEDTLS_SSL_CLI_C) - handshake->ecjpake_cache = NULL; - handshake->ecjpake_cache_len = 0; -#endif -#endif - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx); -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET; -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_init(&handshake->peer_pubkey); -#endif -} - -void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) -{ - memset(transform, 0, sizeof(mbedtls_ssl_transform)); - - transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT; - transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT; - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; -#endif -} - -void mbedtls_ssl_session_init(mbedtls_ssl_session *session) -{ - memset(session, 0, sizeof(mbedtls_ssl_session)); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handshake_init(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Clear old handshake information if present */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->transform_negotiate) { - mbedtls_ssl_transform_free(ssl->transform_negotiate); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if (ssl->session_negotiate) { - mbedtls_ssl_session_free(ssl->session_negotiate); - } - if (ssl->handshake) { - mbedtls_ssl_handshake_free(ssl); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Either the pointers are now NULL or cleared properly and can be freed. - * Now allocate missing structures. - */ - if (ssl->transform_negotiate == NULL) { - ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - if (ssl->session_negotiate == NULL) { - ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session)); - } - - if (ssl->handshake == NULL) { - ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params)); - } -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* If the buffers are too small - reallocate */ - - handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN, - MBEDTLS_SSL_OUT_BUFFER_LEN); -#endif - - /* All pointers should exist and can be directly freed without issue */ - if (ssl->handshake == NULL || -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - ssl->transform_negotiate == NULL || -#endif - ssl->session_negotiate == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed")); - - mbedtls_free(ssl->handshake); - ssl->handshake = NULL; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_free(ssl->transform_negotiate); - ssl->transform_negotiate = NULL; -#endif - - mbedtls_free(ssl->session_negotiate); - ssl->session_negotiate = NULL; - - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#if defined(MBEDTLS_SSL_CLI_C) - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IDLE; -#endif -#if defined(MBEDTLS_SSL_SRV_C) - ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; -#endif - ssl->total_early_data_size = 0; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - /* Initialize structures */ - mbedtls_ssl_session_init(ssl->session_negotiate); - ssl_handshake_params_init(ssl->handshake); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_transform_init(ssl->transform_negotiate); -#endif - - /* Setup handshake checksums */ - ret = mbedtls_ssl_reset_checksum(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl->handshake->new_session_tickets_count = - ssl->conf->new_session_tickets_count; -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->handshake->alt_transform_out = ssl->transform_out; - - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; - } else { - ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - } - - mbedtls_ssl_set_timer(ssl, 0); - } -#endif - return 0; -} - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) -/* Dummy cookie callbacks for defaults */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_write_dummy(void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len) -{ - ((void) ctx); - ((void) p); - ((void) end); - ((void) cli_id); - ((void) cli_id_len); - - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_check_dummy(void *ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len) -{ - ((void) ctx); - ((void) cookie); - ((void) cookie_len); - ((void) cli_id); - ((void) cli_id_len); - - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ - -/* - * Initialize an SSL context - */ -void mbedtls_ssl_init(mbedtls_ssl_context *ssl) -{ - memset(ssl, 0, sizeof(mbedtls_ssl_context)); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_version_check(const mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_config *conf = ssl->conf; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (mbedtls_ssl_conf_is_tls13_only(conf)) { - if (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS 1.3 is not yet supported.")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls13 only.")); - return 0; - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (mbedtls_ssl_conf_is_tls12_only(conf)) { - MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls12 only.")); - return 0; - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (mbedtls_ssl_conf_is_hybrid_tls12_tls13(conf)) { - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is TLS 1.3 or TLS 1.2.")); - return 0; - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(1, ("The SSL configuration is invalid.")); - return MBEDTLS_ERR_SSL_BAD_CONFIG; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_check(const mbedtls_ssl_context *ssl) -{ - int ret; - ret = ssl_conf_version_check(ssl); - if (ret != 0) { - return ret; - } - - /* Space for further checks */ - - return 0; -} - -/* - * Setup an SSL context - */ - -int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; - - ssl->conf = conf; - - if ((ret = ssl_conf_check(ssl)) != 0) { - return ret; - } - ssl->tls_version = ssl->conf->max_tls_version; - - /* - * Prepare base structures - */ - - /* Set to NULL in case of an error condition */ - ssl->out_buf = NULL; - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - ssl->in_buf_len = in_buf_len; -#endif - ssl->in_buf = mbedtls_calloc(1, in_buf_len); - if (ssl->in_buf == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len)); - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto error; - } - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - ssl->out_buf_len = out_buf_len; -#endif - ssl->out_buf = mbedtls_calloc(1, out_buf_len); - if (ssl->out_buf == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len)); - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto error; - } - - mbedtls_ssl_reset_in_pointers(ssl); - mbedtls_ssl_reset_out_pointers(ssl); - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); -#endif - - if ((ret = ssl_handshake_init(ssl)) != 0) { - goto error; - } - - return 0; - -error: - mbedtls_free(ssl->in_buf); - mbedtls_free(ssl->out_buf); - - ssl->conf = NULL; - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - ssl->in_buf_len = 0; - ssl->out_buf_len = 0; -#endif - ssl->in_buf = NULL; - ssl->out_buf = NULL; - - ssl->in_hdr = NULL; - ssl->in_ctr = NULL; - ssl->in_len = NULL; - ssl->in_iv = NULL; - ssl->in_msg = NULL; - - ssl->out_hdr = NULL; - ssl->out_ctr = NULL; - ssl->out_len = NULL; - ssl->out_iv = NULL; - ssl->out_msg = NULL; - - return ret; -} - -/* - * Reset an initialized and used SSL context for re-use while retaining - * all application-set variables, function pointers and data. - * - * If partial is non-zero, keep data in the input buffer and client ID. - * (Use when a DTLS client reconnects from the same port.) - */ -void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, - int partial) -{ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; - size_t out_buf_len = ssl->out_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - -#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || !defined(MBEDTLS_SSL_SRV_C) - partial = 0; -#endif - - /* Cancel any possibly running timer */ - mbedtls_ssl_set_timer(ssl, 0); - - mbedtls_ssl_reset_in_pointers(ssl); - mbedtls_ssl_reset_out_pointers(ssl); - - /* Reset incoming message parsing */ - ssl->in_offt = NULL; - ssl->nb_zero = 0; - ssl->in_msgtype = 0; - ssl->in_msglen = 0; - ssl->in_hslen = 0; - ssl->in_hsfraglen = 0; - ssl->keep_current_message = 0; - ssl->transform_in = NULL; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - ssl->next_record_offset = 0; - ssl->in_epoch = 0; -#endif - - /* Keep current datagram if partial == 1 */ - if (partial == 0) { - ssl->in_left = 0; - memset(ssl->in_buf, 0, in_buf_len); - } - - ssl->send_alert = 0; - - /* Reset outgoing message writing */ - ssl->out_msgtype = 0; - ssl->out_msglen = 0; - ssl->out_left = 0; - memset(ssl->out_buf, 0, out_buf_len); - memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); - ssl->transform_out = NULL; - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset(ssl); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->transform) { - mbedtls_ssl_transform_free(ssl->transform); - mbedtls_free(ssl->transform); - ssl->transform = NULL; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_transform_free(ssl->transform_application); - mbedtls_free(ssl->transform_application); - ssl->transform_application = NULL; - - if (ssl->handshake != NULL) { -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_transform_free(ssl->handshake->transform_earlydata); - mbedtls_free(ssl->handshake->transform_earlydata); - ssl->handshake->transform_earlydata = NULL; -#endif - - mbedtls_ssl_transform_free(ssl->handshake->transform_handshake); - mbedtls_free(ssl->handshake->transform_handshake); - ssl->handshake->transform_handshake = NULL; - } - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -} - -int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); - ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION; - ssl->tls_version = ssl->conf->max_tls_version; - - mbedtls_ssl_session_reset_msg_layer(ssl, partial); - - /* Reset renegotiation state */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; - ssl->renego_records_seen = 0; - - ssl->verify_data_len = 0; - memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); - memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); -#endif - ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; - - ssl->session_in = NULL; - ssl->session_out = NULL; - if (ssl->session) { - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - ssl->session = NULL; - } - -#if defined(MBEDTLS_SSL_ALPN) - ssl->alpn_chosen = NULL; -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - int free_cli_id = 1; -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - free_cli_id = (partial == 0); -#endif - if (free_cli_id) { - mbedtls_free(ssl->cli_id); - ssl->cli_id = NULL; - ssl->cli_id_len = 0; - } -#endif - - if ((ret = ssl_handshake_init(ssl)) != 0) { - return ret; - } - - return 0; -} - -/* - * Reset an initialized and used SSL context for re-use while retaining - * all application-set variables, function pointers and data. - */ -int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_session_reset_int(ssl, 0); -} - -/* - * SSL set accessors - */ -void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint) -{ - conf->endpoint = endpoint; -} - -void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport) -{ - conf->transport = transport; -} - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode) -{ - conf->anti_replay = mode; -} -#endif - -void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit) -{ - conf->badmac_limit = limit; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - -void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, - unsigned allow_packing) -{ - ssl->disable_datagram_packing = !allow_packing; -} - -void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, - uint32_t min, uint32_t max) -{ - conf->hs_timeout_min = min; - conf->hs_timeout_max = max; -} -#endif - -void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode) -{ - conf->authmode = authmode; -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - conf->f_vrfy = f_vrfy; - conf->p_vrfy = p_vrfy; -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg) -{ - conf->f_dbg = f_dbg; - conf->p_dbg = p_dbg; -} - -void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout) -{ - ssl->p_bio = p_bio; - ssl->f_send = f_send; - ssl->f_recv = f_recv; - ssl->f_recv_timeout = f_recv_timeout; -} - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu) -{ - ssl->mtu = mtu; -} -#endif - -void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout) -{ - conf->read_timeout = timeout; -} - -void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer) -{ - ssl->p_timer = p_timer; - ssl->f_set_timer = f_set_timer; - ssl->f_get_timer = f_get_timer; - - /* Make sure we start with no timer running */ - mbedtls_ssl_set_timer(ssl, 0); -} - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, - void *p_cache, - mbedtls_ssl_cache_get_t *f_get_cache, - mbedtls_ssl_cache_set_t *f_set_cache) -{ - conf->p_cache = p_cache; - conf->f_get_cache = f_get_cache; - conf->f_set_cache = f_set_cache; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || - session == NULL || - ssl->session_negotiate == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->handshake->resume == 1) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); - - if (mbedtls_ssl_validate_ciphersuite( - ssl, ciphersuite_info, MBEDTLS_SSL_VERSION_TLS1_3, - MBEDTLS_SSL_VERSION_TLS1_3) != 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("%d is not a valid TLS 1.3 ciphersuite.", - session->ciphersuite)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#else - /* - * If session tickets are not enabled, it is not possible to resume a - * TLS 1.3 session, thus do not make any change to the SSL context in - * the first place. - */ - return 0; -#endif - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate, - session)) != 0) { - return ret; - } - - ssl->handshake->resume = 1; - - return 0; -} -#endif /* MBEDTLS_SSL_CLI_C */ - -void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, - const int *ciphersuites) -{ - conf->ciphersuite_list = ciphersuites; -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, - const int kex_modes) -{ - conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, - int early_data_enabled) -{ - conf->early_data_enabled = early_data_enabled; -} - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_max_early_data_size( - mbedtls_ssl_config *conf, uint32_t max_early_data_size) -{ - conf->max_early_data_size = max_early_data_size; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_EARLY_DATA */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile) -{ - conf->cert_profile = profile; -} - -static void ssl_key_cert_free(mbedtls_ssl_key_cert *key_cert) -{ - mbedtls_ssl_key_cert *cur = key_cert, *next; - - while (cur != NULL) { - next = cur->next; - mbedtls_free(cur); - cur = next; - } -} - -/* Append a new keycert entry to a (possibly empty) list */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_append_key_cert(mbedtls_ssl_key_cert **head, - mbedtls_x509_crt *cert, - mbedtls_pk_context *key) -{ - mbedtls_ssl_key_cert *new_cert; - - if (cert == NULL) { - /* Free list if cert is null */ - ssl_key_cert_free(*head); - *head = NULL; - return 0; - } - - new_cert = mbedtls_calloc(1, sizeof(mbedtls_ssl_key_cert)); - if (new_cert == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - new_cert->cert = cert; - new_cert->key = key; - new_cert->next = NULL; - - /* Update head if the list was null, else add to the end */ - if (*head == NULL) { - *head = new_cert; - } else { - mbedtls_ssl_key_cert *cur = *head; - while (cur->next != NULL) { - cur = cur->next; - } - cur->next = new_cert; - } - - return 0; -} - -int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key) -{ - return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key); -} - -void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl) -{ - conf->ca_chain = ca_chain; - conf->ca_crl = ca_crl; - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb() - * cannot be used together. */ - conf->f_ca_cb = NULL; - conf->p_ca_cb = NULL; -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -} - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb) -{ - conf->f_ca_cb = f_ca_cb; - conf->p_ca_cb = p_ca_cb; - - /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb() - * cannot be used together. */ - conf->ca_chain = NULL; - conf->ca_crl = NULL; -} -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl, - size_t *name_len) -{ - *name_len = ssl->handshake->sni_name_len; - return ssl->handshake->sni_name; -} - -int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key) -{ - return ssl_append_key_cert(&ssl->handshake->sni_key_cert, - own_cert, pk_key); -} - -void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl) -{ - ssl->handshake->sni_ca_chain = ca_chain; - ssl->handshake->sni_ca_crl = ca_crl; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -void mbedtls_ssl_set_hs_dn_hints(mbedtls_ssl_context *ssl, - const mbedtls_x509_crt *crt) -{ - ssl->handshake->dn_hints = crt; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, - int authmode) -{ - ssl->handshake->sni_authmode = authmode; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - ssl->f_vrfy = f_vrfy; - ssl->p_vrfy = p_vrfy; -} -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - -static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; -static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; - -static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( - mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t pwd) -{ - psa_status_t status; - psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - const uint8_t *user = NULL; - size_t user_len = 0; - const uint8_t *peer = NULL; - size_t peer_len = 0; - psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); - psa_pake_cs_set_primitive(&cipher_suite, - PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, - PSA_ECC_FAMILY_SECP_R1, - 256)); - - status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, pwd, &cipher_suite); - if (status != PSA_SUCCESS) { - return status; - } - - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - user = jpake_server_id; - user_len = sizeof(jpake_server_id); - peer = jpake_client_id; - peer_len = sizeof(jpake_client_id); - } else { - user = jpake_client_id; - user_len = sizeof(jpake_client_id); - peer = jpake_server_id; - peer_len = sizeof(jpake_server_id); - } - - status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); - if (status != PSA_SUCCESS) { - return status; - } - - status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len); - if (status != PSA_SUCCESS) { - return status; - } - - ssl->handshake->psa_pake_ctx_is_ok = 1; - - return PSA_SUCCESS; -} - -int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; - - if (ssl->handshake == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Empty password is not valid */ - if ((pw == NULL) || (pw_len == 0)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - status = psa_import_key(&attributes, pw, pw_len, - &ssl->handshake->psa_pake_password); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl, - ssl->handshake->psa_pake_password); - if (status != PSA_SUCCESS) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - return 0; -} - -int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t pwd) -{ - psa_status_t status; - - if (ssl->handshake == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (mbedtls_svc_key_id_is_null(pwd)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl, pwd); - if (status != PSA_SUCCESS) { - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) -{ - if (conf->psk_identity == NULL || - conf->psk_identity_len == 0) { - return 0; - } - - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - return 1; - } - - if (conf->psk != NULL && conf->psk_len != 0) { - return 1; - } - - return 0; -} - -static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) -{ - /* Remove reference to existing PSK, if any. */ - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - /* The maintenance of the PSK key slot is the - * user's responsibility. */ - conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } - if (conf->psk != NULL) { - mbedtls_zeroize_and_free(conf->psk, conf->psk_len); - conf->psk = NULL; - conf->psk_len = 0; - } - - /* Remove reference to PSK identity, if any. */ - if (conf->psk_identity != NULL) { - mbedtls_free(conf->psk_identity); - conf->psk_identity = NULL; - conf->psk_identity_len = 0; - } -} - -/* This function assumes that PSK identity in the SSL config is unset. - * It checks that the provided identity is well-formed and attempts - * to make a copy of it in the SSL config. - * On failure, the PSK identity in the config remains unset. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf, - unsigned char const *psk_identity, - size_t psk_identity_len) -{ - /* Identity len will be encoded on two bytes */ - if (psk_identity == NULL || - psk_identity_len == 0 || - (psk_identity_len >> 16) != 0 || - psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->psk_identity = mbedtls_calloc(1, psk_identity_len); - if (conf->psk_identity == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - conf->psk_identity_len = psk_identity_len; - memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); - - return 0; -} - -int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* We currently only support one PSK, raw or opaque. */ - if (mbedtls_ssl_conf_has_static_psk(conf)) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - /* Check and set raw PSK */ - if (psk == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (psk_len == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (psk_len > MBEDTLS_PSK_MAX_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - conf->psk_len = psk_len; - memcpy(conf->psk, psk, conf->psk_len); - - /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len); - if (ret != 0) { - ssl_conf_remove_psk(conf); - } - - return ret; -} - -static void ssl_remove_psk(mbedtls_ssl_context *ssl) -{ - if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - /* The maintenance of the external PSK key slot is the - * user's responsibility. */ - if (ssl->handshake->psk_opaque_is_internal) { - psa_destroy_key(ssl->handshake->psk_opaque); - ssl->handshake->psk_opaque_is_internal = 0; - } - ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } -} - -int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len) -{ - psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg = PSA_ALG_NONE; - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - - if (psk == NULL || ssl->handshake == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (psk_len > MBEDTLS_PSK_MAX_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_remove_psk(ssl); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - alg = PSA_ALG_HKDF_EXTRACT(PSA_ALG_ANY_HASH); - psa_set_key_usage_flags(&key_attributes, - PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, psk, psk_len, &key); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - /* Allow calling psa_destroy_key() on psk remove */ - ssl->handshake->psk_opaque_is_internal = 1; - return mbedtls_ssl_set_hs_psk_opaque(ssl, key); -} - -int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, - mbedtls_svc_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* We currently only support one PSK, raw or opaque. */ - if (mbedtls_ssl_conf_has_static_psk(conf)) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - /* Check and set opaque PSK */ - if (mbedtls_svc_key_id_is_null(psk)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - conf->psk_opaque = psk; - - /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity(conf, psk_identity, - psk_identity_len); - if (ret != 0) { - ssl_conf_remove_psk(conf); - } - - return ret; -} - -int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, - mbedtls_svc_key_id_t psk) -{ - if ((mbedtls_svc_key_id_is_null(psk)) || - (ssl->handshake == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_remove_psk(ssl); - ssl->handshake->psk_opaque = psk; - return 0; -} - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk) -{ - conf->f_psk = f_psk; - conf->p_psk = p_psk; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( - psa_algorithm_t alg) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (alg == PSA_ALG_CBC_NO_PADDING) { - return MBEDTLS_SSL_MODE_CBC; - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - if (PSA_ALG_IS_AEAD(alg)) { - return MBEDTLS_SSL_MODE_AEAD; - } - return MBEDTLS_SSL_MODE_STREAM; -} - - -static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode( - mbedtls_ssl_mode_t base_mode, - int encrypt_then_mac) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - if (encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && - base_mode == MBEDTLS_SSL_MODE_CBC) { - return MBEDTLS_SSL_MODE_CBC_ETM; - } -#else - (void) encrypt_then_mac; -#endif - return base_mode; -} - -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( - const mbedtls_ssl_transform *transform) -{ - mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode( - transform->psa_alg - ); - - int encrypt_then_mac = 0; -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - encrypt_then_mac = transform->encrypt_then_mac; -#endif - return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac); -} - -mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - const mbedtls_ssl_ciphersuite_t *suite) -{ - mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM; - - psa_status_t status; - psa_algorithm_t alg; - psa_key_type_t type; - size_t size; - status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) suite->cipher, - 0, &alg, &type, &size); - if (status == PSA_SUCCESS) { - base_mode = mbedtls_ssl_get_base_mode(alg); - } - -#if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac = 0; -#endif - return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac); -} - - -const mbedtls_error_pair_t psa_to_ssl_errors[] = -{ - { PSA_SUCCESS, 0 }, - { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED }, - { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE }, - { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC }, - { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA }, - { PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR }, - { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL } -}; - -psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type, - size_t taglen, - psa_algorithm_t *alg, - psa_key_type_t *key_type, - size_t *key_size) -{ -#if !defined(PSA_WANT_ALG_CCM) - (void) taglen; -#endif - switch (mbedtls_cipher_type) { -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_AES_128_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_AES_128_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_AES_128_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_AES_192_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_AES_192_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_AES_256_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_AES_256_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_AES_256_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_AES; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_ARIA_128_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_ARIA_128_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_ARIA_128_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_ARIA_192_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_ARIA_192_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_ARIA_256_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_ARIA_256_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_ARIA_256_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_ARIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_CAMELLIA_128_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_CAMELLIA_128_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_CAMELLIA_128_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 128; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_CAMELLIA_192_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_CAMELLIA_192_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 192; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) - case MBEDTLS_CIPHER_CAMELLIA_256_CBC: - *alg = PSA_ALG_CBC_NO_PADDING; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) - case MBEDTLS_CIPHER_CAMELLIA_256_CCM: - *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) - case MBEDTLS_CIPHER_CAMELLIA_256_GCM: - *alg = PSA_ALG_GCM; - *key_type = PSA_KEY_TYPE_CAMELLIA; - *key_size = 256; - break; -#endif -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) - case MBEDTLS_CIPHER_CHACHA20_POLY1305: - *alg = PSA_ALG_CHACHA20_POLY1305; - *key_type = PSA_KEY_TYPE_CHACHA20; - *key_size = 256; - break; -#endif - case MBEDTLS_CIPHER_NULL: - *alg = MBEDTLS_SSL_NULL_CIPHER; - *key_type = 0; - *key_size = 0; - break; - default: - return PSA_ERROR_NOT_SUPPORTED; - } - - return PSA_SUCCESS; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* Configure allowed signature algorithms for handshake */ -void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, - const uint16_t *sig_algs) -{ - conf->sig_algs = sig_algs; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Set the allowed groups - */ -void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, - const uint16_t *group_list) -{ - conf->group_list = group_list; -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/** Whether mbedtls_ssl_set_hostname() has been called. - * - * \param[in] ssl SSL context - * - * \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl - * (including `mbedtls_ssl_set_hostname(ssl, NULL)`), - * otherwise \c 0. - */ -static int mbedtls_ssl_has_set_hostname_been_called( - const mbedtls_ssl_context *ssl) -{ - return (ssl->flags & MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) != 0; -} -#endif - -static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl) -{ - if (ssl->hostname != NULL) { - mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); - } - ssl->hostname = NULL; -} - -int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) -{ - /* Initialize to suppress unnecessary compiler warning */ - size_t hostname_len = 0; - - /* Check if new hostname is valid before - * making any change to current one */ - if (hostname != NULL) { - hostname_len = strlen(hostname); - - if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - /* Now it's clear that we will overwrite the old hostname, - * so we can free it safely */ - mbedtls_ssl_free_hostname(ssl); - - /* Passing NULL as hostname shall clear the old one */ - - if (hostname == NULL) { - ssl->hostname = NULL; - } else { - ssl->hostname = mbedtls_calloc(1, hostname_len + 1); - if (ssl->hostname == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->hostname, hostname, hostname_len); - - ssl->hostname[hostname_len] = '\0'; - } - - ssl->flags |= MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET; - - return 0; -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, - const unsigned char *, size_t), - void *p_sni) -{ - conf->f_sni = f_sni; - conf->p_sni = p_sni; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, - const char *const *protos) -{ - size_t cur_len, tot_len; - const char *const *p; - - /* - * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings - * MUST NOT be truncated." - * We check lengths now rather than later. - */ - tot_len = 0; - for (p = protos; *p != NULL; p++) { - cur_len = strlen(*p); - tot_len += cur_len; - - if ((cur_len == 0) || - (cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) || - (tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - conf->alpn_list = protos; - - return 0; -} - -const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl) -{ - return ssl->alpn_chosen; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, - int support_mki_value) -{ - conf->dtls_srtp_mki_support = support_mki_value; -} - -int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len) -{ - if (mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len); - ssl->dtls_srtp_info.mki_len = mki_len; - return 0; -} - -int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles) -{ - const mbedtls_ssl_srtp_profile *p; - size_t list_size = 0; - - /* check the profiles list: all entry must be valid, - * its size cannot be more than the total number of supported profiles, currently 4 */ - for (p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && - list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; - p++) { - if (mbedtls_ssl_check_srtp_profile_value(*p) != MBEDTLS_TLS_SRTP_UNSET) { - list_size++; - } else { - /* unsupported value, stop parsing and set the size to an error value */ - list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; - } - } - - if (list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH) { - conf->dtls_srtp_profile_list = NULL; - conf->dtls_srtp_profile_list_len = 0; - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->dtls_srtp_profile_list = profiles; - conf->dtls_srtp_profile_list_len = list_size; - - return 0; -} - -void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info) -{ - dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; - /* do not copy the mki value if there is no chosen profile */ - if (dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { - dtls_srtp_info->mki_len = 0; - } else { - dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; - memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, - char cert_req_ca_list) -{ - conf->cert_req_ca_list = cert_req_ca_list; -} -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm) -{ - conf->encrypt_then_mac = etm; -} -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems) -{ - conf->extended_ms = ems; -} -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code) -{ - if (mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || - ssl_mfl_code_to_length(mfl_code) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - conf->mfl_code = mfl_code; - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy) -{ - conf->allow_legacy_renegotiation = allow_legacy; -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation) -{ - conf->disable_renegotiation = renegotiation; -} - -void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records) -{ - conf->renego_max_records = max_records; -} - -void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, - const unsigned char period[8]) -{ - memcpy(conf->renego_period, period, 8); -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) -void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) -{ - conf->session_tickets = use_tickets; -} -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -void mbedtls_ssl_conf_new_session_tickets(mbedtls_ssl_config *conf, - uint16_t num_tickets) -{ - conf->new_session_tickets_count = num_tickets; -} -#endif - -void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket) -{ - conf->f_ticket_write = f_ticket_write; - conf->f_ticket_parse = f_ticket_parse; - conf->p_ticket = p_ticket; -} -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys) -{ - ssl->f_export_keys = f_export_keys; - ssl->p_export_keys = p_export_keys; -} - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -void mbedtls_ssl_conf_async_private_cb( - mbedtls_ssl_config *conf, - mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_resume_t *f_async_resume, - mbedtls_ssl_async_cancel_t *f_async_cancel, - void *async_config_data) -{ - conf->f_async_sign_start = f_async_sign; - conf->f_async_resume = f_async_resume; - conf->f_async_cancel = f_async_cancel; - conf->p_async_config_data = async_config_data; -} - -void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf) -{ - return conf->p_async_config_data; -} - -void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl) -{ - if (ssl->handshake == NULL) { - return NULL; - } else { - return ssl->handshake->user_async_ctx; - } -} - -void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, - void *ctx) -{ - if (ssl->handshake != NULL) { - ssl->handshake->user_async_ctx = ctx; - } -} -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -/* - * SSL get accessors - */ -uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl) -{ - if (ssl->session != NULL) { - return ssl->session->verify_result; - } - - if (ssl->session_negotiate != NULL) { - return ssl->session_negotiate->verify_result; - } - - return 0xFFFFFFFF; -} - -int mbedtls_ssl_get_ciphersuite_id_from_ssl(const mbedtls_ssl_context *ssl) -{ - if (ssl == NULL || ssl->session == NULL) { - return 0; - } - - return ssl->session->ciphersuite; -} - -const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl) -{ - if (ssl == NULL || ssl->session == NULL) { - return NULL; - } - - return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite); -} - -const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - switch (ssl->tls_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - return "DTLSv1.2"; - default: - return "unknown (DTLS)"; - } - } -#endif - - switch (ssl->tls_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - return "TLSv1.2"; - case MBEDTLS_SSL_VERSION_TLS1_3: - return "TLSv1.3"; - default: - return "unknown"; - } -} - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - -size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) -{ - const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t record_size_limit = max_len; - - if (ssl->session != NULL && - ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session->record_size_limit < max_len) { - record_size_limit = ssl->session->record_size_limit; - } - - // TODO: this is currently untested - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL && - ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && - ssl->session_negotiate->record_size_limit < max_len) { - record_size_limit = ssl->session_negotiate->record_size_limit; - } - - return record_size_limit; -} -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) -{ - size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN; - size_t read_mfl; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) { - return ssl_mfl_code_to_length(ssl->conf->mfl_code); - } -#endif - - /* Check if a smaller max length was negotiated */ - if (ssl->session_out != NULL) { - read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code); - if (read_mfl < max_len) { - max_len = read_mfl; - } - } - - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL) { - read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); - if (read_mfl < max_len) { - max_len = read_mfl; - } - } - - return max_len; -} - -size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) -{ - size_t max_len; - - /* - * Assume mfl_code is correct since it was checked when set - */ - max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); - - /* Check if a smaller max length was negotiated */ - if (ssl->session_out != NULL && - ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) { - max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code); - } - - /* During a handshake, use the value being negotiated */ - if (ssl->session_negotiate != NULL && - ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) { - max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); - } - - return max_len; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl) -{ - /* Return unlimited mtu for client hello messages to avoid fragmentation. */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - (ssl->state == MBEDTLS_SSL_CLIENT_HELLO || - ssl->state == MBEDTLS_SSL_SERVER_HELLO)) { - return 0; - } - - if (ssl->handshake == NULL || ssl->handshake->mtu == 0) { - return ssl->mtu; - } - - if (ssl->mtu == 0) { - return ssl->handshake->mtu; - } - - return ssl->mtu < ssl->handshake->mtu ? - ssl->mtu : ssl->handshake->mtu; -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) -{ - size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; - -#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ - !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \ - !defined(MBEDTLS_SSL_PROTO_DTLS) - (void) ssl; -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - - if (max_len > mfl) { - max_len = mfl; - } -#endif - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - const size_t record_size_limit = mbedtls_ssl_get_output_record_size_limit(ssl); - - if (max_len > record_size_limit) { - max_len = record_size_limit; - } -#endif - - if (ssl->transform_out != NULL && - ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* - * In TLS 1.3 case, when records are protected, `max_len` as computed - * above is the maximum length of the TLSInnerPlaintext structure that - * along the plaintext payload contains the inner content type (one byte) - * and some zero padding. Given the algorithm used for padding - * in mbedtls_ssl_encrypt_buf(), compute the maximum length for - * the plaintext payload. Round down to a multiple of - * MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY and - * subtract 1. - */ - max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (mbedtls_ssl_get_current_mtu(ssl) != 0) { - const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); - const int ret = mbedtls_ssl_get_record_expansion(ssl); - const size_t overhead = (size_t) ret; - - if (ret < 0) { - return ret; - } - - if (mtu <= overhead) { - MBEDTLS_SSL_DEBUG_MSG(1, ("MTU too low for record expansion")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - if (max_len > mtu - overhead) { - max_len = mtu - overhead; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ - !defined(MBEDTLS_SSL_PROTO_DTLS) && \ - !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - ((void) ssl); -#endif - - return (int) max_len; -} - -int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl) -{ - size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN; - -#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - (void) ssl; -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_input_max_frag_len(ssl); - - if (max_len > mfl) { - max_len = mfl; - } -#endif - - return (int) max_len; -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl) -{ - if (ssl == NULL || ssl->session == NULL) { - return NULL; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - return ssl->session->peer_cert; -#else - return NULL; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, - mbedtls_ssl_session *dst) -{ - int ret; - - if (ssl == NULL || - dst == NULL || - ssl->session == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Since Mbed TLS 3.0, mbedtls_ssl_get_session() is no longer - * idempotent: Each session can only be exported once. - * - * (This is in preparation for TLS 1.3 support where we will - * need the ability to export multiple sessions (aka tickets), - * which will be achieved by calling mbedtls_ssl_get_session() - * multiple times until it fails.) - * - * Check whether we have already exported the current session, - * and fail if so. - */ - if (ssl->session->exported == 1) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - ret = mbedtls_ssl_session_copy(dst, ssl->session); - if (ret != 0) { - return ret; - } - - /* Remember that we've exported the session. */ - ssl->session->exported = 1; - return 0; -} -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - -/* Serialization of TLS 1.2 sessions - * - * For more detail, see the description of ssl_session_save(). - */ -static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len) -{ - unsigned char *p = buf; - size_t used = 0; - -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - used += 8; - - if (used <= buf_len) { - start = (uint64_t) session->start; - - MBEDTLS_PUT_UINT64_BE(start, p, 0); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - used += 1 /* id_len */ - + sizeof(session->id) - + sizeof(session->master) - + 4; /* verify_result */ - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_0(session->id_len); - memcpy(p, session->id, 32); - p += 32; - - memcpy(p, session->master, 48); - p += 48; - - MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); - p += 4; - } - - /* - * Peer's end-entity certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (session->peer_cert == NULL) { - cert_len = 0; - } else { - cert_len = session->peer_cert->raw.len; - } - - used += 3 + cert_len; - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_2(cert_len); - *p++ = MBEDTLS_BYTE_1(cert_len); - *p++ = MBEDTLS_BYTE_0(cert_len); - - if (session->peer_cert != NULL) { - memcpy(p, session->peer_cert->raw.p, cert_len); - p += cert_len; - } - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (session->peer_cert_digest != NULL) { - used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; - if (used <= buf_len) { - *p++ = (unsigned char) session->peer_cert_digest_type; - *p++ = (unsigned char) session->peer_cert_digest_len; - memcpy(p, session->peer_cert_digest, - session->peer_cert_digest_len); - p += session->peer_cert_digest_len; - } - } else { - used += 2; - if (used <= buf_len) { - *p++ = (unsigned char) MBEDTLS_MD_NONE; - *p++ = 0; - } - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket if any, plus associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { - used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_2(session->ticket_len); - *p++ = MBEDTLS_BYTE_1(session->ticket_len); - *p++ = MBEDTLS_BYTE_0(session->ticket_len); - - if (session->ticket != NULL) { - memcpy(p, session->ticket, session->ticket_len); - p += session->ticket_len; - } - - MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); - p += 4; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - used += 8; - - if (used <= buf_len) { - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); - p += 8; - } - } -#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - used += 1; - - if (used <= buf_len) { - *p++ = session->mfl_code; - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - used += 1; - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); - } -#endif - - return used; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - if (8 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - start = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - - session->start = (mbedtls_time_t) start; -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - if (1 + 32 + 48 + 4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->id_len = *p++; - memcpy(session->id, p, 32); - p += 32; - - memcpy(session->master, p, 48); - p += 48; - - session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - /* Immediately clear invalid pointer values that have been read, in case - * we exit early before we replaced them with valid ones. */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - session->peer_cert = NULL; -#else - session->peer_cert_digest = NULL; -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - session->ticket = NULL; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Peer certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Deserialize CRT from the end of the ticket. */ - if (3 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - cert_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - if (cert_len != 0) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (cert_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - - if (session->peer_cert == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - mbedtls_x509_crt_init(session->peer_cert); - - if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, - p, cert_len)) != 0) { - mbedtls_x509_crt_free(session->peer_cert); - mbedtls_free(session->peer_cert); - session->peer_cert = NULL; - return ret; - } - - p += cert_len; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Deserialize CRT digest from the end of the ticket. */ - if (2 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; - session->peer_cert_digest_len = (size_t) *p++; - - if (session->peer_cert_digest_len != 0) { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type(session->peer_cert_digest_type); - if (md_info == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (session->peer_cert_digest_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert_digest = - mbedtls_calloc(1, session->peer_cert_digest_len); - if (session->peer_cert_digest == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->peer_cert_digest, p, - session->peer_cert_digest_len); - p += session->peer_cert_digest_len; - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket and associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { - if (3 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - if (session->ticket_len != 0) { - if (session->ticket_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket = mbedtls_calloc(1, session->ticket_len); - if (session->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->ticket, p, session->ticket_len); - p += session->ticket_len; - } - - if (4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - } -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (8 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if (1 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->mfl_code = *p++; -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (1 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->encrypt_then_mac = *p++; -#endif - - /* Done, should have consumed entire buffer */ - if (p != end) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return 0; -} - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* Serialization of TLS 1.3 sessions: - * - * For more detail, see the description of ssl_session_save(). - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - unsigned char *p = buf; -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - size_t hostname_len = (session->hostname == NULL) ? - 0 : strlen(session->hostname) + 1; -#endif - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - const size_t alpn_len = (session->ticket_alpn == NULL) ? - 0 : strlen(session->ticket_alpn) + 1; -#endif - size_t needed = 4 /* ticket_age_add */ - + 1 /* ticket_flags */ - + 1; /* resumption_key length */ - - *olen = 0; - - if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - needed += session->resumption_key_len; /* resumption_key */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - needed += 4; /* max_early_data_size */ -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - needed += 2; /* record_size_limit */ -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_HAVE_TIME) - needed += 8; /* ticket_creation_time or ticket_reception_time */ -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - needed += 2 /* alpn_len */ - + alpn_len; /* alpn */ -#endif - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - needed += 2 /* hostname_len */ - + hostname_len; /* hostname */ -#endif - - needed += 4 /* ticket_lifetime */ - + 2; /* ticket_len */ - - /* Check size_t overflow */ - if (session->ticket_len > SIZE_MAX - needed) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - needed += session->ticket_len; /* ticket */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - - *olen = needed; - if (needed > buf_len) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 0); - p[4] = session->ticket_flags; - - /* save resumption_key */ - p[5] = session->resumption_key_len; - p += 6; - memcpy(p, session->resumption_key, session->resumption_key_len); - p += session->resumption_key_len; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); - p += 4; -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); - p += 2; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_HAVE_TIME) - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); - p += 8; -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - MBEDTLS_PUT_UINT16_BE(alpn_len, p, 0); - p += 2; - - if (alpn_len > 0) { - /* save chosen alpn */ - memcpy(p, session->ticket_alpn, alpn_len); - p += alpn_len; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); - p += 2; - if (hostname_len > 0) { - /* save host name */ - memcpy(p, session->hostname, hostname_len); - p += hostname_len; - } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_HAVE_TIME) - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); - p += 8; -#endif - MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); - p += 4; - - MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0); - p += 2; - - if (session->ticket != NULL && session->ticket_len > 0) { - memcpy(p, session->ticket, session->ticket_len); - p += session->ticket_len; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ - const unsigned char *p = buf; - const unsigned char *end = buf + len; - - if (end - p < 6) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 0); - session->ticket_flags = p[4]; - - /* load resumption_key */ - session->resumption_key_len = p[5]; - p += 6; - - if (end - p < session->resumption_key_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (sizeof(session->resumption_key) < session->resumption_key_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - memcpy(session->resumption_key, p, session->resumption_key_len); - p += session->resumption_key_len; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_HAVE_TIME) - if (end - p < 8) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - size_t alpn_len; - - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - alpn_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) alpn_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (alpn_len > 0) { - int ret = mbedtls_ssl_session_set_ticket_alpn(session, (char *) p); - if (ret != 0) { - return ret; - } - p += alpn_len; - } -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - size_t hostname_len; - /* load host name */ - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - hostname_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) hostname_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (hostname_len > 0) { - session->hostname = mbedtls_calloc(1, hostname_len); - if (session->hostname == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->hostname, p, hostname_len); - p += hostname_len; - } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_HAVE_TIME) - if (end - p < 8) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; -#endif - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) session->ticket_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (session->ticket_len > 0) { - session->ticket = mbedtls_calloc(1, session->ticket_len); - if (session->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->ticket, p, session->ticket_len); - p += session->ticket_len; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - return 0; - -} -#else /* MBEDTLS_SSL_SESSION_TICKETS */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - ((void) session); - ((void) buf); - ((void) buf_len); - *olen = 0; - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} - -static int ssl_tls13_session_load(const mbedtls_ssl_session *session, - const unsigned char *buf, - size_t buf_len) -{ - ((void) session); - ((void) buf); - ((void) buf_len); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* !MBEDTLS_SSL_SESSION_TICKETS */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* - * Define ticket header determining Mbed TLS version - * and structure of the ticket. - */ - -/* - * Define bitflag determining compile-time settings influencing - * structure of serialized SSL sessions. - */ - -#if defined(MBEDTLS_HAVE_TIME) -#define SSL_SERIALIZED_SESSION_CONFIG_TIME 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_TIME 0 -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#define SSL_SERIALIZED_SESSION_CONFIG_CRT 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0 -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 0 -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 0 -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -#define SSL_SERIALIZED_SESSION_CONFIG_MFL 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_MFL 0 -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define SSL_SERIALIZED_SESSION_CONFIG_ETM 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_ETM 0 -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 0 -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -#define SSL_SERIALIZED_SESSION_CONFIG_SNI 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_SNI 0 -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA 0 -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) -#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE 0 -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_EARLY_DATA) -#define SSL_SERIALIZED_SESSION_CONFIG_ALPN 1 -#else -#define SSL_SERIALIZED_SESSION_CONFIG_ALPN 0 -#endif /* MBEDTLS_SSL_ALPN */ - -#define SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT 0 -#define SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT 1 -#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT 2 -#define SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT 3 -#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 4 -#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 5 -#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT 6 -#define SSL_SERIALIZED_SESSION_CONFIG_SNI_BIT 7 -#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA_BIT 8 -#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE_BIT 9 -#define SSL_SERIALIZED_SESSION_CONFIG_ALPN_BIT 10 - -#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \ - ((uint16_t) ( \ - (SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << \ - SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT << \ - SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_SNI << SSL_SERIALIZED_SESSION_CONFIG_SNI_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA << \ - SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE << \ - SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_ALPN << \ - SSL_SERIALIZED_SESSION_CONFIG_ALPN_BIT))) - -static const unsigned char ssl_serialized_session_header[] = { - MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, - MBEDTLS_VERSION_PATCH, - MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), - MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), -}; - -/* - * Serialize a session in the following format: - * (in the presentation language of TLS, RFC 8446 section 3) - * - * TLS 1.2 session: - * - * struct { - * #if defined(MBEDTLS_SSL_SESSION_TICKETS) - * opaque ticket<0..2^24-1>; // length 0 means no ticket - * uint32 ticket_lifetime; - * #endif - * } ClientOnlyData; - * - * struct { - * #if defined(MBEDTLS_HAVE_TIME) - * uint64 start_time; - * #endif - * uint8 session_id_len; // at most 32 - * opaque session_id[32]; - * opaque master[48]; // fixed length in the standard - * uint32 verify_result; - * #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert - * #else - * uint8 peer_cert_digest_type; - * opaque peer_cert_digest<0..2^8-1> - * #endif - * select (endpoint) { - * case client: ClientOnlyData; - * case server: uint64 ticket_creation_time; - * }; - * #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - * uint8 mfl_code; // up to 255 according to standard - * #endif - * #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - * uint8 encrypt_then_mac; // 0 or 1 - * #endif - * } serialized_session_tls12; - * - * - * TLS 1.3 Session: - * - * struct { - * #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - * opaque hostname<0..2^16-1>; - * #endif - * #if defined(MBEDTLS_HAVE_TIME) - * uint64 ticket_reception_time; - * #endif - * uint32 ticket_lifetime; - * opaque ticket<1..2^16-1>; - * } ClientOnlyData; - * - * struct { - * uint32 ticket_age_add; - * uint8 ticket_flags; - * opaque resumption_key<0..255>; - * #if defined(MBEDTLS_SSL_EARLY_DATA) - * uint32 max_early_data_size; - * #endif - * #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - * uint16 record_size_limit; - * #endif - * select ( endpoint ) { - * case client: ClientOnlyData; - * case server: - * #if defined(MBEDTLS_HAVE_TIME) - * uint64 ticket_creation_time; - * #endif - * #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - * opaque ticket_alpn<0..256>; - * #endif - * }; - * } serialized_session_tls13; - * - * - * SSL session: - * - * struct { - * - * opaque mbedtls_version[3]; // library version: major, minor, patch - * opaque session_format[2]; // library-version specific 16-bit field - * // determining the format of the remaining - * // serialized data. - * - * Note: When updating the format, remember to keep - * these version+format bytes. - * - * // In this version, `session_format` determines - * // the setting of those compile-time - * // configuration options which influence - * // the structure of mbedtls_ssl_session. - * - * uint8_t minor_ver; // Protocol minor version. Possible values: - * // - TLS 1.2 (0x0303) - * // - TLS 1.3 (0x0304) - * uint8_t endpoint; - * uint16_t ciphersuite; - * - * select (serialized_session.tls_version) { - * - * case MBEDTLS_SSL_VERSION_TLS1_2: - * serialized_session_tls12 data; - * case MBEDTLS_SSL_VERSION_TLS1_3: - * serialized_session_tls13 data; - * - * }; - * - * } serialized_session; - * - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_session_save(const mbedtls_ssl_session *session, - unsigned char omit_header, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - unsigned char *p = buf; - size_t used = 0; - size_t remaining_len; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - size_t out_len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif - if (session == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (!omit_header) { - /* - * Add Mbed TLS version identifier - */ - used += sizeof(ssl_serialized_session_header); - - if (used <= buf_len) { - memcpy(p, ssl_serialized_session_header, - sizeof(ssl_serialized_session_header)); - p += sizeof(ssl_serialized_session_header); - } - } - - /* - * TLS version identifier, endpoint, ciphersuite - */ - used += 1 /* TLS version */ - + 1 /* endpoint */ - + 2; /* ciphersuite */ - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_0(session->tls_version); - *p++ = session->endpoint; - MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); - p += 2; - } - - /* Forward to version-specific serialization routine. */ - remaining_len = (buf_len >= used) ? buf_len - used : 0; - switch (session->tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - used += ssl_tls12_session_save(session, p, remaining_len); - break; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - ret = ssl_tls13_session_save(session, p, remaining_len, &out_len); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - return ret; - } - used += out_len; - break; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - default: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - *olen = used; - if (used > buf_len) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - return 0; -} - -/* - * Public wrapper for ssl_session_save() - */ -int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - return ssl_session_save(session, 0, buf, buf_len, olen); -} - -/* - * Deserialize session, see mbedtls_ssl_session_save() for format. - * - * This internal version is wrapped by a public function that cleans up in - * case of error, and has an extra option omit_header. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_session_load(mbedtls_ssl_session *session, - unsigned char omit_header, - const unsigned char *buf, - size_t len) -{ - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - size_t remaining_len; - - - if (session == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (!omit_header) { - /* - * Check Mbed TLS version identifier - */ - - if ((size_t) (end - p) < sizeof(ssl_serialized_session_header)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (memcmp(p, ssl_serialized_session_header, - sizeof(ssl_serialized_session_header)) != 0) { - return MBEDTLS_ERR_SSL_VERSION_MISMATCH; - } - p += sizeof(ssl_serialized_session_header); - } - - /* - * TLS version identifier, endpoint, ciphersuite - */ - if (4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); - session->endpoint = *p++; - session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Dispatch according to TLS version. */ - remaining_len = (size_t) (end - p); - switch (session->tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - return ssl_tls12_session_load(session, p, remaining_len); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - return ssl_tls13_session_load(session, p, remaining_len); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - default: - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -} - -/* - * Deserialize session: public wrapper for error cleaning - */ -int mbedtls_ssl_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ - int ret = ssl_session_load(session, 0, buf, len); - - if (ret != 0) { - mbedtls_ssl_session_free(session); - } - - return ret; -} - -/* - * Perform a single step of the SSL handshake - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_handshake_step(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * We may have not been able to send to the peer all the handshake data - * that were written into the output buffer by the previous handshake step, - * if the write to the network callback returned with the - * #MBEDTLS_ERR_SSL_WANT_WRITE error code. - * We proceed to the next handshake step only when all data from the - * previous one have been sent to the peer, thus we make sure that this is - * the case here by calling `mbedtls_ssl_flush_output()`. The function may - * return with the #MBEDTLS_ERR_SSL_WANT_WRITE error code in which case - * we have to wait before to go ahead. - * In the case of TLS 1.3, handshake step handlers do not send data to the - * peer. Data are only sent here and through - * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an - * alert occurred. - */ - if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { - if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - return ret; -} - -int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl == NULL || - ssl->conf == NULL || - ssl->handshake == NULL || - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ret = ssl_prepare_handshake_step(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_handle_pending_alert(ssl); - if (ret != 0) { - goto cleanup; - } - - /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or - * MBEDTLS_SSL_IS_SERVER, this is the return code we give */ - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %s", - mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state))); - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - ret = 0; - break; - - case MBEDTLS_SSL_CLIENT_HELLO: - ret = mbedtls_ssl_write_client_hello(ssl); - break; - - default: -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - ret = mbedtls_ssl_tls13_handshake_client_step(ssl); - } else { - ret = mbedtls_ssl_handshake_client_step(ssl); - } -#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) - ret = mbedtls_ssl_handshake_client_step(ssl); -#else - ret = mbedtls_ssl_tls13_handshake_client_step(ssl); -#endif - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - ret = mbedtls_ssl_tls13_handshake_server_step(ssl); - } else { - ret = mbedtls_ssl_handshake_server_step(ssl); - } -#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) - ret = mbedtls_ssl_handshake_server_step(ssl); -#else - ret = mbedtls_ssl_tls13_handshake_server_step(ssl); -#endif - } -#endif /* MBEDTLS_SSL_SRV_C */ - - if (ret != 0) { - /* handshake_step return error. And it is same - * with alert_reason. - */ - if (ssl->send_alert) { - ret = mbedtls_ssl_handle_pending_alert(ssl); - goto cleanup; - } - } - -cleanup: - return ret; -} - -/* - * Perform the SSL handshake - */ -int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - /* Sanity checks */ - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("You must use " - "mbedtls_ssl_set_timer_cb() for DTLS")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake")); - - /* Main handshake loop */ - while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ret = mbedtls_ssl_handshake_step(ssl); - - if (ret != 0) { - break; - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake")); - - return ret; -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -#if defined(MBEDTLS_SSL_SRV_C) -/* - * Write HelloRequest to request renegotiation on server - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello request")); - - ssl->out_msglen = 4; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello request")); - - return 0; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -/* - * Actually renegotiate current connection, triggered by either: - * - any side: calling mbedtls_ssl_renegotiate(), - * - client: receiving a HelloRequest during mbedtls_ssl_read(), - * - server: receiving any handshake message on server during mbedtls_ssl_read() after - * the initial handshake is completed. - * If the handshake doesn't complete due to waiting for I/O, it will continue - * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. - */ -int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> renegotiate")); - - if ((ret = ssl_handshake_init(ssl)) != 0) { - return ret; - } - - /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and - * the ServerHello will have message_seq = 1" */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->handshake->out_msg_seq = 1; - } else { - ssl->handshake->in_msg_seq = 1; - } - } -#endif - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; - - if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= renegotiate")); - - return 0; -} - -/* - * Renegotiate current connection on client, - * or request renegotiation on server - */ -int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - if (ssl == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_SRV_C) - /* On server, just send the request */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; - - /* Did we already try/start sending HelloRequest? */ - if (ssl->out_left != 0) { - return mbedtls_ssl_flush_output(ssl); - } - - return ssl_write_hello_request(ssl); - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - /* - * On client, either start the renegotiation process or, - * if already in progress, continue the handshake - */ - if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if ((ret = mbedtls_ssl_start_renegotiation(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", ret); - return ret; - } - } else { - if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - return ret; -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if (handshake == NULL) { - return; - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->handshake->certificate_request_context) { - mbedtls_free((void *) handshake->certificate_request_context); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - } - -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(PSA_WANT_ALG_SHA_256) - psa_hash_abort(&handshake->fin_sha256_psa); -#endif -#if defined(PSA_WANT_ALG_SHA_384) - psa_hash_abort(&handshake->fin_sha384_psa); -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - psa_pake_abort(&handshake->psa_pake_ctx); - /* - * Opaque keys are not stored in the handshake's data and it's the user - * responsibility to destroy them. Clear ones, instead, are created by - * the TLS library and should be destroyed at the same level - */ - if (!mbedtls_svc_key_id_is_null(handshake->psa_pake_password)) { - psa_destroy_key(handshake->psa_pake_password); - } - handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; -#if defined(MBEDTLS_SSL_CLI_C) - mbedtls_free(handshake->ecjpake_cache); - handshake->ecjpake_cache = NULL; - handshake->ecjpake_cache_len = 0; -#endif -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - /* explicit void pointer cast for buggy MS compiler */ - mbedtls_free((void *) handshake->curves_tls_id); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - /* The maintenance of the external PSK key slot is the - * user's responsibility. */ - if (ssl->handshake->psk_opaque_is_internal) { - psa_destroy_key(ssl->handshake->psk_opaque); - ssl->handshake->psk_opaque_is_internal = 0; - } - ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /* - * Free only the linked list wrapper, not the keys themselves - * since the belong to the SNI callback - */ - ssl_key_cert_free(handshake->sni_key_cert); -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx); - if (handshake->ecrs_peer_cert != NULL) { - mbedtls_x509_crt_free(handshake->ecrs_peer_cert); - mbedtls_free(handshake->ecrs_peer_cert); - } -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_free(&handshake->peer_pubkey); -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -#if defined(MBEDTLS_SSL_CLI_C) && \ - (defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) - mbedtls_free(handshake->cookie); -#endif /* MBEDTLS_SSL_CLI_C && - ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - mbedtls_ssl_flight_free(handshake->flight); - mbedtls_ssl_buffering_free(ssl); -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) - if (handshake->xxdh_psa_privkey_is_external == 0) { - psa_destroy_key(handshake->xxdh_psa_privkey); - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_transform_free(handshake->transform_handshake); - mbedtls_free(handshake->transform_handshake); -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_transform_free(handshake->transform_earlydata); - mbedtls_free(handshake->transform_earlydata); -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* If the buffers are too big - reallocate. Because of the way Mbed TLS - * processes datagrams and the fact that a datagram is allowed to have - * several records in it, it is possible that the I/O buffers are not - * empty at this stage */ - handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl), - mbedtls_ssl_get_output_buflen(ssl)); -#endif - - /* mbedtls_platform_zeroize MUST be last one in this function */ - mbedtls_platform_zeroize(handshake, - sizeof(mbedtls_ssl_handshake_params)); -} - -void mbedtls_ssl_session_free(mbedtls_ssl_session *session) -{ - if (session == NULL) { - return; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_clear_peer_cert(session); -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - mbedtls_free(session->hostname); -#endif - mbedtls_free(session->ticket); -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && \ - defined(MBEDTLS_SSL_SRV_C) - mbedtls_free(session->ticket_alpn); -#endif - - mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); -} - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 1u -#else -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u -#else -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 0u -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_ALPN) -#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 1u -#else -#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN 0u -#endif /* MBEDTLS_SSL_ALPN */ - -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT 0 -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT 1 -#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT 2 -#define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT 3 - -#define SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG \ - ((uint32_t) ( \ - (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << \ - SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT) | \ - (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << \ - SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT) | \ - (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << \ - SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT) | \ - (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \ - 0u)) - -static const unsigned char ssl_serialized_context_header[] = { - MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, - MBEDTLS_VERSION_PATCH, - MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), - MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG), - MBEDTLS_BYTE_2(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), - MBEDTLS_BYTE_1(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), - MBEDTLS_BYTE_0(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG), -}; - -/* - * Serialize a full SSL context - * - * The format of the serialized data is: - * (in the presentation language of TLS, RFC 8446 section 3) - * - * // header - * opaque mbedtls_version[3]; // major, minor, patch - * opaque context_format[5]; // version-specific field determining - * // the format of the remaining - * // serialized data. - * Note: When updating the format, remember to keep these - * version+format bytes. (We may make their size part of the API.) - * - * // session sub-structure - * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save() - * // transform sub-structure - * uint8 random[64]; // ServerHello.random+ClientHello.random - * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value - * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use - * // fields from ssl_context - * uint32 badmac_seen; // DTLS: number of records with failing MAC - * uint64 in_window_top; // DTLS: last validated record seq_num - * uint64 in_window; // DTLS: bitmask for replay protection - * uint8 disable_datagram_packing; // DTLS: only one record per datagram - * uint64 cur_out_ctr; // Record layer: outgoing sequence number - * uint16 mtu; // DTLS: path mtu (max outgoing fragment size) - * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol - * - * Note that many fields of the ssl_context or sub-structures are not - * serialized, as they fall in one of the following categories: - * - * 1. forced value (eg in_left must be 0) - * 2. pointer to dynamically-allocated memory (eg session, transform) - * 3. value can be re-derived from other data (eg session keys from MS) - * 4. value was temporary (eg content of input buffer) - * 5. value will be provided by the user again (eg I/O callbacks and context) - */ -int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - unsigned char *p = buf; - size_t used = 0; - size_t session_len; - int ret = 0; - - /* - * Enforce usage restrictions, see "return BAD_INPUT_DATA" in - * this function's documentation. - * - * These are due to assumptions/limitations in the implementation. Some of - * them are likely to stay (no handshake in progress) some might go away - * (only DTLS) but are currently used to simplify the implementation. - */ - /* The initial handshake must be over */ - if (mbedtls_ssl_is_handshake_over(ssl) == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Initial handshake isn't over")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (ssl->handshake != NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake isn't completed")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Double-check that sub-structures are indeed ready */ - if (ssl->transform == NULL || ssl->session == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Serialised structures aren't ready")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* There must be no pending incoming or outgoing data */ - if (mbedtls_ssl_check_pending(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending incoming data")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (ssl->out_left != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending outgoing data")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Protocol must be DTLS, not TLS */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Only DTLS is supported")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Version must be 1.2 */ - if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* We must be using an AEAD ciphersuite */ - if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Only AEAD ciphersuites supported")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - /* Renegotiation must not be enabled */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Renegotiation must not be enabled")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif - - /* - * Version and format identifier - */ - used += sizeof(ssl_serialized_context_header); - - if (used <= buf_len) { - memcpy(p, ssl_serialized_context_header, - sizeof(ssl_serialized_context_header)); - p += sizeof(ssl_serialized_context_header); - } - - /* - * Session (length + data) - */ - ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - return ret; - } - - used += 4 + session_len; - if (used <= buf_len) { - MBEDTLS_PUT_UINT32_BE(session_len, p, 0); - p += 4; - - ret = ssl_session_save(ssl->session, 1, - p, session_len, &session_len); - if (ret != 0) { - return ret; - } - - p += session_len; - } - - /* - * Transform - */ - used += sizeof(ssl->transform->randbytes); - if (used <= buf_len) { - memcpy(p, ssl->transform->randbytes, - sizeof(ssl->transform->randbytes)); - p += sizeof(ssl->transform->randbytes); - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - used += 2U + ssl->transform->in_cid_len + ssl->transform->out_cid_len; - if (used <= buf_len) { - *p++ = ssl->transform->in_cid_len; - memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len); - p += ssl->transform->in_cid_len; - - *p++ = ssl->transform->out_cid_len; - memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len); - p += ssl->transform->out_cid_len; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * Saved fields from top-level ssl_context structure - */ - used += 4; - if (used <= buf_len) { - MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0); - p += 4; - } - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - used += 16; - if (used <= buf_len) { - MBEDTLS_PUT_UINT64_BE(ssl->in_window_top, p, 0); - p += 8; - - MBEDTLS_PUT_UINT64_BE(ssl->in_window, p, 0); - p += 8; - } -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - used += 1; - if (used <= buf_len) { - *p++ = ssl->disable_datagram_packing; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - used += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - if (used <= buf_len) { - memcpy(p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN); - p += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - used += 2; - if (used <= buf_len) { - MBEDTLS_PUT_UINT16_BE(ssl->mtu, p, 0); - p += 2; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_ALPN) - { - const uint8_t alpn_len = ssl->alpn_chosen - ? (uint8_t) strlen(ssl->alpn_chosen) - : 0; - - used += 1 + alpn_len; - if (used <= buf_len) { - *p++ = alpn_len; - - if (ssl->alpn_chosen != NULL) { - memcpy(p, ssl->alpn_chosen, alpn_len); - p += alpn_len; - } - } - } -#endif /* MBEDTLS_SSL_ALPN */ - - /* - * Done - */ - *olen = used; - - if (used > buf_len) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "saved context", buf, used); - - return mbedtls_ssl_session_reset_int(ssl, 0); -} - -/* - * Deserialize context, see mbedtls_ssl_context_save() for format. - * - * This internal version is wrapped by a public function that cleans up in - * case of error. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_context_load(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - size_t session_len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - tls_prf_fn prf_func = NULL; -#endif - - /* - * The context should have been freshly setup or reset. - * Give the user an error in case of obvious misuse. - * (Checking session is useful because it won't be NULL if we're - * renegotiating, or if the user mistakenly loaded a session first.) - */ - if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST || - ssl->session != NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * We can't check that the config matches the initial one, but we can at - * least check it matches the requirements for serializing. - */ - if ( -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || -#endif - ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 || - ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 - ) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "context to load", buf, len); - - /* - * Check version identifier - */ - if ((size_t) (end - p) < sizeof(ssl_serialized_context_header)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (memcmp(p, ssl_serialized_context_header, - sizeof(ssl_serialized_context_header)) != 0) { - return MBEDTLS_ERR_SSL_VERSION_MISMATCH; - } - p += sizeof(ssl_serialized_context_header); - - /* - * Session - */ - if ((size_t) (end - p) < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session_len = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - /* This has been allocated by ssl_handshake_init(), called by - * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */ - ssl->session = ssl->session_negotiate; - ssl->session_in = ssl->session; - ssl->session_out = ssl->session; - ssl->session_negotiate = NULL; - - if ((size_t) (end - p) < session_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ret = ssl_session_load(ssl->session, 1, p, session_len); - if (ret != 0) { - mbedtls_ssl_session_free(ssl->session); - return ret; - } - - p += session_len; - - /* - * Transform - */ - - /* This has been allocated by ssl_handshake_init(), called by - * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - ssl->transform = ssl->transform_negotiate; - ssl->transform_in = ssl->transform; - ssl->transform_out = ssl->transform; - ssl->transform_negotiate = NULL; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite); - if (prf_func == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Read random bytes and populate structure */ - if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ret = ssl_tls12_populate_transform(ssl->transform, - ssl->session->ciphersuite, - ssl->session->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - ssl->session->encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - prf_func, - p, /* currently pointing to randbytes */ - MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */ - ssl->conf->endpoint, - ssl); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - p += sizeof(ssl->transform->randbytes); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Read connection IDs and store them */ - if ((size_t) (end - p) < 1) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->transform->in_cid_len = *p++; - - if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len); - p += ssl->transform->in_cid_len; - - ssl->transform->out_cid_len = *p++; - - if ((size_t) (end - p) < ssl->transform->out_cid_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len); - p += ssl->transform->out_cid_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * Saved fields from top-level ssl_context structure - */ - if ((size_t) (end - p) < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if ((size_t) (end - p) < 16) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->in_window_top = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - - ssl->in_window = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if ((size_t) (end - p) < 1) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->disable_datagram_packing = *p++; -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if ((size_t) (end - p) < sizeof(ssl->cur_out_ctr)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - memcpy(ssl->cur_out_ctr, p, sizeof(ssl->cur_out_ctr)); - p += sizeof(ssl->cur_out_ctr); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if ((size_t) (end - p) < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_ALPN) - { - uint8_t alpn_len; - const char *const *cur; - - if ((size_t) (end - p) < 1) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - alpn_len = *p++; - - if (alpn_len != 0 && ssl->conf->alpn_list != NULL) { - /* alpn_chosen should point to an item in the configured list */ - for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { - if (strlen(*cur) == alpn_len && - memcmp(p, *cur, alpn_len) == 0) { - ssl->alpn_chosen = *cur; - break; - } - } - } - - /* can only happen on conf mismatch */ - if (alpn_len != 0 && ssl->alpn_chosen == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - p += alpn_len; - } -#endif /* MBEDTLS_SSL_ALPN */ - - /* - * Forced fields from top-level ssl_context structure - * - * Most of them already set to the correct value by mbedtls_ssl_init() and - * mbedtls_ssl_reset(), so we only need to set the remaining ones. - */ - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - - /* Adjust pointers for header fields of outgoing records to - * the given transform, accounting for explicit IV and CID. */ - mbedtls_ssl_update_out_pointers(ssl, ssl->transform); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - ssl->in_epoch = 1; -#endif - - /* mbedtls_ssl_reset() leaves the handshake sub-structure allocated, - * which we don't want - otherwise we'd end up freeing the wrong transform - * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform() - * inappropriately. */ - if (ssl->handshake != NULL) { - mbedtls_ssl_handshake_free(ssl); - mbedtls_free(ssl->handshake); - ssl->handshake = NULL; - } - - /* - * Done - should have consumed entire buffer - */ - if (p != end) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return 0; -} - -/* - * Deserialize context: public wrapper for error cleaning - */ -int mbedtls_ssl_context_load(mbedtls_ssl_context *context, - const unsigned char *buf, - size_t len) -{ - int ret = ssl_context_load(context, buf, len); - - if (ret != 0) { - mbedtls_ssl_free(context); - } - - return ret; -} -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -/* - * Free an SSL context - */ -void mbedtls_ssl_free(mbedtls_ssl_context *ssl) -{ - if (ssl == NULL) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> free")); - - if (ssl->out_buf != NULL) { -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len; -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; -#endif - - mbedtls_zeroize_and_free(ssl->out_buf, out_buf_len); - ssl->out_buf = NULL; - } - - if (ssl->in_buf != NULL) { -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len = ssl->in_buf_len; -#else - size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; -#endif - - mbedtls_zeroize_and_free(ssl->in_buf, in_buf_len); - ssl->in_buf = NULL; - } - - if (ssl->transform) { - mbedtls_ssl_transform_free(ssl->transform); - mbedtls_free(ssl->transform); - } - - if (ssl->handshake) { - mbedtls_ssl_handshake_free(ssl); - mbedtls_free(ssl->handshake); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_transform_free(ssl->transform_negotiate); - mbedtls_free(ssl->transform_negotiate); -#endif - - mbedtls_ssl_session_free(ssl->session_negotiate); - mbedtls_free(ssl->session_negotiate); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_transform_free(ssl->transform_application); - mbedtls_free(ssl->transform_application); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (ssl->session) { - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_ssl_free_hostname(ssl); -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - mbedtls_free(ssl->cli_id); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= free")); - - /* Actually clear after last debug message */ - mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context)); -} - -/* - * Initialize mbedtls_ssl_config - */ -void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) -{ - memset(conf, 0, sizeof(mbedtls_ssl_config)); -} - -/* The selection should be the same as mbedtls_x509_crt_profile_default in - * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: - * curves with a lower resource usage come first. - * See the documentation of mbedtls_ssl_conf_groups() for what we promise - * about this list. - */ -static const uint16_t ssl_preset_default_groups[] = { -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - MBEDTLS_SSL_IANA_TLS_GROUP_X25519, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - MBEDTLS_SSL_IANA_TLS_GROUP_X448, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_521) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, -#endif -#if defined(PSA_WANT_ALG_FFDH) - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, -#endif - MBEDTLS_SSL_IANA_TLS_GROUP_NONE -}; - -static const int ssl_preset_suiteb_ciphersuites[] = { - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - 0 -}; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* NOTICE: - * For ssl_preset_*_sig_algs and ssl_tls12_preset_*_sig_algs, the following - * rules SHOULD be upheld. - * - No duplicate entries. - * - But if there is a good reason, do not change the order of the algorithms. - * - ssl_tls12_preset* is for TLS 1.2 use only. - * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. - */ -static const uint16_t ssl_preset_default_sig_algs[] = { - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256) -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_512) && \ - defined(PSA_WANT_ECC_SECP_R1_521) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512) -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_512) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_384) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif - -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_512) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_512 */ - -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */ - -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 */ - - MBEDTLS_TLS_SIG_NONE -}; - -/* NOTICE: see above */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static const uint16_t ssl_tls12_preset_default_sig_algs[] = { - -#if defined(PSA_WANT_ALG_SHA_512) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512), -#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512), -#endif -#endif /* PSA_WANT_ALG_SHA_512 */ - -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), -#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384), -#endif -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), -#endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256), -#endif -#endif /* PSA_WANT_ALG_SHA_256 */ - - MBEDTLS_TLS_SIG_NONE -}; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -/* NOTICE: see above */ -static const uint16_t ssl_preset_suiteb_sig_algs[] = { - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256) -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, - // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) -#endif - - MBEDTLS_TLS_SIG_NONE -}; - -/* NOTICE: see above */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static const uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), -#endif -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), -#endif -#endif /* PSA_WANT_ALG_SHA_384 */ - - MBEDTLS_TLS_SIG_NONE -}; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -static const uint16_t ssl_preset_suiteb_groups[] = { -#if defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, -#endif - MBEDTLS_SSL_IANA_TLS_GROUP_NONE -}; - -#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` - * to make sure there are no duplicated signature algorithm entries. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs) -{ - size_t i, j; - int ret = 0; - - for (i = 0; sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++) { - for (j = 0; j < i; j++) { - if (sig_algs[i] != sig_algs[j]) { - continue; - } - mbedtls_printf(" entry(%04x,%" MBEDTLS_PRINTF_SIZET - ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n", - sig_algs[i], j, i); - ret = -1; - } - } - return ret; -} - -#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Load default in mbedtls_ssl_config - */ -int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, - int endpoint, int transport, int preset) -{ -#if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) { - mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - - if (ssl_check_no_sig_alg_duplication(ssl_preset_default_sig_algs)) { - mbedtls_printf("ssl_preset_default_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_suiteb_sig_algs)) { - mbedtls_printf("ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - - if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_default_sig_algs)) { - mbedtls_printf("ssl_tls12_preset_default_sig_algs has duplicated entries\n"); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - /* Use the functions here so that they are covered in tests, - * but otherwise access member directly for efficiency */ - mbedtls_ssl_conf_endpoint(conf, endpoint); - mbedtls_ssl_conf_transport(conf, transport); - - /* - * Things that are common to all presets - */ -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; -#endif - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - conf->f_cookie_write = ssl_cookie_write_dummy; - conf->f_cookie_check = ssl_cookie_check_dummy; -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED; -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; - conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER; -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN; - conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX; -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset(conf->renego_period, 0x00, 2); - memset(conf->renego_period + 2, 0xFF, 6); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_max_early_data_size(conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); -#endif -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_new_session_tickets( - conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS); -#endif - /* - * Allow all TLS 1.3 key exchange modes by default. - */ - conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; -#else - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -#endif - } else { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) - conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2; -#else - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -#endif - } - - /* - * Preset-specific defaults - */ - switch (preset) { - /* - * NSA Suite B - */ - case MBEDTLS_SSL_PRESET_SUITEB: - - conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (mbedtls_ssl_conf_is_tls12_only(conf)) { - conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - conf->sig_algs = ssl_preset_suiteb_sig_algs; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - conf->group_list = ssl_preset_suiteb_groups; - break; - - /* - * Default - */ - default: - - conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - conf->cert_profile = &mbedtls_x509_crt_profile_default; -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (mbedtls_ssl_conf_is_tls12_only(conf)) { - conf->sig_algs = ssl_tls12_preset_default_sig_algs; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - conf->sig_algs = ssl_preset_default_sig_algs; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - conf->group_list = ssl_preset_default_groups; - } - - return 0; -} - -/* - * Free mbedtls_ssl_config - */ -void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) -{ - if (conf == NULL) { - return; - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } - if (conf->psk != NULL) { - mbedtls_zeroize_and_free(conf->psk, conf->psk_len); - conf->psk = NULL; - conf->psk_len = 0; - } - - if (conf->psk_identity != NULL) { - mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len); - conf->psk_identity = NULL; - conf->psk_identity_len = 0; - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_key_cert_free(conf->key_cert); -#endif - - mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config)); -} - -#if defined(MBEDTLS_PK_C) && \ - (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)) -/* - * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX - */ -unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) -{ -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) { - return MBEDTLS_SSL_SIG_RSA; - } -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) - if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { - return MBEDTLS_SSL_SIG_ECDSA; - } -#endif - return MBEDTLS_SSL_SIG_ANON; -} - -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) -{ - switch (type) { - case MBEDTLS_PK_SIGALG_RSA_PKCS1V15: - return MBEDTLS_SSL_SIG_RSA; - case MBEDTLS_PK_SIGALG_ECDSA: - return MBEDTLS_SSL_SIG_ECDSA; - default: - return MBEDTLS_SSL_SIG_ANON; - } -} - -mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig) -{ - switch (sig) { -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: - return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) - case MBEDTLS_SSL_SIG_ECDSA: - return MBEDTLS_PK_SIGALG_ECDSA; -#endif - default: - return MBEDTLS_PK_SIGALG_NONE; - } -} -#endif /* MBEDTLS_PK_C && - ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */ - -/* - * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX - */ -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash) -{ - switch (hash) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_SSL_HASH_MD5: - return MBEDTLS_MD_MD5; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_SSL_HASH_SHA1: - return MBEDTLS_MD_SHA1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_SSL_HASH_SHA224: - return MBEDTLS_MD_SHA224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_HASH_SHA256: - return MBEDTLS_MD_SHA256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_HASH_SHA384: - return MBEDTLS_MD_SHA384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_SSL_HASH_SHA512: - return MBEDTLS_MD_SHA512; -#endif - default: - return MBEDTLS_MD_NONE; - } -} - -/* - * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX - */ -unsigned char mbedtls_ssl_hash_from_md_alg(int md) -{ - switch (md) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return MBEDTLS_SSL_HASH_MD5; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return MBEDTLS_SSL_HASH_SHA1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return MBEDTLS_SSL_HASH_SHA224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return MBEDTLS_SSL_HASH_SHA256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return MBEDTLS_SSL_HASH_SHA384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return MBEDTLS_SSL_HASH_SHA512; -#endif - default: - return MBEDTLS_SSL_HASH_NONE; - } -} - -/* - * Check if a curve proposed by the peer is in our list. - * Return 0 if we're willing to use it, -1 otherwise. - */ -int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id) -{ - const uint16_t *group_list = ssl->conf->group_list; - - if (group_list == NULL) { - return -1; - } - - for (; *group_list != 0; group_list++) { - if (*group_list == tls_id) { - return 0; - } - } - - return -1; -} - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -/* - * Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id. - */ -int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id) -{ - uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - - if (tls_id == 0) { - return -1; - } - - return mbedtls_ssl_check_curve_tls_id(ssl, tls_id); -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -static const struct { - uint16_t tls_id; - mbedtls_ecp_group_id ecp_group_id; - psa_ecc_family_t psa_family; - uint16_t bits; -} tls_id_match_table[] = -{ -#if defined(PSA_WANT_ECC_SECP_R1_521) - { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256 }, -#endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 }, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 }, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 }, -#endif - { 0, MBEDTLS_ECP_DP_NONE, 0, 0 }, -}; - -int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id, - psa_key_type_t *type, - size_t *bits) -{ - for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { - if (tls_id_match_table[i].tls_id == tls_id) { - if (type != NULL) { - *type = PSA_KEY_TYPE_ECC_KEY_PAIR(tls_id_match_table[i].psa_family); - } - if (bits != NULL) { - *bits = tls_id_match_table[i].bits; - } - return PSA_SUCCESS; - } - } - - return PSA_ERROR_NOT_SUPPORTED; -} - -mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id) -{ - for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) { - if (tls_id_match_table[i].tls_id == tls_id) { - return tls_id_match_table[i].ecp_group_id; - } - } - - return MBEDTLS_ECP_DP_NONE; -} - -uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) -{ - for (int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE; - i++) { - if (tls_id_match_table[i].ecp_group_id == grp_id) { - return tls_id_match_table[i].tls_id; - } - } - - return 0; -} - -#if defined(MBEDTLS_DEBUG_C) -static const struct { - uint16_t tls_id; - const char *name; -} tls_id_curve_name_table[] = -{ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, - { 0, NULL }, -}; - -const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) -{ - for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { - if (tls_id_curve_name_table[i].tls_id == tls_id) { - return tls_id_curve_name_table[i].name; - } - } - - return NULL; -} -#endif - -int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, - const mbedtls_md_type_t md, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *hash_operation_to_clone; - psa_hash_operation_t hash_operation = psa_hash_operation_init(); - - *olen = 0; - - switch (md) { -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - hash_operation_to_clone = &ssl->handshake->fin_sha384_psa; - break; -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - hash_operation_to_clone = &ssl->handshake->fin_sha256_psa; - break; -#endif - - default: - goto exit; - } - - status = psa_hash_clone(hash_operation_to_clone, &hash_operation); - if (status != PSA_SUCCESS) { - goto exit; - } - - status = psa_hash_finish(&hash_operation, dst, dst_len, olen); - if (status != PSA_SUCCESS) { - goto exit; - } - -exit: -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ssl; -#endif - return PSA_TO_MBEDTLS_ERR(status); -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* mbedtls_ssl_parse_sig_alg_ext() - * - * The `extension_data` field of signature algorithm contains a `SignatureSchemeList` - * value (TLS 1.3 RFC8446): - * enum { - * .... - * ecdsa_secp256r1_sha256( 0x0403 ), - * ecdsa_secp384r1_sha384( 0x0503 ), - * ecdsa_secp521r1_sha512( 0x0603 ), - * .... - * } SignatureScheme; - * - * struct { - * SignatureScheme supported_signature_algorithms<2..2^16-2>; - * } SignatureSchemeList; - * - * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm` - * value (TLS 1.2 RFC5246): - * enum { - * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), - * sha512(6), (255) - * } HashAlgorithm; - * - * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } - * SignatureAlgorithm; - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * SignatureAndHashAlgorithm - * supported_signature_algorithms<2..2^16-2>; - * - * The TLS 1.3 signature algorithm extension was defined to be a compatible - * generalization of the TLS 1.2 signature algorithm extension. - * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by - * `SignatureScheme` field of TLS 1.3 - * - */ -int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t supported_sig_algs_len = 0; - const unsigned char *supported_sig_algs_end; - uint16_t sig_alg; - uint32_t common_idx = 0; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - supported_sig_algs_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - memset(ssl->handshake->received_sig_algs, 0, - sizeof(ssl->handshake->received_sig_algs)); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, supported_sig_algs_len); - supported_sig_algs_end = p + supported_sig_algs_len; - while (p < supported_sig_algs_end) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, supported_sig_algs_end, 2); - sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(4, ("received signature algorithm: 0x%x %s", - sig_alg, - mbedtls_ssl_sig_alg_to_str(sig_alg))); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - (!(mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg) && - mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)))) { - continue; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - MBEDTLS_SSL_DEBUG_MSG(4, ("valid signature algorithm: %s", - mbedtls_ssl_sig_alg_to_str(sig_alg))); - - if (common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE) { - ssl->handshake->received_sig_algs[common_idx] = sig_alg; - common_idx += 1; - } - } - /* Check that we consumed all the message. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Signature algorithms extension length misaligned")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (common_idx == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("no signature algorithm in common")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE; - return 0; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - - -static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const unsigned char *raw_psk, size_t raw_psk_length, - const unsigned char *seed, size_t seed_length, - const unsigned char *label, size_t label_length, - const unsigned char *other_secret, - size_t other_secret_length, - size_t capacity) -{ - psa_status_t status; - - status = psa_key_derivation_setup(derivation, alg); - if (status != PSA_SUCCESS) { - return status; - } - - if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { - status = psa_key_derivation_input_bytes(derivation, - PSA_KEY_DERIVATION_INPUT_SEED, - seed, seed_length); - if (status != PSA_SUCCESS) { - return status; - } - - if (other_secret != NULL) { - status = psa_key_derivation_input_bytes(derivation, - PSA_KEY_DERIVATION_INPUT_OTHER_SECRET, - other_secret, other_secret_length); - if (status != PSA_SUCCESS) { - return status; - } - } - - if (mbedtls_svc_key_id_is_null(key)) { - status = psa_key_derivation_input_bytes( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, - raw_psk, raw_psk_length); - } else { - status = psa_key_derivation_input_key( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key); - } - if (status != PSA_SUCCESS) { - return status; - } - - status = psa_key_derivation_input_bytes(derivation, - PSA_KEY_DERIVATION_INPUT_LABEL, - label, label_length); - if (status != PSA_SUCCESS) { - return status; - } - } else { - return PSA_ERROR_NOT_SUPPORTED; - } - - status = psa_key_derivation_set_capacity(derivation, capacity); - if (status != PSA_SUCCESS) { - return status; - } - - return PSA_SUCCESS; -} - -#if defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_generic(mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, size_t label_len, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - psa_status_t status; - psa_algorithm_t alg; - mbedtls_svc_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - if (md_type == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); - } else { - alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); - } - - /* Normally a "secret" should be long enough to be impossible to - * find by brute force, and in particular should not be empty. But - * this PRF is also used to derive an IV, in particular in EAP-TLS, - * and for this use case it makes sense to have a 0-length "secret". - * Since the key API doesn't allow importing a key of length 0, - * keep master_key=0, which setup_psa_key_derivation() understands - * to mean a 0-length "secret" input. */ - if (slen != 0) { - psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, secret, slen, &master_key); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } - - status = setup_psa_key_derivation(&derivation, - master_key, alg, - NULL, 0, - random, rlen, - (unsigned char const *) label, - label_len, - NULL, 0, - dlen); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - psa_destroy_key(master_key); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_output_bytes(&derivation, dstbuf, dlen); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - psa_destroy_key(master_key); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_abort(&derivation); - if (status != PSA_SUCCESS) { - psa_destroy_key(master_key); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - if (!mbedtls_svc_key_id_is_null(master_key)) { - status = psa_destroy_key(master_key); - } - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - return 0; -} -#endif /* PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha256(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen, - label, strlen(label), random, rlen, dstbuf, dlen); -} -#endif /* PSA_WANT_ALG_SHA_256*/ - -#if defined(PSA_WANT_ALG_SHA_384) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_sha384(const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen, - label, strlen(label), random, rlen, dstbuf, dlen); -} -#endif /* PSA_WANT_ALG_SHA_384*/ - -/* - * Set appropriate PRF function and other SSL / TLS1.2 functions - * - * Inputs: - * - hash associated with the ciphersuite (only used by TLS 1.2) - * - * Outputs: - * - the tls_prf, calc_verify and calc_finished members of handshake structure - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake, - mbedtls_md_type_t hash) -{ -#if defined(PSA_WANT_ALG_SHA_384) - if (hash == MBEDTLS_MD_SHA384) { - handshake->tls_prf = tls_prf_sha384; - handshake->calc_verify = ssl_calc_verify_tls_sha384; - handshake->calc_finished = ssl_calc_finished_tls_sha384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - { - (void) hash; - handshake->tls_prf = tls_prf_sha256; - handshake->calc_verify = ssl_calc_verify_tls_sha256; - handshake->calc_finished = ssl_calc_finished_tls_sha256; - } -#else - { - (void) handshake; - (void) hash; - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif - - return 0; -} - -/* - * Compute master secret if needed - * - * Parameters: - * [in/out] handshake - * [in] resume, premaster, extended_ms, calc_verify, tls_prf - * (PSA-PSK) ciphersuite_info, psk_opaque - * [out] premaster (cleared) - * [out] master - * [in] ssl: optionally used for debugging, EMS and PSA-PSK - * debug: conf->f_dbg, conf->p_dbg - * EMS: passed to calc_verify (debug + session_negotiate) - * PSA-PSA: conf - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, - unsigned char *master, - const mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* cf. RFC 5246, Section 8.1: - * "The master secret is always exactly 48 bytes in length." */ - size_t const master_secret_len = 48; - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - unsigned char session_hash[48]; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - - /* The label for the KDF used for key expansion. - * This is either "master secret" or "extended master secret" - * depending on whether the Extended Master Secret extension - * is used. */ - char const *lbl = "master secret"; - - /* The seed for the KDF used for key expansion. - * - If the Extended Master Secret extension is not used, - * this is ClientHello.Random + ServerHello.Random - * (see Sect. 8.1 in RFC 5246). - * - If the Extended Master Secret extension is used, - * this is the transcript of the handshake so far. - * (see Sect. 4 in RFC 7627). */ - unsigned char const *seed = handshake->randbytes; - size_t seed_len = 64; - -#if !defined(MBEDTLS_DEBUG_C) && \ - !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - ssl = NULL; /* make sure we don't use it except for those cases */ - (void) ssl; -#endif - - if (handshake->resume != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("no premaster (session resumed)")); - return 0; - } - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { - lbl = "extended master secret"; - seed = session_hash; - ret = handshake->calc_verify(ssl, session_hash, &seed_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calc_verify", ret); - } - - MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret", - session_hash, seed_len); - } -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_psk(handshake->ciphersuite_info) == 1) { - /* Perform PSK-to-MS expansion in a single step. */ - psa_status_t status; - psa_algorithm_t alg; - mbedtls_svc_key_id_t psk; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - - MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion")); - - psk = mbedtls_ssl_get_opaque_psk(ssl); - - if (hash_alg == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } - - size_t other_secret_len = 0; - unsigned char *other_secret = NULL; - - switch (handshake->ciphersuite_info->key_exchange) { - /* Provide other secret. - * Other secret is stored in premaster, where first 2 bytes hold the - * length of the other key. - */ - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0); - other_secret = handshake->premaster + 2; - break; - default: - break; - } - - status = setup_psa_key_derivation(&derivation, psk, alg, - ssl->conf->psk, ssl->conf->psk_len, - seed, seed_len, - (unsigned char const *) lbl, - (size_t) strlen(lbl), - other_secret, other_secret_len, - master_secret_len); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_output_bytes(&derivation, - master, - master_secret_len); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_abort(&derivation); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } else -#endif - { -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - psa_status_t status; - psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS; - psa_key_derivation_operation_t derivation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PMS KDF for ECJPAKE")); - - handshake->pmslen = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE; - - status = psa_key_derivation_setup(&derivation, alg); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_set_capacity(&derivation, - PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - mbedtls_svc_key_id_t shared_key_id = MBEDTLS_SVC_KEY_ID_INIT; - - psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&shared_key_attributes, alg); - psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, - &shared_key_attributes, - &shared_key_id); - - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_input_key(&derivation, - PSA_KEY_DERIVATION_INPUT_SECRET, - shared_key_id); - - psa_destroy_key(shared_key_id); - - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_output_bytes(&derivation, - handshake->premaster, - handshake->pmslen); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(&derivation); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - status = psa_key_derivation_abort(&derivation); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } -#endif - ret = handshake->tls_prf(handshake->premaster, handshake->pmslen, - lbl, seed, seed_len, - master, - master_secret_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "premaster secret", - handshake->premaster, - handshake->pmslen); - - mbedtls_platform_zeroize(handshake->premaster, - sizeof(handshake->premaster)); - } - - return 0; -} - -int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive keys")); - - /* Set PRF, calc_verify and calc_finished function pointers */ - ret = ssl_set_handshake_prfs(ssl->handshake, - (mbedtls_md_type_t) ciphersuite_info->mac); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_set_handshake_prfs", ret); - return ret; - } - - /* Compute master secret if needed */ - ret = ssl_compute_master(ssl->handshake, - ssl->session_negotiate->master, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_compute_master", ret); - return ret; - } - - /* Swap the client and server random values: - * - MS derivation wanted client+server (RFC 5246 8.1) - * - key derivation wants server+client (RFC 5246 6.3) */ - { - unsigned char tmp[64]; - memcpy(tmp, ssl->handshake->randbytes, 64); - memcpy(ssl->handshake->randbytes, tmp + 32, 32); - memcpy(ssl->handshake->randbytes + 32, tmp, 32); - mbedtls_platform_zeroize(tmp, sizeof(tmp)); - } - - /* Populate transform structure */ - ret = ssl_tls12_populate_transform(ssl->transform_negotiate, - ssl->session_negotiate->ciphersuite, - ssl->session_negotiate->master, -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - ssl->session_negotiate->encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ssl->handshake->tls_prf, - ssl->handshake->randbytes, - ssl->tls_version, - ssl->conf->endpoint, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls12_populate_transform", ret); - return ret; - } - - /* We no longer need Server/ClientHello.random values */ - mbedtls_platform_zeroize(ssl->handshake->randbytes, - sizeof(ssl->handshake->randbytes)); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive keys")); - - return 0; -} - -int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) -{ - switch (md) { -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_SSL_HASH_SHA384: - ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; - break; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_SSL_HASH_SHA256: - ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256; - break; -#endif - default: - return -1; - } -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ssl; -#endif - return 0; -} - -static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl, - const psa_hash_operation_t *hs_op, - size_t buffer_size, - unsigned char *hash, - size_t *hlen) -{ - psa_status_t status; - psa_hash_operation_t cloned_op = psa_hash_operation_init(); - -#if !defined(MBEDTLS_DEBUG_C) - (void) ssl; -#endif - MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify")); - status = psa_hash_clone(hs_op, &cloned_op); - if (status != PSA_SUCCESS) { - goto exit; - } - - status = psa_hash_finish(&cloned_op, hash, buffer_size, hlen); - if (status != PSA_SUCCESS) { - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); - -exit: - psa_hash_abort(&cloned_op); - return mbedtls_md_error_from_psa(status); -} - -#if defined(PSA_WANT_ALG_SHA_256) -int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen) -{ - return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32, - hash, hlen); -} -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) -int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen) -{ - return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48, - hash, hlen); -} -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_request(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl) -{ - /* If renegotiation is not enforced, retransmit until we would reach max - * timeout if we were using the usual handshake doubling scheme */ - if (ssl->conf->renego_max_records < 0) { - uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; - unsigned char doublings = 1; - - while (ratio != 0) { - ++doublings; - ratio >>= 1; - } - - if (++ssl->renego_records_seen > doublings) { - MBEDTLS_SSL_DEBUG_MSG(2, ("no longer retransmitting hello request")); - return 0; - } - } - - return ssl_write_hello_request(ssl); -} -#endif -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ - -/* - * Handshake functions - */ -#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -/* No certificate support -> dummy functions */ -int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -/* Some certificate support -> implement write and parse */ - -int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t i, n; - const mbedtls_x509_crt *crt; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - if (ssl->handshake->client_auth == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (mbedtls_ssl_own_cert(ssl) == NULL) { - /* Should never happen because we shouldn't have picked the - * ciphersuite if we don't have a certificate. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - } -#endif - - MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", mbedtls_ssl_own_cert(ssl)); - - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 6 length of all certs - * 7 . 9 length of cert. 1 - * 10 . n-1 peer certificate - * n . n+2 length of cert. 2 - * n+3 . ... upper level cert, etc. - */ - i = 7; - crt = mbedtls_ssl_own_cert(ssl); - - while (crt != NULL) { - n = crt->raw.len; - if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) { - MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl->out_msg[i] = MBEDTLS_BYTE_2(n); - ssl->out_msg[i + 1] = MBEDTLS_BYTE_1(n); - ssl->out_msg[i + 2] = MBEDTLS_BYTE_0(n); - - i += 3; memcpy(ssl->out_msg + i, crt->raw.p, n); - i += n; crt = crt->next; - } - - ssl->out_msg[4] = MBEDTLS_BYTE_2(i - 7); - ssl->out_msg[5] = MBEDTLS_BYTE_1(i - 7); - ssl->out_msg[6] = MBEDTLS_BYTE_0(i - 7); - - ssl->out_msglen = i; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; - - mbedtls_ssl_handshake_increment_state(ssl); - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate")); - - return ret; -} - -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len) -{ - mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; - - if (peer_crt == NULL) { - return -1; - } - - if (peer_crt->raw.len != crt_buf_len) { - return -1; - } - - return memcmp(peer_crt->raw.p, crt_buf, peer_crt->raw.len); -} -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char const * const peer_cert_digest = - ssl->session->peer_cert_digest; - mbedtls_md_type_t const peer_cert_digest_type = - ssl->session->peer_cert_digest_type; - mbedtls_md_info_t const * const digest_info = - mbedtls_md_info_from_type(peer_cert_digest_type); - unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; - size_t digest_len; - - if (peer_cert_digest == NULL || digest_info == NULL) { - return -1; - } - - digest_len = mbedtls_md_get_size(digest_info); - if (digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN) { - return -1; - } - - ret = mbedtls_md(digest_info, crt_buf, crt_buf_len, tmp_digest); - if (ret != 0) { - return -1; - } - - return memcmp(tmp_digest, peer_cert_digest, digest_len); -} -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ - -/* - * Once the certificate message is read, parse it into a cert chain and - * perform basic checks, but leave actual verification to the caller - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *chain) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - int crt_cnt = 0; -#endif - size_t i, n; - uint8_t alert; - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - i = mbedtls_ssl_hs_hdr_len(ssl); - - /* - * Same message structure as in mbedtls_ssl_write_certificate() - */ - n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); - - if (ssl->in_msg[i] != 0 || - ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ - i += 3; - - /* Iterate through and parse the CRTs in the provided chain. */ - while (i < ssl->in_hslen) { - /* Check that there's room for the next CRT's length fields. */ - if (i + 3 > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - /* In theory, the CRT can be up to 2**24 Bytes, but we don't support - * anything beyond 2**16 ~ 64K. */ - if (ssl->in_msg[i] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - /* Read length of the next CRT in the chain. */ - n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); - i += 3; - - if (n < 128 || i + n > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Check if we're handling the first CRT in the chain. */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - if (crt_cnt++ == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - /* During client-side renegotiation, check that the server's - * end-CRTs hasn't changed compared to the initial handshake, - * mitigating the triple handshake attack. On success, reuse - * the original end-CRT instead of parsing it again. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("Check that peer CRT hasn't changed during renegotiation")); - if (ssl_check_peer_crt_unchanged(ssl, - &ssl->in_msg[i], - n) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("new server cert during renegotiation")); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - /* Now we can safely free the original chain. */ - ssl_clear_peer_cert(ssl->session); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ - - /* Parse the next certificate in the chain. */ -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n); -#else - /* If we don't need to store the CRT chain permanently, parse - * it in-place from the input buffer instead of making a copy. */ - ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n); -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - switch (ret) { - case 0: /*ok*/ - case MBEDTLS_ERR_X509_UNKNOWN_OID: - /* Ignore certificate with an unknown algorithm: maybe a - prior certificate was already trusted. */ - break; - - case MBEDTLS_ERR_X509_ALLOC_FAILED: - alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR; - goto crt_parse_der_failed; - - case MBEDTLS_ERR_X509_UNKNOWN_VERSION: - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - goto crt_parse_der_failed; - - default: - alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; -crt_parse_der_failed: - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - } - - i += n; - } - - MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", chain); - return 0; -} - -#if defined(MBEDTLS_SSL_SRV_C) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_srv_check_client_no_crt_notification(mbedtls_ssl_context *ssl) -{ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - return -1; - } - - if (ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len(ssl) && - ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && - memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer has no certificate")); - return 0; - } - return -1; -} -#endif /* MBEDTLS_SSL_SRV_C */ - -/* Check if a certificate message is expected. - * Return either - * - SSL_CERTIFICATE_EXPECTED, or - * - SSL_CERTIFICATE_SKIP - * indicating whether a Certificate message is expected or not. - */ -#define SSL_CERTIFICATE_EXPECTED 0 -#define SSL_CERTIFICATE_SKIP 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, - int authmode) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { - return SSL_CERTIFICATE_SKIP; - } - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (authmode == MBEDTLS_SSL_VERIFY_NONE) { - ssl->session_negotiate->verify_result = - MBEDTLS_X509_BADCERT_SKIP_VERIFY; - return SSL_CERTIFICATE_SKIP; - } - } -#else - ((void) authmode); -#endif /* MBEDTLS_SSL_SRV_C */ - - return SSL_CERTIFICATE_EXPECTED; -} - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl, - unsigned char *start, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* Remember digest of the peer's end-CRT. */ - ssl->session_negotiate->peer_cert_digest = - mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); - if (ssl->session_negotiate->peer_cert_digest == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed", - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN)); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - start, len, - ssl->session_negotiate->peer_cert_digest); - - ssl->session_negotiate->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - ssl->session_negotiate->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_remember_peer_pubkey(mbedtls_ssl_context *ssl, - unsigned char *start, size_t len) -{ - unsigned char *end = start + len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Make a copy of the peer's raw public key. */ - mbedtls_pk_init(&ssl->handshake->peer_pubkey); - ret = mbedtls_pk_parse_subpubkey(&start, end, - &ssl->handshake->peer_pubkey); - if (ret != 0) { - /* We should have parsed the public key before. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return 0; -} -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) -{ - int ret = 0; - int crt_expected; - /* Authmode: precedence order is SNI if used else configuration */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; -#else - const int authmode = ssl->conf->authmode; -#endif - void *rs_ctx = NULL; - mbedtls_x509_crt *chain = NULL; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - - crt_expected = ssl_parse_certificate_coordinate(ssl, authmode); - if (crt_expected == SSL_CERTIFICATE_SKIP) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); - goto exit; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) { - chain = ssl->handshake->ecrs_peer_cert; - ssl->handshake->ecrs_peer_cert = NULL; - goto crt_verify; - } -#endif - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - /* mbedtls_ssl_read_record may have sent an alert already. We - let it decide whether to alert. */ - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - goto exit; - } - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl_srv_check_client_no_crt_notification(ssl) == 0) { - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - - if (authmode != MBEDTLS_SSL_VERIFY_OPTIONAL) { - ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - - goto exit; - } -#endif /* MBEDTLS_SSL_SRV_C */ - - /* Clear existing peer CRT structure in case we tried to - * reuse a session but it failed, and allocate a new one. */ - ssl_clear_peer_cert(ssl->session_negotiate); - - chain = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (chain == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", - sizeof(mbedtls_x509_crt))); - mbedtls_ssl_send_alert_message(ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_x509_crt_init(chain); - - ret = ssl_parse_certificate_chain(ssl, chain); - if (ret != 0) { - goto exit; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; - } - -crt_verify: - if (ssl->handshake->ecrs_enabled) { - rs_ctx = &ssl->handshake->ecrs_ctx; - } -#endif - - ret = mbedtls_ssl_verify_certificate(ssl, authmode, chain, - ssl->handshake->ciphersuite_info, - rs_ctx); - if (ret != 0) { - goto exit; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - { - unsigned char *crt_start, *pk_start; - size_t crt_len, pk_len; - - /* We parse the CRT chain without copying, so - * these pointers point into the input buffer, - * and are hence still valid after freeing the - * CRT chain. */ - - crt_start = chain->raw.p; - crt_len = chain->raw.len; - - pk_start = chain->pk_raw.p; - pk_len = chain->pk_raw.len; - - /* Free the CRT structures before computing - * digest and copying the peer's public key. */ - mbedtls_x509_crt_free(chain); - mbedtls_free(chain); - chain = NULL; - - ret = ssl_remember_peer_crt_digest(ssl, crt_start, crt_len); - if (ret != 0) { - goto exit; - } - - ret = ssl_remember_peer_pubkey(ssl, pk_start, pk_len); - if (ret != 0) { - goto exit; - } - } -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Pass ownership to session structure. */ - ssl->session_negotiate->peer_cert = chain; - chain = NULL; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate")); - -exit: - - if (ret == 0) { - mbedtls_ssl_handshake_increment_state(ssl); - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - ssl->handshake->ecrs_peer_cert = chain; - chain = NULL; - } -#endif - - if (chain != NULL) { - mbedtls_x509_crt_free(chain); - mbedtls_free(chain); - } - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, - unsigned char *padbuf, size_t hlen, - unsigned char *buf, int from) -{ - unsigned int len = 12; - const char *sender; - psa_status_t status; - psa_hash_operation_t *hs_op = ctx; - psa_hash_operation_t cloned_op = PSA_HASH_OPERATION_INIT; - size_t hash_size; - - mbedtls_ssl_session *session = ssl->session_negotiate; - if (!session) { - session = ssl->session; - } - - sender = (from == MBEDTLS_SSL_IS_CLIENT) - ? "client finished" - : "server finished"; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls")); - - status = psa_hash_clone(hs_op, &cloned_op); - if (status != PSA_SUCCESS) { - goto exit; - } - - status = psa_hash_finish(&cloned_op, padbuf, hlen, &hash_size); - if (status != PSA_SUCCESS) { - goto exit; - } - MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, hlen); - - MBEDTLS_SSL_DEBUG_BUF(4, "finished output", padbuf, hlen); - - /* - * TLSv1.2: - * hash = PRF( master, finished_label, - * Hash( handshake ) )[0.11] - */ - ssl->handshake->tls_prf(session->master, 48, sender, - padbuf, hlen, buf, len); - - MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - - mbedtls_platform_zeroize(padbuf, hlen); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); - -exit: - psa_hash_abort(&cloned_op); - return mbedtls_md_error_from_psa(status); -} - -#if defined(PSA_WANT_ALG_SHA_256) -static int ssl_calc_finished_tls_sha256( - mbedtls_ssl_context *ssl, unsigned char *buf, int from) -{ - unsigned char padbuf[32]; - return ssl_calc_finished_tls_generic(ssl, - &ssl->handshake->fin_sha256_psa, - padbuf, sizeof(padbuf), - buf, from); -} -#endif /* PSA_WANT_ALG_SHA_256*/ - - -#if defined(PSA_WANT_ALG_SHA_384) -static int ssl_calc_finished_tls_sha384( - mbedtls_ssl_context *ssl, unsigned char *buf, int from) -{ - unsigned char padbuf[48]; - return ssl_calc_finished_tls_generic(ssl, - &ssl->handshake->fin_sha384_psa, - padbuf, sizeof(padbuf), - buf, from); -} -#endif /* PSA_WANT_ALG_SHA_384*/ - -void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl) -{ - MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup: final free")); - - /* - * Free our handshake params - */ - mbedtls_ssl_handshake_free(ssl); - mbedtls_free(ssl->handshake); - ssl->handshake = NULL; - - /* - * Free the previous transform and switch in the current one - */ - if (ssl->transform) { - mbedtls_ssl_transform_free(ssl->transform); - mbedtls_free(ssl->transform); - } - ssl->transform = ssl->transform_negotiate; - ssl->transform_negotiate = NULL; - - MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup: final free")); -} - -void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - int resume = ssl->handshake->resume; - - MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup")); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; - ssl->renego_records_seen = 0; - } -#endif - - /* - * Free the previous session and switch in the current one - */ - if (ssl->session) { -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - /* RFC 7366 3.1: keep the EtM state */ - ssl->session_negotiate->encrypt_then_mac = - ssl->session->encrypt_then_mac; -#endif - - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - } - ssl->session = ssl->session_negotiate; - ssl->session_negotiate = NULL; - - /* - * Add cache entry - */ - if (ssl->conf->f_set_cache != NULL && - ssl->session->id_len != 0 && - resume == 0) { - if (ssl->conf->f_set_cache(ssl->conf->p_cache, - ssl->session->id, - ssl->session->id_len, - ssl->session) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cache did not store session")); - } - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->flight != NULL) { - /* Cancel handshake timer */ - mbedtls_ssl_set_timer(ssl, 0); - - /* Keep last flight around in case we need to resend it: - * we need the handshake and transform structures for that */ - MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform")); - } else -#endif - mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - - MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); -} - -int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) -{ - int ret; - unsigned int hash_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished")); - - mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate); - - ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); - return ret; - } - - /* - * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites - * may define some other value. Currently (early 2016), no defined - * ciphersuite does this (and this is unlikely to change as activity has - * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. - */ - hash_len = 12; - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->verify_data_len = hash_len; - memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len); -#endif - - ssl->out_msglen = 4 + hash_len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_FINISHED; - - /* - * In case of session resuming, invert the client and server - * ChangeCipherSpec messages order. - */ - if (ssl->handshake->resume != 0) { -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - } -#endif -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); - } -#endif - } else { - mbedtls_ssl_handshake_increment_state(ssl); - } - - /* - * Switch to our negotiated transform and session parameters for outbound - * data. - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for outbound data")); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - unsigned char i; - - /* Remember current epoch settings for resending */ - ssl->handshake->alt_transform_out = ssl->transform_out; - memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, - sizeof(ssl->handshake->alt_out_ctr)); - - /* Set sequence_number to zero */ - memset(&ssl->cur_out_ctr[2], 0, sizeof(ssl->cur_out_ctr) - 2); - - - /* Increment epoch */ - for (i = 2; i > 0; i--) { - if (++ssl->cur_out_ctr[i - 1] != 0) { - break; - } - } - - /* The loop goes to its end iff the counter is wrapping */ - if (i == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); - return MBEDTLS_ERR_SSL_COUNTER_WRAPPING; - } - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); - - ssl->transform_out = ssl->transform_negotiate; - ssl->session_out = ssl->session_negotiate; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_send_flight_completed(ssl); - } -#endif - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished")); - - return 0; -} - -#define SSL_MAX_HASH_LEN 12 - -int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int hash_len = 12; - unsigned char buf[SSL_MAX_HASH_LEN]; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished")); - - ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); - return ret; - } - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - goto exit; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto exit; - } - - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto exit; - } - - if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - ret = MBEDTLS_ERR_SSL_DECODE_ERROR; - goto exit; - } - - if (mbedtls_ct_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), - buf, hash_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto exit; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->verify_data_len = hash_len; - memcpy(ssl->peer_verify_data, buf, hash_len); -#endif - - if (ssl->handshake->resume != 0) { -#if defined(MBEDTLS_SSL_CLI_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); - } -#endif -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - } -#endif - } else { - mbedtls_ssl_handshake_increment_state(ssl); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_recv_flight_completed(ssl); - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished")); - -exit: - mbedtls_platform_zeroize(buf, hash_len); - return ret; -} - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -/* - * Helper to get TLS 1.2 PRF from ciphersuite - * (Duplicates bits of logic from ssl_set_handshake_prfs().) - */ -static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id) -{ - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - return tls_prf_sha384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - { - if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256) { - return tls_prf_sha256; - } - } -#endif -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ciphersuite_info; -#endif - - return NULL; -} -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf) -{ - ((void) tls_prf); -#if defined(PSA_WANT_ALG_SHA_384) - if (tls_prf == tls_prf_sha384) { - return MBEDTLS_SSL_TLS_PRF_SHA384; - } else -#endif -#if defined(PSA_WANT_ALG_SHA_256) - if (tls_prf == tls_prf_sha256) { - return MBEDTLS_SSL_TLS_PRF_SHA256; - } else -#endif - return MBEDTLS_SSL_TLS_PRF_NONE; -} - -/* - * Populate a transform structure with session keys and all the other - * necessary information. - * - * Parameters: - * - [in/out]: transform: structure to populate - * [in] must be just initialised with mbedtls_ssl_transform_init() - * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf() - * - [in] ciphersuite - * - [in] master - * - [in] encrypt_then_mac - * - [in] tls_prf: pointer to PRF to use for key derivation - * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random - * - [in] tls_version: TLS version - * - [in] endpoint: client or server - * - [in] ssl: used for: - * - ssl->conf->{f,p}_export_keys - * [in] optionally used for: - * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, - int ciphersuite, - const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - int encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ssl_tls_prf_t tls_prf, - const unsigned char randbytes[64], - mbedtls_ssl_protocol_version tls_version, - unsigned endpoint, - const mbedtls_ssl_context *ssl) -{ - int ret = 0; - unsigned char keyblk[256]; - unsigned char *key1; - unsigned char *key2; - unsigned char *mac_enc; - unsigned char *mac_dec; - size_t mac_key_len = 0; - size_t iv_copy_len; - size_t keylen; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - mbedtls_ssl_mode_t ssl_mode; - - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - psa_algorithm_t mac_alg = 0; - size_t key_bits; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - /* - * Some data just needs copying into the structure - */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - transform->encrypt_then_mac = encrypt_then_mac; -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - transform->tls_version = tls_version; - -#if defined(MBEDTLS_SSL_KEEP_RANDBYTES) - memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform - * generation separate. This should never happen. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* - * Get various info structures - */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); - if (ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found", - ciphersuite)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite( -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - encrypt_then_mac, -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - ciphersuite_info); - - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - transform->taglen = - ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; - } - - if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, - transform->taglen, - &alg, - &key_type, - &key_bits)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret); - goto end; - } - - mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - if (mac_alg == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", - (unsigned) ciphersuite_info->mac)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Copy own and peer's CID if the use of the CID - * extension has been negotiated. */ - if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Copy CIDs into SSL transform")); - - transform->in_cid_len = ssl->own_cid_len; - memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid, - transform->in_cid_len); - - transform->out_cid_len = ssl->handshake->peer_cid_len; - memcpy(transform->out_cid, ssl->handshake->peer_cid, - ssl->handshake->peer_cid_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid, - transform->out_cid_len); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * Compute key block using the PRF - */ - ret = tls_prf(master, 48, "key expansion", randbytes, 64, keyblk, 256); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite = %s", - mbedtls_ssl_get_ciphersuite_name(ciphersuite))); - MBEDTLS_SSL_DEBUG_BUF(3, "master secret", master, 48); - MBEDTLS_SSL_DEBUG_BUF(4, "random bytes", randbytes, 64); - MBEDTLS_SSL_DEBUG_BUF(4, "key block", keyblk, 256); - - /* - * Determine the appropriate key, IV and MAC length. - */ - - keylen = PSA_BITS_TO_BYTES(key_bits); - -#if defined(MBEDTLS_SSL_HAVE_AEAD) - if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { - size_t explicit_ivlen; - - transform->maclen = 0; - mac_key_len = 0; - - /* All modes haves 96-bit IVs, but the length of the static parts vary - * with mode and version: - * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes - * (to be concatenated with a dynamically chosen IV of 8 Bytes) - * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's - * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record - * sequence number). - */ - transform->ivlen = 12; - - int is_chachapoly = 0; - is_chachapoly = (key_type == PSA_KEY_TYPE_CHACHA20); - - if (is_chachapoly) { - transform->fixed_ivlen = 12; - } else { - transform->fixed_ivlen = 4; - } - - /* Minimum length of encrypted record */ - explicit_ivlen = transform->ivlen - transform->fixed_ivlen; - transform->minlen = explicit_ivlen + transform->taglen; - } else -#endif /* MBEDTLS_SSL_HAVE_AEAD */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || - ssl_mode == MBEDTLS_SSL_MODE_CBC || - ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type); - - /* Get MAC length */ - mac_key_len = PSA_HASH_LENGTH(mac_alg); - transform->maclen = mac_key_len; - - /* IV length */ - transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg); - - /* Minimum length */ - if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { - transform->minlen = transform->maclen; - } else { - /* - * GenericBlockCipher: - * 1. if EtM is in use: one block plus MAC - * otherwise: * first multiple of blocklen greater than maclen - * 2. IV - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { - transform->minlen = transform->maclen - + block_size; - } else -#endif - { - transform->minlen = transform->maclen - + block_size - - transform->maclen % block_size; - } - - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - transform->minlen += transform->ivlen; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } - } - } else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("keylen: %u, minlen: %u, ivlen: %u, maclen: %u", - (unsigned) keylen, - (unsigned) transform->minlen, - (unsigned) transform->ivlen, - (unsigned) transform->maclen)); - - /* - * Finally setup the cipher contexts, IVs and MAC secrets. - */ -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - key1 = keyblk + mac_key_len * 2; - key2 = keyblk + mac_key_len * 2 + keylen; - - mac_enc = keyblk; - mac_dec = keyblk + mac_key_len; - - iv_copy_len = (transform->fixed_ivlen) ? - transform->fixed_ivlen : transform->ivlen; - memcpy(transform->iv_enc, key2 + keylen, iv_copy_len); - memcpy(transform->iv_dec, key2 + keylen + iv_copy_len, - iv_copy_len); - } else -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - key1 = keyblk + mac_key_len * 2 + keylen; - key2 = keyblk + mac_key_len * 2; - - mac_enc = keyblk + mac_key_len; - mac_dec = keyblk; - - iv_copy_len = (transform->fixed_ivlen) ? - transform->fixed_ivlen : transform->ivlen; - memcpy(transform->iv_dec, key1 + keylen, iv_copy_len); - memcpy(transform->iv_enc, key1 + keylen + iv_copy_len, - iv_copy_len); - } else -#endif /* MBEDTLS_SSL_SRV_C */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } - - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys(ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET, - master, 48, - randbytes + 32, - randbytes, - tls_prf_get_type(tls_prf)); - } - - transform->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - if ((status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_enc)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status); - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret); - goto end; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - if ((status = psa_import_key(&attributes, - key2, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_dec)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret); - goto end; - } - } - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - /* For HMAC-based ciphersuites, initialize the HMAC transforms. - For AEAD-based ciphersuites, there is nothing to do here. */ - if (mac_key_len != 0) { - transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg); - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(mac_alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - if ((status = psa_import_key(&attributes, - mac_enc, mac_key_len, - &transform->psa_mac_enc)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret); - goto end; - } - - if ((transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) || - ((transform->psa_alg == PSA_ALG_CBC_NO_PADDING) -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - && (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) -#endif - )) { - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - } else { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); - } - - if ((status = psa_import_key(&attributes, - mac_dec, mac_key_len, - &transform->psa_mac_dec)) != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret); - goto end; - } - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - ((void) mac_dec); - ((void) mac_enc); - -end: - mbedtls_platform_zeroize(keyblk, sizeof(keyblk)); - return ret; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -int mbedtls_psa_ecjpake_read_round( - psa_pake_operation_t *pake_ctx, - const unsigned char *buf, - size_t len, mbedtls_ecjpake_rounds_t round) -{ - psa_status_t status; - size_t input_offset = 0; - /* - * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice - * At round two perform a single cycle - */ - unsigned int remaining_steps = (round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1; - - for (; remaining_steps > 0; remaining_steps--) { - for (psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; - step <= PSA_PAKE_STEP_ZK_PROOF; - ++step) { - /* Length is stored at the first byte */ - size_t length = buf[input_offset]; - input_offset += 1; - - if (input_offset + length > len) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - status = psa_pake_input(pake_ctx, step, - buf + input_offset, length); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - input_offset += length; - } - } - - if (input_offset != len) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - return 0; -} - -int mbedtls_psa_ecjpake_write_round( - psa_pake_operation_t *pake_ctx, - unsigned char *buf, - size_t len, size_t *olen, - mbedtls_ecjpake_rounds_t round) -{ - psa_status_t status; - size_t output_offset = 0; - size_t output_len; - /* - * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice - * At round two perform a single cycle - */ - unsigned int remaining_steps = (round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1; - - for (; remaining_steps > 0; remaining_steps--) { - for (psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; - step <= PSA_PAKE_STEP_ZK_PROOF; - ++step) { - /* - * For each step, prepend 1 byte with the length of the data as - * given by psa_pake_output(). - */ - status = psa_pake_output(pake_ctx, step, - buf + output_offset + 1, - len - output_offset - 1, - &output_len); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *(buf + output_offset) = (uint8_t) output_len; - - output_offset += output_len + 1; - } - } - - *olen = output_offset; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg) -{ - psa_status_t status; - psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(md_alg); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); - - if ((status = psa_hash_setup(&hash_operation, - hash_alg)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_setup", status); - goto exit; - } - - if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes, - 64)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); - goto exit; - } - - if ((status = psa_hash_update(&hash_operation, - data, data_len)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); - goto exit; - } - - if ((status = psa_hash_finish(&hash_operation, hash, PSA_HASH_MAX_SIZE, - hashlen)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_finish", status); - goto exit; - } - -exit: - if (status != PSA_SUCCESS) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - switch (status) { - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */ - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - } - return 0; -} - - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -/* Find the preferred hash for a given signature algorithm. */ -unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - mbedtls_ssl_context *ssl, - unsigned int sig_alg) -{ - unsigned int i; - uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; - - if (sig_alg == MBEDTLS_SSL_SIG_ANON) { - return MBEDTLS_SSL_HASH_NONE; - } - - for (i = 0; received_sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++) { - unsigned int hash_alg_received = - MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG( - received_sig_algs[i]); - unsigned int sig_alg_received = - MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG( - received_sig_algs[i]); - - mbedtls_md_type_t md_alg = - mbedtls_ssl_md_alg_from_hash((unsigned char) hash_alg_received); - if (md_alg == MBEDTLS_MD_NONE) { - continue; - } - - if (sig_alg == sig_alg_received) { - if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) { - psa_algorithm_t psa_hash_alg = - mbedtls_md_psa_alg_from_type(md_alg); - - if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && - !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, - MBEDTLS_PK_ALG_ECDSA(psa_hash_alg), - PSA_KEY_USAGE_SIGN_HASH)) { - continue; - } - - if (sig_alg_received == MBEDTLS_SSL_SIG_RSA && - !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, - PSA_ALG_RSA_PKCS1V15_SIGN( - psa_hash_alg), - PSA_KEY_USAGE_SIGN_HASH)) { - continue; - } - } - - return hash_alg_received; - } - } - - return MBEDTLS_SSL_HASH_NONE; -} - -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -int mbedtls_ssl_validate_ciphersuite( - const mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *suite_info, - mbedtls_ssl_protocol_version min_tls_version, - mbedtls_ssl_protocol_version max_tls_version) -{ - (void) ssl; - - if (suite_info == NULL) { - return -1; - } - - if ((suite_info->min_tls_version > max_tls_version) || - (suite_info->max_tls_version < min_tls_version)) { - return -1; - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C) -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - ssl->handshake->psa_pake_ctx_is_ok != 1) { - return -1; - } -#endif - - /* Don't suggest PSK-based ciphersuite if no PSK is available. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && - mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { - return -1; - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - return 0; -} - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* - * Function for writing a signature algorithm extension. - * - * The `extension_data` field of signature algorithm contains a `SignatureSchemeList` - * value (TLS 1.3 RFC8446): - * enum { - * .... - * ecdsa_secp256r1_sha256( 0x0403 ), - * ecdsa_secp384r1_sha384( 0x0503 ), - * ecdsa_secp521r1_sha512( 0x0603 ), - * .... - * } SignatureScheme; - * - * struct { - * SignatureScheme supported_signature_algorithms<2..2^16-2>; - * } SignatureSchemeList; - * - * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm` - * value (TLS 1.2 RFC5246): - * enum { - * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), - * sha512(6), (255) - * } HashAlgorithm; - * - * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } - * SignatureAlgorithm; - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * SignatureAndHashAlgorithm - * supported_signature_algorithms<2..2^16-2>; - * - * The TLS 1.3 signature algorithm extension was defined to be a compatible - * generalization of the TLS 1.2 signature algorithm extension. - * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by - * `SignatureScheme` field of TLS 1.3 - * - */ -int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, - const unsigned char *end, size_t *out_len) -{ - unsigned char *p = buf; - unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */ - size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */ - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("adding signature_algorithms extension")); - - /* Check if we have space for header and length field: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - supported_signature_algorithms_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - - /* - * Write supported_signature_algorithms - */ - supported_sig_alg = p; - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl); - if (sig_alg == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { - MBEDTLS_SSL_DEBUG_MSG(3, ("got signature scheme [%x] %s", - *sig_alg, - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) { - continue; - } - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(*sig_alg, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(3, ("sent signature scheme [%x] %s", - *sig_alg, - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - } - - /* Length of supported_signature_algorithms */ - supported_sig_alg_len = (size_t) (p - supported_sig_alg); - if (supported_sig_alg_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No signature algorithms defined.")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SIG_ALG, buf, 0); - MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len + 2, buf, 2); - MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len, buf, 4); - - *out_len = (size_t) (p - buf); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SIG_ALG); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -/* - * mbedtls_ssl_parse_server_name_ext - * - * Structure of server_name extension: - * - * enum { - * host_name(0), (255) - * } NameType; - * opaque HostName<1..2^16-1>; - * - * struct { - * NameType name_type; - * select (name_type) { - * case host_name: HostName; - * } name; - * } ServerName; - * struct { - * ServerName server_name_list<1..2^16-1> - * } ServerNameList; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - size_t server_name_list_len, hostname_len; - const unsigned char *server_name_list_end; - - MBEDTLS_SSL_DEBUG_MSG(3, ("parse ServerName extension")); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - server_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, server_name_list_len); - server_name_list_end = p + server_name_list_len; - while (p < server_name_list_end) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, server_name_list_end, 3); - hostname_len = MBEDTLS_GET_UINT16_BE(p, 1); - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, server_name_list_end, - hostname_len + 3); - - if (p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME) { - /* sni_name is intended to be used only during the parsing of the - * ClientHello message (it is reset to NULL before the end of - * the message parsing). Thus it is ok to just point to the - * reception buffer and not make a copy of it. - */ - ssl->handshake->sni_name = p + 3; - ssl->handshake->sni_name_len = hostname_len; - if (ssl->conf->f_sni == NULL) { - return 0; - } - ret = ssl->conf->f_sni(ssl->conf->p_sni, - ssl, p + 3, hostname_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_sni_wrapper", ret); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME, - MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME); - return MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME; - } - return 0; - } - - p += hostname_len + 3; - } - - return 0; -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t protocol_name_list_len; - const unsigned char *protocol_name_list; - const unsigned char *protocol_name_list_end; - size_t protocol_name_len; - - /* If ALPN not configured, just ignore the extension */ - if (ssl->conf->alpn_list == NULL) { - return 0; - } - - /* - * RFC7301, section 3.1 - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - */ - - /* - * protocol_name_list_len 2 bytes - * protocol_name_len 1 bytes - * protocol_name >=1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4); - - protocol_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, protocol_name_list_len); - protocol_name_list = p; - protocol_name_list_end = p + protocol_name_list_len; - - /* Validate peer's list (lengths) */ - while (p < protocol_name_list_end) { - protocol_name_len = *p++; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, - protocol_name_len); - if (protocol_name_len == 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - p += protocol_name_len; - } - - /* Use our order of preference */ - for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { - size_t const alpn_len = strlen(*alpn); - p = protocol_name_list; - while (p < protocol_name_list_end) { - protocol_name_len = *p++; - if (protocol_name_len == alpn_len && - memcmp(p, *alpn, alpn_len) == 0) { - ssl->alpn_chosen = *alpn; - return 0; - } - - p += protocol_name_len; - } - } - - /* If we get here, no match was found */ - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL, - MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL); - return MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL; -} - -int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - size_t protocol_name_len; - *out_len = 0; - - if (ssl->alpn_chosen == NULL) { - return 0; - } - - protocol_name_len = strlen(ssl->alpn_chosen); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 7 + protocol_name_len); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server side, adding alpn extension")); - /* - * 0 . 1 ext identifier - * 2 . 3 ext length - * 4 . 5 protocol list length - * 6 . 6 protocol name length - * 7 . 7+n protocol name - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0); - - *out_len = 7 + protocol_name_len; - - MBEDTLS_PUT_UINT16_BE(protocol_name_len + 3, p, 2); - MBEDTLS_PUT_UINT16_BE(protocol_name_len + 1, p, 4); - /* Note: the length of the chosen protocol has been checked to be less - * than 255 bytes in `mbedtls_ssl_conf_alpn_protocols`. - */ - p[6] = MBEDTLS_BYTE_0(protocol_name_len); - - memcpy(p + 7, ssl->alpn_chosen, protocol_name_len); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN); -#endif - - return 0; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, - const char *hostname) -{ - /* Initialize to suppress unnecessary compiler warning */ - size_t hostname_len = 0; - - /* Check if new hostname is valid before - * making any change to current one */ - if (hostname != NULL) { - hostname_len = strlen(hostname); - - if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - /* Now it's clear that we will overwrite the old hostname, - * so we can free it safely */ - if (session->hostname != NULL) { - mbedtls_zeroize_and_free(session->hostname, - strlen(session->hostname)); - } - - /* Passing NULL as hostname shall clear the old one */ - if (hostname == NULL) { - session->hostname = NULL; - } else { - session->hostname = mbedtls_calloc(1, hostname_len + 1); - if (session->hostname == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->hostname, hostname, hostname_len); - } - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && - MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_SERVER_NAME_INDICATION && - MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) && \ - defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session, - const char *alpn) -{ - size_t alpn_len = 0; - - if (alpn != NULL) { - alpn_len = strlen(alpn); - - if (alpn_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - } - - if (session->ticket_alpn != NULL) { - mbedtls_zeroize_and_free(session->ticket_alpn, - strlen(session->ticket_alpn)); - session->ticket_alpn = NULL; - } - - if (alpn != NULL) { - session->ticket_alpn = mbedtls_calloc(alpn_len + 1, 1); - if (session->ticket_alpn == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->ticket_alpn, alpn, alpn_len); - } - - return 0; -} -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */ - -/* - * The following functions are used by 1.2 and 1.3, client and server. - */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int recv_endpoint, - mbedtls_ssl_protocol_version tls_version, - uint32_t *flags) -{ - int ret = 0; - unsigned int usage = 0; - const char *ext_oid; - size_t ext_len; - - /* - * keyUsage - */ - - /* Note: don't guard this with MBEDTLS_SSL_CLI_C because the server wants - * to check what a compliant client will think while choosing which cert - * to send to the client. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { - /* TLS 1.2 server part of the key exchange */ - switch (ciphersuite->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - break; - - /* Don't use default: we want warnings when adding new values */ - case MBEDTLS_KEY_EXCHANGE_NONE: - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - usage = 0; - } - } else -#endif - { - /* This is either TLS 1.3 authentication, which always uses signatures, - * or 1.2 client auth: rsa_sign and mbedtls_ecdsa_sign are the only - * options we implement, both using signatures. */ - (void) tls_version; - (void) ciphersuite; - usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - } - - if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) { - *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; - ret = -1; - } - - /* - * extKeyUsage - */ - - if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { - ext_oid = MBEDTLS_OID_SERVER_AUTH; - ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH); - } else { - ext_oid = MBEDTLS_OID_CLIENT_AUTH; - ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH); - } - - if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) { - *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; - ret = -1; - } - - return ret; -} - -static int get_hostname_for_verification(mbedtls_ssl_context *ssl, - const char **hostname) -{ - if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname")); - if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT && - ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { - return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME; - } - } - - *hostname = ssl->hostname; - if (*hostname == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification")); - } - - return 0; -} - -int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info, - void *rs_ctx) -{ - if (authmode == MBEDTLS_SSL_VERIFY_NONE) { - return 0; - } - - /* - * Primary check: use the appropriate X.509 verification function - */ - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); - void *p_vrfy; - if (ssl->f_vrfy != NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback")); - f_vrfy = ssl->f_vrfy; - p_vrfy = ssl->p_vrfy; - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback")); - f_vrfy = ssl->conf->f_vrfy; - p_vrfy = ssl->conf->p_vrfy; - } - - const char *hostname = ""; - int ret = get_hostname_for_verification(ssl, &hostname); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret); - return ret; - } - - int have_ca_chain_or_callback = 0; -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (ssl->conf->f_ca_cb != NULL) { - ((void) rs_ctx); - have_ca_chain_or_callback = 1; - - MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification")); - ret = mbedtls_x509_crt_verify_with_ca_cb( - chain, - ssl->conf->f_ca_cb, - ssl->conf->p_ca_cb, - ssl->conf->cert_profile, - hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy); - } else -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - { - mbedtls_x509_crt *ca_chain; - mbedtls_x509_crl *ca_crl; -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_ca_chain != NULL) { - ca_chain = ssl->handshake->sni_ca_chain; - ca_crl = ssl->handshake->sni_ca_crl; - } else -#endif - { - ca_chain = ssl->conf->ca_chain; - ca_crl = ssl->conf->ca_crl; - } - - if (ca_chain != NULL) { - have_ca_chain_or_callback = 1; - } - - ret = mbedtls_x509_crt_verify_restartable( - chain, - ca_chain, ca_crl, - ssl->conf->cert_profile, - hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy, rs_ctx); - } - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret); - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - - /* - * Secondary checks: always done, but change 'ret' only if it was 0 - */ - - /* With TLS 1.2 and ECC certs, check that the curve used by the - * certificate is on our list of acceptable curves. - * - * With TLS 1.3 this is not needed because the curve is part of the - * signature algorithm (eg ecdsa_secp256r1_sha256) which is checked when - * we validate the signature made with the key associated to this cert. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY)) { - if (mbedtls_ssl_check_curve(ssl, mbedtls_pk_get_ec_group_id(&chain->pk)) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)")); - ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; - if (ret == 0) { - ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - - /* Check X.509 usage extensions (keyUsage, extKeyUsage) */ - if (mbedtls_ssl_check_cert_usage(chain, - ciphersuite_info, - ssl->conf->endpoint, - ssl->tls_version, - &ssl->session_negotiate->verify_result) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); - if (ret == 0) { - ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - } - - /* With authmode optional, we want to keep going if the certificate was - * unacceptable, but still fail on other errors (out of memory etc), - * including fatal errors from the f_vrfy callback. - * - * The only acceptable errors are: - * - MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: cert rejected by primary check; - * - MBEDTLS_ERR_SSL_BAD_CERTIFICATE: cert rejected by secondary checks. - * Anything else is a fatal error. */ - if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && - (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) { - ret = 0; - } - - /* Return a specific error as this is a user error: inconsistent - * configuration - can't verify without trust anchors. */ - if (have_ca_chain_or_callback == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain")); - ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; - } - - if (ret != 0) { - uint8_t alert; - - /* The certificate may have been rejected for several reasons. - Pick one and send the corresponding alert. Which alert to send - may be a subject of debate in some cases. */ - if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) { - alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) { - alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) { - alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) { - alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) { - alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; - } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) { - alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; - } else { - alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; - } - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - alert); - } - -#if defined(MBEDTLS_DEBUG_C) - if (ssl->session_negotiate->verify_result != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x", - (unsigned int) ssl->session_negotiate->verify_result)); - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear")); - } -#endif /* MBEDTLS_DEBUG_C */ - - return ret; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, - const mbedtls_md_type_t hash_alg, - uint8_t *out, - const size_t key_len, - const char *label, - const size_t label_len, - const unsigned char *context, - const size_t context_len, - const int use_context) -{ - int ret = 0; - unsigned char *prf_input = NULL; - - /* The input to the PRF is client_random, then server_random. - * If a context is provided, this is then followed by the context length - * as a 16-bit big-endian integer, and then the context itself. */ - const size_t randbytes_len = MBEDTLS_CLIENT_HELLO_RANDOM_LEN + MBEDTLS_SERVER_HELLO_RANDOM_LEN; - size_t prf_input_len = randbytes_len; - if (use_context) { - if (context_len > UINT16_MAX) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* This does not overflow a 32-bit size_t because the current value of - * prf_input_len is 64 (length of client_random + server_random) and - * context_len fits into two bytes (checked above). */ - prf_input_len += sizeof(uint16_t) + context_len; - } - - prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char)); - if (prf_input == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(prf_input, - ssl->transform->randbytes + MBEDTLS_SERVER_HELLO_RANDOM_LEN, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - memcpy(prf_input + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - ssl->transform->randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - if (use_context) { - MBEDTLS_PUT_UINT16_BE(context_len, prf_input, randbytes_len); - memcpy(prf_input + randbytes_len + sizeof(uint16_t), context, context_len); - } - ret = tls_prf_generic(hash_alg, ssl->session->master, sizeof(ssl->session->master), - label, label_len, - prf_input, prf_input_len, - out, key_len); - mbedtls_free(prf_input); - return ret; -} -#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, - const mbedtls_md_type_t hash_alg, - uint8_t *out, - const size_t key_len, - const char *label, - const size_t label_len, - const unsigned char *context, - const size_t context_len) -{ - const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); - const size_t hash_len = PSA_HASH_LENGTH(hash_alg); - const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - - /* The length of the label must be at most 249 bytes to fit into the HkdfLabel - * struct as defined in RFC 8446, Section 7.1. - * - * The length of the context is unlimited even though the context field in the - * struct can only hold up to 255 bytes. This is because we place a *hash* of - * the context in the field. */ - if (label_len > 249) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return mbedtls_ssl_tls13_exporter(psa_hash_alg, secret, hash_len, - (const unsigned char *) label, label_len, - context, context_len, out, key_len); -} -#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) */ - -int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, - const int use_context) -{ - if (!mbedtls_ssl_is_handshake_over(ssl)) { - /* TODO: Change this to a more appropriate error code when one is available. */ - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (key_len > MBEDTLS_SSL_EXPORT_MAX_KEY_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - int ciphersuite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl); - const mbedtls_ssl_ciphersuite_t *ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - const mbedtls_md_type_t hash_alg = ciphersuite->mac; - - switch (mbedtls_ssl_get_version_number(ssl)) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - return mbedtls_ssl_tls12_export_keying_material(ssl, hash_alg, out, key_len, - label, label_len, - context, context_len, use_context); -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - return mbedtls_ssl_tls13_export_keying_material(ssl, - hash_alg, - out, - key_len, - label, - label_len, - use_context ? context : NULL, - use_context ? context_len : 0); -#endif - default: - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } -} - -#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c deleted file mode 100644 index 4024c0014b..0000000000 --- a/library/ssl_tls12_client.c +++ /dev/null @@ -1,2967 +0,0 @@ -/* - * TLS client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "ssl_client.h" -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/constant_time.h" - -#include "psa_util_internal.h" -#include "psa/crypto.h" -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#include - -#include - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#include "mbedtls/platform_util.h" -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the - * initial ClientHello, in which case also adding the renegotiation - * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ - if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding renegotiation extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len); - - /* - * Secure renegotiation - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1); - *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len); - - memcpy(p, ssl->own_verify_data, ssl->verify_data_len); - - *olen = 5 + ssl->verify_data_len; - - return 0; -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - (void) ssl; /* ssl used for debugging only */ - - *olen = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding supported_point_formats extension")); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 2; - - *p++ = 1; - *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; - - *olen = 6; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t kkpp_len = 0; - - *olen = 0; - - /* Skip costly extension if we can't use EC J-PAKE anyway */ - if (ssl->handshake->psa_pake_ctx_is_ok != 1) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding ecjpake_kkpp extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0); - p += 2; - - /* - * We may need to send ClientHello multiple times for Hello verification. - * We don't want to compute fresh values every time (both for performance - * and consistency reasons), so cache the extension content. - */ - if (ssl->handshake->ecjpake_cache == NULL || - ssl->handshake->ecjpake_cache_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters")); - - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - p + 2, end - p - 2, &kkpp_len, - MBEDTLS_ECJPAKE_ROUND_ONE); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return ret; - } - - ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); - if (ssl->handshake->ecjpake_cache == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("allocation failed")); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len); - ssl->handshake->ecjpake_cache_len = kkpp_len; - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("re-using cached ecjpake parameters")); - - kkpp_len = ssl->handshake->ecjpake_cache_len; - MBEDTLS_SSL_CHK_BUF_PTR(p + 2, end, kkpp_len); - - memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len); - } - - MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0); - p += 2; - - *olen = kkpp_len + 4; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_cid_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t ext_len; - - /* - * struct { - * opaque cid<0..2^8-1>; - * } ConnectionId; - */ - - *olen = 0; - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - return 0; - } - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding CID extension")); - - /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX - * which is at most 255, so the increment cannot overflow. */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5)); - - /* Add extension ID + size */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0); - p += 2; - ext_len = (size_t) ssl->own_cid_len + 1; - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2; - - *p++ = (uint8_t) ssl->own_cid_len; - memcpy(p, ssl->own_cid, ssl->own_cid_len); - - *olen = ssl->own_cid_len + 5; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding max_fragment_length extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 1; - - *p++ = ssl->conf->mfl_code; - - *olen = 5; - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding encrypt_then_mac extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; - - return 0; -} -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - - *olen = 0; - - if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding extended_master_secret extension")); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; - - return 0; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t tlen = ssl->session_negotiate->ticket_len; - - *olen = 0; - - if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding session ticket extension")); - - /* The addition is safe here since the ticket length is 16 bit. */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + tlen); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(tlen, p, 0); - p += 2; - - *olen = 4; - - if (ssl->session_negotiate->ticket == NULL || tlen == 0) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen)); - - memcpy(p, ssl->session_negotiate->ticket, tlen); - - *olen += tlen; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen) -{ - unsigned char *p = buf; - size_t protection_profiles_index = 0, ext_len = 0; - uint16_t mki_len = 0, profile_value = 0; - - *olen = 0; - - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->conf->dtls_srtp_profile_list == NULL) || - (ssl->conf->dtls_srtp_profile_list_len == 0)) { - return 0; - } - - /* RFC 5764 section 4.1.1 - * uint8 SRTPProtectionProfile[2]; - * - * struct { - * SRTPProtectionProfiles SRTPProtectionProfiles; - * opaque srtp_mki<0..255>; - * } UseSRTPData; - * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - */ - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { - mki_len = ssl->dtls_srtp_info.mki_len; - } - /* Extension length = 2 bytes for profiles length, - * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ), - * 1 byte for srtp_mki vector length and the mki_len value - */ - ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding use_srtp extension")); - - /* Check there is room in the buffer for the extension + 4 bytes - * - the extension tag (2 bytes) - * - the extension length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, ext_len + 4); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, p, 0); - p += 2; - - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2; - - /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ - /* micro-optimization: - * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH - * which is lower than 127, so the upper byte of the length is always 0 - * For the documentation, the more generic code is left in comments - * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) - * >> 8 ) & 0xFF ); - */ - *p++ = 0; - *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len); - - for (protection_profiles_index = 0; - protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; - protection_profiles_index++) { - profile_value = mbedtls_ssl_check_srtp_profile_value - (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]); - if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_write_use_srtp_ext, add profile: %04x", - profile_value)); - MBEDTLS_PUT_UINT16_BE(profile_value, p, 0); - p += 2; - } else { - /* - * Note: we shall never arrive here as protection profiles - * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function - */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, " - "illegal DTLS-SRTP protection profile %d", - ssl->conf->dtls_srtp_profile_list[protection_profiles_index] - )); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - } - - *p++ = mki_len & 0xFF; - - if (mki_len != 0) { - memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len); - /* - * Increment p to point to the current position. - */ - p += mki_len; - MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } - - /* - * total extension length: extension type (2 bytes) - * + extension length (2 bytes) - * + protection profile length (2 bytes) - * + 2 * number of protection profiles - * + srtp_mki vector length(1 byte) - * + mki value - */ - *olen = p - buf; - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - int uses_ec, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t ext_len = 0; - - (void) ssl; - (void) end; - (void) uses_ec; - (void) ret; - (void) ext_len; - - *out_len = 0; - - /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added - * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if ((ret = ssl_write_renegotiation_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_renegotiation_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (uses_ec) { - if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, - &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_point_formats_ext", ret); - return ret; - } - p += ext_len; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_ecjpake_kkpp_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if ((ret = ssl_write_cid_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_cid_ext", ret); - return ret; - } - p += ext_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if ((ret = ssl_write_max_fragment_length_ext(ssl, p, end, - &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_max_fragment_length_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_encrypt_then_mac_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if ((ret = ssl_write_extended_ms_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_extended_ms_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - if ((ret = ssl_write_use_srtp_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_use_srtp_ext", ret); - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if ((ret = ssl_write_session_ticket_ext(ssl, p, end, &ext_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_session_ticket_ext", ret); - return ret; - } - p += ext_len; -#endif - - *out_len = (size_t) (p - buf); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - /* Check verify-data in constant-time. The length OTOH is no secret */ - if (len != 1 + ssl->verify_data_len * 2 || - buf[0] != ssl->verify_data_len * 2 || - mbedtls_ct_memcmp(buf + 1, - ssl->own_verify_data, ssl->verify_data_len) != 0 || - mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len, - ssl->peer_verify_data, ssl->verify_data_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - if (len != 1 || buf[0] != 0x00) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-zero length renegotiation info")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - /* - * server should use the extension only if we did, - * and if so the server's value should match ours (and len is always 1) - */ - if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || - len != 1 || - buf[0] != ssl->conf->mfl_code) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching max fragment length extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t peer_cid_len; - - if ( /* CID extension only makes sense in DTLS */ - ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - /* The server must only send the CID extension if we have offered it. */ - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension unexpected")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - if (len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - peer_cid_len = *buf++; - len--; - - if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if (len != peer_cid_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; - ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); - MBEDTLS_SSL_DEBUG_BUF(3, "Server CID", buf, peer_cid_len); - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching encrypt-then-MAC extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - ((void) buf); - - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; - - return 0; -} -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching extended master secret extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - ((void) buf); - - ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - - return 0; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || - len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-matching session ticket extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - ((void) buf); - - ssl->handshake->new_session_ticket = 1; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t list_size; - const unsigned char *p; - - if (len == 0 || (size_t) (buf[0] + 1) != len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - list_size = buf[0]; - - p = buf + 1; - while (list_size > 0) { - if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED) { - MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); - return 0; - } - - list_size--; - p++; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("no point format in common")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); - return 0; - } - - /* If we got here, we no longer need our cached extension */ - mbedtls_free(ssl->handshake->ecjpake_cache); - ssl->handshake->ecjpake_cache = NULL; - ssl->handshake->ecjpake_cache_len = 0; - - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, buf, len, - MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round one", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - size_t list_len, name_len; - const char *const *p; - - /* If we didn't send it, the server shouldn't send it */ - if (ssl->conf->alpn_list == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching ALPN extension")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } - - /* - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - * - * the "ProtocolNameList" MUST contain exactly one "ProtocolName" - */ - - /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ - if (len < 4) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - list_len = MBEDTLS_GET_UINT16_BE(buf, 0); - if (list_len != len - 2) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - name_len = buf[2]; - if (name_len != list_len - 1) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Check that the server chosen protocol was in our list and save it */ - for (p = ssl->conf->alpn_list; *p != NULL; p++) { - if (name_len == strlen(*p) && - memcmp(buf + 3, *p, name_len) == 0) { - ssl->alpn_chosen = *p; - return 0; - } - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("ALPN extension: no matching protocol")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; -} -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET; - size_t i, mki_len = 0; - uint16_t server_protection_profile_value = 0; - - /* If use_srtp is not configured, just ignore the extension */ - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->conf->dtls_srtp_profile_list == NULL) || - (ssl->conf->dtls_srtp_profile_list_len == 0)) { - return 0; - } - - /* RFC 5764 section 4.1.1 - * uint8 SRTPProtectionProfile[2]; - * - * struct { - * SRTPProtectionProfiles SRTPProtectionProfiles; - * opaque srtp_mki<0..255>; - * } UseSRTPData; - - * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - * - */ - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { - mki_len = ssl->dtls_srtp_info.mki_len; - } - - /* - * Length is 5 + optional mki_value : one protection profile length (2 bytes) - * + protection profile (2 bytes) - * + mki_len(1 byte) - * and optional srtp_mki - */ - if ((len < 5) || (len != (buf[4] + 5u))) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * get the server protection profile - */ - - /* - * protection profile length must be 0x0002 as we must have only - * one protection profile in server Hello - */ - if ((buf[0] != 0) || (buf[1] != 2)) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - server_protection_profile_value = (buf[2] << 8) | buf[3]; - server_protection = mbedtls_ssl_check_srtp_profile_value( - server_protection_profile_value); - if (server_protection != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - server_protection))); - } - - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; - - /* - * Check we have the server profile in our list - */ - for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { - if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - server_protection))); - break; - } - } - - /* If no match was found : server problem, it shall never answer with incompatible profile */ - if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* If server does not use mki in its reply, make sure the client won't keep - * one as negotiated */ - if (len == 5) { - ssl->dtls_srtp_info.mki_len = 0; - } - - /* - * RFC5764: - * If the client detects a nonzero-length MKI in the server's response - * that is different than the one the client offered, then the client - * MUST abort the handshake and SHOULD send an invalid_parameter alert. - */ - if (len > 5 && (buf[4] != mki_len || - (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } -#if defined(MBEDTLS_DEBUG_C) - if (len > 5) { - MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } -#endif - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/* - * Parse HelloVerifyRequest. Only called after verifying the HS type. - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - uint16_t dtls_legacy_version; - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) - uint8_t cookie_len; -#else - uint16_t cookie_len; -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse hello verify request")); - - /* Check that there is enough room for: - * - 2 bytes of version - * - 1 byte of cookie_len - */ - if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("incoming HelloVerifyRequest message is too short")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * struct { - * ProtocolVersion server_version; - * opaque cookie<0..2^8-1>; - * } HelloVerifyRequest; - */ - MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); - dtls_legacy_version = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* - * Since the RFC is not clear on this point, accept DTLS 1.0 (0xfeff) - * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to - * legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2) - */ - if (dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server version")); - - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - cookie_len = *p++; - if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("cookie length does not match incoming message size")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - MBEDTLS_SSL_DEBUG_BUF(3, "cookie", p, cookie_len); - - mbedtls_free(ssl->handshake->cookie); - - ssl->handshake->cookie = mbedtls_calloc(1, cookie_len); - if (ssl->handshake->cookie == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc failed (%d bytes)", cookie_len)); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->handshake->cookie, p, cookie_len); - ssl->handshake->cookie_len = cookie_len; - - /* Start over at ClientHello */ - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - ret = mbedtls_ssl_reset_checksum(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret); - return ret; - } - - mbedtls_ssl_recv_flight_completed(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse hello verify request")); - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) -{ - int ret, i; - size_t n; - size_t ext_len; - unsigned char *buf, *ext; - unsigned char comp; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int renegotiation_info_seen = 0; -#endif - int handshake_failure = 0; - const mbedtls_ssl_ciphersuite_t *suite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - buf = ssl->in_msg; - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - ssl->renego_records_seen++; - - if (ssl->conf->renego_max_records >= 0 && - ssl->renego_records_seen > ssl->conf->renego_max_records) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("renegotiation requested, but not honored by server")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - MBEDTLS_SSL_DEBUG_MSG(1, - ("non-handshake message during renegotiation")); - - ssl->keep_current_message = 1; - return MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if (buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { - MBEDTLS_SSL_DEBUG_MSG(2, ("received hello verify request")); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); - return ssl_parse_hello_verify_request(ssl); - } else { - /* We made it through the verification process */ - mbedtls_free(ssl->handshake->cookie); - ssl->handshake->cookie = NULL; - ssl->handshake->cookie_len = 0; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) || - buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * 0 . 1 server_version - * 2 . 33 random (maybe including 4 bytes of Unix time) - * 34 . 34 session_id length = n - * 35 . 34+n session_id - * 35+n . 36+n cipher_suite - * 37+n . 37+n compression_method - * - * 38+n . 39+n extensions length (optional) - * 40+n . .. extensions - */ - buf += mbedtls_ssl_hs_hdr_len(ssl); - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf, 2); - ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, - ssl->conf->transport); - ssl->session_negotiate->tls_version = ssl->tls_version; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - if (ssl->tls_version < ssl->conf->min_tls_version || - ssl->tls_version > ssl->conf->max_tls_version) { - MBEDTLS_SSL_DEBUG_MSG(1, - ( - "server version out of bounds - min: [0x%x], server: [0x%x], max: [0x%x]", - (unsigned) ssl->conf->min_tls_version, - (unsigned) ssl->tls_version, - (unsigned) ssl->conf->max_tls_version)); - - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %lu", - ((unsigned long) buf[2] << 24) | - ((unsigned long) buf[3] << 16) | - ((unsigned long) buf[4] << 8) | - ((unsigned long) buf[5]))); - - memcpy(ssl->handshake->randbytes + 32, buf + 2, 32); - - n = buf[34]; - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 2, 32); - - if (n > 32) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) { - ext_len = MBEDTLS_GET_UINT16_BE(buf, 38 + n); - - if ((ext_len > 0 && ext_len < 4) || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) { - ext_len = 0; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* ciphersuite (used later) */ - i = (int) MBEDTLS_GET_UINT16_BE(buf, n + 35); - - /* - * Read and check compression - */ - comp = buf[37 + n]; - - if (comp != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("server hello, bad compression: %d", comp)); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - /* - * Initialize update checksum functions - */ - ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i); - if (ssl->handshake->ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("ciphersuite info for %04x not found", (unsigned int) i)); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 35, n); - - /* - * Check if the session can be resumed - */ - if (ssl->handshake->resume == 0 || n == 0 || -#if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || -#endif - ssl->session_negotiate->ciphersuite != i || - ssl->session_negotiate->id_len != n || - memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { - mbedtls_ssl_handshake_increment_state(ssl); - ssl->handshake->resume = 0; -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif - ssl->session_negotiate->ciphersuite = i; - ssl->session_negotiate->id_len = n; - memcpy(ssl->session_negotiate->id, buf + 35, n); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", - ssl->handshake->resume ? "a" : "no")); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %04x", (unsigned) i)); - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: %d", - buf[37 + n])); - - /* - * Perform cipher suite validation in same way as in ssl_write_client_hello. - */ - i = 0; - while (1) { - if (ssl->conf->ciphersuite_list[i] == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if (ssl->conf->ciphersuite_list[i++] == - ssl->session_negotiate->ciphersuite) { - break; - } - } - - suite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite); - if (mbedtls_ssl_validate_ciphersuite(ssl, suite_info, ssl->tls_version, - ssl->tls_version) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("server hello, chosen ciphersuite: %s", suite_info->name)); - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && - ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - ssl->handshake->ecrs_enabled = 1; - } -#endif - - if (comp != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ext = buf + 40 + n; - - MBEDTLS_SSL_DEBUG_MSG(2, - ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len)); - - while (ext_len) { - unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0); - unsigned int ext_size = MBEDTLS_GET_UINT16_BE(ext, 2); - - if (ext_size + 4 > ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - mbedtls_ssl_send_alert_message( - ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - switch (ext_id) { - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; -#endif - - if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4, - ext_size)) != 0) { - return ret; - } - - break; - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found max_fragment_length extension")); - - if ((ret = ssl_parse_max_fragment_length_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - - if ((ret = ssl_parse_cid_ext(ssl, - ext + 4, - ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt_then_mac extension")); - - if ((ret = ssl_parse_encrypt_then_mac_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found extended_master_secret extension")); - - if ((ret = ssl_parse_extended_ms_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG(3, ("found session_ticket extension")); - - if ((ret = ssl_parse_session_ticket_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found supported_point_formats extension")); - - if ((ret = ssl_parse_supported_point_formats_ext(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake_kkpp extension")); - - if ((ret = ssl_parse_ecjpake_kkpp(ssl, - ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - - if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - default: - MBEDTLS_SSL_DEBUG_MSG(3, - ("unknown extension found: %u (ignoring)", ext_id)); - } - - ext_len -= 4 + ext_size; - ext += 4 + ext_size; - - if (ext_len > 0 && ext_len < 4) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } - - /* - * mbedtls_ssl_derive_keys() has to be called after the parsing of the - * extensions. It sets the transform data for the resumed session which in - * case of DTLS includes the server CID extracted from the CID extension. - */ - if (ssl->handshake->resume) { - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return ret; - } - } - - /* - * Renegotiation security checks - */ - if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("legacy renegotiation, breaking off handshake")); - handshake_failure = 1; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("renegotiation_info extension missing (secure)")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { - MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("renegotiation_info extension present (legacy)")); - handshake_failure = 1; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - if (handshake_failure == 1) { - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); - - return 0; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - uint16_t tls_id; - size_t ecpoint_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - size_t ec_bits = 0; - - /* - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; - * - * 1 curve_type (must be "named_curve") - * 2..3 NamedCurve - * 4 ECPoint.len - * 5+ ECPoint contents - */ - if (end - *p < 4) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* First byte is curve_type; only named_curve is handled */ - if (*(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Next two bytes are the namedcurve value */ - tls_id = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - /* Check it's a curve we offered */ - if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("bad server key exchange message (ECDHE curve): %u", - (unsigned) tls_id)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Convert EC's TLS ID to PSA key type. */ - if (mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ec_bits) == PSA_ERROR_NOT_SUPPORTED) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - handshake->xxdh_psa_type = key_type; - handshake->xxdh_psa_bits = ec_bits; - - /* Keep a copy of the peer's public key */ - ecpoint_len = *(*p)++; - if ((size_t) (end - *p) < ecpoint_len) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len); - handshake->xxdh_psa_peerkey_len = ecpoint_len; - *p += ecpoint_len; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - uint16_t len; - ((void) ssl); - - /* - * PSK parameters: - * - * opaque psk_identity_hint<0..2^16-1>; - */ - if (end - (*p) < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message (psk_identity_hint length)")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - len = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - if (end - (*p) < len) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message (psk_identity_hint length)")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Note: we currently ignore the PSK identity hint, as we only allow one - * PSK to be provisioned on the client. This could be changed later if - * someone needs that feature. - */ - *p += len; - ret = 0; - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - unsigned char *p = NULL, *end = NULL; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { - goto start_processing; - } -#endif - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* - * ServerKeyExchange may be skipped with PSK when the server - * doesn't use a psk_identity_hint - */ - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - /* Current message is probably either - * CertificateRequest or ServerHelloDone */ - ssl->keep_current_message = 1; - goto exit; - } - - MBEDTLS_SSL_DEBUG_MSG(1, - ("server key exchange message must not be skipped")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; - } - -start_processing: -#endif - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - end = ssl->in_msg + ssl->in_hslen; - MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, (size_t) (end - p)); - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } /* FALLTHROUGH */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - ; /* nothing more to do */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { - if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - /* - * The first 3 bytes are: - * [0] MBEDTLS_ECP_TLS_NAMED_CURVE - * [1, 2] elliptic curve's TLS ID - * - * However since we only support secp256r1 for now, we check only - * that TLS ID here - */ - uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE(p, 1); - uint16_t exp_tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( - MBEDTLS_ECP_DP_SECP256R1); - - if (exp_tls_id == 0) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - if ((*p != MBEDTLS_ECP_TLS_NAMED_CURVE) || - (read_tls_id != exp_tls_id)) { - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - p += 3; - - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, p, end - p, - MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { - size_t sig_len, hashlen; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - mbedtls_pk_sigalg_t pk_alg = MBEDTLS_PK_SIGALG_NONE; - unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - size_t params_len = (size_t) (p - params); - void *rs_ctx = NULL; - uint16_t sig_alg; - - mbedtls_pk_context *peer_pk; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * Handle the digitally-signed structure - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); - if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( - sig_alg, &pk_alg, &md_alg) != 0 && - !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) && - !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - p += 2; - - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * Read signature - */ - - if (p > end - 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - sig_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (p != end - sig_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "signature", p, sig_len); - - /* - * Compute the hash that has been signed - */ - if (md_alg != MBEDTLS_MD_NONE) { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, - params, params_len, - md_alg); - if (ret != 0) { - return ret; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); - - /* - * Verify signature - */ - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - rs_ctx = &ssl->handshake->ecrs_ctx.pk; - } -#endif - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { - ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, - md_alg, hash, hashlen, - p, sig_len); - } else -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - ret = mbedtls_pk_verify_restartable(peer_pk, - md_alg, hash, hashlen, p, sig_len, rs_ctx); - - if (ret != 0) { - int send_alert_msg = 1; -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - send_alert_msg = (ret != MBEDTLS_ERR_ECP_IN_PROGRESS); -#endif - if (send_alert_msg) { - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); - } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_restartable", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it, - * so that more RAM is available for upcoming expensive - * operations like ECDHE. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - -exit: - mbedtls_ssl_handshake_increment_state(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); - - return 0; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t n = 0; - size_t cert_type_len = 0, dn_len = 0; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - size_t sig_alg_len; -#if defined(MBEDTLS_DEBUG_C) - unsigned char *sig_alg; - unsigned char *dn; -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - mbedtls_ssl_handshake_increment_state(ssl); - ssl->handshake->client_auth = - (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); - - MBEDTLS_SSL_DEBUG_MSG(3, ("got %s certificate request", - ssl->handshake->client_auth ? "a" : "no")); - - if (ssl->handshake->client_auth == 0) { - /* Current message is probably the ServerHelloDone */ - ssl->keep_current_message = 1; - goto exit; - } - - /* - * struct { - * ClientCertificateType certificate_types<1..2^8-1>; - * SignatureAndHashAlgorithm - * supported_signature_algorithms<2^16-1>; -- TLS 1.2 only - * DistinguishedName certificate_authorities<0..2^16-1>; - * } CertificateRequest; - * - * Since we only support a single certificate on clients, let's just - * ignore all the information that's supposed to help us pick a - * certificate. - * - * We could check that our certificate matches the request, and bail out - * if it doesn't, but it's simpler to just send the certificate anyway, - * and give the server the opportunity to decide if it should terminate - * the connection when it doesn't like our certificate. - * - * Same goes for the hash in TLS 1.2's signature_algorithms: at this - * point we only have one hash available (see comments in - * write_certificate_verify), so let's just use what we have. - * - * However, we still minimally parse the message to check it is at least - * superficially sane. - */ - buf = ssl->in_msg; - - /* certificate_types */ - if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)]; - n = cert_type_len; - - /* - * In the subsequent code there are two paths that read from buf: - * * the length of the signature algorithms field (if minor version of - * SSL is 3), - * * distinguished name length otherwise. - * Both reach at most the index: - * ...hdr_len + 2 + n, - * therefore the buffer length at this point must be greater than that - * regardless of the actual code path. - */ - if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* supported_signature_algorithms */ - sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); - - /* - * The furthest access in buf is in the loop few lines below: - * sig_alg[i + 1], - * where: - * sig_alg = buf + ...hdr_len + 3 + n, - * max(i) = sig_alg_len - 1. - * Therefore the furthest access is: - * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1], - * which reduces to: - * buf[...hdr_len + 3 + n + sig_alg_len], - * which is one less than we need the buf to be. - */ - if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 3 + n + sig_alg_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - -#if defined(MBEDTLS_DEBUG_C) - sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n; - for (size_t i = 0; i < sig_alg_len; i += 2) { - MBEDTLS_SSL_DEBUG_MSG(3, - ("Supported Signature Algorithm found: %02x %02x", - sig_alg[i], sig_alg[i + 1])); - } -#endif - - n += 2 + sig_alg_len; - - /* certificate_authorities */ - dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); - - n += dn_len; - if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - -#if defined(MBEDTLS_DEBUG_C) - dn = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n - dn_len; - for (size_t i = 0, dni_len = 0; i < dn_len; i += 2 + dni_len) { - unsigned char *p = dn + i + 2; - mbedtls_x509_name name; - size_t asn1_len; - char s[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - memset(&name, 0, sizeof(name)); - dni_len = MBEDTLS_GET_UINT16_BE(dn + i, 0); - if (dni_len > dn_len - i - 2 || - mbedtls_asn1_get_tag(&p, p + dni_len, &asn1_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0 || - mbedtls_x509_get_name(&p, p + asn1_len, &name) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - MBEDTLS_SSL_DEBUG_MSG(3, - ("DN hint: %.*s", - mbedtls_x509_dn_gets(s, sizeof(s), &name), s)); - mbedtls_asn1_free_named_data_list_shallow(name.next); - } -#endif - -exit: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request")); - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello done")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) || - ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - mbedtls_ssl_handshake_increment_state(ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_recv_flight_completed(ssl); - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello done")); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - size_t header_len; - size_t content_len; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t key_attributes; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - header_len = 4; - - MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); - - /* - * Generate EC private key for ECDHE exchange. - */ - - /* The master secret is obtained from the shared ECDH secret by - * applying the TLS 1.2 PRF with a specific salt and label. While - * the PSA Crypto API encourages combining key agreement schemes - * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not - * yet support the provisioning of salt + label to the KDF. - * For the time being, we therefore need to split the computation - * of the ECDH secret and the application of the TLS 1.2 PRF. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* Generate ECDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - /* Export the public part of the ECDH private key from PSA. - * The export format is an ECPoint structure as expected by TLS, - * but we just need to add a length byte before that. */ - unsigned char *own_pubkey = ssl->out_msg + header_len + 1; - unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t own_pubkey_max_len = (size_t) (end - own_pubkey); - size_t own_pubkey_len; - - status = psa_export_public_key(handshake->xxdh_psa_privkey, - own_pubkey, own_pubkey_max_len, - &own_pubkey_len); - if (status != PSA_SUCCESS) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - ssl->out_msg[header_len] = (unsigned char) own_pubkey_len; - content_len = own_pubkey_len + 1; - - /* The ECDH secret is the premaster secret used for key derivation. */ - - /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, - handshake->xxdh_psa_peerkey_len, - ssl->handshake->premaster, - sizeof(ssl->handshake->premaster), - &ssl->handshake->pmslen); - - destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - - if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t key_attributes; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* - * opaque psk_identity<0..2^16-1>; - */ - if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { - /* We don't offer PSK suites if we don't have a PSK, - * and we check that the server's choice is among the - * ciphersuites we offered, so this should never happen. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* uint16 to store content length */ - const size_t content_len_size = 2; - - header_len = 4; - - if (header_len + content_len_size + ssl->conf->psk_identity_len - > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("psk identity too long or SSL buffer too short")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - unsigned char *p = ssl->out_msg + header_len; - - *p++ = MBEDTLS_BYTE_1(ssl->conf->psk_identity_len); - *p++ = MBEDTLS_BYTE_0(ssl->conf->psk_identity_len); - header_len += content_len_size; - - memcpy(p, ssl->conf->psk_identity, - ssl->conf->psk_identity_len); - p += ssl->conf->psk_identity_len; - - header_len += ssl->conf->psk_identity_len; - - MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); - - /* - * Generate EC private key for ECDHE exchange. - */ - - /* The master secret is obtained from the shared ECDH secret by - * applying the TLS 1.2 PRF with a specific salt and label. While - * the PSA Crypto API encourages combining key agreement schemes - * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not - * yet support the provisioning of salt + label to the KDF. - * For the time being, we therefore need to split the computation - * of the ECDH secret and the application of the TLS 1.2 PRF. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* Generate ECDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - /* Export the public part of the ECDH private key from PSA. - * The export format is an ECPoint structure as expected by TLS, - * but we just need to add a length byte before that. */ - unsigned char *own_pubkey = p + 1; - unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t own_pubkey_max_len = (size_t) (end - own_pubkey); - size_t own_pubkey_len = 0; - - status = psa_export_public_key(handshake->xxdh_psa_privkey, - own_pubkey, own_pubkey_max_len, - &own_pubkey_len); - if (status != PSA_SUCCESS) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return PSA_TO_MBEDTLS_ERR(status); - } - - *p = (unsigned char) own_pubkey_len; - content_len = own_pubkey_len + 1; - - /* As RFC 5489 section 2, the premaster secret is formed as follows: - * - a uint16 containing the length (in octets) of the ECDH computation - * - the octet string produced by the ECDH computation - * - a uint16 containing the length (in octets) of the PSK - * - the PSK itself - */ - unsigned char *pms = ssl->handshake->premaster; - const unsigned char * const pms_end = pms + - sizeof(ssl->handshake->premaster); - /* uint16 to store length (in octets) of the ECDH computation */ - const size_t zlen_size = 2; - size_t zlen = 0; - - /* Perform ECDH computation after the uint16 reserved for the length */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, - handshake->xxdh_psa_peerkey_len, - pms + zlen_size, - pms_end - (pms + zlen_size), - &zlen); - - destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } else if (destruction_status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(destruction_status); - } - - /* Write the ECDH computation length before the ECDH computation */ - MBEDTLS_PUT_UINT16_BE(zlen, pms, 0); - pms += zlen_size + zlen; - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) { - /* - * opaque psk_identity<0..2^16-1>; - */ - if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) { - /* We don't offer PSK suites if we don't have a PSK, - * and we check that the server's choice is among the - * ciphersuites we offered, so this should never happen. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - header_len = 4; - content_len = ssl->conf->psk_identity_len; - - if (header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("psk identity too long or SSL buffer too short")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); - ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); - - memcpy(ssl->out_msg + header_len, - ssl->conf->psk_identity, - ssl->conf->psk_identity_len); - header_len += ssl->conf->psk_identity_len; - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - content_len = 0; - } else -#endif - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - } else -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - header_len = 4; - - unsigned char *out_p = ssl->out_msg + header_len; - unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - - header_len; - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - out_p, end_p - out_p, &content_len, - MBEDTLS_ECJPAKE_ROUND_TWO); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - { - ((void) ciphersuite_info); - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ssl->out_msglen = header_len + content_len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; - - mbedtls_ssl_handshake_increment_state(ssl); - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client key exchange")); - - return 0; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - size_t n = 0, offset = 0; - unsigned char hash[48]; - unsigned char *hash_start = hash; - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - size_t hashlen; - void *rs_ctx = NULL; -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) { - goto sign; - } -#endif - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - if (ssl->handshake->client_auth == 0 || - mbedtls_ssl_own_cert(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - if (mbedtls_ssl_own_key(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key for certificate")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - /* - * Make a signature of the handshake digests - */ -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; - } - -sign: -#endif - - ret = ssl->handshake->calc_verify(ssl, hash, &hashlen); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret); - return ret; - } - - /* - * digitally-signed struct { - * opaque handshake_messages[handshake_messages_length]; - * }; - * - * Taking shortcut here. We assume that the server always allows the - * PRF Hash function and has sent it in the allowed signature - * algorithms list received in the Certificate Request message. - * - * Until we encounter a server that does not, we will take this - * shortcut. - * - * Reason: Otherwise we should have running hashes for SHA512 and - * SHA224 in order to satisfy 'weird' needs from the server - * side. - */ - if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - md_alg = MBEDTLS_MD_SHA384; - ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; - } else { - md_alg = MBEDTLS_MD_SHA256; - ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; - } - ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl)); - - /* Info from md_alg will be used instead */ - hashlen = 0; - offset = 2; - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - rs_ctx = &ssl->handshake->ecrs_ctx.pk; - } -#endif - - if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), - md_alg, hash_start, hashlen, - ssl->out_msg + 6 + offset, - out_buf_len - 6 - offset, - &n, - rs_ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_restartable", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4); - - ssl->out_msglen = 6 + n + offset; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; - - mbedtls_ssl_handshake_increment_state(ssl); - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify")); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - uint32_t lifetime; - size_t ticket_len; - unsigned char *ticket; - const unsigned char *msg; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* - * struct { - * uint32 ticket_lifetime_hint; - * opaque ticket<0..2^16-1>; - * } NewSessionTicket; - * - * 0 . 3 ticket_lifetime_hint - * 4 . 5 ticket_len (n) - * 6 . 5+n ticket content - */ - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || - ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - - lifetime = MBEDTLS_GET_UINT32_BE(msg, 0); - - ticket_len = MBEDTLS_GET_UINT16_BE(msg, 4); - - if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len)); - - /* We're not waiting for a NewSessionTicket message any more */ - ssl->handshake->new_session_ticket = 0; - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); - - /* - * Zero-length ticket means the server changed his mind and doesn't want - * to send a ticket after all, so just forget it - */ - if (ticket_len == 0) { - return 0; - } - - if (ssl->session != NULL && ssl->session->ticket != NULL) { - mbedtls_zeroize_and_free(ssl->session->ticket, - ssl->session->ticket_len); - ssl->session->ticket = NULL; - ssl->session->ticket_len = 0; - } - - mbedtls_zeroize_and_free(ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len); - ssl->session_negotiate->ticket = NULL; - ssl->session_negotiate->ticket_len = 0; - - if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ticket, msg + 6, ticket_len); - - ssl->session_negotiate->ticket = ticket; - ssl->session_negotiate->ticket_len = ticket_len; - ssl->session_negotiate->ticket_lifetime = lifetime; - - /* - * RFC 5077 section 3.4: - * "If the client receives a session ticket from the server, then it - * discards any Session ID that was sent in the ServerHello." - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket in use, discarding session id")); - ssl->session_negotiate->id_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket")); - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -/* - * SSL handshake -- client side -- single step - */ -int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - /* Change state now, so that it is right in mbedtls_ssl_read_record(), used - * by DTLS for dropping out-of-sequence ChangeCipherSpec records */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && - ssl->handshake->new_session_ticket != 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_NEW_SESSION_TICKET); - } -#endif - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - break; - - /* - * ==> ClientHello - */ - case MBEDTLS_SSL_CLIENT_HELLO: - ret = mbedtls_ssl_write_client_hello(ssl); - break; - - /* - * <== ServerHello - * Certificate - * ( ServerKeyExchange ) - * ( CertificateRequest ) - * ServerHelloDone - */ - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_parse_server_hello(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate(ssl); - break; - - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_parse_server_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_parse_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_parse_server_hello_done(ssl); - break; - - /* - * ==> ( Certificate/Alert ) - * ClientKeyExchange - * ( CertificateVerify ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_write_certificate(ssl); - break; - - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_write_client_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_write_certificate_verify(ssl); - break; - - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_write_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_write_finished(ssl); - break; - - /* - * <== ( NewSessionTicket ) - * ChangeCipherSpec - * Finished - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_NEW_SESSION_TICKET: - ret = ssl_parse_new_session_ticket(ssl); - break; -#endif - - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_parse_finished(ssl); - break; - - case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup(ssl); - break; - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return ret; -} - -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c deleted file mode 100644 index 6b37a954d4..0000000000 --- a/library/ssl_tls12_server.c +++ /dev/null @@ -1,3655 +0,0 @@ -/* - * TLS server-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) - -#include "mbedtls/platform.h" - -#include "mbedtls/ssl.h" -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "constant_time_internal.h" -#include "mbedtls/constant_time.h" - -#include - -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/private/ecp.h" -#endif - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen) -{ - if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - mbedtls_free(ssl->cli_id); - - if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(ssl->cli_id, info, ilen); - ssl->cli_id_len = ilen; - - return 0; -} - -void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie) -{ - conf->f_cookie_write = f_cookie_write; - conf->f_cookie_check = f_cookie_check; - conf->p_cookie = p_cookie; -} -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_has_psk_or_cb(mbedtls_ssl_config const *conf) -{ - if (conf->f_psk != NULL) { - return 1; - } - - if (conf->psk_identity_len == 0 || conf->psk_identity == NULL) { - return 0; - } - - - if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { - return 1; - } - - if (conf->psk != NULL && conf->psk_len != 0) { - return 1; - } - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - /* Check verify-data in constant-time. The length OTOH is no secret */ - if (len != 1 + ssl->verify_data_len || - buf[0] != ssl->verify_data_len || - mbedtls_ct_memcmp(buf + 1, ssl->peer_verify_data, - ssl->verify_data_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - if (len != 1 || buf[0] != 0x0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("non-zero length renegotiation info")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; - } - - return 0; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -/* - * Function for parsing a supported groups (TLS 1.3) or supported elliptic - * curves (TLS 1.2) extension. - * - * The "extension_data" field of a supported groups extension contains a - * "NamedGroupList" value (TLS 1.3 RFC8446): - * enum { - * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), - * x25519(0x001D), x448(0x001E), - * ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102), - * ffdhe6144(0x0103), ffdhe8192(0x0104), - * ffdhe_private_use(0x01FC..0x01FF), - * ecdhe_private_use(0xFE00..0xFEFF), - * (0xFFFF) - * } NamedGroup; - * struct { - * NamedGroup named_group_list<2..2^16-1>; - * } NamedGroupList; - * - * The "extension_data" field of a supported elliptic curves extension contains - * a "NamedCurveList" value (TLS 1.2 RFC 8422): - * enum { - * deprecated(1..22), - * secp256r1 (23), secp384r1 (24), secp521r1 (25), - * x25519(29), x448(30), - * reserved (0xFE00..0xFEFF), - * deprecated(0xFF01..0xFF02), - * (0xFFFF) - * } NamedCurve; - * struct { - * NamedCurve named_curve_list<2..2^16-1> - * } NamedCurveList; - * - * The TLS 1.3 supported groups extension was defined to be a compatible - * generalization of the TLS 1.2 supported elliptic curves extension. They both - * share the same extension identifier. - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t list_size, our_size; - const unsigned char *p; - uint16_t *curves_tls_id; - - if (len < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - list_size = MBEDTLS_GET_UINT16_BE(buf, 0); - if (list_size + 2 != len || - list_size % 2 != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Should never happen unless client duplicates the extension */ - if (ssl->handshake->curves_tls_id != NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* Don't allow our peer to make us allocate too much memory, - * and leave room for a final 0 */ - our_size = list_size / 2 + 1; - if (our_size > MBEDTLS_ECP_DP_MAX) { - our_size = MBEDTLS_ECP_DP_MAX; - } - - if ((curves_tls_id = mbedtls_calloc(our_size, - sizeof(*curves_tls_id))) == NULL) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - ssl->handshake->curves_tls_id = curves_tls_id; - - p = buf + 2; - while (list_size > 0 && our_size > 1) { - uint16_t curr_tls_id = MBEDTLS_GET_UINT16_BE(p, 0); - - if (mbedtls_ssl_get_ecp_group_id_from_tls_id(curr_tls_id) != - MBEDTLS_ECP_DP_NONE) { - *curves_tls_id++ = curr_tls_id; - our_size--; - } - - list_size -= 2; - p += 2; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t list_size; - const unsigned char *p; - - if (len == 0 || (size_t) (buf[0] + 1) != len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - list_size = buf[0]; - - p = buf + 1; - while (list_size > 0) { - if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED) { - MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); - return 0; - } - - list_size--; - p++; - } - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl->handshake->psa_pake_ctx_is_ok != 1) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); - return 0; - } - - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, buf, len, - MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round one", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - - return ret; - } - - /* Only mark the extension as OK when we're sure it is */ - ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->session_negotiate->mfl_code = buf[0]; - - return 0; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - size_t peer_cid_len; - - /* CID extension only makes sense in DTLS */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * struct { - * opaque cid<0..2^8-1>; - * } ConnectionId; - */ - - if (len < 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - peer_cid_len = *buf++; - len--; - - if (len != peer_cid_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Ignore CID if the user has disabled its use. */ - if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { - /* Leave ssl->handshake->cid_in_use in its default - * value of MBEDTLS_SSL_CID_DISABLED. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("Client sent CID extension, but CID disabled")); - return 0; - } - - if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; - ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); - MBEDTLS_SSL_DEBUG_BUF(3, "Client CID", buf, peer_cid_len); - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ((void) buf); - - if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; - } - - return 0; -} -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - if (len != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ((void) buf); - - if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { - ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - } - - return 0; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session session; - - mbedtls_ssl_session_init(&session); - - if (ssl->conf->f_ticket_parse == NULL || - ssl->conf->f_ticket_write == NULL) { - return 0; - } - - /* Remember the client asked us to send a new ticket */ - ssl->handshake->new_session_ticket = 1; - - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, len)); - - if (len == 0) { - return 0; - } - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket rejected: renegotiating")); - return 0; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - /* - * Failures are ok: just ignore the ticket and proceed. - */ - if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session, - buf, len)) != 0) { - mbedtls_ssl_session_free(&session); - - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); - } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); - } else { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_parse", ret); - } - - return 0; - } - - /* - * Keep the session ID sent by the client, since we MUST send it back to - * inform them we're accepting the ticket (RFC 5077 section 3.4) - */ - session.id_len = ssl->session_negotiate->id_len; - memcpy(&session.id, ssl->session_negotiate->id, session.id_len); - - mbedtls_ssl_session_free(ssl->session_negotiate); - memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session)); - - /* Zeroize instead of free as we copied the content */ - mbedtls_platform_zeroize(&session, sizeof(mbedtls_ssl_session)); - - MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from ticket")); - - ssl->handshake->resume = 1; - - /* Don't send a new ticket after all, this one is OK */ - ssl->handshake->new_session_ticket = 0; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len) -{ - mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; - size_t i, j; - size_t profile_length; - uint16_t mki_length; - /*! 2 bytes for profile length and 1 byte for mki len */ - const size_t size_of_lengths = 3; - - /* If use_srtp is not configured, just ignore the extension */ - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->conf->dtls_srtp_profile_list == NULL) || - (ssl->conf->dtls_srtp_profile_list_len == 0)) { - return 0; - } - - /* RFC5764 section 4.1.1 - * uint8 SRTPProtectionProfile[2]; - * - * struct { - * SRTPProtectionProfiles SRTPProtectionProfiles; - * opaque srtp_mki<0..255>; - * } UseSRTPData; - - * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - */ - - /* - * Min length is 5: at least one protection profile(2 bytes) - * and length(2 bytes) + srtp_mki length(1 byte) - * Check here that we have at least 2 bytes of protection profiles length - * and one of srtp_mki length - */ - if (len < size_of_lengths) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; - - /* first 2 bytes are protection profile length(in bytes) */ - profile_length = (buf[0] << 8) | buf[1]; - buf += 2; - - /* The profile length cannot be bigger than input buffer size - lengths fields */ - if (profile_length > len - size_of_lengths || - profile_length % 2 != 0) { /* profiles are 2 bytes long, so the length must be even */ - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - /* - * parse the extension list values are defined in - * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - */ - for (j = 0; j < profile_length; j += 2) { - uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1]; - client_protection = mbedtls_ssl_check_srtp_profile_value(protection_profile_value); - - if (client_protection != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection))); - } else { - continue; - } - /* check if suggested profile is in our list */ - for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { - if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) { - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection))); - break; - } - } - if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) { - break; - } - } - buf += profile_length; /* buf points to the mki length */ - mki_length = *buf; - buf++; - - if (mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || - mki_length + profile_length + size_of_lengths != len) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Parse the mki only if present and mki is supported locally */ - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - mki_length > 0) { - ssl->dtls_srtp_info.mki_len = mki_length; - - memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length); - - MBEDTLS_SSL_DEBUG_BUF(3, "using mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -/* - * Auxiliary functions for ServerHello parsing and related actions - */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/* - * Return 0 if the given key uses one of the acceptable curves, -1 otherwise - */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_key_curve(mbedtls_pk_context *pk, - uint16_t *curves_tls_id) -{ - uint16_t *curr_tls_id = curves_tls_id; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk); - mbedtls_ecp_group_id curr_grp_id; - - while (*curr_tls_id != 0) { - curr_grp_id = mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id); - if (curr_grp_id == grp_id) { - return 0; - } - curr_tls_id++; - } - - return -1; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED */ - -/* - * Try picking a certificate for this ciphersuite, - * return 0 on success and -1 on failure. - */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_pick_cert(mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info) -{ - mbedtls_ssl_key_cert *cur, *list; - psa_algorithm_t pk_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(ciphersuite_info); - psa_key_usage_t pk_usage = - mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(ciphersuite_info); - uint32_t flags; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_key_cert != NULL) { - list = ssl->handshake->sni_key_cert; - } else -#endif - list = ssl->conf->key_cert; - - int pk_alg_is_none = 0; - pk_alg_is_none = (pk_alg == PSA_ALG_NONE); - if (pk_alg_is_none) { - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite requires certificate")); - - if (list == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate")); - return -1; - } - - for (cur = list; cur != NULL; cur = cur->next) { - flags = 0; - MBEDTLS_SSL_DEBUG_CRT(3, "candidate certificate chain, certificate", - cur->cert); - - int key_type_matches = 0; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, - PSA_KEY_USAGE_VERIFY_HASH)); -#else - key_type_matches = ( - mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if (!key_type_matches) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); - continue; - } - - /* - * This avoids sending the client a cert it'll reject based on - * keyUsage or other extensions. - * - * It also allows the user to provision different certificates for - * different uses based on keyUsage, eg if they want to avoid signing - * and decrypting with the same RSA key. - */ - if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_VERSION_TLS1_2, - &flags) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " - "(extended) key usage extension")); - continue; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - if (pk_alg == MBEDTLS_PK_ECDSA && - ssl_check_key_curve(&cur->cert->pk, - ssl->handshake->curves_tls_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve")); - continue; - } -#endif - - /* If we get there, we got a winner */ - break; - } - - /* Do not update ssl->handshake->key_cert unless there is a match */ - if (cur != NULL) { - ssl->handshake->key_cert = cur; - MBEDTLS_SSL_DEBUG_CRT(3, "selected certificate chain, certificate", - ssl->handshake->key_cert->cert); - return 0; - } - - return -1; -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -/* - * Check if a given ciphersuite is suitable for use with our config/keys/etc - * Sets ciphersuite_info only if the suite matches. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, - const mbedtls_ssl_ciphersuite_t **ciphersuite_info) -{ - const mbedtls_ssl_ciphersuite_t *suite_info; - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_sigalg_t sig_type; -#endif - - suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); - if (suite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("trying ciphersuite: %#04x (%s)", - (unsigned int) suite_id, suite_info->name)); - - if (suite_info->min_tls_version > ssl->tls_version || - suite_info->max_tls_version < ssl->tls_version) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: version")); - return 0; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: ecjpake " - "not configured or ext missing")); - return 0; - } -#endif - - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && - (ssl->handshake->curves_tls_id == NULL || - ssl->handshake->curves_tls_id[0] == 0)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " - "no common elliptic curve")); - return 0; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - /* If the ciphersuite requires a pre-shared key and we don't - * have one, skip it now rather than failing later */ - if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && - ssl_conf_has_psk_or_cb(ssl->conf) == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no pre-shared key")); - return 0; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - /* - * Final check: if ciphersuite requires us to have a - * certificate/key of a particular type: - * - select the appropriate certificate if we have one, or - * - try the next ciphersuite if we don't - * This must be done last since we modify the key_cert list. - */ - if (ssl_pick_cert(ssl, suite_info) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " - "no suitable certificate")); - return 0; - } -#endif - - /* If the ciphersuite requires signing, check whether - * a suitable hash algorithm is present. */ - sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); - if (sig_type != MBEDTLS_PK_SIGALG_NONE && - mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm " - "for signature algorithm %u", (unsigned) sig_type)); - return 0; - } - -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - - *ciphersuite_info = suite_info; - return 0; -} - -/* This function doesn't alert on errors that happen early during - ClientHello parsing because they might indicate that the client is - not talking SSL/TLS at all and would not understand our alert. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) -{ - int ret, got_common_suite; - size_t i, j; - size_t ciph_offset, comp_offset, ext_offset; - size_t msg_len, ciph_len, sess_len, comp_len, ext_len; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - size_t cookie_offset, cookie_len; -#endif - unsigned char *buf, *p, *ext; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int renegotiation_info_seen = 0; -#endif - int handshake_failure = 0; - const int *ciphersuites; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - /* If there is no signature-algorithm extension present, - * we need to fall back to the default values for allowed - * signature-hash pairs. */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - int sig_hash_alg_ext_present = 0; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); - - int renegotiating; - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -read_record_header: -#endif - /* - * If renegotiating, then the input was read with mbedtls_ssl_read_record(), - * otherwise read it ourselves manually in order to support SSLv2 - * ClientHello, which doesn't use the same record layer format. - * Otherwise in a scenario of TLS 1.3/TLS 1.2 version negotiation, the - * ClientHello has been already fully fetched by the TLS 1.3 code and the - * flag ssl->keep_current_message is raised. - */ - renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); -#endif - if (!renegotiating && !ssl->keep_current_message) { - if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) { - /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - } - - buf = ssl->in_hdr; - - MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl)); - - /* - * TLS Client Hello - * - * Record layer: - * 0 . 0 message type - * 1 . 2 protocol version - * 3 . 11 DTLS: epoch + record sequence number - * 3 . 4 message length - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message type: %d", - buf[0])); - - if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d", - MBEDTLS_GET_UINT16_BE(ssl->in_len, 0))); - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]", - buf[1], buf[2])); - - /* For DTLS if this is the initial handshake, remember the client sequence - * number to use it in our next message (RFC 6347 4.2.1) */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE -#endif - ) { - /* Epoch should be 0 for initial handshakes */ - if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, - sizeof(ssl->cur_out_ctr) - 2); - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding")); - ssl->next_record_offset = 0; - ssl->in_left = 0; - goto read_record_header; - } - - /* No MAC to check yet, so we can update right now */ - mbedtls_ssl_dtls_replay_update(ssl); -#endif - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - /* Set by mbedtls_ssl_read_record() */ - msg_len = ssl->in_hslen; - } else -#endif - { - if (ssl->keep_current_message) { - ssl->keep_current_message = 0; - } else { - if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if ((ret = mbedtls_ssl_fetch_input(ssl, - mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - - /* Done reading this record, get ready for the next one */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl); - } else -#endif - ssl->in_left = 0; - } - } - - buf = ssl->in_msg; - - MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len); - - ret = ssl->handshake->update_checksum(ssl, buf, msg_len); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - - /* - * Handshake layer: - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 5 DTLS only: message sequence number - * 6 . 8 DTLS only: fragment offset - * 9 . 11 DTLS only: fragment length - */ - if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0])); - - if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* - * Copy the client's handshake message_seq on initial handshakes, - * check sequence number on renego. - */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - if (cli_msg_seq != ssl->handshake->in_msg_seq) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: " - "%u (expected %u)", cli_msg_seq, - ssl->handshake->in_msg_seq)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->handshake->in_msg_seq++; - } else -#endif - { - unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - ssl->handshake->out_msg_seq = cli_msg_seq; - ssl->handshake->in_msg_seq = cli_msg_seq + 1; - } - { - /* - * For now we don't support fragmentation, so make sure - * fragment_offset == 0 and fragment_length == length - */ - size_t fragment_offset, fragment_length, length; - fragment_offset = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6); - fragment_length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9); - length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1); - MBEDTLS_SSL_DEBUG_MSG( - 4, ("fragment_offset=%u fragment_length=%u length=%u", - (unsigned) fragment_offset, (unsigned) fragment_length, - (unsigned) length)); - if (fragment_offset != 0 || length != fragment_length) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - buf += mbedtls_ssl_hs_hdr_len(ssl); - msg_len -= mbedtls_ssl_hs_hdr_len(ssl); - - /* - * ClientHello layout: - * 0 . 1 protocol version - * 2 . 33 random bytes (starting with 4 bytes of Unix time) - * 34 . 34 session id length (1 byte) - * 35 . 34+x session id, where x = session id length from byte 34 - * 35+x . 35+x DTLS only: cookie length (1 byte) - * 36+x . .. DTLS only: cookie - * .. . .. ciphersuite list length (2 bytes) - * .. . .. ciphersuite list - * .. . .. compression alg. list length (1 byte) - * .. . .. compression alg. list - * .. . .. extensions length (2 bytes, optional) - * .. . .. extensions (optional) - */ - - /* - * Minimal length (with everything empty and extensions omitted) is - * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can - * read at least up to session id length without worrying. - */ - if (msg_len < 38) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Check and save the protocol version - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, version", buf, 2); - - ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, - ssl->conf->transport); - ssl->session_negotiate->tls_version = ssl->tls_version; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server only supports TLS 1.2")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - /* - * Save client random (inc. Unix time) - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", buf + 2, 32); - - memcpy(ssl->handshake->randbytes, buf + 2, 32); - - /* - * Check the session ID length and save session ID - */ - sess_len = buf[34]; - - if (sess_len > sizeof(ssl->session_negotiate->id) || - sess_len + 34 + 2 > msg_len) { /* 2 for cipherlist length field */ - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 35, sess_len); - - ssl->session_negotiate->id_len = sess_len; - memset(ssl->session_negotiate->id, 0, - sizeof(ssl->session_negotiate->id)); - memcpy(ssl->session_negotiate->id, buf + 35, - ssl->session_negotiate->id_len); - - /* - * Check the cookie length and content - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - cookie_offset = 35 + sess_len; - cookie_len = buf[cookie_offset]; - - if (cookie_offset + 1 + cookie_len + 2 > msg_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", - buf + cookie_offset + 1, cookie_len); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (ssl->conf->f_cookie_check != NULL -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE -#endif - ) { - if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, - buf + cookie_offset + 1, cookie_len, - ssl->cli_id, ssl->cli_id_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification failed")); - ssl->handshake->cookie_verify_result = 1; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification passed")); - ssl->handshake->cookie_verify_result = 0; - } - } else -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - { - /* We know we didn't send a cookie, so it should be empty */ - if (cookie_len != 0) { - /* This may be an attacker's probe, so don't send an alert */ - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification skipped")); - } - - /* - * Check the ciphersuitelist length (will be parsed later) - */ - ciph_offset = cookie_offset + 1 + cookie_len; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - ciph_offset = 35 + sess_len; - - ciph_len = MBEDTLS_GET_UINT16_BE(buf, ciph_offset); - - if (ciph_len < 2 || - ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ - (ciph_len % 2) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist", - buf + ciph_offset + 2, ciph_len); - - /* - * Check the compression algorithm's length. - * The list contents are ignored because implementing - * MBEDTLS_SSL_COMPRESS_NULL is mandatory and is the only - * option supported by Mbed TLS. - */ - comp_offset = ciph_offset + 2 + ciph_len; - - comp_len = buf[comp_offset]; - - if (comp_len < 1 || - comp_len > 16 || - comp_len + comp_offset + 1 > msg_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, compression", - buf + comp_offset + 1, comp_len); - - /* - * Check the extension length - */ - ext_offset = comp_offset + 1 + comp_len; - if (msg_len > ext_offset) { - if (msg_len < ext_offset + 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ext_len = MBEDTLS_GET_UINT16_BE(buf, ext_offset); - - if (msg_len != ext_offset + 2 + ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - } else { - ext_len = 0; - } - - ext = buf + ext_offset + 2; - MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len); - - while (ext_len != 0) { - unsigned int ext_id; - unsigned int ext_size; - if (ext_len < 4) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - ext_id = MBEDTLS_GET_UINT16_BE(ext, 0); - ext_size = MBEDTLS_GET_UINT16_BE(ext, 2); - - if (ext_size + 4 > ext_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - switch (ext_id) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension")); - ret = mbedtls_ssl_parse_server_name_ext(ssl, ext + 4, - ext + 4 + ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; -#endif - - ret = ssl_parse_renegotiation_info(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension")); - - ret = mbedtls_ssl_parse_sig_alg_ext(ssl, ext + 4, ext + 4 + ext_size); - if (ret != 0) { - return ret; - } - - sig_hash_alg_ext_present = 1; - break; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); - - ret = ssl_parse_supported_groups_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; - - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG(3, ("found supported point formats extension")); - ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; - - ret = ssl_parse_supported_point_formats(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \ - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake kkpp extension")); - - ret = ssl_parse_ecjpake_kkpp(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG(3, ("found max fragment length extension")); - - ret = ssl_parse_max_fragment_length_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - - ret = ssl_parse_cid_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt then mac extension")); - - ret = ssl_parse_encrypt_then_mac_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG(3, ("found extended master secret extension")); - - ret = ssl_parse_extended_ms_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension")); - - ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - ret = mbedtls_ssl_parse_alpn_ext(ssl, ext + 4, - ext + 4 + ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - - ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size); - if (ret != 0) { - return ret; - } - break; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - default: - MBEDTLS_SSL_DEBUG_MSG(3, ("unknown extension found: %u (ignoring)", - ext_id)); - } - - ext_len -= 4 + ext_size; - ext += 4 + ext_size; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - - /* - * Try to fall back to default hash SHA1 if the client - * hasn't provided any preferred signature-hash combinations. - */ - if (!sig_hash_alg_ext_present) { - uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; - const uint16_t default_sig_algs[] = { -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, - MBEDTLS_SSL_HASH_SHA1), -#endif -#if defined(MBEDTLS_RSA_C) - MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, - MBEDTLS_SSL_HASH_SHA1), -#endif - MBEDTLS_TLS_SIG_NONE - }; - - MBEDTLS_STATIC_ASSERT(sizeof(default_sig_algs) / sizeof(default_sig_algs[0]) - <= MBEDTLS_RECEIVED_SIG_ALGS_SIZE, - "default_sig_algs is too big"); - - memcpy(received_sig_algs, default_sig_algs, sizeof(default_sig_algs)); - } - -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - - /* - * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV - */ - for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) { - if (p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) { - MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO ")); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV " - "during renegotiation")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#endif - ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; - break; - } - } - - /* - * Renegotiation security checks - */ - if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake")); - handshake_failure = 1; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension missing (secure)")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { - MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); - handshake_failure = 1; - } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1) { - MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension present (legacy)")); - handshake_failure = 1; - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - if (handshake_failure == 1) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* - * Server certification selection (after processing TLS extensions) - */ - if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_cert_cb", ret); - return ret; - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ssl->handshake->sni_name = NULL; - ssl->handshake->sni_name_len = 0; -#endif - - /* - * Search for a matching ciphersuite - * (At the end because we need information from the EC-based extensions - * and certificate from the SNI callback triggered by the SNI extension - * or certificate from server certificate selection callback.) - */ - got_common_suite = 0; - ciphersuites = ssl->conf->ciphersuite_list; - ciphersuite_info = NULL; - - if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) { - for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) { - for (i = 0; ciphersuites[i] != 0; i++) { - if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { - continue; - } - - got_common_suite = 1; - - if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], - &ciphersuite_info)) != 0) { - return ret; - } - - if (ciphersuite_info != NULL) { - goto have_ciphersuite; - } - } - } - } else { - for (i = 0; ciphersuites[i] != 0; i++) { - for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) { - if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) { - continue; - } - - got_common_suite = 1; - - if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], - &ciphersuite_info)) != 0) { - return ret; - } - - if (ciphersuite_info != NULL) { - goto have_ciphersuite; - } - } - } - } - - if (got_common_suite) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, " - "but none of them usable")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common")); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - -have_ciphersuite: - MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name)); - - ssl->session_negotiate->ciphersuite = ciphersuites[i]; - ssl->handshake->ciphersuite_info = ciphersuite_info; - - mbedtls_ssl_handshake_increment_state(ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_recv_flight_completed(ssl); - } -#endif - - /* Debugging-only output for testsuite */ -#if defined(MBEDTLS_DEBUG_C) && \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); - if (sig_alg != MBEDTLS_PK_SIGALG_NONE) { - unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %u", - sig_hash)); - } else { - MBEDTLS_SSL_DEBUG_MSG(3, ("no hash algorithm for signature algorithm " - "%u - should not happen", (unsigned) sig_alg)); - } -#endif - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello")); - - return 0; -} - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static void ssl_write_cid_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - size_t ext_len; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - - *olen = 0; - - /* Skip writing the extension if we don't want to use it or if - * the client hasn't offered it. */ - if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) { - return; - } - - /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX - * which is at most 255, so the increment cannot overflow. */ - if (end < p || (size_t) (end - p) < (unsigned) (ssl->own_cid_len + 5)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding CID extension")); - - /* - * struct { - * opaque cid<0..2^8-1>; - * } ConnectionId; - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0); - p += 2; - ext_len = (size_t) ssl->own_cid_len + 1; - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2; - - *p++ = (uint8_t) ssl->own_cid_len; - memcpy(p, ssl->own_cid, ssl->own_cid_len); - - *olen = ssl->own_cid_len + 5; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) -static void ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - const mbedtls_ssl_ciphersuite_t *suite = NULL; - - /* - * RFC 7366: "If a server receives an encrypt-then-MAC request extension - * from a client and then selects a stream or Authenticated Encryption - * with Associated Data (AEAD) ciphersuite, it MUST NOT send an - * encrypt-then-MAC response extension back to the client." - */ - suite = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite); - if (suite == NULL) { - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; - } else { - mbedtls_ssl_mode_t ssl_mode = - mbedtls_ssl_get_mode_from_ciphersuite( - ssl->session_negotiate->encrypt_then_mac, - suite); - - if (ssl_mode != MBEDTLS_SSL_MODE_CBC_ETM) { - ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED; - } - } - - if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding encrypt then mac extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static void ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding extended master secret " - "extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -static void ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->handshake->new_session_ticket == 0) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding session ticket extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 0x00; - - *olen = 4; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, secure renegotiation extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0); - p += 2; - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - *p++ = 0x00; - *p++ = (ssl->verify_data_len * 2 + 1) & 0xFF; - *p++ = ssl->verify_data_len * 2 & 0xFF; - - memcpy(p, ssl->peer_verify_data, ssl->verify_data_len); - p += ssl->verify_data_len; - memcpy(p, ssl->own_verify_data, ssl->verify_data_len); - p += ssl->verify_data_len; - } else -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - { - *p++ = 0x00; - *p++ = 0x01; - *p++ = 0x00; - } - - *olen = (size_t) (p - buf); -} - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - - if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, max_fragment_length extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 1; - - *p++ = ssl->session_negotiate->mfl_code; - - *olen = 5; -} -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - unsigned char *p = buf; - ((void) ssl); - - if ((ssl->handshake->cli_exts & - MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT) == 0) { - *olen = 0; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, supported_point_formats extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0); - p += 2; - - *p++ = 0x00; - *p++ = 2; - - *p++ = 1; - *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; - - *olen = 6; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - size_t kkpp_len; - - *olen = 0; - - /* Skip costly computation if not needed */ - if (ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, ecjpake kkpp extension")); - - if (end - p < 4) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return; - } - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0); - p += 2; - - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - p + 2, (size_t) (end - p - 2), &kkpp_len, - MBEDTLS_ECJPAKE_ROUND_ONE); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return; - } - - MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0); - p += 2; - - *olen = kkpp_len + 4; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) && defined(MBEDTLS_SSL_PROTO_DTLS) -static void ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen) -{ - size_t mki_len = 0, ext_len = 0; - uint16_t profile_value = 0; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - - *olen = 0; - - if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || - (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET)) { - return; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding use_srtp extension")); - - if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { - mki_len = ssl->dtls_srtp_info.mki_len; - } - - /* The extension total size is 9 bytes : - * - 2 bytes for the extension tag - * - 2 bytes for the total size - * - 2 bytes for the protection profile length - * - 2 bytes for the protection profile - * - 1 byte for the mki length - * + the actual mki length - * Check we have enough room in the output buffer */ - if ((size_t) (end - buf) < mki_len + 9) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return; - } - - /* extension */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0); - /* - * total length 5 and mki value: only one profile(2 bytes) - * and length(2 bytes) and srtp_mki ) - */ - ext_len = 5 + mki_len; - MBEDTLS_PUT_UINT16_BE(ext_len, buf, 2); - - /* protection profile length: 2 */ - buf[4] = 0x00; - buf[5] = 0x02; - profile_value = mbedtls_ssl_check_srtp_profile_value( - ssl->dtls_srtp_info.chosen_dtls_srtp_profile); - if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { - MBEDTLS_PUT_UINT16_BE(profile_value, buf, 6); - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("use_srtp extension invalid profile")); - return; - } - - buf[8] = mki_len & 0xFF; - memcpy(&buf[9], ssl->dtls_srtp_info.mki_value, mki_len); - - *olen = 9 + mki_len; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = ssl->out_msg + 4; - unsigned char *cookie_len_byte; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello verify request")); - - /* - * struct { - * ProtocolVersion server_version; - * opaque cookie<0..2^8-1>; - * } HelloVerifyRequest; - */ - - /* The RFC is not clear on this point, but sending the actual negotiated - * version looks like the most interoperable thing to do. */ - mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version); - MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); - p += 2; - - /* If we get here, f_cookie_check is not null */ - if (ssl->conf->f_cookie_write == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("inconsistent cookie callbacks")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Skip length byte until we know the length */ - cookie_len_byte = p++; - - if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie, - &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN, - ssl->cli_id, ssl->cli_id_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_cookie_write", ret); - return ret; - } - - *cookie_len_byte = (unsigned char) (p - (cookie_len_byte + 1)); - - MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte); - - ssl->out_msglen = (size_t) (p - ssl->out_msg); - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello verify request")); - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - -static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl) -{ - int ret; - mbedtls_ssl_session session_tmp; - mbedtls_ssl_session * const session = ssl->session_negotiate; - - /* Resume is 0 by default, see ssl_handshake_init(). - * It may be already set to 1 by ssl_parse_session_ticket_ext(). */ - if (ssl->handshake->resume == 1) { - return; - } - if (session->id_len == 0) { - return; - } - if (ssl->conf->f_get_cache == NULL) { - return; - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - return; - } -#endif - - mbedtls_ssl_session_init(&session_tmp); - - ret = ssl->conf->f_get_cache(ssl->conf->p_cache, - session->id, - session->id_len, - &session_tmp); - if (ret != 0) { - goto exit; - } - - if (session->ciphersuite != session_tmp.ciphersuite) { - /* Mismatch between cached and negotiated session */ - goto exit; - } - - /* Move semantics */ - mbedtls_ssl_session_free(session); - *session = session_tmp; - memset(&session_tmp, 0, sizeof(session_tmp)); - - MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from cache")); - ssl->handshake->resume = 1; - -exit: - - mbedtls_ssl_session_free(&session_tmp); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_hello(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t; -#endif - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t olen, ext_len = 0, n; - unsigned char *buf, *p; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello")); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->cookie_verify_result != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("client hello was not authenticated")); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - - return ssl_write_hello_verify_request(ssl); - } -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 5 protocol version - * 6 . 9 UNIX time() - * 10 . 37 random bytes - */ - buf = ssl->out_msg; - p = buf + 4; - - mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version); - p += 2; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen version: [%d:%d]", - buf[4], buf[5])); - -#if defined(MBEDTLS_HAVE_TIME) - t = mbedtls_time(NULL); - MBEDTLS_PUT_UINT32_BE(t, p, 0); - p += 4; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) t)); -#else - if ((ret = psa_generate_random(p, 4)) != 0) { - return ret; - } - - p += 4; -#endif /* MBEDTLS_HAVE_TIME */ - - if ((ret = psa_generate_random(p, 20)) != 0) { - return ret; - } - p += 20; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* - * RFC 8446 - * TLS 1.3 has a downgrade protection mechanism embedded in the server's - * random value. TLS 1.3 servers which negotiate TLS 1.2 or below in - * response to a ClientHello MUST set the last 8 bytes of their Random - * value specially in their ServerHello. - */ - if (mbedtls_ssl_conf_is_tls13_enabled(ssl->conf)) { - static const unsigned char magic_tls12_downgrade_string[] = - { 'D', 'O', 'W', 'N', 'G', 'R', 'D', 1 }; - - MBEDTLS_STATIC_ASSERT( - sizeof(magic_tls12_downgrade_string) == 8, - "magic_tls12_downgrade_string does not have the expected size"); - - memcpy(p, magic_tls12_downgrade_string, - sizeof(magic_tls12_downgrade_string)); - } else -#endif - { - if ((ret = psa_generate_random(p, 8)) != 0) { - return ret; - } - } - p += 8; - - memcpy(ssl->handshake->randbytes + 32, buf + 6, 32); - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 6, 32); - - ssl_handle_id_based_session_resumption(ssl); - - if (ssl->handshake->resume == 0) { - /* - * New session, create a new session id, - * unless we're about to issue a session ticket - */ - mbedtls_ssl_handshake_increment_state(ssl); - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->new_session_ticket != 0) { - ssl->session_negotiate->id_len = n = 0; - memset(ssl->session_negotiate->id, 0, 32); - } else -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - { - ssl->session_negotiate->id_len = n = 32; - if ((ret = psa_generate_random(ssl->session_negotiate->id, - n)) != 0) { - return ret; - } - } - } else { - /* - * Resuming a session - */ - n = ssl->session_negotiate->id_len; - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - } - - /* - * 38 . 38 session id length - * 39 . 38+n session id - * 39+n . 40+n chosen ciphersuite - * 41+n . 41+n chosen compression alg. - * 42+n . 43+n extensions length - * 44+n . 43+n+m extensions - */ - *p++ = (unsigned char) ssl->session_negotiate->id_len; - memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); - p += ssl->session_negotiate->id_len; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 39, n); - MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", - ssl->handshake->resume ? "a" : "no")); - - MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); - p += 2; - *p++ = MBEDTLS_BYTE_0(MBEDTLS_SSL_COMPRESS_NULL); - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %s", - mbedtls_ssl_get_ciphersuite_name(ssl->session_negotiate->ciphersuite))); - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: 0x%02X", - (unsigned int) MBEDTLS_SSL_COMPRESS_NULL)); - - /* - * First write extensions, then the total length - */ - ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl_write_cid_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - const mbedtls_ssl_ciphersuite_t *suite = - mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite); - if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) { - ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_ALPN) - unsigned char *end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN - 4; - if ((ret = mbedtls_ssl_write_alpn_ext(ssl, p + 2 + ext_len, end, &olen)) - != 0) { - return ret; - } - - ext_len += olen; -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, &olen); - ext_len += olen; -#endif - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len)); - - if (ext_len > 0) { - MBEDTLS_PUT_UINT16_BE(ext_len, p, 0); - p += 2 + ext_len; - } - - ssl->out_msglen = (size_t) (p - buf); - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; - - ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - - return ret; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - uint16_t dn_size, total_dn_size; /* excluding length bytes */ - size_t ct_len, sa_len; /* including length bytes */ - unsigned char *buf, *p; - const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - const mbedtls_x509_crt *crt; - int authmode; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - - mbedtls_ssl_handshake_increment_state(ssl); - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { - authmode = ssl->handshake->sni_authmode; - } else -#endif - authmode = ssl->conf->authmode; - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info) || - authmode == MBEDTLS_SSL_VERIFY_NONE) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - return 0; - } - - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 4 cert type count - * 5 .. m-1 cert types - * m .. m+1 sig alg length (TLS 1.2 only) - * m+1 .. n-1 SignatureAndHashAlgorithms (TLS 1.2 only) - * n .. n+1 length of all DNs - * n+2 .. n+3 length of DN 1 - * n+4 .. ... Distinguished Name #1 - * ... .. ... length of DN 2, etc. - */ - buf = ssl->out_msg; - p = buf + 4; - - /* - * Supported certificate types - * - * ClientCertificateType certificate_types<1..2^8-1>; - * enum { (255) } ClientCertificateType; - */ - ct_len = 0; - -#if defined(MBEDTLS_RSA_C) - p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN; -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN; -#endif - - p[0] = (unsigned char) ct_len++; - p += ct_len; - - sa_len = 0; - - /* - * Add signature_algorithms for verify (TLS 1.2) - * - * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>; - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * enum { (255) } HashAlgorithm; - * enum { (255) } SignatureAlgorithm; - */ - const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl); - if (sig_alg == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) { - unsigned char hash = MBEDTLS_BYTE_1(*sig_alg); - - if (mbedtls_ssl_set_calc_verify_md(ssl, hash)) { - continue; - } - if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) { - continue; - } - - /* Write elements at offsets starting from 1 (offset 0 is for the - * length). Thus the offset of each element is the length of the - * partial list including that element. */ - sa_len += 2; - MBEDTLS_PUT_UINT16_BE(*sig_alg, p, sa_len); - - } - - /* Fill in list length. */ - MBEDTLS_PUT_UINT16_BE(sa_len, p, 0); - sa_len += 2; - p += sa_len; - - /* - * DistinguishedName certificate_authorities<0..2^16-1>; - * opaque DistinguishedName<1..2^16-1>; - */ - p += 2; - - total_dn_size = 0; - - if (ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) { - /* NOTE: If trusted certificates are provisioned - * via a CA callback (configured through - * `mbedtls_ssl_conf_ca_cb()`, then the - * CertificateRequest is currently left empty. */ - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->dn_hints != NULL) { - crt = ssl->handshake->dn_hints; - } else -#endif - if (ssl->conf->dn_hints != NULL) { - crt = ssl->conf->dn_hints; - } else -#endif -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_ca_chain != NULL) { - crt = ssl->handshake->sni_ca_chain; - } else -#endif - crt = ssl->conf->ca_chain; - - while (crt != NULL && crt->version != 0) { - /* It follows from RFC 5280 A.1 that this length - * can be represented in at most 11 bits. */ - dn_size = (uint16_t) crt->subject_raw.len; - - if (end < p || (size_t) (end - p) < 2 + (size_t) dn_size) { - MBEDTLS_SSL_DEBUG_MSG(1, ("skipping CAs: buffer too short")); - break; - } - - MBEDTLS_PUT_UINT16_BE(dn_size, p, 0); - p += 2; - memcpy(p, crt->subject_raw.p, dn_size); - p += dn_size; - - MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size); - - total_dn_size += (unsigned short) (2 + dn_size); - crt = crt->next; - } - } - - ssl->out_msglen = (size_t) (p - buf); - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); - - ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ - defined(MBEDTLS_SSL_ASYNC_PRIVATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_server_key_exchange(mbedtls_ssl_context *ssl, - size_t *signature_len) -{ - /* Append the signature to ssl->out_msg, leaving 2 bytes for the - * signature length which will be added in ssl_write_server_key_exchange - * after the call to ssl_prepare_server_key_exchange. - * ssl_write_server_key_exchange also takes care of incrementing - * ssl->out_msglen. */ - unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2; - size_t sig_max_len = (ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN - - sig_start); - int ret = ssl->conf->f_async_resume(ssl, - sig_start, signature_len, sig_max_len); - if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data(ssl, NULL); - } - MBEDTLS_SSL_DEBUG_RET(2, "ssl_resume_server_key_exchange", ret); - return ret; -} -#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && - defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ - -/* Prepare the ServerKeyExchange message, up to and including - * calculating the signature if any, but excluding formatting the - * signature and sending the message. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, - size_t *signature_len) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - unsigned char *dig_signed = NULL; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ - - (void) ciphersuite_info; /* unused in some configurations */ -#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - (void) signature_len; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); -#else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); -#endif -#endif - - ssl->out_msglen = 4; /* header (type:1, length:3) to be written later */ - - /* - * - * Part 1: Provide key exchange parameters for chosen ciphersuite. - * - */ - - /* - * - ECJPAKE key exchanges - */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *out_p = ssl->out_msg + ssl->out_msglen; - unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - - ssl->out_msglen; - size_t output_offset = 0; - size_t output_len = 0; - - /* - * The first 3 bytes are: - * [0] MBEDTLS_ECP_TLS_NAMED_CURVE - * [1, 2] elliptic curve's TLS ID - * - * However since we only support secp256r1 for now, we hardcode its - * TLS ID here - */ - uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( - MBEDTLS_ECP_DP_SECP256R1); - if (tls_id == 0) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - *out_p = MBEDTLS_ECP_TLS_NAMED_CURVE; - MBEDTLS_PUT_UINT16_BE(tls_id, out_p, 1); - output_offset += 3; - - ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - out_p + output_offset, - end_p - out_p - output_offset, &output_len, - MBEDTLS_ECJPAKE_ROUND_TWO); - if (ret != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); - return ret; - } - - output_offset += output_len; - ssl->out_msglen += output_offset; - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - - /* - * For ECDHE key exchanges with PSK, parameters are prefixed by support - * identity hint (RFC 4279, Sec. 3). Until someone needs this feature, - * we use empty support identity hints here. - **/ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - ssl->out_msg[ssl->out_msglen++] = 0x00; - ssl->out_msg[ssl->out_msglen++] = 0x00; - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - - /* - * - ECDHE key exchanges - */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ecdhe(ciphersuite_info)) { - /* - * Ephemeral ECDH parameters: - * - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; - */ - uint16_t *curr_tls_id = ssl->handshake->curves_tls_id; - const uint16_t *group_list = ssl->conf->group_list; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - /* Match our preference list against the offered curves */ - if ((group_list == NULL) || (curr_tls_id == NULL)) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - for (; *group_list != 0; group_list++) { - for (curr_tls_id = ssl->handshake->curves_tls_id; - *curr_tls_id != 0; curr_tls_id++) { - if (*curr_tls_id == *group_list) { - goto curve_matching_done; - } - } - } - -curve_matching_done: - if (*curr_tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", - mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id))); - - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_key_attributes_t key_attributes; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - uint8_t *p = ssl->out_msg + ssl->out_msglen; - const size_t header_size = 4; // curve_type(1), namedcurve(2), - // data length(1) - const size_t data_length_size = 1; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - size_t ec_bits = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); - - /* Convert EC's TLS ID to PSA key type. */ - if (mbedtls_ssl_get_psa_curve_info_from_tls_id(*curr_tls_id, - &key_type, - &ec_bits) == PSA_ERROR_NOT_SUPPORTED) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse.")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - handshake->xxdh_psa_type = key_type; - handshake->xxdh_psa_bits = ec_bits; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* - * ECParameters curve_params - * - * First byte is curve_type, always named_curve - */ - *p++ = MBEDTLS_ECP_TLS_NAMED_CURVE; - - /* - * Next two bytes are the namedcurve value - */ - MBEDTLS_PUT_UINT16_BE(*curr_tls_id, p, 0); - p += 2; - - /* Generate ECDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); - return ret; - } - - /* - * ECPoint public - * - * First byte is data length. - * It will be filled later. p holds now the data length location. - */ - - /* Export the public part of the ECDH private key from PSA. - * Make one byte space for the length. - */ - unsigned char *own_pubkey = p + data_length_size; - - size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - - (own_pubkey - ssl->out_msg)); - - status = psa_export_public_key(handshake->xxdh_psa_privkey, - own_pubkey, own_pubkey_max_len, - &len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); - (void) psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return ret; - } - - /* Store the length of the exported public key. */ - *p = (uint8_t) len; - - /* Determine full message length. */ - len += header_size; - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - dig_signed = ssl->out_msg + ssl->out_msglen; -#endif - - ssl->out_msglen += len; - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ - - /* - * - * Part 2: For key exchanges involving the server signing the - * exchange parameters, compute and add the signature here. - * - */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { - if (dig_signed == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - size_t dig_signed_len = (size_t) (ssl->out_msg + ssl->out_msglen - dig_signed); - size_t hashlen = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * 2.1: Choose hash algorithm: - * For TLS 1.2, obey signature-hash-algorithm extension - * to choose appropriate hash. - */ - - mbedtls_pk_sigalg_t sig_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); - - unsigned char sig_hash = - (unsigned char) mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( - ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); - - mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash(sig_hash); - - /* For TLS 1.2, obey signature-hash-algorithm extension - * (RFC 5246, Sec. 7.4.1.4.1). */ - if (sig_alg == MBEDTLS_PK_SIGALG_NONE || md_alg == MBEDTLS_MD_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - /* (... because we choose a cipher suite - * only if there is a matching hash.) */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("pick hash algorithm %u for signing", (unsigned) md_alg)); - - /* - * 2.2: Compute the hash to be signed - */ - if (md_alg != MBEDTLS_MD_NONE) { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, - dig_signed, - dig_signed_len, - md_alg); - if (ret != 0) { - return ret; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); - - /* - * 2.3: Compute and add the signature - */ - /* - * We need to specify signature and hash algorithm explicitly through - * a prefix to the signature. - * - * struct { - * HashAlgorithm hash; - * SignatureAlgorithm signature; - * } SignatureAndHashAlgorithm; - * - * struct { - * SignatureAndHashAlgorithm algorithm; - * opaque signature<0..2^16-1>; - * } DigitallySigned; - * - */ - - ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg(md_alg); - ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg(sig_alg); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_sign_start != NULL) { - ret = ssl->conf->f_async_sign_start(ssl, - mbedtls_ssl_own_cert(ssl), - md_alg, hash, hashlen); - switch (ret) { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_sign was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return ssl_resume_server_key_exchange(ssl, signature_len); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - default: - MBEDTLS_SSL_DEBUG_RET(1, "f_async_sign_start", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (mbedtls_ssl_own_key(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - /* Append the signature to ssl->out_msg, leaving 2 bytes for the - * signature length which will be added in ssl_write_server_key_exchange - * after the call to ssl_prepare_server_key_exchange. - * ssl_write_server_key_exchange also takes care of incrementing - * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign_ext(sig_alg, mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); - return ret; - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - - return 0; -} - -/* Prepare the ServerKeyExchange message and send it. For ciphersuites - * that do not include a ServerKeyExchange message, do nothing. Either - * way, if successful, move on to the next step in the SSL state - * machine. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t signature_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { - /* Key exchanges not involving ephemeral keys don't use - * ServerKeyExchange, so end here. */ - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ - defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /* If we have already prepared the message and there is an ongoing - * signature operation, resume signing. */ - if (ssl->handshake->async_in_progress != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("resuming signature operation")); - ret = ssl_resume_server_key_exchange(ssl, &signature_len); - } else -#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && - defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ - { - /* ServerKeyExchange is needed. Prepare the message. */ - ret = ssl_prepare_server_key_exchange(ssl, &signature_len); - } - - if (ret != 0) { - /* If we're starting to write a new message, set ssl->out_msglen - * to 0. But if we're resuming after an asynchronous message, - * out_msglen is the amount of data written so far and mst be - * preserved. */ - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange (pending)")); - } else { - ssl->out_msglen = 0; - } - return ret; - } - - /* If there is a signature, write its length. - * ssl_prepare_server_key_exchange already wrote the signature - * itself at its proper place in the output buffer. */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if (signature_len != 0) { - ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1(signature_len); - ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0(signature_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "my signature", - ssl->out_msg + ssl->out_msglen, - signature_len); - - /* Skip over the already-written signature */ - ssl->out_msglen += signature_len; - } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - - /* Add header and send. */ - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; - - mbedtls_ssl_handshake_increment_state(ssl); - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange")); - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello done")); - - ssl->out_msglen = 4; - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; - - mbedtls_ssl_handshake_increment_state(ssl); - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ssl_send_flight_completed(ssl); - } -#endif - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); - return ret; - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello done")); - - return 0; -} - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end) -{ - int ret = 0; - uint16_t n; - - if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no pre-shared key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - /* - * Receive client pre-shared key identity name - */ - if (end - *p < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - n = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - if (n == 0 || n > end - *p) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (ssl->conf->f_psk != NULL) { - if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) { - ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - } else { - /* Identity is not a big secret since clients send it in the clear, - * but treat it carefully anyway, just in case */ - if (n != ssl->conf->psk_identity_len || - mbedtls_ct_memcmp(ssl->conf->psk_identity, *p, n) != 0) { - ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - } - - if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { - MBEDTLS_SSL_DEBUG_BUF(3, "Unknown PSK identity", *p, n); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY); - return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - - *p += n; - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - unsigned char *p, *end; - - ciphersuite_info = ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); - - if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - end = ssl->in_msg + ssl->in_hslen; - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { - size_t data_len = (size_t) (*p++); - size_t buf_len = (size_t) (end - p); - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_DEBUG_MSG(3, ("Read the peer's public key.")); - - /* - * We must have at least two bytes (1 for length, at least 1 for data) - */ - if (buf_len < 2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid buffer length: %" MBEDTLS_PRINTF_SIZET, - buf_len)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - if (data_len < 1 || data_len > buf_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - data_len, buf_len)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Store peer's ECDH public key. */ - if (data_len > sizeof(handshake->xxdh_psa_peerkey)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - data_len, - sizeof(handshake->xxdh_psa_peerkey))); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - memcpy(handshake->xxdh_psa_peerkey, p, data_len); - handshake->xxdh_psa_peerkey_len = data_len; - - /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement( - PSA_ALG_ECDH, handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len, - handshake->premaster, sizeof(handshake->premaster), - &handshake->pmslen); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); - if (handshake->xxdh_psa_privkey_is_external == 0) { - (void) psa_destroy_key(handshake->xxdh_psa_privkey); - } - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return ret; - } - - if (handshake->xxdh_psa_privkey_is_external == 0) { - status = psa_destroy_key(handshake->xxdh_psa_privkey); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); - return ret; - } - } - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - return ret; - } - - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - } else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; - size_t ecpoint_len; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return ret; - } - - /* Keep a copy of the peer's public key */ - if (p >= end) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ecpoint_len = *(p++); - if ((size_t) (end - p) < ecpoint_len) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account - the sizes of the FFDH keys which are at least 2048 bits. - The size of the array is thus greater than 256 bytes which is greater than any - possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/ -#if !defined(PSA_WANT_ALG_FFDH) - if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) { - psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#else - MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX, - "peer key buffer too small"); -#endif - - memcpy(handshake->xxdh_psa_peerkey, p, ecpoint_len); - handshake->xxdh_psa_peerkey_len = ecpoint_len; - p += ecpoint_len; - - /* As RFC 5489 section 2, the premaster secret is formed as follows: - * - a uint16 containing the length (in octets) of the ECDH computation - * - the octet string produced by the ECDH computation - * - a uint16 containing the length (in octets) of the PSK - * - the PSK itself - */ - unsigned char *psm = ssl->handshake->premaster; - const unsigned char * const psm_end = - psm + sizeof(ssl->handshake->premaster); - /* uint16 to store length (in octets) of the ECDH computation */ - const size_t zlen_size = 2; - size_t zlen = 0; - - /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, - handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, - handshake->xxdh_psa_peerkey_len, - psm + zlen_size, - psm_end - (psm + zlen_size), - &zlen); - - destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey); - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } else if (destruction_status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(destruction_status); - } - - /* Write the ECDH computation length before the ECDH computation */ - MBEDTLS_PUT_UINT16_BE(zlen, psm, 0); - psm += zlen_size + zlen; - - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { - if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p), - MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) { - psa_destroy_key(ssl->handshake->psa_pake_password); - psa_pake_abort(&ssl->handshake->psa_pake_ctx); - - MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret); - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); - return ret; - } - - mbedtls_ssl_handshake_increment_state(ssl); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); - - return 0; -} - -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} -#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t i, sig_len; - unsigned char hash[48]; - unsigned char *hash_start = hash; - size_t hashlen; - mbedtls_pk_sigalg_t pk_alg; - mbedtls_md_type_t md_alg; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - mbedtls_pk_context *peer_pk; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - - if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (ssl->session_negotiate->peer_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert_digest == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* Read the message without adding it to the checksum */ - ret = mbedtls_ssl_read_record(ssl, 0 /* no checksum update */); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_read_record"), ret); - return ret; - } - - mbedtls_ssl_handshake_increment_state(ssl); - - /* Process the message contents */ - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - i = mbedtls_ssl_hs_hdr_len(ssl); - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * struct { - * SignatureAndHashAlgorithm algorithm; -- TLS 1.2 only - * opaque signature<0..2^16-1>; - * } DigitallySigned; - */ - if (i + 2 > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Hash - */ - md_alg = mbedtls_ssl_md_alg_from_hash(ssl->in_msg[i]); - - if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" - " for verify message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - -#if !defined(MBEDTLS_MD_SHA1) - if (MBEDTLS_MD_SHA1 == md_alg) { - hash_start += 16; - } -#endif - - /* Info from md_alg will be used instead */ - hashlen = 0; - - i++; - - /* - * Signature - */ - if ((pk_alg = mbedtls_ssl_pk_sig_alg_from_sig(ssl->in_msg[i])) - == MBEDTLS_PK_SIGALG_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" - " for verify message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * Check the certificate's key type matches the signature alg - */ - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - i++; - - if (i + 2 > ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - sig_len = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i); - i += 2; - - if (i + sig_len != ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Calculate hash and verify signature */ - { - size_t dummy_hlen; - ret = ssl->handshake->calc_verify(ssl, hash, &dummy_hlen); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret); - return ret; - } - } - - if ((ret = mbedtls_pk_verify_ext(pk_alg, peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); - return ret; - } - - ret = mbedtls_ssl_update_handshake_status(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify")); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t tlen; - uint32_t lifetime; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write new session ticket")); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; - ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET; - - /* - * struct { - * uint32 ticket_lifetime_hint; - * opaque ticket<0..2^16-1>; - * } NewSessionTicket; - * - * 4 . 7 ticket_lifetime_hint (0 = unspecified) - * 8 . 9 ticket_len (n) - * 10 . 9+n ticket content - */ - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->ticket_creation_time = mbedtls_ms_time(); -#endif - if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, - ssl->session_negotiate, - ssl->out_msg + 10, - ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, - &tlen, &lifetime)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_write", ret); - tlen = 0; - } - - MBEDTLS_PUT_UINT32_BE(lifetime, ssl->out_msg, 4); - MBEDTLS_PUT_UINT16_BE(tlen, ssl->out_msg, 8); - ssl->out_msglen = 10 + tlen; - - /* - * Morally equivalent to updating ssl->state, but NewSessionTicket and - * ChangeCipherSpec share the same state. - */ - ssl->handshake->new_session_ticket = 0; - - if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -/* - * SSL handshake -- server side -- single step - */ -int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("server state: %d", ssl->state)); - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - break; - - /* - * <== ClientHello - */ - case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_parse_client_hello(ssl); - break; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: - return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED; -#endif - - /* - * ==> ServerHello - * Certificate - * ( ServerKeyExchange ) - * ( CertificateRequest ) - * ServerHelloDone - */ - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_write_server_hello(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_write_certificate(ssl); - break; - - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_write_server_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_write_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_write_server_hello_done(ssl); - break; - - /* - * <== ( Certificate/Alert ) - * ClientKeyExchange - * ( CertificateVerify ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate(ssl); - break; - - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_parse_client_key_exchange(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_parse_certificate_verify(ssl); - break; - - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_parse_finished(ssl); - break; - - /* - * ==> ( NewSessionTicket ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->new_session_ticket != 0) { - ret = ssl_write_new_session_ticket(ssl); - } else -#endif - ret = mbedtls_ssl_write_change_cipher_spec(ssl); - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_write_finished(ssl); - break; - - case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup(ssl); - break; - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return ret; -} - -void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order) -{ - conf->respect_cli_pref = order; -} - -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c deleted file mode 100644 index b7b075cc97..0000000000 --- a/library/ssl_tls13_client.c +++ /dev/null @@ -1,3181 +0,0 @@ -/* - * TLS 1.3 client-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" - -#include "ssl_client.h" -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" -#include "mbedtls/psa_util.h" - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -/* Write extensions */ - -/* - * ssl_tls13_write_supported_versions_ext(): - * - * struct { - * ProtocolVersion versions<2..254>; - * } SupportedVersions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_supported_versions_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - unsigned char versions_len = (ssl->handshake->min_tls_version <= - MBEDTLS_SSL_VERSION_TLS1_2) ? 4 : 2; - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding supported versions extension")); - - /* Check if we have space to write the extension: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - versions_length (1 byte ) - * - versions (2 or 4 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + versions_len); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0); - MBEDTLS_PUT_UINT16_BE(versions_len + 1, p, 2); - p += 4; - - /* Length of versions */ - *p++ = versions_len; - - /* Write values of supported versions. - * They are defined by the configuration. - * Currently, we advertise only TLS 1.3 or both TLS 1.3 and TLS 1.2. - */ - mbedtls_ssl_write_version(p, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_3); - MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [3:4]")); - - - if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) { - mbedtls_ssl_write_version(p + 2, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); - MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [3:3]")); - } - - *out_len = 5 + versions_len; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - ((void) ssl); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 2); - if (mbedtls_ssl_read_version(buf, ssl->conf->transport) != - MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(1, ("unexpected version")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if (&buf[2] != end) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("supported_versions ext data length incorrect")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_ALPN) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) -{ - const unsigned char *p = buf; - const unsigned char *end = buf + len; - size_t protocol_name_list_len, protocol_name_len; - const unsigned char *protocol_name_list_end; - - /* If we didn't send it, the server shouldn't send it */ - if (ssl->conf->alpn_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * opaque ProtocolName<1..2^8-1>; - * - * struct { - * ProtocolName protocol_name_list<2..2^16-1> - * } ProtocolNameList; - * - * the "ProtocolNameList" MUST contain exactly one "ProtocolName" - */ - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - protocol_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, protocol_name_list_len); - protocol_name_list_end = p + protocol_name_list_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, 1); - protocol_name_len = *p++; - - /* Check that the server chosen protocol was in our list and save it */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len); - for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { - if (protocol_name_len == strlen(*alpn) && - memcmp(p, *alpn, protocol_name_len) == 0) { - ssl->alpn_chosen = *alpn; - return 0; - } - } - - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; -} -#endif /* MBEDTLS_SSL_ALPN */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) -{ - uint16_t group_id = ssl->handshake->offered_group_id; - - if (group_id == 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || - mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - /* Destroy generated private key. */ - status = psa_destroy_key(ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); - return ret; - } - - ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return 0; - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - if (0 /* other KEMs? */) { - /* Do something */ - } - - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -/* - * Functions for writing key_share extension. - */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, - uint16_t *group_id) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - const uint16_t *group_list = ssl->conf->group_list; - /* Pick first available ECDHE group compatible with TLS 1.3 */ - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - for (; *group_list != 0; group_list++) { -#if defined(PSA_WANT_ALG_ECDH) - if ((mbedtls_ssl_get_psa_curve_info_from_tls_id( - *group_list, NULL, NULL) == PSA_SUCCESS) && - mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) { - *group_id = *group_list; - return 0; - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) { - *group_id = *group_list; - return 0; - } -#endif - } -#else - ((void) ssl); - ((void) group_id); -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - - return ret; -} - -/* - * ssl_tls13_write_key_share_ext - * - * Structure of key_share extension in ClientHello: - * - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - * struct { - * KeyShareEntry client_shares<0..2^16-1>; - * } KeyShareClientHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - unsigned char *client_shares; /* Start of client_shares */ - size_t client_shares_len; /* Length of client_shares */ - uint16_t group_id; - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - *out_len = 0; - - /* Check if we have space for header and length fields: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - client_shares_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello: adding key share extension")); - - /* HRR could already have requested something else. */ - group_id = ssl->handshake->offered_group_id; - if (!mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) && - !mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { - MBEDTLS_SSL_PROC_CHK(ssl_tls13_get_default_group_id(ssl, - &group_id)); - } - - /* - * Dispatch to type-specific key generation function. - * - * So far, we're only supporting ECDHE. With the introduction - * of PQC KEMs, we'll want to have multiple branches, one per - * type of KEM, and dispatch to the corresponding crypto. And - * only one key share entry is allowed. - */ - client_shares = p; -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || - mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { - /* Pointer to group */ - unsigned char *group = p; - /* Length of key_exchange */ - size_t key_exchange_len = 0; - - /* Check there is space for header of KeyShareEntry - * - group (2 bytes) - * - key_exchange_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - p += 4; - ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - ssl, group_id, p, end, &key_exchange_len); - p += key_exchange_len; - if (ret != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("client hello: failed generating xxdh key exchange")); - return ret; - } - - /* Write group */ - MBEDTLS_PUT_UINT16_BE(group_id, group, 0); - /* Write key_exchange_length */ - MBEDTLS_PUT_UINT16_BE(key_exchange_len, group, 2); - } else -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - if (0 /* other KEMs? */) { - /* Do something */ - } else { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Length of client_shares */ - client_shares_len = p - client_shares; - if (client_shares_len == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No key share defined.")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - /* Write extension_type */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0); - /* Write extension_data_length */ - MBEDTLS_PUT_UINT16_BE(client_shares_len + 2, buf, 2); - /* Write client_shares_length */ - MBEDTLS_PUT_UINT16_BE(client_shares_len, buf, 4); - - /* Update offered_group_id field */ - ssl->handshake->offered_group_id = group_id; - - /* Output the total length of key_share extension. */ - *out_len = p - buf; - - MBEDTLS_SSL_DEBUG_BUF( - 3, "client hello, key_share extension", buf, *out_len); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); - -cleanup: - - return ret; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -/* - * ssl_tls13_parse_hrr_key_share_ext() - * Parse key_share extension in Hello Retry Request - * - * struct { - * NamedGroup selected_group; - * } KeyShareHelloRetryRequest; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - const unsigned char *p = buf; - int selected_group; - int found = 0; - - const uint16_t *group_list = ssl->conf->group_list; - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "key_share extension", p, end - buf); - - /* Read selected_group */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - selected_group = MBEDTLS_GET_UINT16_BE(p, 0); - MBEDTLS_SSL_DEBUG_MSG(3, ("selected_group ( %d )", selected_group)); - - /* Upon receipt of this extension in a HelloRetryRequest, the client - * MUST first verify that the selected_group field corresponds to a - * group which was provided in the "supported_groups" extension in the - * original ClientHello. - * The supported_group was based on the info in ssl->conf->group_list. - * - * If the server provided a key share that was not sent in the ClientHello - * then the client MUST abort the handshake with an "illegal_parameter" alert. - */ - for (; *group_list != 0; group_list++) { -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) { - if ((mbedtls_ssl_get_psa_curve_info_from_tls_id( - *group_list, NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) || - *group_list != selected_group) { - found = 1; - break; - } - } -#endif /* PSA_WANT_ALG_ECDH */ -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_tls13_named_group_is_ffdh(*group_list)) { - found = 1; - break; - } -#endif /* PSA_WANT_ALG_FFDH */ - } - - /* Client MUST verify that the selected_group field does not - * correspond to a group which was provided in the "key_share" - * extension in the original ClientHello. If the server sent an - * HRR message with a key share already provided in the - * ClientHello then the client MUST abort the handshake with - * an "illegal_parameter" alert. - */ - if (found == 0 || selected_group == ssl->handshake->offered_group_id) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid key share in HRR")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* Remember server's preference for next ClientHello */ - ssl->handshake->offered_group_id = selected_group; - - return 0; -#else /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - (void) ssl; - (void) buf; - (void) end; - return MBEDTLS_ERR_SSL_BAD_CONFIG; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ -} - -/* - * ssl_tls13_parse_key_share_ext() - * Parse key_share extension in Server Hello - * - * struct { - * KeyShareEntry server_share; - * } KeyShareServerHello; - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - uint16_t group, offered_group; - - /* ... - * NamedGroup group; (2 bytes) - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - group = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check that the chosen group matches the one we offered. */ - offered_group = ssl->handshake->offered_group_id; - if (offered_group != group) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Invalid server key share, our group %u, their group %u", - (unsigned) offered_group, (unsigned) group)); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || - mbedtls_ssl_tls13_named_group_is_ffdh(group)) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("DHE group name: %s", mbedtls_ssl_named_group_to_str(group))); - ret = mbedtls_ssl_tls13_read_public_xxdhe_share(ssl, p, end - p); - if (ret != 0) { - return ret; - } - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - if (0 /* other KEMs? */) { - /* Do something */ - } else { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return ret; -} - -/* - * ssl_tls13_parse_cookie_ext() - * Parse cookie extension in Hello Retry Request - * - * struct { - * opaque cookie<1..2^16-1>; - * } Cookie; - * - * When sending a HelloRetryRequest, the server MAY provide a "cookie" - * extension to the client (this is an exception to the usual rule that - * the only extensions that may be sent are those that appear in the - * ClientHello). When sending the new ClientHello, the client MUST copy - * the contents of the extension received in the HelloRetryRequest into - * a "cookie" extension in the new ClientHello. Clients MUST NOT use - * cookies in their initial ClientHello in subsequent connections. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_cookie_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - uint16_t cookie_len; - const unsigned char *p = buf; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Retrieve length field of cookie */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - cookie_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cookie_len); - MBEDTLS_SSL_DEBUG_BUF(3, "cookie extension", p, cookie_len); - - mbedtls_free(handshake->cookie); - handshake->cookie_len = 0; - handshake->cookie = mbedtls_calloc(1, cookie_len); - if (handshake->cookie == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("alloc failed ( %ud bytes )", - cookie_len)); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(handshake->cookie, p, cookie_len); - handshake->cookie_len = cookie_len; - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_cookie_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - *out_len = 0; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if (handshake->cookie == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("no cookie to send; skip extension")); - return 0; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", - handshake->cookie, - handshake->cookie_len); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, handshake->cookie_len + 6); - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding cookie extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_COOKIE, p, 0); - MBEDTLS_PUT_UINT16_BE(handshake->cookie_len + 2, p, 2); - MBEDTLS_PUT_UINT16_BE(handshake->cookie_len, p, 4); - p += 6; - - /* Cookie */ - memcpy(p, handshake->cookie, handshake->cookie_len); - - *out_len = handshake->cookie_len + 6; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_COOKIE); - - return 0; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/* - * ssl_tls13_write_psk_key_exchange_modes_ext() structure: - * - * enum { psk_ke( 0 ), psk_dhe_ke( 1 ), ( 255 ) } PskKeyExchangeMode; - * - * struct { - * PskKeyExchangeMode ke_modes<1..255>; - * } PskKeyExchangeModes; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_psk_key_exchange_modes_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - int ke_modes_len = 0; - - ((void) ke_modes_len); - *out_len = 0; - - /* Skip writing extension if no PSK key exchange mode - * is enabled in the config. - */ - if (!mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip psk_key_exchange_modes extension")); - return 0; - } - - /* Require 7 bytes of data, otherwise fail, - * even if extension might be shorter. - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 7); - MBEDTLS_SSL_DEBUG_MSG( - 3, ("client hello, adding psk_key_exchange_modes extension")); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, p, 0); - - /* Skip extension length (2 bytes) and - * ke_modes length (1 byte) for now. - */ - p += 5; - - if (mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl)) { - *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE; - ke_modes_len++; - - MBEDTLS_SSL_DEBUG_MSG(4, ("Adding PSK-ECDHE key exchange mode")); - } - - if (mbedtls_ssl_conf_tls13_is_psk_enabled(ssl)) { - *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE; - ke_modes_len++; - - MBEDTLS_SSL_DEBUG_MSG(4, ("Adding pure PSK key exchange mode")); - } - - /* Now write the extension and ke_modes length */ - MBEDTLS_PUT_UINT16_BE(ke_modes_len + 1, buf, 2); - buf[4] = ke_modes_len; - - *out_len = p - buf; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES); - - return 0; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); - - if (ciphersuite_info != NULL) { - return mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - } - - return PSA_ALG_NONE; -} - -static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - return ssl->handshake->resume && - session != NULL && session->ticket != NULL && - mbedtls_ssl_conf_tls13_is_kex_mode_enabled( - ssl, mbedtls_ssl_tls13_session_get_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL)); -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -static int ssl_tls13_early_data_has_valid_ticket(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - return ssl->handshake->resume && - session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && - mbedtls_ssl_tls13_session_ticket_allow_early_data(session) && - mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, session->ciphersuite); -} -#endif - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_ticket_get_identity(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **identity, - size_t *identity_len) -{ - mbedtls_ssl_session *session = ssl->session_negotiate; - - if (!ssl_tls13_has_configured_ticket(ssl)) { - return -1; - } - - *hash_alg = ssl_tls13_get_ciphersuite_hash_alg(session->ciphersuite); - *identity = session->ticket; - *identity_len = session->ticket_len; - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_ticket_get_psk(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **psk, - size_t *psk_len) -{ - - mbedtls_ssl_session *session = ssl->session_negotiate; - - if (!ssl_tls13_has_configured_ticket(ssl)) { - return -1; - } - - *hash_alg = ssl_tls13_get_ciphersuite_hash_alg(session->ciphersuite); - *psk = session->resumption_key; - *psk_len = session->resumption_key_len; - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_psk_get_identity(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **identity, - size_t *identity_len) -{ - - if (!mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - return -1; - } - - *hash_alg = PSA_ALG_SHA_256; - *identity = ssl->conf->psk_identity; - *identity_len = ssl->conf->psk_identity_len; - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_psk_get_psk(mbedtls_ssl_context *ssl, - psa_algorithm_t *hash_alg, - const unsigned char **psk, - size_t *psk_len) -{ - - if (!mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - return -1; - } - - *hash_alg = PSA_ALG_SHA_256; - *psk = ssl->conf->psk; - *psk_len = ssl->conf->psk_len; - return 0; -} - -static int ssl_tls13_get_configured_psk_count(mbedtls_ssl_context *ssl) -{ - int configured_psk_count = 0; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl_tls13_has_configured_ticket(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket is configured")); - configured_psk_count++; - } -#endif - if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("PSK is configured")); - configured_psk_count++; - } - return configured_psk_count; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_identity(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - const unsigned char *identity, - size_t identity_len, - uint32_t obfuscated_ticket_age, - size_t *out_len) -{ - ((void) ssl); - *out_len = 0; - - /* - * - identity_len (2 bytes) - * - identity (psk_identity_len bytes) - * - obfuscated_ticket_age (4 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6 + identity_len); - - MBEDTLS_PUT_UINT16_BE(identity_len, buf, 0); - memcpy(buf + 2, identity, identity_len); - MBEDTLS_PUT_UINT32_BE(obfuscated_ticket_age, buf, 2 + identity_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "write identity", buf, 6 + identity_len); - - *out_len = 6 + identity_len; - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_binder(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - int psk_type, - psa_algorithm_t hash_alg, - const unsigned char *psk, - size_t psk_len, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char binder_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len = 0; - - *out_len = 0; - - binder_len = PSA_HASH_LENGTH(hash_alg); - - /* - * - binder_len (1 bytes) - * - binder (binder_len bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 1 + binder_len); - - buf[0] = binder_len; - - /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_md_type_from_psa_alg(hash_alg), - transcript, sizeof(transcript), &transcript_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_create_psk_binder(ssl, hash_alg, - psk, psk_len, psk_type, - transcript, buf + 1); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_create_psk_binder", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_BUF(4, "write binder", buf, 1 + binder_len); - - *out_len = 1 + binder_len; - - return 0; -} - -/* - * mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext() structure: - * - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * PskIdentity identities<7..2^16-1>; - * PskBinderEntry binders<33..2^16-1>; - * } OfferedPsks; - * - * struct { - * select (Handshake.msg_type) { - * case client_hello: OfferedPsks; - * ... - * }; - * } PreSharedKeyExtension; - * - */ -int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, - size_t *out_len, size_t *binders_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int configured_psk_count = 0; - unsigned char *p = buf; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - const unsigned char *identity; - size_t identity_len; - size_t l_binders_len = 0; - size_t output_len; - - *out_len = 0; - *binders_len = 0; - - /* Check if we have any PSKs to offer. If no, skip pre_shared_key */ - configured_psk_count = ssl_tls13_get_configured_psk_count(ssl); - if (configured_psk_count == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("skip pre_shared_key extensions")); - return 0; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("Pre-configured PSK number = %d", - configured_psk_count)); - - /* Check if we have space to write the extension, binders included. - * - extension_type (2 bytes) - * - extension_data_len (2 bytes) - * - identities_len (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - p += 6; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl_tls13_ticket_get_identity( - ssl, &hash_alg, &identity, &identity_len) == 0) { -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t now = mbedtls_ms_time(); - mbedtls_ssl_session *session = ssl->session_negotiate; - /* The ticket age has been checked to be smaller than the - * `ticket_lifetime` in ssl_prepare_client_hello() which is smaller than - * 7 days (enforced in ssl_tls13_parse_new_session_ticket()) . Thus the - * cast to `uint32_t` of the ticket age is safe. */ - uint32_t obfuscated_ticket_age = - (uint32_t) (now - session->ticket_reception_time); - obfuscated_ticket_age += session->ticket_age_add; - - ret = ssl_tls13_write_identity(ssl, p, end, - identity, identity_len, - obfuscated_ticket_age, - &output_len); -#else - ret = ssl_tls13_write_identity(ssl, p, end, identity, identity_len, - 0, &output_len); -#endif /* MBEDTLS_HAVE_TIME */ - if (ret != 0) { - return ret; - } - - p += output_len; - l_binders_len += 1 + PSA_HASH_LENGTH(hash_alg); - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - if (ssl_tls13_psk_get_identity( - ssl, &hash_alg, &identity, &identity_len) == 0) { - - ret = ssl_tls13_write_identity(ssl, p, end, identity, identity_len, 0, - &output_len); - if (ret != 0) { - return ret; - } - - p += output_len; - l_binders_len += 1 + PSA_HASH_LENGTH(hash_alg); - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("client hello, adding pre_shared_key extension, " - "omitting PSK binder list")); - - /* Take into account the two bytes for the length of the binders. */ - l_binders_len += 2; - /* Check if there is enough space for binders */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, l_binders_len); - - /* - * - extension_type (2 bytes) - * - extension_data_len (2 bytes) - * - identities_len (2 bytes) - */ - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PRE_SHARED_KEY, buf, 0); - MBEDTLS_PUT_UINT16_BE(p - buf - 4 + l_binders_len, buf, 2); - MBEDTLS_PUT_UINT16_BE(p - buf - 6, buf, 4); - - *out_len = (p - buf) + l_binders_len; - *binders_len = l_binders_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key identities", buf, p - buf); - - return 0; -} - -int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( - mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - const unsigned char *psk; - size_t psk_len; - size_t output_len; - - /* Check if we have space to write binders_len. - * - binders_len (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p += 2; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len) == 0) { - - ret = ssl_tls13_write_binder(ssl, p, end, - MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION, - hash_alg, psk, psk_len, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - if (ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len) == 0) { - - ret = ssl_tls13_write_binder(ssl, p, end, - MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL, - hash_alg, psk, psk_len, - &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding PSK binder list.")); - - /* - * - binders_len (2 bytes) - */ - MBEDTLS_PUT_UINT16_BE(p - buf - 2, buf, 0); - - MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key binders", buf, p - buf); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); - - return 0; -} - -/* - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * - * select (Handshake.msg_type) { - * ... - * case server_hello: uint16 selected_identity; - * }; - * - * } PreSharedKeyExtension; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int selected_identity; - const unsigned char *psk; - size_t psk_len; - psa_algorithm_t hash_alg; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 2); - selected_identity = MBEDTLS_GET_UINT16_BE(buf, 0); - ssl->handshake->selected_identity = (uint16_t) selected_identity; - - MBEDTLS_SSL_DEBUG_MSG(3, ("selected_identity = %d", selected_identity)); - - if (selected_identity >= ssl_tls13_get_configured_psk_count(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid PSK identity.")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) { - ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len); - } else -#endif - if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) { - ret = ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len); - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - if (ret != 0) { - return ret; - } - - if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac) - != hash_alg) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Invalid ciphersuite for external psk.")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ret = mbedtls_ssl_set_hs_psk(ssl, psk, psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t ext_len; - - *out_len = 0; - - /* Write supported_versions extension - * - * Supported Versions Extension is mandatory with TLS 1.3. - */ - ret = ssl_tls13_write_supported_versions_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - - /* Echo the cookie if the server provided one in its preceding - * HelloRetryRequest message. - */ - ret = ssl_tls13_write_cookie_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - ret = mbedtls_ssl_tls13_write_record_size_limit_ext( - ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; -#endif - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - } -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) - /* In the first ClientHello, write the early data indication extension if - * necessary and update the early data state. - * If an HRR has been received and thus we are currently writing the - * second ClientHello, the second ClientHello must not contain an early - * data extension and the early data state must stay as it is: - * MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT or - * MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED. - */ - if (!ssl->handshake->hello_retry_request_flag) { - if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && - ssl_tls13_early_data_has_valid_ticket(ssl) && - ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 0, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; - - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT; - } else { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT; - } - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* For PSK-based key exchange we need the pre_shared_key extension - * and the psk_key_exchange_modes extension. - * - * The pre_shared_key extension MUST be the last extension in the - * ClientHello. Servers MUST check that it is the last extension and - * otherwise fail the handshake with an "illegal_parameter" alert. - * - * Add the psk_key_exchange_modes extension. - */ - ret = ssl_tls13_write_psk_key_exchange_modes_ext(ssl, p, end, &ext_len); - if (ret != 0) { - return ret; - } - p += ext_len; -#endif - - *out_len = p - buf; - - return 0; -} - -int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) -{ - ((void) ssl); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - const unsigned char *psk; - size_t psk_len; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Set hs psk for early data when writing the first psk")); - - ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_ticket_get_psk", ret); - return ret; - } - - ret = mbedtls_ssl_set_hs_psk(ssl, psk, psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - - /* - * Early data are going to be encrypted using the ciphersuite - * associated with the pre-shared key used for the handshake. - * Note that if the server rejects early data, the handshake - * based on the pre-shared key may complete successfully - * with a selected ciphersuite different from the ciphersuite - * associated with the pre-shared key. Only the hashes of the - * two ciphersuites have to be the same. In that case, the - * encrypted handshake data and application data are - * encrypted using a different ciphersuite than the one used for - * the rejected early data. - */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite); - ssl->handshake->ciphersuite_info = ciphersuite_info; - - /* Enable psk and psk_ephemeral to make stage early happy */ - ssl->handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - - /* Start the TLS 1.3 key schedule: - * Set the PSK and derive early secret. - */ - ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_key_schedule_stage_early", ret); - return ret; - } - - /* Derive early data key material */ - ret = mbedtls_ssl_tls13_compute_early_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_early_transform", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO); -#else - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to early data keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform( - ssl, ssl->handshake->transform_earlydata); - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE; -#endif - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - return 0; -} -/* - * Functions for parsing and processing Server Hello - */ - -/** - * \brief Detect if the ServerHello contains a supported_versions extension - * or not. - * - * \param[in] ssl SSL context - * \param[in] buf Buffer containing the ServerHello message - * \param[in] end End of the buffer containing the ServerHello message - * - * \return 0 if the ServerHello does not contain a supported_versions extension - * \return 1 if the ServerHello contains a supported_versions extension - * \return A negative value if an error occurred while parsing the ServerHello. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_is_supported_versions_ext_present( - mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t legacy_session_id_echo_len; - const unsigned char *supported_versions_data; - const unsigned char *supported_versions_data_end; - - /* - * Check there is enough data to access the legacy_session_id_echo vector - * length: - * - legacy_version 2 bytes - * - random MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes - * - legacy_session_id_echo length 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3); - p += MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2; - legacy_session_id_echo_len = *p; - - /* - * Jump to the extensions, jumping over: - * - legacy_session_id_echo (legacy_session_id_echo_len + 1) bytes - * - cipher_suite 2 bytes - * - legacy_compression_method 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_echo_len + 4); - p += legacy_session_id_echo_len + 4; - - return mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - ssl, p, end, - &supported_versions_data, &supported_versions_data_end); -} - -/* Returns a negative value on failure, and otherwise - * - 1 if the last eight bytes of the ServerHello random bytes indicate that - * the server is TLS 1.3 capable but negotiating TLS 1.2 or below. - * - 0 otherwise - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_is_downgrade_negotiation(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - /* First seven bytes of the magic downgrade strings, see RFC 8446 4.1.3 */ - static const unsigned char magic_downgrade_string[] = - { 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44 }; - const unsigned char *last_eight_bytes_of_random; - unsigned char last_byte_of_random; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2); - last_eight_bytes_of_random = buf + 2 + MBEDTLS_SERVER_HELLO_RANDOM_LEN - 8; - - if (memcmp(last_eight_bytes_of_random, - magic_downgrade_string, - sizeof(magic_downgrade_string)) == 0) { - last_byte_of_random = last_eight_bytes_of_random[7]; - return last_byte_of_random == 0 || - last_byte_of_random == 1; - } - - return 0; -} - -/* Returns a negative value on failure, and otherwise - * - SSL_SERVER_HELLO or - * - SSL_SERVER_HELLO_HRR - * to indicate which message is expected and to be parsed next. - */ -#define SSL_SERVER_HELLO 0 -#define SSL_SERVER_HELLO_HRR 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_server_hello_is_hrr(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - - /* Check whether this message is a HelloRetryRequest ( HRR ) message. - * - * Server Hello and HRR are only distinguished by Random set to the - * special value of the SHA-256 of "HelloRetryRequest". - * - * struct { - * ProtocolVersion legacy_version = 0x0303; - * Random random; - * opaque legacy_session_id_echo<0..32>; - * CipherSuite cipher_suite; - * uint8 legacy_compression_method = 0; - * Extension extensions<6..2^16-1>; - * } ServerHello; - * - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR( - buf, end, 2 + sizeof(mbedtls_ssl_tls13_hello_retry_request_magic)); - - if (memcmp(buf + 2, mbedtls_ssl_tls13_hello_retry_request_magic, - sizeof(mbedtls_ssl_tls13_hello_retry_request_magic)) == 0) { - return SSL_SERVER_HELLO_HRR; - } - - return SSL_SERVER_HELLO; -} - -/* - * Returns a negative value on failure, and otherwise - * - SSL_SERVER_HELLO or - * - SSL_SERVER_HELLO_HRR or - * - SSL_SERVER_HELLO_TLS1_2 - */ -#define SSL_SERVER_HELLO_TLS1_2 2 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_is_supported_versions_ext_present( - ssl, buf, end)); - - if (ret == 0) { - MBEDTLS_SSL_PROC_CHK_NEG( - ssl_tls13_is_downgrade_negotiation(ssl, buf, end)); - - /* If the server is negotiating TLS 1.2 or below and: - * . we did not propose TLS 1.2 or - * . the server responded it is TLS 1.3 capable but negotiating a lower - * version of the protocol and thus we are under downgrade attack - * abort the handshake with an "illegal parameter" alert. - */ - if (handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* - * Version 1.2 of the protocol has been negotiated, set the - * ssl->keep_current_message flag for the ServerHello to be kept and - * parsed as a TLS 1.2 ServerHello. We also change ssl->tls_version to - * MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step() - * will dispatch to the TLS 1.2 state machine. - */ - ssl->keep_current_message = 1; - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, - buf, (size_t) (end - buf))); - - if (mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - ret = ssl_tls13_reset_key_share(ssl); - if (ret != 0) { - return ret; - } - } - - return SSL_SERVER_HELLO_TLS1_2; - } - - ssl->session_negotiate->tls_version = ssl->tls_version; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - ret = ssl_server_hello_is_hrr(ssl, buf, end); - switch (ret) { - case SSL_SERVER_HELLO: - MBEDTLS_SSL_DEBUG_MSG(2, ("received ServerHello message")); - break; - case SSL_SERVER_HELLO_HRR: - MBEDTLS_SSL_DEBUG_MSG(2, ("received HelloRetryRequest message")); - /* If a client receives a second HelloRetryRequest in the same - * connection (i.e., where the ClientHello was itself in response - * to a HelloRetryRequest), it MUST abort the handshake with an - * "unexpected_message" alert. - */ - if (handshake->hello_retry_request_flag) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Multiple HRRs received")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - /* - * Clients must abort the handshake with an "illegal_parameter" - * alert if the HelloRetryRequest would not result in any change - * in the ClientHello. - * In a PSK only key exchange that what we expect. - */ - if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Unexpected HRR in pure PSK key exchange.")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - handshake->hello_retry_request_flag = 1; - - break; - } - -cleanup: - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_server_hello_session_id_echo(mbedtls_ssl_context *ssl, - const unsigned char **buf, - const unsigned char *end) -{ - const unsigned char *p = *buf; - size_t legacy_session_id_echo_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - legacy_session_id_echo_len = *p++; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_echo_len); - - /* legacy_session_id_echo */ - if (ssl->session_negotiate->id_len != legacy_session_id_echo_len || - memcmp(ssl->session_negotiate->id, p, legacy_session_id_echo_len) != 0) { - MBEDTLS_SSL_DEBUG_BUF(3, "Expected Session ID", - ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Received Session ID", p, - legacy_session_id_echo_len); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - p += legacy_session_id_echo_len; - *buf = p; - - MBEDTLS_SSL_DEBUG_BUF(3, "Session ID", ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - return 0; -} - -/* Parse ServerHello message and configure context - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * Random random; - * opaque legacy_session_id_echo<0..32>; - * CipherSuite cipher_suite; - * uint8 legacy_compression_method = 0; - * Extension extensions<6..2^16-1>; - * } ServerHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end, - int is_hrr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - size_t extensions_len; - const unsigned char *extensions_end; - uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - int fatal_alert = 0; - uint32_t allowed_extensions_mask; - int hs_msg_type = is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : - MBEDTLS_SSL_HS_SERVER_HELLO; - - /* - * Check there is space for minimal fields - * - * - legacy_version ( 2 bytes) - * - random (MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes) - * - legacy_session_id_echo ( 1 byte ), minimum size - * - cipher_suite ( 2 bytes) - * - legacy_compression_method ( 1 byte ) - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6); - - MBEDTLS_SSL_DEBUG_BUF(4, "server hello", p, end - p); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", p, 2); - - /* ... - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * ... - * with ProtocolVersion defined as: - * uint16 ProtocolVersion; - */ - if (mbedtls_ssl_read_version(p, ssl->conf->transport) != - MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Unsupported version of TLS.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - goto cleanup; - } - p += 2; - - /* ... - * Random random; - * ... - * with Random defined as: - * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN]; - */ - if (!is_hrr) { - memcpy(&handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p, - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", - p, MBEDTLS_SERVER_HELLO_RANDOM_LEN); - } - p += MBEDTLS_SERVER_HELLO_RANDOM_LEN; - - /* ... - * opaque legacy_session_id_echo<0..32>; - * ... - */ - if (ssl_tls13_check_server_hello_session_id_echo(ssl, &p, end) != 0) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - goto cleanup; - } - - /* ... - * CipherSuite cipher_suite; - * ... - * with CipherSuite defined as: - * uint8 CipherSuite[2]; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite); - /* - * Check whether this ciphersuite is valid and offered. - */ - if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, - ssl->tls_version, - ssl->tls_version) != 0) || - !mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - } - /* - * If we received an HRR before and that the proposed selected - * ciphersuite in this server hello is not the same as the one - * proposed in the HRR, we abort the handshake and send an - * "illegal_parameter" alert. - */ - else if ((!is_hrr) && handshake->hello_retry_request_flag && - (cipher_suite != ssl->session_negotiate->ciphersuite)) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - } - - if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER) { - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid ciphersuite(%04x) parameter", - cipher_suite)); - goto cleanup; - } - - /* Configure ciphersuites */ - mbedtls_ssl_optimize_checksum(ssl, ciphersuite_info); - - handshake->ciphersuite_info = ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: ( %04x ) - %s", - cipher_suite, ciphersuite_info->name)); - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif /* MBEDTLS_HAVE_TIME */ - - /* ... - * uint8 legacy_compression_method = 0; - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - if (p[0] != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad legacy compression method")); - fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - goto cleanup; - } - p++; - - /* ... - * Extension extensions<6..2^16-1>; - * ... - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check extensions do not go beyond the buffer of data. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello extensions", p, extensions_len); - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - allowed_extensions_mask = is_hrr ? - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - const unsigned char *extension_data_end; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - extension_data_end = p + extension_data_len; - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, hs_msg_type, extension_type, allowed_extensions_mask); - if (ret != 0) { - return ret; - } - - switch (extension_type) { - case MBEDTLS_TLS_EXT_COOKIE: - - ret = ssl_tls13_parse_cookie_ext(ssl, - p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_parse_cookie_ext", - ret); - goto cleanup; - } - break; - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - ret = ssl_tls13_parse_supported_versions_ext(ssl, - p, - extension_data_end); - if (ret != 0) { - goto cleanup; - } - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - MBEDTLS_SSL_DEBUG_MSG(3, ("found pre_shared_key extension")); - - if ((ret = ssl_tls13_parse_server_pre_shared_key_ext( - ssl, p, extension_data_end)) != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("ssl_tls13_parse_server_pre_shared_key_ext"), ret); - return ret; - } - break; -#endif - - case MBEDTLS_TLS_EXT_KEY_SHARE: - MBEDTLS_SSL_DEBUG_MSG(3, ("found key_shares extension")); - if (!mbedtls_ssl_conf_tls13_is_some_ephemeral_enabled(ssl)) { - fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; - goto cleanup; - } - - if (is_hrr) { - ret = ssl_tls13_parse_hrr_key_share_ext(ssl, - p, extension_data_end); - } else { - ret = ssl_tls13_parse_key_share_ext(ssl, - p, extension_data_end); - } - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_parse_key_share_ext", - ret); - goto cleanup; - } - break; - - default: - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, hs_msg_type, handshake->received_extensions); - -cleanup: - - if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION); - ret = MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; - } else if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - ret = MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - return ret; -} - -#if defined(MBEDTLS_DEBUG_C) -static const char *ssl_tls13_get_kex_mode_str(int mode) -{ - switch (mode) { - case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: - return "psk"; - case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: - return "ephemeral"; - case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: - return "psk_ephemeral"; - default: - return "unknown mode"; - } -} -#endif /* MBEDTLS_DEBUG_C */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Determine the key exchange mode: - * 1) If both the pre_shared_key and key_share extensions were received - * then the key exchange mode is PSK with EPHEMERAL. - * 2) If only the pre_shared_key extension was received then the key - * exchange mode is PSK-only. - * 3) If only the key_share extension was received then the key - * exchange mode is EPHEMERAL-only. - */ - switch (handshake->received_extensions & - (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE))) { - /* Only the pre_shared_key extension was received */ - case MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY): - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - break; - - /* Only the key_share extension was received */ - case MBEDTLS_SSL_EXT_MASK(KEY_SHARE): - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - break; - - /* Both the pre_shared_key and key_share extensions were received */ - case (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE)): - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - break; - - /* Neither pre_shared_key nor key_share extension was received */ - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("Unknown key exchange.")); - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto cleanup; - } - - if (!mbedtls_ssl_conf_tls13_is_kex_mode_enabled( - ssl, handshake->key_exchange_mode)) { - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - MBEDTLS_SSL_DEBUG_MSG( - 2, ("Key exchange mode(%s) is not supported.", - ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode))); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Selected key exchange mode: %s", - ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode))); - - /* Start the TLS 1.3 key scheduling if not already done. - * - * If we proposed early data then we have already derived an - * early secret using the selected PSK and its associated hash. - * It means that if the negotiated key exchange mode is psk or - * psk_ephemeral, we have already correctly computed the - * early secret and thus we do not do it again. In all other - * cases we compute it here. - */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT || - handshake->key_exchange_mode == - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL) -#endif - { - ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_key_schedule_stage_early", ret); - goto cleanup; - } - } - - ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls13_compute_handshake_transform", - ret); - goto cleanup; - } - - mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake); - MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); - ssl->session_in = ssl->session_negotiate; - -cleanup: - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - } - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_ssl_session_reset_msg_layer(ssl, 0); - - /* - * We are going to re-generate a shared secret corresponding to the group - * selected by the server, which is different from the group for which we - * generated a shared secret in the first client hello. - * Thus, reset the shared secret. - */ - ret = ssl_tls13_reset_key_share(ssl); - if (ret != 0) { - return ret; - } - - ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state != MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED; - } -#endif - - return 0; -} - -/* - * Wait and parse ServerHello handshake message. - * Handler for MBEDTLS_SSL_SERVER_HELLO - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf = NULL; - size_t buf_len = 0; - int is_hrr = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> %s", __func__)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); - - ret = ssl_tls13_preprocess_server_hello(ssl, buf, buf + buf_len); - if (ret < 0) { - goto cleanup; - } else { - is_hrr = (ret == SSL_SERVER_HELLO_HRR); - } - - if (ret == SSL_SERVER_HELLO_TLS1_2) { - ret = 0; - goto cleanup; - } - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_server_hello(ssl, buf, - buf + buf_len, - is_hrr)); - if (is_hrr) { - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_reset_transcript_for_hrr(ssl)); - } - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len)); - - if (is_hrr) { - MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl)); -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /* If not offering early data, the client sends a dummy CCS record - * immediately before its second flight. This may either be before - * its second ClientHello or before its encrypted handshake flight. - */ - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - } else { - MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_server_hello(ssl)); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - } - -cleanup: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= %s ( %s )", __func__, - is_hrr ? "HelloRetryRequest" : "ServerHello")); - return ret; -} - -/* - * - * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS - * - * The EncryptedExtensions message contains any extensions which - * should be protected, i.e., any which are not needed to establish - * the cryptographic context. - */ - -/* Parse EncryptedExtensions message - * struct { - * Extension extensions<0..2^16-1>; - * } EncryptedExtensions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = 0; - size_t extensions_len; - const unsigned char *p = buf; - const unsigned char *extensions_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "encrypted extensions", p, extensions_len); - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - /* - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE); - if (ret != 0) { - return ret; - } - - switch (extension_type) { -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - if ((ret = ssl_tls13_parse_alpn_ext( - ssl, p, (size_t) extension_data_len)) != 0) { - return ret; - } - - break; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_TLS_EXT_EARLY_DATA: - - if (extension_data_len != 0) { - /* The message must be empty. */ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: - MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension")); - - ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( - ssl, p, p + extension_data_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) && - (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) { - MBEDTLS_SSL_DEBUG_MSG(3, - ( - "Record size limit extension cannot be used with max fragment length extension")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - handshake->received_extensions); - - /* Check that we consumed all the message. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("EncryptedExtension lengths misaligned")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) -{ - int ret; - unsigned char *buf; - size_t buf_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - &buf, &buf_len)); - - /* Process the message contents */ - MBEDTLS_SSL_PROC_CHK( - ssl_tls13_parse_encrypted_extensions(ssl, buf, buf + buf_len)); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { - /* RFC8446 4.2.11 - * If the server supplies an "early_data" extension, the - * client MUST verify that the server's selected_identity - * is 0. If any other value is returned, the client MUST - * abort the handshake with an "illegal_parameter" alert. - * - * RFC 8446 4.2.10 - * In order to accept early data, the server MUST have accepted a PSK - * cipher suite and selected the first key offered in the client's - * "pre_shared_key" extension. In addition, it MUST verify that the - * following values are the same as those associated with the - * selected PSK: - * - The TLS version number - * - The selected cipher suite - * - The selected ALPN [RFC7301] protocol, if any - * - * The server has sent an early data extension in its Encrypted - * Extension message thus accepted to receive early data. We - * check here that the additional constraints on the handshake - * parameters, when early data are exchanged, are met, - * namely: - * - a PSK has been selected for the handshake - * - the selected PSK for the handshake was the first one proposed - * by the client. - * - the selected ciphersuite for the handshake is the ciphersuite - * associated with the selected PSK. - */ - if ((!mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) || - handshake->selected_identity != 0 || - handshake->ciphersuite_info->id != - ssl->session_negotiate->ciphersuite) { - - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED; - } else if (ssl->early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED; - } -#endif - - /* - * In case the client has proposed a PSK associated with a ticket, - * `ssl->session_negotiate->ciphersuite` still contains at this point the - * identifier of the ciphersuite associated with the ticket. This is that - * way because, if an exchange of early data is agreed upon, we need - * it to check that the ciphersuite selected for the handshake is the - * ticket ciphersuite (see above). This information is not needed - * anymore thus we can now set it to the identifier of the ciphersuite - * used in this session under negotiation. - */ - ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - buf, buf_len)); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); - } -#else - ((void) ssl); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); -#endif - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse encrypted extensions")); - return ret; - -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA - * - * RFC 8446 section 4.5 - * - * struct {} EndOfEarlyData; - * - * If the server sent an "early_data" extension in EncryptedExtensions, the - * client MUST send an EndOfEarlyData message after receiving the server - * Finished. Otherwise, the client MUST NOT send an EndOfEarlyData message. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_end_of_early_data(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf = NULL; - size_t buf_len; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write EndOfEarlyData")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_hdr_to_checksum( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0)); - - MBEDTLS_SSL_PROC_CHK( - mbedtls_ssl_finish_handshake_msg(ssl, buf_len, 0)); - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write EndOfEarlyData")); - return ret; -} - -int mbedtls_ssl_get_early_data_status(mbedtls_ssl_context *ssl) -{ - if ((ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) || - (!mbedtls_ssl_is_handshake_over(ssl))) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - switch (ssl->early_data_state) { - case MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT: - return MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED; - break; - - case MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED: - return MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - break; - - case MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED: - return MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - break; - - default: - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * STATE HANDLING: CertificateRequest - * - */ -#define SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST 0 -#define SSL_CERTIFICATE_REQUEST_SKIP 1 -/* Coordination: - * Deals with the ambiguity of not knowing if a CertificateRequest - * will be sent. Returns a negative code on failure, or - * - SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST - * - SSL_CERTIFICATE_REQUEST_SKIP - * indicating if a Certificate Request is expected or not. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - ssl->keep_current_message = 1; - - if ((ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) && - (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST)) { - MBEDTLS_SSL_DEBUG_MSG(3, ("got a certificate request")); - return SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("got no certificate request")); - - return SSL_CERTIFICATE_REQUEST_SKIP; -} - -/* - * ssl_tls13_parse_certificate_request() - * Parse certificate request - * struct { - * opaque certificate_request_context<0..2^8-1>; - * Extension extensions<2..2^16-1>; - * } CertificateRequest; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_certificate_request(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - size_t certificate_request_context_len = 0; - size_t extensions_len = 0; - const unsigned char *extensions_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* ... - * opaque certificate_request_context<0..2^8-1> - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - certificate_request_context_len = (size_t) p[0]; - p += 1; - - if (certificate_request_context_len > 0) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, certificate_request_context_len); - MBEDTLS_SSL_DEBUG_BUF(3, "Certificate Request Context", - p, certificate_request_context_len); - - handshake->certificate_request_context = - mbedtls_calloc(1, certificate_request_context_len); - if (handshake->certificate_request_context == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(handshake->certificate_request_context, p, - certificate_request_context_len); - p += certificate_request_context_len; - } - - /* ... - * Extension extensions<2..2^16-1>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR); - if (ret != 0) { - return ret; - } - - switch (extension_type) { - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG(3, - ("found signature algorithms extension")); - ret = mbedtls_ssl_parse_sig_alg_ext(ssl, p, - p + extension_data_len); - if (ret != 0) { - return ret; - } - - break; - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - handshake->received_extensions); - - /* Check that we consumed all the message. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("CertificateRequest misaligned")); - goto decode_error; - } - - /* RFC 8446 section 4.3.2 - * - * The "signature_algorithms" extension MUST be specified - */ - if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(SIG_ALG)) == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, - ("no signature algorithms extension found")); - goto decode_error; - } - - ssl->handshake->client_auth = 1; - return 0; - -decode_error: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; -} - -/* - * Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); - - if (ret == SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST) { - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request( - ssl, buf, buf + buf_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - buf, buf_len)); - } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) { - ret = 0; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_server_certificate(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_process_certificate(ssl); - if (ret != 0) { - return ret; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); - if (ret != 0) { - return ret; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * Handler for MBEDTLS_SSL_SERVER_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_process_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_application_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_state == MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED) { - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED; - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - } else -#endif /* MBEDTLS_SSL_EARLY_DATA */ - { -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - } - - return 0; -} - -/* - * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_client_certificate(mbedtls_ssl_context *ssl) -{ - int non_empty_certificate_msg = 0; - - MBEDTLS_SSL_DEBUG_MSG(1, - ("Switch to handshake traffic keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform(ssl, ssl->handshake->transform_handshake); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (ssl->handshake->client_auth) { - int ret = mbedtls_ssl_tls13_write_certificate(ssl); - if (ret != 0) { - return ret; - } - - if (mbedtls_ssl_own_cert(ssl) != NULL) { - non_empty_certificate_msg = 1; - } - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip write certificate")); - } -#endif - - if (non_empty_certificate_msg) { - mbedtls_ssl_handshake_set_state(ssl, - MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip write certificate verify")); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - - return 0; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_client_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); - - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - - return ret; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * Handler for MBEDTLS_SSL_CLIENT_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_client_finished(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_write_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret); - return ret; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_FLUSH_BUFFERS); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_FLUSH_BUFFERS - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_flush_buffers(mbedtls_ssl_context *ssl) -{ - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - - mbedtls_ssl_tls13_handshake_wrapup(ssl); - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - return 0; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* From RFC 8446 section 4.2.10 - * - * struct { - * select (Handshake.msg_type) { - * case new_session_ticket: uint32 max_early_data_size; - * ... - * }; - * } EarlyDataIndication; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_new_session_ticket_early_data_ext( - mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - mbedtls_ssl_session *session = ssl->session; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 4); - - session->max_early_data_size = MBEDTLS_GET_UINT32_BE(buf, 0); - mbedtls_ssl_tls13_session_set_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - MBEDTLS_SSL_DEBUG_MSG( - 3, ("received max_early_data_size: %u", - (unsigned int) session->max_early_data_size)); - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - const unsigned char *p = buf; - - - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < end) { - unsigned int extension_type; - size_t extension_data_len; - int ret; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST); - if (ret != 0) { - return ret; - } - - switch (extension_type) { -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_TLS_EXT_EARLY_DATA: - ret = ssl_tls13_parse_new_session_ticket_early_data_ext( - ssl, p, p + extension_data_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_new_session_ticket_early_data_ext", - ret); - } - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - handshake->received_extensions); - - return 0; -} - -/* - * From RFC8446, page 74 - * - * struct { - * uint32 ticket_lifetime; - * uint32 ticket_age_add; - * opaque ticket_nonce<0..255>; - * opaque ticket<1..2^16-1>; - * Extension extensions<0..2^16-2>; - * } NewSessionTicket; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - unsigned char **ticket_nonce, - size_t *ticket_nonce_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - mbedtls_ssl_session *session = ssl->session; - size_t ticket_len; - unsigned char *ticket; - size_t extensions_len; - - *ticket_nonce = NULL; - *ticket_nonce_len = 0; - /* - * ticket_lifetime 4 bytes - * ticket_age_add 4 bytes - * ticket_nonce_len 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 9); - - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - MBEDTLS_SSL_DEBUG_MSG(3, - ("ticket_lifetime: %u", - (unsigned int) session->ticket_lifetime)); - if (session->ticket_lifetime > - MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime exceeds 7 days.")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 4); - MBEDTLS_SSL_DEBUG_MSG(3, - ("ticket_age_add: %u", - (unsigned int) session->ticket_age_add)); - - *ticket_nonce_len = p[8]; - p += 9; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, *ticket_nonce_len); - *ticket_nonce = p; - MBEDTLS_SSL_DEBUG_BUF(3, "ticket_nonce:", *ticket_nonce, *ticket_nonce_len); - p += *ticket_nonce_len; - - /* Ticket */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, ticket_len); - MBEDTLS_SSL_DEBUG_BUF(3, "received ticket", p, ticket_len); - - /* Check if we previously received a ticket already. */ - if (session->ticket != NULL || session->ticket_len > 0) { - mbedtls_free(session->ticket); - session->ticket = NULL; - session->ticket_len = 0; - } - - if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed")); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(ticket, p, ticket_len); - p += ticket_len; - session->ticket = ticket; - session->ticket_len = ticket_len; - - /* Clear all flags in ticket_flags */ - mbedtls_ssl_tls13_session_clear_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "ticket extension", p, extensions_len); - - ret = ssl_tls13_parse_new_session_ticket_exts(ssl, p, p + extensions_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_parse_new_session_ticket_exts", - ret); - return ret; - } - - return 0; -} - -/* Non negative return values for ssl_tls13_postprocess_new_session_ticket(). - * - POSTPROCESS_NEW_SESSION_TICKET_SIGNAL, all good, we have to signal the - * application that a valid ticket has been received. - * - POSTPROCESS_NEW_SESSION_TICKET_DISCARD, no fatal error, we keep the - * connection alive but we do not signal the ticket to the application. - */ -#define POSTPROCESS_NEW_SESSION_TICKET_SIGNAL 0 -#define POSTPROCESS_NEW_SESSION_TICKET_DISCARD 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, - unsigned char *ticket_nonce, - size_t ticket_nonce_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session *session = ssl->session; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - psa_algorithm_t psa_hash_alg; - int hash_length; - - if (session->ticket_lifetime == 0) { - return POSTPROCESS_NEW_SESSION_TICKET_DISCARD; - } - -#if defined(MBEDTLS_HAVE_TIME) - /* Store ticket creation time */ - session->ticket_reception_time = mbedtls_ms_time(); -#endif - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); - if (ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_length = PSA_HASH_LENGTH(psa_hash_alg); - if (hash_length == -1 || - (size_t) hash_length > sizeof(session->resumption_key)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - - MBEDTLS_SSL_DEBUG_BUF(3, "resumption_master_secret", - session->app_secrets.resumption_master_secret, - hash_length); - - /* Compute resumption key - * - * HKDF-Expand-Label( resumption_master_secret, - * "resumption", ticket_nonce, Hash.length ) - */ - ret = mbedtls_ssl_tls13_hkdf_expand_label( - psa_hash_alg, - session->app_secrets.resumption_master_secret, - hash_length, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(resumption), - ticket_nonce, - ticket_nonce_len, - session->resumption_key, - hash_length); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(2, - "Creating the ticket-resumed PSK failed", - ret); - return ret; - } - - session->resumption_key_len = hash_length; - - MBEDTLS_SSL_DEBUG_BUF(3, "Ticket-resumed PSK", - session->resumption_key, - session->resumption_key_len); - - /* Set ticket_flags depends on the selected key exchange modes */ - mbedtls_ssl_tls13_session_set_ticket_flags( - session, ssl->conf->tls13_kex_modes); - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); - - return POSTPROCESS_NEW_SESSION_TICKET_SIGNAL; -} - -/* - * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len; - unsigned char *ticket_nonce; - size_t ticket_nonce_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - &buf, &buf_len)); - - /* - * We are about to update (maybe only partially) ticket data thus block - * any session export for the time being. - */ - ssl->session->exported = 1; - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_new_session_ticket( - ssl, buf, buf + buf_len, - &ticket_nonce, &ticket_nonce_len)); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_postprocess_new_session_ticket( - ssl, ticket_nonce, ticket_nonce_len)); - - switch (ret) { - case POSTPROCESS_NEW_SESSION_TICKET_SIGNAL: - /* - * All good, we have received a new valid ticket, session data can - * be exported now and we signal the ticket to the application. - */ - ssl->session->exported = 0; - ret = MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET; - break; - - case POSTPROCESS_NEW_SESSION_TICKET_DISCARD: - ret = 0; - MBEDTLS_SSL_DEBUG_MSG(2, ("Discard new session ticket")); - break; - - default: - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket")); - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) -{ - int ret = 0; - - switch (ssl->state) { - case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - break; - - case MBEDTLS_SSL_CLIENT_HELLO: - ret = mbedtls_ssl_write_client_hello(ssl); - break; - - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_tls13_process_server_hello(ssl); - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - ret = ssl_tls13_process_encrypted_extensions(ssl); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_tls13_process_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = ssl_tls13_process_server_certificate(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_tls13_process_certificate_verify(ssl); - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = ssl_tls13_process_server_finished(ssl); - break; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_tls13_write_end_of_early_data(ssl); - break; -#endif - - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = ssl_tls13_write_client_certificate(ssl); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: - ret = ssl_tls13_write_client_certificate_verify(ssl); - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = ssl_tls13_write_client_finished(ssl); - break; - - case MBEDTLS_SSL_FLUSH_BUFFERS: - ret = ssl_tls13_flush_buffers(ssl); - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - ret = ssl_tls13_handshake_wrapup(ssl); - break; - - /* - * Injection of dummy-CCS's for middlebox compatibility - */ -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret != 0) { - break; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - break; - - case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret != 0) { - break; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); - break; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to early data keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform( - ssl, ssl->handshake->transform_earlydata); - ssl->early_data_state = MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE; - } - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: - ret = ssl_tls13_process_new_session_ticket(ssl); - break; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return ret; -} - -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c deleted file mode 100644 index f8aca908c4..0000000000 --- a/library/ssl_tls13_generic.c +++ /dev/null @@ -1,1732 +0,0 @@ -/* - * TLS 1.3 functionality shared between client and server - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_TLS_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include - -#include "mbedtls/error.h" -#include "debug_internal.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform.h" -#include "mbedtls/constant_time.h" -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" - -#include "ssl_tls13_invasive.h" -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" - -#include "psa/crypto.h" -#include "psa_util_internal.h" - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif - -const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ - MBEDTLS_SERVER_HELLO_RANDOM_LEN] = -{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, - 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, - 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, - 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C }; - -int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char **buf, - size_t *buf_len) -{ - int ret; - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - goto cleanup; - } - - if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - ssl->in_msg[0] != hs_type) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Receive unexpected handshake message.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - goto cleanup; - } - - /* - * Jump handshake header (4 bytes, see Section 4 of RFC 8446). - * ... - * HandshakeType msg_type; - * uint24 length; - * ... - */ - *buf = ssl->in_msg + 4; - *buf_len = ssl->in_hslen - 4; - -cleanup: - - return ret; -} - -int mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - mbedtls_ssl_context *ssl, - const unsigned char *buf, const unsigned char *end, - const unsigned char **supported_versions_data, - const unsigned char **supported_versions_data_end) -{ - const unsigned char *p = buf; - size_t extensions_len; - const unsigned char *extensions_end; - - *supported_versions_data = NULL; - *supported_versions_data_end = NULL; - - /* Case of no extension */ - if (p == end) { - return 0; - } - - /* ... - * Extension extensions; - * ... - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check extensions do not go beyond the buffer of data. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - if (extension_type == MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS) { - *supported_versions_data = p; - *supported_versions_data_end = p + extension_data_len; - return 1; - } - p += extension_data_len; - } - - return 0; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * STATE HANDLING: Read CertificateVerify - */ -/* Macro to express the maximum length of the verify structure. - * - * The structure is computed per TLS 1.3 specification as: - * - 64 bytes of octet 32, - * - 33 bytes for the context string - * (which is either "TLS 1.3, client CertificateVerify" - * or "TLS 1.3, server CertificateVerify"), - * - 1 byte for the octet 0x0, which serves as a separator, - * - 32 or 48 bytes for the Transcript-Hash(Handshake Context, Certificate) - * (depending on the size of the transcript_hash) - * - * This results in a total size of - * - 130 bytes for a SHA256-based transcript hash, or - * (64 + 33 + 1 + 32 bytes) - * - 146 bytes for a SHA384-based transcript hash. - * (64 + 33 + 1 + 48 bytes) - * - */ -#define SSL_VERIFY_STRUCT_MAX_SIZE (64 + \ - 33 + \ - 1 + \ - MBEDTLS_TLS1_3_MD_MAX_SIZE \ - ) - -/* - * The ssl_tls13_create_verify_structure() creates the verify structure. - * As input, it requires the transcript hash. - * - * The caller has to ensure that the buffer has size at least - * SSL_VERIFY_STRUCT_MAX_SIZE bytes. - */ -static void ssl_tls13_create_verify_structure(const unsigned char *transcript_hash, - size_t transcript_hash_len, - unsigned char *verify_buffer, - size_t *verify_buffer_len, - int from) -{ - size_t idx; - - /* RFC 8446, Section 4.4.3: - * - * The digital signature [in the CertificateVerify message] is then - * computed over the concatenation of: - * - A string that consists of octet 32 (0x20) repeated 64 times - * - The context string - * - A single 0 byte which serves as the separator - * - The content to be signed - */ - memset(verify_buffer, 0x20, 64); - idx = 64; - - if (from == MBEDTLS_SSL_IS_CLIENT) { - memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.client_cv, - MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv)); - idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv); - } else { /* from == MBEDTLS_SSL_IS_SERVER */ - memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.server_cv, - MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv)); - idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv); - } - - verify_buffer[idx++] = 0x0; - - memcpy(verify_buffer + idx, transcript_hash, transcript_hash_len); - idx += transcript_hash_len; - - *verify_buffer_len = idx; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end, - const unsigned char *verify_buffer, - size_t verify_buffer_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - uint16_t algorithm; - size_t signature_len; - mbedtls_pk_sigalg_t sig_alg; - mbedtls_md_type_t md_alg; - psa_algorithm_t hash_alg = PSA_ALG_NONE; - unsigned char verify_hash[PSA_HASH_MAX_SIZE]; - size_t verify_hash_len; - - /* - * struct { - * SignatureScheme algorithm; - * opaque signature<0..2^16-1>; - * } CertificateVerify; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - algorithm = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* RFC 8446 section 4.4.3 - * - * If the CertificateVerify message is sent by a server, the signature - * algorithm MUST be one offered in the client's "signature_algorithms" - * extension unless no valid certificate chain can be produced without - * unsupported algorithms - * - * RFC 8446 section 4.4.2.2 - * - * If the client cannot construct an acceptable chain using the provided - * certificates and decides to abort the handshake, then it MUST abort the - * handshake with an appropriate certificate-related alert - * (by default, "unsupported_certificate"). - * - * Check if algorithm is an offered signature algorithm. - */ - if (!mbedtls_ssl_sig_alg_is_offered(ssl, algorithm)) { - /* algorithm not in offered signature algorithms list */ - MBEDTLS_SSL_DEBUG_MSG(1, ("Received signature algorithm(%04x) is not " - "offered.", - (unsigned int) algorithm)); - goto error; - } - - if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( - algorithm, &sig_alg, &md_alg) != 0) { - goto error; - } - - hash_alg = mbedtls_md_psa_alg_from_type(md_alg); - if (hash_alg == 0) { - goto error; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate Verify: Signature algorithm ( %04x )", - (unsigned int) algorithm)); - - /* - * Check the certificate's key type matches the signature alg - */ - if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, (mbedtls_pk_type_t) sig_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key")); - goto error; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - signature_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, signature_len); - - status = psa_hash_compute(hash_alg, - verify_buffer, - verify_buffer_len, - verify_hash, - sizeof(verify_hash), - &verify_hash_len); - if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "hash computation PSA error", status); - goto error; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - - if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) sig_alg, - &ssl->session_negotiate->peer_cert->pk, - md_alg, verify_hash, verify_hash_len, - p, signature_len)) == 0) { - return 0; - } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); - -error: - /* RFC 8446 section 4.4.3 - * - * If the verification fails, the receiver MUST terminate the handshake - * with a "decrypt_error" alert. - */ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) -{ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE]; - size_t verify_buffer_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - - MBEDTLS_SSL_PROC_CHK( - mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len)); - - /* Need to calculate the hash of the transcript first - * before reading the message since otherwise it gets - * included in the transcript - */ - ret = mbedtls_ssl_get_handshake_transcript( - ssl, - (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_SSL_INTERNAL_ERROR); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "handshake hash", transcript, transcript_len); - - /* Create verify structure */ - ssl_tls13_create_verify_structure(transcript, - transcript_len, - verify_buffer, - &verify_buffer_len, - (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ? - MBEDTLS_SSL_IS_SERVER : - MBEDTLS_SSL_IS_CLIENT); - - /* Process the message contents */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_verify( - ssl, buf, buf + buf_len, - verify_buffer, verify_buffer_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - buf, buf_len)); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify")); - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_process_certificate_verify", ret); - return ret; -#else - ((void) ssl); - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ -} - -/* - * - * STATE HANDLING: Incoming Certificate. - * - */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -/* - * Structure of Certificate message: - * - * enum { - * X509(0), - * RawPublicKey(2), - * (255) - * } CertificateType; - * - * struct { - * select (certificate_type) { - * case RawPublicKey: - * * From RFC 7250 ASN.1_subjectPublicKeyInfo * - * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; - * case X509: - * opaque cert_data<1..2^24-1>; - * }; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - * - */ - -/* Parse certificate chain send by the server. */ -MBEDTLS_CHECK_RETURN_CRITICAL -MBEDTLS_STATIC_TESTABLE -int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t certificate_request_context_len = 0; - size_t certificate_list_len = 0; - const unsigned char *p = buf; - const unsigned char *certificate_list_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4); - certificate_request_context_len = p[0]; - certificate_list_len = MBEDTLS_GET_UINT24_BE(p, 1); - p += 4; - - /* In theory, the certificate list can be up to 2^24 Bytes, but we don't - * support anything beyond 2^16 = 64K. - */ - if ((certificate_request_context_len != 0) || - (certificate_list_len >= 0x10000)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* In case we tried to reuse a session but it failed */ - if (ssl->session_negotiate->peer_cert != NULL) { - mbedtls_x509_crt_free(ssl->session_negotiate->peer_cert); - mbedtls_free(ssl->session_negotiate->peer_cert); - } - - /* This is used by ssl_tls13_validate_certificate() */ - if (certificate_list_len == 0) { - ssl->session_negotiate->peer_cert = NULL; - ret = 0; - goto exit; - } - - if ((ssl->session_negotiate->peer_cert = - mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("alloc( %" MBEDTLS_PRINTF_SIZET " bytes ) failed", - sizeof(mbedtls_x509_crt))); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_SSL_ALLOC_FAILED); - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - mbedtls_x509_crt_init(ssl->session_negotiate->peer_cert); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, certificate_list_len); - certificate_list_end = p + certificate_list_len; - while (p < certificate_list_end) { - size_t cert_data_len, extensions_len; - const unsigned char *extensions_end; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, 3); - cert_data_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - /* In theory, the CRT can be up to 2^24 Bytes, but we don't support - * anything beyond 2^16 = 64K. Otherwise as in the TLS 1.2 code, - * check that we have a minimum of 128 bytes of data, this is not - * clear why we need that though. - */ - if ((cert_data_len < 128) || (cert_data_len >= 0x10000)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad Certificate message")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, cert_data_len); - ret = mbedtls_x509_crt_parse_der(ssl->session_negotiate->peer_cert, - p, cert_data_len); - - switch (ret) { - case 0: /*ok*/ - break; - case MBEDTLS_ERR_X509_UNKNOWN_OID: - /* Ignore certificate with an unknown algorithm: maybe a - prior certificate was already trusted. */ - break; - - case MBEDTLS_ERR_X509_ALLOC_FAILED: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_X509_ALLOC_FAILED); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - - case MBEDTLS_ERR_X509_UNKNOWN_VERSION: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, - MBEDTLS_ERR_X509_UNKNOWN_VERSION); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - - default: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_BAD_CERT, - ret); - MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); - return ret; - } - - p += cert_data_len; - - /* Certificate extensions length */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, 2); - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, extensions_len); - - extensions_end = p + extensions_len; - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - - /* - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT); - if (ret != 0) { - return ret; - } - - switch (extension_type) { - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_CERTIFICATE, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CERTIFICATE, - handshake->received_extensions); - } - -exit: - /* Check that all the message is consumed. */ - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad Certificate message")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", - ssl->session_negotiate->peer_cert); - - return ret; -} -#else -MBEDTLS_CHECK_RETURN_CRITICAL -MBEDTLS_STATIC_TESTABLE -int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - ((void) ssl); - ((void) buf); - ((void) end); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -/* Validate certificate chain sent by the server. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) -{ - /* Authmode: precedence order is SNI if used else configuration */ -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; -#else - const int authmode = ssl->conf->authmode; -#endif - - /* - * If the peer hasn't sent a certificate ( i.e. it sent - * an empty certificate chain ), this is reflected in the peer CRT - * structure being unset. - * Check for that and handle it depending on the - * authentication mode. - */ - if (ssl->session_negotiate->peer_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("peer has no certificate")); - -#if defined(MBEDTLS_SSL_SRV_C) - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - /* The client was asked for a certificate but didn't send - * one. The client should know what's going on, so we - * don't send an alert. - */ - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) { - return 0; - } else { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_NO_CERT, - MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE); - return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - /* Regardless of authmode, the server is not allowed to send an empty - * certificate chain. (Last paragraph before 4.4.2.1 in RFC 8446: "The - * server's certificate_list MUST always be non-empty.") With authmode - * optional/none, we continue the handshake if we can't validate the - * server's cert, but we still break it if no certificate was sent. */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT, - MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE); - return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE; - } -#endif /* MBEDTLS_SSL_CLI_C */ - } - - return mbedtls_ssl_verify_certificate(ssl, authmode, - ssl->session_negotiate->peer_cert, - NULL, NULL); -} -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) -{ - ((void) ssl); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, - &buf, &buf_len)); - - /* Parse the certificate chain sent by the peer. */ - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_parse_certificate(ssl, buf, - buf + buf_len)); - /* Validate the certificate chain and set the verification results. */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); - -cleanup: -#else /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - (void) ssl; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate")); - return ret; -} -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -/* - * enum { - * X509(0), - * RawPublicKey(2), - * (255) - * } CertificateType; - * - * struct { - * select (certificate_type) { - * case RawPublicKey: - * // From RFC 7250 ASN.1_subjectPublicKeyInfo - * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; - * - * case X509: - * opaque cert_data<1..2^24-1>; - * }; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert(ssl); - unsigned char *p = buf; - unsigned char *certificate_request_context = - ssl->handshake->certificate_request_context; - unsigned char certificate_request_context_len = - ssl->handshake->certificate_request_context_len; - unsigned char *p_certificate_list_len; - - - /* ... - * opaque certificate_request_context<0..2^8-1>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, certificate_request_context_len + 1); - *p++ = certificate_request_context_len; - if (certificate_request_context_len > 0) { - memcpy(p, certificate_request_context, certificate_request_context_len); - p += certificate_request_context_len; - } - - /* ... - * CertificateEntry certificate_list<0..2^24-1>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3); - p_certificate_list_len = p; - p += 3; - - MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", crt); - - while (crt != NULL) { - size_t cert_data_len = crt->raw.len; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, cert_data_len + 3 + 2); - MBEDTLS_PUT_UINT24_BE(cert_data_len, p, 0); - p += 3; - - memcpy(p, crt->raw.p, cert_data_len); - p += cert_data_len; - crt = crt->next; - - /* Currently, we don't have any certificate extensions defined. - * Hence, we are sending an empty extension with length zero. - */ - MBEDTLS_PUT_UINT16_BE(0, p, 0); - p += 2; - } - - MBEDTLS_PUT_UINT24_BE(p - p_certificate_list_len - 3, - p_certificate_list_len, 0); - - *out_len = p - buf; - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions); - - return 0; -} - -int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl) -{ - int ret; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl, - buf, - buf + buf_len, - &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate")); - return ret; -} - -/* - * STATE HANDLING: Output Certificate Verify - */ -int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg, - mbedtls_pk_context *key) -{ - mbedtls_pk_type_t pk_type = (mbedtls_pk_type_t) mbedtls_ssl_sig_from_pk(key); - size_t key_size = mbedtls_pk_get_bitlen(key); - - switch (pk_type) { - case MBEDTLS_SSL_SIG_ECDSA: - switch (key_size) { - case 256: - return - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - - case 384: - return - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - - case 521: - return - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - default: - break; - } - break; - - case MBEDTLS_SSL_SIG_RSA: - switch (sig_alg) { - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */ - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */ - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - return 1; - - default: - break; - } - break; - - default: - break; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - mbedtls_pk_context *own_key; - - unsigned char handshake_hash[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t handshake_hash_len; - unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE]; - size_t verify_buffer_len; - - uint16_t *sig_alg = ssl->handshake->received_sig_algs; - size_t signature_len = 0; - - *out_len = 0; - - own_key = mbedtls_ssl_own_key(ssl); - if (own_key == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_ssl_get_handshake_transcript( - ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac, - handshake_hash, sizeof(handshake_hash), &handshake_hash_len); - if (ret != 0) { - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "handshake hash", - handshake_hash, - handshake_hash_len); - - ssl_tls13_create_verify_structure(handshake_hash, handshake_hash_len, - verify_buffer, &verify_buffer_len, - ssl->conf->endpoint); - - /* - * struct { - * SignatureScheme algorithm; - * opaque signature<0..2^16-1>; - * } CertificateVerify; - */ - /* Check there is space for the algorithm identifier (2 bytes) and the - * signature length (2 bytes). - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - - for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_sigalg_t pk_type = MBEDTLS_PK_SIGALG_NONE; - mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - psa_algorithm_t psa_algorithm = PSA_ALG_NONE; - unsigned char verify_hash[PSA_HASH_MAX_SIZE]; - size_t verify_hash_len; - - if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { - continue; - } - - if (!mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(*sig_alg)) { - continue; - } - - if (!mbedtls_ssl_tls13_check_sig_alg_cert_key_match(*sig_alg, own_key)) { - continue; - } - - if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( - *sig_alg, &pk_type, &md_alg) != 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Hash verify buffer with indicated hash function */ - psa_algorithm = mbedtls_md_psa_alg_from_type(md_alg); - status = psa_hash_compute(psa_algorithm, - verify_buffer, - verify_buffer_len, - verify_hash, sizeof(verify_hash), - &verify_hash_len); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - - if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_type, own_key, - md_alg, verify_hash, verify_hash_len, - p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); - - /* The signature failed. This is possible if the private key - * was not suitable for the signature operation as purposely we - * did not check its suitability completely. Let's try with - * another signature algorithm. - */ - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature with %s", - mbedtls_ssl_sig_alg_to_str(*sig_alg))); - - break; - } - - if (*sig_alg == MBEDTLS_TLS1_3_SIG_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no suitable signature algorithm")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_PUT_UINT16_BE(*sig_alg, p, 0); - MBEDTLS_PUT_UINT16_BE(signature_len, p, 2); - - *out_len = 4 + signature_len; - - return 0; -} - -int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = 0; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify")); - return ret; -} - -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * - * STATE HANDLING: Incoming Finished message. - */ -/* - * Implementation - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_preprocess_finished_message(mbedtls_ssl_context *ssl) -{ - int ret; - - ret = mbedtls_ssl_tls13_calculate_verify_data( - ssl, - ssl->handshake->state_local.finished_in.digest, - sizeof(ssl->handshake->state_local.finished_in.digest), - &ssl->handshake->state_local.finished_in.digest_len, - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ? - MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_calculate_verify_data", ret); - return ret; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_finished_message(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - /* - * struct { - * opaque verify_data[Hash.length]; - * } Finished; - */ - const unsigned char *expected_verify_data = - ssl->handshake->state_local.finished_in.digest; - size_t expected_verify_data_len = - ssl->handshake->state_local.finished_in.digest_len; - /* Structural validation */ - if ((size_t) (end - buf) != expected_verify_data_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "verify_data (self-computed):", - expected_verify_data, - expected_verify_data_len); - MBEDTLS_SSL_DEBUG_BUF(4, "verify_data (received message):", buf, - expected_verify_data_len); - - /* Semantic validation */ - if (mbedtls_ct_memcmp(buf, - expected_verify_data, - expected_verify_data_len) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - return 0; -} - -int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished message")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len)); - - /* Preprocessing step: Compute handshake digest */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message( - ssl, buf, buf + buf_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished message")); - return ret; -} - -/* - * - * STATE HANDLING: Write and send Finished message. - * - */ -/* - * Implement - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl) -{ - int ret; - - /* Compute transcript of handshake up to now. */ - ret = mbedtls_ssl_tls13_calculate_verify_data(ssl, - ssl->handshake->state_local.finished_out.digest, - sizeof(ssl->handshake->state_local.finished_out. - digest), - &ssl->handshake->state_local.finished_out. - digest_len, - ssl->conf->endpoint); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "calculate_verify_data failed", ret); - return ret; - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_finished_message_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len; - /* - * struct { - * opaque verify_data[Hash.length]; - * } Finished; - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, verify_data_len); - - memcpy(buf, ssl->handshake->state_local.finished_out.digest, - verify_data_len); - - *out_len = verify_data_len; - return 0; -} - -/* Main entry point: orchestrates the other functions */ -int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished message")); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_finished_message(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, - MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_finished_message_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_FINISHED, buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished message")); - return ret; -} - -void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - - MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup")); - - MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to application keys for inbound traffic")); - mbedtls_ssl_set_inbound_transform(ssl, ssl->transform_application); - - MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to application keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform(ssl, ssl->transform_application); - - /* - * Free the previous session and switch to the current one. - */ - if (ssl->session) { - mbedtls_ssl_session_free(ssl->session); - mbedtls_free(ssl->session); - } - ssl->session = ssl->session_negotiate; - ssl->session_negotiate = NULL; - - MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); -} - -/* - * - * STATE HANDLING: Write ChangeCipherSpec - * - */ -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen) -{ - ((void) ssl); - - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 1); - buf[0] = 1; - *olen = 1; - - return 0; -} - -int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); - - /* Only one CCS to send. */ - if (ssl->handshake->ccs_sent) { - ret = 0; - goto cleanup; - } - - /* Write CCS message */ - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body( - ssl, ssl->out_msg, - ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, - &ssl->out_msglen)); - - ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; - - /* Dispatch message */ - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); - - ssl->handshake->ccs_sent = 1; - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); - return ret; -} - -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -/* Early Data Indication Extension - * - * struct { - * select ( Handshake.msg_type ) { - * case new_session_ticket: uint32 max_early_data_size; - * case client_hello: Empty; - * case encrypted_extensions: Empty; - * }; - * } EarlyDataIndication; - */ -#if defined(MBEDTLS_SSL_EARLY_DATA) -int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, - int in_new_session_ticket, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - -#if defined(MBEDTLS_SSL_SRV_C) - const size_t needed = in_new_session_ticket ? 8 : 4; -#else - const size_t needed = 4; - ((void) in_new_session_ticket); -#endif - - *out_len = 0; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, needed); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0); - MBEDTLS_PUT_UINT16_BE(needed - 4, p, 2); - -#if defined(MBEDTLS_SSL_SRV_C) - if (in_new_session_ticket) { - MBEDTLS_PUT_UINT32_BE(ssl->conf->max_early_data_size, p, 4); - MBEDTLS_SSL_DEBUG_MSG( - 4, ("Sent max_early_data_size=%u", - (unsigned int) ssl->conf->max_early_data_size)); - } -#endif - - *out_len = needed; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA); - - return 0; -} - -#if defined(MBEDTLS_SSL_SRV_C) -int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, - size_t early_data_len) -{ - /* - * This function should be called only while an handshake is in progress - * and thus a session under negotiation. Add a sanity check to detect a - * misuse. - */ - if (ssl->session_negotiate == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* RFC 8446 section 4.6.1 - * - * A server receiving more than max_early_data_size bytes of 0-RTT data - * SHOULD terminate the connection with an "unexpected_message" alert. - * Note that if it is still possible to send early_data_len bytes of early - * data, it means that early_data_len is smaller than max_early_data_size - * (type uint32_t) and can fit in an uint32_t. We use this further - * down. - */ - if (early_data_len > - (ssl->session_negotiate->max_early_data_size - - ssl->total_early_data_size)) { - - MBEDTLS_SSL_DEBUG_MSG( - 2, ("EarlyData: Too much early data received, " - "%lu + %" MBEDTLS_PRINTF_SIZET " > %lu", - (unsigned long) ssl->total_early_data_size, - early_data_len, - (unsigned long) ssl->session_negotiate->max_early_data_size)); - - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - /* - * early_data_len has been checked to be less than max_early_data_size - * that is uint32_t. Its cast to an uint32_t below is thus safe. We need - * the cast to appease some compilers. - */ - ssl->total_early_data_size += (uint32_t) early_data_len; - - return 0; -} -#endif /* MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/* Reset SSL context and update hash for handling HRR. - * - * Replace Transcript-Hash(X) by - * Transcript-Hash( message_hash || - * 00 00 Hash.length || - * X ) - * A few states of the handshake are preserved, including: - * - session ID - * - session ticket - * - negotiated ciphersuite - */ -int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char hash_transcript[PSA_HASH_MAX_SIZE + 4]; - size_t hash_len; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR")); - - ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac, - hash_transcript + 4, - PSA_HASH_MAX_SIZE, - &hash_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_handshake_transcript", ret); - return ret; - } - - hash_transcript[0] = MBEDTLS_SSL_HS_MESSAGE_HASH; - hash_transcript[1] = 0; - hash_transcript[2] = 0; - hash_transcript[3] = (unsigned char) hash_len; - - hash_len += 4; - - MBEDTLS_SSL_DEBUG_BUF(4, "Truncated handshake transcript", - hash_transcript, hash_len); - - /* Reset running hash and replace it with a hash of the transcript */ - ret = mbedtls_ssl_reset_checksum(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret); - return ret; - } - ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); - return ret; - } - - return ret; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - -int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t buf_len) -{ - uint8_t *p = (uint8_t *) buf; - const uint8_t *end = buf + buf_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Get size of the TLS opaque key_exchange field of the KeyShareEntry struct. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - uint16_t peerkey_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - /* Check if key size is consistent with given buffer length. */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len); - - /* Store peer's ECDH/FFDH public key. */ - if (peerkey_len > sizeof(handshake->xxdh_psa_peerkey)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %u > %" MBEDTLS_PRINTF_SIZET, - (unsigned) peerkey_len, - sizeof(handshake->xxdh_psa_peerkey))); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len); - handshake->xxdh_psa_peerkey_len = peerkey_len; - - return 0; -} - -#if defined(PSA_WANT_ALG_FFDH) -static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id( - uint16_t tls_id, size_t *bits, psa_key_type_t *key_type) -{ - switch (tls_id) { -#if defined(PSA_WANT_DH_RFC7919_2048) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: - *bits = 2048; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_2048 */ -#if defined(PSA_WANT_DH_RFC7919_3072) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: - *bits = 3072; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_3072 */ -#if defined(PSA_WANT_DH_RFC7919_4096) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: - *bits = 4096; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_4096 */ -#if defined(PSA_WANT_DH_RFC7919_6144) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: - *bits = 6144; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_6144 */ -#if defined(PSA_WANT_DH_RFC7919_8192) - case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: - *bits = 8192; - *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); - return PSA_SUCCESS; -#endif /* PSA_WANT_DH_RFC7919_8192 */ - default: - return PSA_ERROR_NOT_SUPPORTED; - } -} -#endif /* PSA_WANT_ALG_FFDH */ - -int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - mbedtls_ssl_context *ssl, - uint16_t named_group, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - psa_key_attributes_t key_attributes; - size_t own_pubkey_len; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - size_t bits = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - psa_algorithm_t alg = PSA_ALG_NONE; - size_t buf_size = (size_t) (end - buf); - - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH/FFDH computation.")); - - /* Convert EC's TLS ID to PSA key type. */ -#if defined(PSA_WANT_ALG_ECDH) - if (mbedtls_ssl_get_psa_curve_info_from_tls_id( - named_group, &key_type, &bits) == PSA_SUCCESS) { - alg = PSA_ALG_ECDH; - } -#endif -#if defined(PSA_WANT_ALG_FFDH) - if (mbedtls_ssl_get_psa_ffdh_info_from_tls_id(named_group, &bits, - &key_type) == PSA_SUCCESS) { - alg = PSA_ALG_FFDH; - } -#endif - - if (key_type == PSA_KEY_TYPE_NONE) { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - if (buf_size < PSA_BITS_TO_BYTES(bits)) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - handshake->xxdh_psa_type = key_type; - ssl->handshake->xxdh_psa_bits = bits; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); - psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits); - - /* Generate ECDH/FFDH private key. */ - status = psa_generate_key(&key_attributes, - &handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); - return ret; - - } - - /* Export the public part of the ECDH/FFDH private key from PSA. */ - status = psa_export_public_key(handshake->xxdh_psa_privkey, - buf, buf_size, - &own_pubkey_len); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); - return ret; - } - - *out_len = own_pubkey_len; - - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -/* RFC 8446 section 4.2 - * - * If an implementation receives an extension which it recognizes and which is - * not specified for the message in which it appears, it MUST abort the handshake - * with an "illegal_parameter" alert. - * - */ -int mbedtls_ssl_tls13_check_received_extension( - mbedtls_ssl_context *ssl, - int hs_msg_type, - unsigned int received_extension_type, - uint32_t hs_msg_allowed_extensions_mask) -{ - uint32_t extension_mask = mbedtls_ssl_get_extension_mask( - received_extension_type); - - MBEDTLS_SSL_PRINT_EXT( - 3, hs_msg_type, received_extension_type, "received"); - - if ((extension_mask & hs_msg_allowed_extensions_mask) == 0) { - MBEDTLS_SSL_PRINT_EXT( - 3, hs_msg_type, received_extension_type, "is illegal"); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->handshake->received_extensions |= extension_mask; - /* - * If it is a message containing extension responses, check that we - * previously sent the extension. - */ - switch (hs_msg_type) { - case MBEDTLS_SSL_HS_SERVER_HELLO: - case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST: - case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: - case MBEDTLS_SSL_HS_CERTIFICATE: - /* Check if the received extension is sent by peer message.*/ - if ((ssl->handshake->sent_extensions & extension_mask) != 0) { - return 0; - } - break; - default: - return 0; - } - - MBEDTLS_SSL_PRINT_EXT( - 3, hs_msg_type, received_extension_type, "is unsupported"); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; -} - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - -/* RFC 8449, section 4: - * - * The ExtensionData of the "record_size_limit" extension is - * RecordSizeLimit: - * uint16 RecordSizeLimit; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - uint16_t record_size_limit; - const size_t extension_data_len = end - buf; - - if (extension_data_len != - MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) { - MBEDTLS_SSL_DEBUG_MSG(2, - ("record_size_limit extension has invalid length: %" - MBEDTLS_PRINTF_SIZET " Bytes", - extension_data_len)); - - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); - - MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); - - /* RFC 8449, section 4: - * - * Endpoints MUST NOT send a "record_size_limit" extension with a value - * smaller than 64. An endpoint MUST treat receipt of a smaller value - * as a fatal error and generate an "illegal_parameter" alert. - */ - if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid record size limit : %u Bytes", - record_size_limit)); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - ssl->session_negotiate->record_size_limit = record_size_limit; - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_write_record_size_limit_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - unsigned char *p = buf; - *out_len = 0; - - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_IN_CONTENT_LEN >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN, - "MBEDTLS_SSL_IN_CONTENT_LEN is less than the " - "minimum record size limit"); - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT, p, 0); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH, - p, 2); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_IN_CONTENT_LEN, p, 4); - - *out_len = 6; - - MBEDTLS_SSL_DEBUG_MSG(2, ("Sent RecordSizeLimit: %d Bytes", - MBEDTLS_SSL_IN_CONTENT_LEN)); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT); - - return 0; -} - -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h deleted file mode 100644 index 73e0e304f9..0000000000 --- a/library/ssl_tls13_invasive.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_SSL_TLS13_INVASIVE_H -#define MBEDTLS_SSL_TLS13_INVASIVE_H - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "psa/crypto.h" - -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end); -#endif /* MBEDTLS_TEST_HOOKS */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#endif /* MBEDTLS_SSL_TLS13_INVASIVE_H */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c deleted file mode 100644 index 865e02c2dc..0000000000 --- a/library/ssl_tls13_keys.c +++ /dev/null @@ -1,1860 +0,0 @@ -/* - * TLS 1.3 key schedule - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include -#include - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" - -#include "ssl_tls13_keys.h" -#include "ssl_tls13_invasive.h" - -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" - -/* Define a local translating function to save code size by not using too many - * arguments in each translating place. */ -static int local_err_translation(psa_status_t status) -{ - return psa_status_to_mbedtls(status, psa_to_ssl_errors, - ARRAY_LENGTH(psa_to_ssl_errors), - psa_generic_status_to_mbedtls); -} -#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) - -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - .name = string, - -struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = -{ - /* This seems to work in C, despite the string literal being one - * character too long due to the 0-termination. */ - MBEDTLS_SSL_TLS1_3_LABEL_LIST -}; - -#undef MBEDTLS_SSL_TLS1_3_LABEL - -/* - * This function creates a HkdfLabel structure used in the TLS 1.3 key schedule. - * - * The HkdfLabel is specified in RFC 8446 as follows: - * - * struct HkdfLabel { - * uint16 length; // Length of expanded key material - * opaque label<7..255>; // Always prefixed by "tls13 " - * opaque context<0..255>; // Usually a communication transcript hash - * }; - * - * Parameters: - * - desired_length: Length of expanded key material. - * The length field can hold numbers up to 2**16, but HKDF - * can only generate outputs of up to 255 * HASH_LEN bytes. - * It is the caller's responsibility to ensure that this - * limit is not exceeded. In TLS 1.3, SHA256 is the hash - * function with the smallest block size, so a length - * <= 255 * 32 = 8160 is always safe. - * - (label, label_len): label + label length, without "tls13 " prefix - * The label length MUST be less than or equal to - * MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN. - * It is the caller's responsibility to ensure this. - * All (label, label length) pairs used in TLS 1.3 - * can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(). - * - (ctx, ctx_len): context + context length - * The context length MUST be less than or equal to - * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN - * It is the caller's responsibility to ensure this. - * - dst: Target buffer for HkdfLabel structure, - * This MUST be a writable buffer of size - * at least SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN Bytes. - * - dst_len: Pointer at which to store the actual length of - * the HkdfLabel structure on success. - */ - -/* We need to tell the compiler that we meant to leave out the null character. */ -static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 "; - -#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ - (2 /* expansion length */ \ - + 1 /* label length */ \ - + label_len \ - + 1 /* context length */ \ - + context_len) - -#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ - SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ - sizeof(tls13_label_prefix) + \ - MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN, \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) - -static void ssl_tls13_hkdf_encode_label( - size_t desired_length, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - unsigned char *dst, size_t *dst_len) -{ - size_t total_label_len = - sizeof(tls13_label_prefix) + label_len; - size_t total_hkdf_lbl_len = - SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(total_label_len, ctx_len); - - unsigned char *p = dst; - - /* Add the size of the expanded key material. */ -#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > UINT16_MAX -#error "The desired key length must fit into an uint16 but \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN is greater than UINT16_MAX" -#endif - - *p++ = MBEDTLS_BYTE_1(desired_length); - *p++ = MBEDTLS_BYTE_0(desired_length); - - /* Add label incl. prefix */ - *p++ = MBEDTLS_BYTE_0(total_label_len); - memcpy(p, tls13_label_prefix, sizeof(tls13_label_prefix)); - p += sizeof(tls13_label_prefix); - memcpy(p, label, label_len); - p += label_len; - - /* Add context value */ - *p++ = MBEDTLS_BYTE_0(ctx_len); - if (ctx_len != 0) { - memcpy(p, ctx, ctx_len); - } - - /* Return total length to the caller. */ - *dst_len = total_hkdf_lbl_len; -} - -int mbedtls_ssl_tls13_hkdf_expand_label( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - unsigned char *buf, size_t buf_len) -{ - unsigned char hkdf_label[SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN]; - size_t hkdf_label_len = 0; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t operation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - if (label_len > MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN) { - /* Should never happen since this is an internal - * function, and we know statically which labels - * are allowed. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (ctx_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) { - /* Should not happen, as above. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (buf_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN) { - /* Should not happen, as above. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ssl_tls13_hkdf_encode_label(buf_len, - label, label_len, - ctx, ctx_len, - hkdf_label, - &hkdf_label_len); - - status = psa_key_derivation_setup(&operation, PSA_ALG_HKDF_EXPAND(hash_alg)); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - secret, - secret_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_INFO, - hkdf_label, - hkdf_label_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_output_bytes(&operation, - buf, - buf_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - -cleanup: - abort_status = psa_key_derivation_abort(&operation); - status = (status == PSA_SUCCESS ? abort_status : status); - mbedtls_platform_zeroize(hkdf_label, hkdf_label_len); - return PSA_TO_MBEDTLS_ERR(status); -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_make_traffic_key( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - unsigned char *key, size_t key_len, - unsigned char *iv, size_t iv_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_ssl_tls13_hkdf_expand_label( - hash_alg, - secret, secret_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key), - NULL, 0, - key, key_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_hkdf_expand_label( - hash_alg, - secret, secret_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv), - NULL, 0, - iv, iv_len); - return ret; -} - -/* - * The traffic keying material is generated from the following inputs: - * - * - One secret value per sender. - * - A purpose value indicating the specific value being generated - * - The desired lengths of key and IV. - * - * The expansion itself is based on HKDF: - * - * [sender]_write_key = HKDF-Expand-Label( Secret, "key", "", key_length ) - * [sender]_write_iv = HKDF-Expand-Label( Secret, "iv" , "", iv_length ) - * - * [sender] denotes the sending side and the Secret value is provided - * by the function caller. Note that we generate server and client side - * keys in a single function call. - */ -int mbedtls_ssl_tls13_make_traffic_keys( - psa_algorithm_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, size_t secret_len, - size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys) -{ - int ret = 0; - - ret = ssl_tls13_make_traffic_key( - hash_alg, client_secret, secret_len, - keys->client_write_key, key_len, - keys->client_write_iv, iv_len); - if (ret != 0) { - return ret; - } - - ret = ssl_tls13_make_traffic_key( - hash_alg, server_secret, secret_len, - keys->server_write_key, key_len, - keys->server_write_iv, iv_len); - if (ret != 0) { - return ret; - } - - keys->key_len = key_len; - keys->iv_len = iv_len; - - return 0; -} - -int mbedtls_ssl_tls13_derive_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - int ctx_hashed, - unsigned char *dstbuf, size_t dstbuf_len) -{ - int ret; - unsigned char hashed_context[PSA_HASH_MAX_SIZE]; - if (ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context, - PSA_HASH_LENGTH(hash_alg), &ctx_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - return ret; - } - } else { - if (ctx_len > sizeof(hashed_context)) { - /* This should never happen since this function is internal - * and the code sets `ctx_hashed` correctly. - * Let's double-check nonetheless to not run at the risk - * of getting a stack overflow. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(hashed_context, ctx, ctx_len); - } - - return mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, - secret, secret_len, - label, label_len, - hashed_context, ctx_len, - dstbuf, dstbuf_len); - -} - -int mbedtls_ssl_tls13_evolve_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new) -{ - int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hlen; - unsigned char tmp_secret[PSA_MAC_MAX_SIZE] = { 0 }; - const unsigned char all_zeroes_input[MBEDTLS_TLS1_3_MD_MAX_SIZE] = { 0 }; - const unsigned char *l_input = NULL; - size_t l_input_len; - - psa_key_derivation_operation_t operation = - PSA_KEY_DERIVATION_OPERATION_INIT; - - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - hlen = PSA_HASH_LENGTH(hash_alg); - - /* For non-initial runs, call Derive-Secret( ., "derived", "") - * on the old secret. */ - if (secret_old != NULL) { - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - secret_old, hlen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(derived), - NULL, 0, /* context */ - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - tmp_secret, hlen); - if (ret != 0) { - goto cleanup; - } - } - - ret = 0; - - if (input != NULL && input_len != 0) { - l_input = input; - l_input_len = input_len; - } else { - l_input = all_zeroes_input; - l_input_len = hlen; - } - - status = psa_key_derivation_setup(&operation, - PSA_ALG_HKDF_EXTRACT(hash_alg)); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_SALT, - tmp_secret, - hlen); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - l_input, l_input_len); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - status = psa_key_derivation_output_bytes(&operation, - secret_new, - PSA_HASH_LENGTH(hash_alg)); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - -cleanup: - abort_status = psa_key_derivation_abort(&operation); - status = (status == PSA_SUCCESS ? abort_status : status); - ret = (ret == 0 ? PSA_TO_MBEDTLS_ERR(status) : ret); - mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret)); - return ret; -} - -int mbedtls_ssl_tls13_derive_early_secrets( - psa_algorithm_t hash_alg, - unsigned char const *early_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_early_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * 0 - * | - * v - * PSK -> HKDF-Extract = Early Secret - * | - * +-----> Derive-Secret(., "c e traffic", ClientHello) - * | = client_early_traffic_secret - * | - * +-----> Derive-Secret(., "e exp master", ClientHello) - * | = early_exporter_master_secret - * v - */ - - /* Create client_early_traffic_secret */ - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_e_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->client_early_traffic_secret, - hash_len); - if (ret != 0) { - return ret; - } - - /* Create early exporter */ - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(e_exp_master), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->early_exporter_master_secret, - hash_len); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_ssl_tls13_derive_handshake_secrets( - psa_algorithm_t hash_alg, - unsigned char const *handshake_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_handshake_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * - * Handshake Secret - * | - * +-----> Derive-Secret( ., "c hs traffic", - * | ClientHello...ServerHello ) - * | = client_handshake_traffic_secret - * | - * +-----> Derive-Secret( ., "s hs traffic", - * | ClientHello...ServerHello ) - * | = server_handshake_traffic_secret - * - */ - - /* - * Compute client_handshake_traffic_secret with - * Derive-Secret( ., "c hs traffic", ClientHello...ServerHello ) - */ - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - handshake_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_hs_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->client_handshake_traffic_secret, - hash_len); - if (ret != 0) { - return ret; - } - - /* - * Compute server_handshake_traffic_secret with - * Derive-Secret( ., "s hs traffic", ClientHello...ServerHello ) - */ - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - handshake_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_hs_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->server_handshake_traffic_secret, - hash_len); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_ssl_tls13_derive_application_secrets( - psa_algorithm_t hash_alg, - unsigned char const *application_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* Generate {client,server}_application_traffic_secret_0 - * - * Master Secret - * | - * +-----> Derive-Secret( ., "c ap traffic", - * | ClientHello...server Finished ) - * | = client_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "s ap traffic", - * | ClientHello...Server Finished ) - * | = server_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "exp master", - * | ClientHello...server Finished) - * | = exporter_master_secret - * - */ - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_ap_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->client_application_traffic_secret_N, - hash_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_ap_traffic), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->server_application_traffic_secret_N, - hash_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exp_master), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->exporter_master_secret, - hash_len); - if (ret != 0) { - return ret; - } - - return 0; -} - -/* Generate resumption_master_secret for use with the ticket exchange. - * - * This is not integrated with mbedtls_ssl_tls13_derive_application_secrets() - * because it uses the transcript hash up to and including ClientFinished. */ -int mbedtls_ssl_tls13_derive_resumption_master_secret( - psa_algorithm_t hash_alg, - unsigned char const *application_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived) -{ - int ret; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - application_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_master), - transcript, transcript_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, - derived->resumption_master_secret, - hash_len); - - if (ret != 0) { - return ret; - } - - return 0; -} - -/** - * \brief Transition into application stage of TLS 1.3 key schedule. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Handshake -> Application transition. - * - * In the handshake stage, ssl_tls13_generate_application_keys() - * can be used to derive the handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in key schedule - * stage \c Handshake. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - (mbedtls_md_type_t) handshake->ciphersuite_info->mac); - - /* - * Compute MasterSecret - */ - ret = mbedtls_ssl_tls13_evolve_secret( - hash_alg, - handshake->tls13_master_secrets.handshake, - NULL, 0, - handshake->tls13_master_secrets.app); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF( - 4, "Master secret", - handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg)); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_calc_finished_core(psa_algorithm_t hash_alg, - unsigned char const *base_key, - unsigned char const *transcript, - unsigned char *dst, - size_t *dst_len) -{ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_len = PSA_HASH_LENGTH(hash_alg); - unsigned char finished_key[PSA_MAC_MAX_SIZE]; - int ret; - psa_algorithm_t alg; - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* TLS 1.3 Finished message - * - * struct { - * opaque verify_data[Hash.length]; - * } Finished; - * - * verify_data = - * HMAC( finished_key, - * Hash( Handshake Context + - * Certificate* + - * CertificateVerify* ) - * ) - * - * finished_key = - * HKDF-Expand-Label( BaseKey, "finished", "", Hash.length ) - */ - - ret = mbedtls_ssl_tls13_hkdf_expand_label( - hash_alg, base_key, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(finished), - NULL, 0, - finished_key, hash_len); - if (ret != 0) { - goto exit; - } - - alg = PSA_ALG_HMAC(hash_alg); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - status = psa_import_key(&attributes, finished_key, hash_len, &key); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - status = psa_mac_compute(key, alg, transcript, hash_len, - dst, hash_len, dst_len); - ret = PSA_TO_MBEDTLS_ERR(status); - -exit: - - status = psa_destroy_key(key); - if (ret == 0) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - - mbedtls_platform_zeroize(finished_key, sizeof(finished_key)); - - return ret; -} - -int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *actual_len, - int from) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - - unsigned char *base_key = NULL; - size_t base_key_len = 0; - mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = - &ssl->handshake->tls13_hs_secrets; - - mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac; - - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type( - (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac); - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data")); - - if (from == MBEDTLS_SSL_IS_CLIENT) { - base_key = tls13_hs_secrets->client_handshake_traffic_secret; - base_key_len = sizeof(tls13_hs_secrets->client_handshake_traffic_secret); - } else { - base_key = tls13_hs_secrets->server_handshake_traffic_secret; - base_key_len = sizeof(tls13_hs_secrets->server_handshake_traffic_secret); - } - - if (dst_len < hash_len) { - ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - goto exit; - } - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_handshake_transcript", ret); - goto exit; - } - MBEDTLS_SSL_DEBUG_BUF(4, "handshake hash", transcript, transcript_len); - - ret = ssl_tls13_calc_finished_core(hash_alg, base_key, - transcript, dst, actual_len); - if (ret != 0) { - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "verify_data for finished message", dst, hash_len); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_tls13_calculate_verify_data")); - -exit: - /* Erase handshake secrets */ - mbedtls_platform_zeroize(base_key, base_key_len); - mbedtls_platform_zeroize(transcript, sizeof(transcript)); - return ret; -} - -int mbedtls_ssl_tls13_create_psk_binder(mbedtls_ssl_context *ssl, - const psa_algorithm_t hash_alg, - unsigned char const *psk, size_t psk_len, - int psk_type, - unsigned char const *transcript, - unsigned char *result) -{ - int ret = 0; - unsigned char binder_key[PSA_MAC_MAX_SIZE]; - unsigned char early_secret[PSA_MAC_MAX_SIZE]; - size_t const hash_len = PSA_HASH_LENGTH(hash_alg); - size_t actual_len; - -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for debug */ - ((void) ssl); -#endif - - /* We should never call this function with an unknown hash, - * but add an assertion anyway. */ - if (!PSA_ALG_IS_HASH(hash_alg)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * 0 - * | - * v - * PSK -> HKDF-Extract = Early Secret - * | - * +-----> Derive-Secret(., "ext binder" | "res binder", "") - * | = binder_key - * v - */ - - ret = mbedtls_ssl_tls13_evolve_secret(hash_alg, - NULL, /* Old secret */ - psk, psk_len, /* Input */ - early_secret); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "mbedtls_ssl_tls13_create_psk_binder", - early_secret, hash_len); - - if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_binder), - NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - binder_key, hash_len); - MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'res binder'")); - } else { - ret = mbedtls_ssl_tls13_derive_secret( - hash_alg, - early_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(ext_binder), - NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - binder_key, hash_len); - MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'ext binder'")); - } - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_secret", ret); - goto exit; - } - - /* - * The binding_value is computed in the same way as the Finished message - * but with the BaseKey being the binder_key. - */ - - ret = ssl_tls13_calc_finished_core(hash_alg, binder_key, transcript, - result, &actual_len); - if (ret != 0) { - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "psk binder", result, actual_len); - -exit: - - mbedtls_platform_zeroize(early_secret, sizeof(early_secret)); - mbedtls_platform_zeroize(binder_key, sizeof(binder_key)); - return ret; -} - -int mbedtls_ssl_tls13_populate_transform( - mbedtls_ssl_transform *transform, - int endpoint, int ciphersuite, - mbedtls_ssl_key_set const *traffic_keys, - mbedtls_ssl_context *ssl /* DEBUG ONLY */) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - unsigned char const *key_enc; - unsigned char const *iv_enc; - unsigned char const *key_dec; - unsigned char const *iv_dec; - - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - size_t key_bits; - psa_status_t status = PSA_SUCCESS; - -#if !defined(MBEDTLS_DEBUG_C) - ssl = NULL; /* make sure we don't use it except for those cases */ - (void) ssl; -#endif - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); - if (ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found", - ciphersuite)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - key_enc = traffic_keys->server_write_key; - key_dec = traffic_keys->client_write_key; - iv_enc = traffic_keys->server_write_iv; - iv_dec = traffic_keys->client_write_iv; - } else -#endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - key_enc = traffic_keys->client_write_key; - key_dec = traffic_keys->server_write_key; - iv_enc = traffic_keys->client_write_iv; - iv_dec = traffic_keys->server_write_iv; - } else -#endif /* MBEDTLS_SSL_CLI_C */ - { - /* should not happen */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len); - memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len); - - - /* - * Setup other fields in SSL transform - */ - - if ((ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG) != 0) { - transform->taglen = 8; - } else { - transform->taglen = 16; - } - - transform->ivlen = traffic_keys->iv_len; - transform->maclen = 0; - transform->fixed_ivlen = transform->ivlen; - transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - - /* We add the true record content type (1 Byte) to the plaintext and - * then pad to the configured granularity. The minimum length of the - * type-extended and padded plaintext is therefore the padding - * granularity. */ - transform->minlen = - transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; - - /* - * Setup psa keys and alg - */ - if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, - transform->taglen, - &alg, - &key_type, - &key_bits)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status)); - return PSA_TO_MBEDTLS_ERR(status); - } - - transform->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - if ((status = psa_import_key(&attributes, - key_enc, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_enc)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET( - 1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status)); - return PSA_TO_MBEDTLS_ERR(status); - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - if ((status = psa_import_key(&attributes, - key_dec, - PSA_BITS_TO_BYTES(key_bits), - &transform->psa_key_dec)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET( - 1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status)); - return PSA_TO_MBEDTLS_ERR(status); - } - } - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_get_cipher_key_info( - const mbedtls_ssl_ciphersuite_t *ciphersuite_info, - size_t *key_len, size_t *iv_len) -{ - psa_key_type_t key_type; - psa_algorithm_t alg; - size_t taglen; - size_t key_bits; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - if (ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG) { - taglen = 8; - } else { - taglen = 16; - } - - status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, taglen, - &alg, &key_type, &key_bits); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *key_len = PSA_BITS_TO_BYTES(key_bits); - - /* TLS 1.3 only have AEAD ciphers, IV length is unconditionally 12 bytes */ - *iv_len = 12; - - return 0; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * ssl_tls13_generate_early_key() generates the key necessary for protecting - * the early application data and handshake messages as described in section 7 - * of RFC 8446. - * - * NOTE: Only one key is generated, the key for the traffic from the client to - * the server. The TLS 1.3 specification does not define a secret and thus - * a key for server early traffic. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_type; - psa_algorithm_t hash_alg; - size_t hash_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - size_t key_len = 0; - size_t iv_len = 0; - mbedtls_ssl_tls13_early_secrets tls13_early_secrets; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - handshake->ciphersuite_info; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key")); - - ret = ssl_tls13_get_cipher_key_info(ciphersuite_info, &key_len, &iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret); - goto cleanup; - } - - md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_len = PSA_HASH_LENGTH(hash_alg); - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, - sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_get_handshake_transcript", - ret); - goto cleanup; - } - - ret = mbedtls_ssl_tls13_derive_early_secrets( - hash_alg, handshake->tls13_master_secrets.early, - transcript, transcript_len, &tls13_early_secrets); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_derive_early_secrets", ret); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_BUF( - 4, "Client early traffic secret", - tls13_early_secrets.client_early_traffic_secret, hash_len); - - /* - * Export client handshake traffic secret - */ - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET, - tls13_early_secrets.client_early_traffic_secret, - hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */); - } - - ret = ssl_tls13_make_traffic_key( - hash_alg, - tls13_early_secrets.client_early_traffic_secret, - hash_len, traffic_keys->client_write_key, key_len, - traffic_keys->client_write_iv, iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_make_traffic_key", ret); - goto cleanup; - } - traffic_keys->key_len = key_len; - traffic_keys->iv_len = iv_len; - - MBEDTLS_SSL_DEBUG_BUF(4, "client early write_key", - traffic_keys->client_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "client early write_iv", - traffic_keys->client_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_early_key")); - -cleanup: - /* Erase early secrets and transcript */ - mbedtls_platform_zeroize( - &tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets)); - mbedtls_platform_zeroize(transcript, sizeof(transcript)); - return ret; -} - -int mbedtls_ssl_tls13_compute_early_transform(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_earlydata = NULL; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Next evolution in key schedule: Establish early_data secret and - * key material. */ - ret = ssl_tls13_generate_early_key(ssl, &traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_generate_early_key", - ret); - goto cleanup; - } - - transform_earlydata = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - if (transform_earlydata == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto cleanup; - } - - ret = mbedtls_ssl_tls13_populate_transform( - transform_earlydata, - ssl->conf->endpoint, - handshake->ciphersuite_info->id, - &traffic_keys, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret); - goto cleanup; - } - handshake->transform_earlydata = transform_earlydata; - -cleanup: - mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys)); - if (ret != 0) { - mbedtls_free(transform_earlydata); - } - - return ret; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t hash_alg; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - unsigned char *psk = NULL; - size_t psk_len = 0; - - if (handshake->ciphersuite_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cipher suite info not found")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_export_handshake_psk", - ret); - return ret; - } - } -#endif - - ret = mbedtls_ssl_tls13_evolve_secret(hash_alg, NULL, psk, psk_len, - handshake->tls13_master_secrets.early); -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - mbedtls_free((void *) psk); -#endif - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "mbedtls_ssl_tls13_key_schedule_stage_early", - handshake->tls13_master_secrets.early, - PSA_HASH_LENGTH(hash_alg)); - return 0; -} - -/** - * \brief Compute TLS 1.3 handshake traffic keys. - * - * ssl_tls13_generate_handshake_keys() generates keys necessary for - * protecting the handshake messages, as described in Section 7 of - * RFC 8446. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Handshake, see - * ssl_tls13_key_schedule_stage_handshake(). - * \param traffic_keys The address at which to store the handshake traffic - * keys. This must be writable but may be uninitialized. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_type; - psa_algorithm_t hash_alg; - size_t hash_len; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - size_t key_len = 0; - size_t iv_len = 0; - - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - handshake->ciphersuite_info; - mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = - &handshake->tls13_hs_secrets; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_handshake_keys")); - - ret = ssl_tls13_get_cipher_key_info(ciphersuite_info, &key_len, &iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret); - return ret; - } - - md_type = (mbedtls_md_type_t) ciphersuite_info->mac; - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_len = PSA_HASH_LENGTH(hash_alg); - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, - sizeof(transcript), - &transcript_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_get_handshake_transcript", - ret); - return ret; - } - - ret = mbedtls_ssl_tls13_derive_handshake_secrets( - hash_alg, handshake->tls13_master_secrets.handshake, - transcript, transcript_len, tls13_hs_secrets); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_handshake_secrets", - ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Client handshake traffic secret", - tls13_hs_secrets->client_handshake_traffic_secret, - hash_len); - MBEDTLS_SSL_DEBUG_BUF(4, "Server handshake traffic secret", - tls13_hs_secrets->server_handshake_traffic_secret, - hash_len); - - /* - * Export client handshake traffic secret - */ - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - tls13_hs_secrets->client_handshake_traffic_secret, - hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */); - - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET, - tls13_hs_secrets->server_handshake_traffic_secret, - hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */); - } - - ret = mbedtls_ssl_tls13_make_traffic_keys( - hash_alg, - tls13_hs_secrets->client_handshake_traffic_secret, - tls13_hs_secrets->server_handshake_traffic_secret, - hash_len, key_len, iv_len, traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret); - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "client_handshake write_key", - traffic_keys->client_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "server_handshake write_key", - traffic_keys->server_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "client_handshake write_iv", - traffic_keys->client_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "server_handshake write_iv", - traffic_keys->server_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_handshake_keys")); - -exit: - - return ret; -} - -/** - * \brief Transition into handshake stage of TLS 1.3 key schedule. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Early -> Handshake transition. - * - * In the handshake stage, ssl_tls13_generate_handshake_keys() - * can be used to derive the handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in key schedule - * stage \c Early. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( - (mbedtls_md_type_t) handshake->ciphersuite_info->mac); - unsigned char *shared_secret = NULL; - size_t shared_secret_len = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - /* - * Compute ECDHE secret used to compute the handshake secret from which - * client_handshake_traffic_secret and server_handshake_traffic_secret - * are derived in the handshake secret derivation stage. - */ - if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { - if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) || - mbedtls_ssl_tls13_named_group_is_ffdh(handshake->offered_group_id)) { -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - psa_algorithm_t alg = - mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ? - PSA_ALG_ECDH : PSA_ALG_FFDH; - - /* Compute ECDH shared secret. */ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - - status = psa_get_key_attributes(handshake->xxdh_psa_privkey, - &key_attributes); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - } - - shared_secret_len = PSA_BITS_TO_BYTES( - psa_get_key_bits(&key_attributes)); - shared_secret = mbedtls_calloc(1, shared_secret_len); - if (shared_secret == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - status = psa_raw_key_agreement( - alg, handshake->xxdh_psa_privkey, - handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len, - shared_secret, shared_secret_len, &shared_secret_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); - goto cleanup; - } - - status = psa_destroy_key(handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); - goto cleanup; - } - - handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported.")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - } -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - - /* - * Compute the Handshake Secret - */ - ret = mbedtls_ssl_tls13_evolve_secret( - hash_alg, handshake->tls13_master_secrets.early, - shared_secret, shared_secret_len, - handshake->tls13_master_secrets.handshake); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Handshake secret", - handshake->tls13_master_secrets.handshake, - PSA_HASH_LENGTH(hash_alg)); - -cleanup: - if (shared_secret != NULL) { - mbedtls_zeroize_and_free(shared_secret, shared_secret_len); - } - - return ret; -} - -/** - * \brief Compute TLS 1.3 application traffic keys. - * - * ssl_tls13_generate_application_keys() generates application traffic - * keys, since any record following a 1-RTT Finished message MUST be - * encrypted under the application traffic key. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Application, see - * ssl_tls13_key_schedule_stage_application(). - * \param traffic_keys The address at which to store the application traffic - * keys. This must be writable but may be uninitialized. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_application_keys( - mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Address at which to store the application secrets */ - mbedtls_ssl_tls13_application_secrets * const app_secrets = - &ssl->session_negotiate->app_secrets; - - /* Holding the transcript up to and including the ServerFinished */ - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - - /* Variables relating to the hash for the chosen ciphersuite. */ - mbedtls_md_type_t md_type; - - psa_algorithm_t hash_alg; - size_t hash_len; - - /* Variables relating to the cipher for the chosen ciphersuite. */ - size_t key_len = 0, iv_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive application traffic keys")); - - /* Extract basic information about hash and ciphersuite */ - - ret = ssl_tls13_get_cipher_key_info(handshake->ciphersuite_info, - &key_len, &iv_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret); - goto cleanup; - } - - md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - - hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac); - hash_len = PSA_HASH_LENGTH(hash_alg); - - /* Compute current handshake transcript. It's the caller's responsibility - * to call this at the right time, that is, after the ServerFinished. */ - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - goto cleanup; - } - - /* Compute application secrets from master secret and transcript hash. */ - - ret = mbedtls_ssl_tls13_derive_application_secrets( - hash_alg, handshake->tls13_master_secrets.app, - transcript, transcript_len, app_secrets); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_derive_application_secrets", ret); - goto cleanup; - } - - /* Derive first epoch of IV + Key for application traffic. */ - - ret = mbedtls_ssl_tls13_make_traffic_keys( - hash_alg, - app_secrets->client_application_traffic_secret_N, - app_secrets->server_application_traffic_secret_N, - hash_len, key_len, iv_len, traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret); - goto cleanup; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Client application traffic secret", - app_secrets->client_application_traffic_secret_N, - hash_len); - - MBEDTLS_SSL_DEBUG_BUF(4, "Server application traffic secret", - app_secrets->server_application_traffic_secret_N, - hash_len); - - /* - * Export client/server application traffic secret 0 - */ - if (ssl->f_export_keys != NULL) { - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET, - app_secrets->client_application_traffic_secret_N, hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by - a new constant for TLS 1.3! */); - - ssl->f_export_keys( - ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET, - app_secrets->server_application_traffic_secret_N, hash_len, - handshake->randbytes, - handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by - a new constant for TLS 1.3! */); - } - - MBEDTLS_SSL_DEBUG_BUF(4, "client application_write_key:", - traffic_keys->client_write_key, key_len); - MBEDTLS_SSL_DEBUG_BUF(4, "server application write key", - traffic_keys->server_write_key, key_len); - MBEDTLS_SSL_DEBUG_BUF(4, "client application write IV", - traffic_keys->client_write_iv, iv_len); - MBEDTLS_SSL_DEBUG_BUF(4, "server application write IV", - traffic_keys->server_write_iv, iv_len); - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive application traffic keys")); - -cleanup: - /* randbytes is not used again */ - mbedtls_platform_zeroize(ssl->handshake->randbytes, - sizeof(ssl->handshake->randbytes)); - - mbedtls_platform_zeroize(transcript, sizeof(transcript)); - return ret; -} - -int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_handshake = NULL; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - /* Compute handshake secret */ - ret = ssl_tls13_key_schedule_stage_handshake(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_master_secret", ret); - goto cleanup; - } - - /* Next evolution in key schedule: Establish handshake secret and - * key material. */ - ret = ssl_tls13_generate_handshake_keys(ssl, &traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_generate_handshake_keys", - ret); - goto cleanup; - } - - transform_handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - if (transform_handshake == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto cleanup; - } - - ret = mbedtls_ssl_tls13_populate_transform( - transform_handshake, - ssl->conf->endpoint, - handshake->ciphersuite_info->id, - &traffic_keys, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret); - goto cleanup; - } - handshake->transform_handshake = transform_handshake; - -cleanup: - mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys)); - if (ret != 0) { - mbedtls_free(transform_handshake); - } - - return ret; -} - -int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_type; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - size_t transcript_len; - - MBEDTLS_SSL_DEBUG_MSG( - 2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret")); - - md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac; - - ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, - transcript, sizeof(transcript), - &transcript_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_derive_resumption_master_secret( - mbedtls_md_psa_alg_from_type(md_type), - handshake->tls13_master_secrets.app, - transcript, transcript_len, - &ssl->session_negotiate->app_secrets); - if (ret != 0) { - return ret; - } - - /* Erase master secrets */ - mbedtls_platform_zeroize(&handshake->tls13_master_secrets, - sizeof(handshake->tls13_master_secrets)); - - MBEDTLS_SSL_DEBUG_BUF( - 4, "Resumption master secret", - ssl->session_negotiate->app_secrets.resumption_master_secret, - PSA_HASH_LENGTH(mbedtls_md_psa_alg_from_type(md_type))); - - MBEDTLS_SSL_DEBUG_MSG( - 2, ("<= mbedtls_ssl_tls13_compute_resumption_master_secret")); - return 0; -} - -int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_application = NULL; - - ret = ssl_tls13_key_schedule_stage_application(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_key_schedule_stage_application", ret); - goto cleanup; - } - - ret = ssl_tls13_generate_application_keys(ssl, &traffic_keys); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_generate_application_keys", ret); - goto cleanup; - } - - transform_application = - mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); - if (transform_application == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto cleanup; - } - - ret = mbedtls_ssl_tls13_populate_transform( - transform_application, - ssl->conf->endpoint, - ssl->handshake->ciphersuite_info->id, - &traffic_keys, - ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret); - goto cleanup; - } - - ssl->transform_application = transform_application; - -cleanup: - - mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys)); - if (ret != 0) { - mbedtls_free(transform_application); - } - return ret; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, - unsigned char **psk, - size_t *psk_len) -{ - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - *psk_len = 0; - *psk = NULL; - - if (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes); - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes)); - *psk = mbedtls_calloc(1, *psk_len); - if (*psk == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - status = psa_export_key(ssl->handshake->psk_opaque, - (uint8_t *) *psk, *psk_len, psk_len); - if (status != PSA_SUCCESS) { - mbedtls_free((void *) *psk); - *psk = NULL; - return PSA_TO_MBEDTLS_ERR(status); - } - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) -int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, - const unsigned char *secret, const size_t secret_len, - const unsigned char *label, const size_t label_len, - const unsigned char *context_value, const size_t context_len, - unsigned char *out, const size_t out_len) -{ - size_t hash_len = PSA_HASH_LENGTH(hash_alg); - unsigned char hkdf_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - int ret = 0; - - ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, - hash_len); - if (ret != 0) { - goto exit; - } - ret = mbedtls_ssl_tls13_derive_secret(hash_alg, - hkdf_secret, - hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), - context_value, - context_len, - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - out, - out_len); - -exit: - mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); - return ret; -} -#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h deleted file mode 100644 index 1509e9a4d4..0000000000 --- a/library/ssl_tls13_keys.h +++ /dev/null @@ -1,668 +0,0 @@ -/* - * TLS 1.3 key schedule - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) -#define MBEDTLS_SSL_TLS1_3_KEYS_H - -/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at - * the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union - * below. */ -#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - MBEDTLS_SSL_TLS1_3_LABEL(finished, "finished") \ - MBEDTLS_SSL_TLS1_3_LABEL(resumption, "resumption") \ - MBEDTLS_SSL_TLS1_3_LABEL(traffic_upd, "traffic upd") \ - MBEDTLS_SSL_TLS1_3_LABEL(exporter, "exporter") \ - MBEDTLS_SSL_TLS1_3_LABEL(key, "key") \ - MBEDTLS_SSL_TLS1_3_LABEL(iv, "iv") \ - MBEDTLS_SSL_TLS1_3_LABEL(c_hs_traffic, "c hs traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(c_ap_traffic, "c ap traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(c_e_traffic, "c e traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(s_hs_traffic, "s hs traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(s_ap_traffic, "s ap traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(s_e_traffic, "s e traffic") \ - MBEDTLS_SSL_TLS1_3_LABEL(e_exp_master, "e exp master") \ - MBEDTLS_SSL_TLS1_3_LABEL(res_master, "res master") \ - MBEDTLS_SSL_TLS1_3_LABEL(exp_master, "exp master") \ - MBEDTLS_SSL_TLS1_3_LABEL(ext_binder, "ext binder") \ - MBEDTLS_SSL_TLS1_3_LABEL(res_binder, "res binder") \ - MBEDTLS_SSL_TLS1_3_LABEL(derived, "derived") \ - MBEDTLS_SSL_TLS1_3_LABEL(client_cv, "TLS 1.3, client CertificateVerify") \ - MBEDTLS_SSL_TLS1_3_LABEL(server_cv, "TLS 1.3, server CertificateVerify") - -#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 -#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1 - -#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0 -#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1 - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -/* We need to tell the compiler that we meant to leave out the null character. */ -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING; - -union mbedtls_ssl_tls13_labels_union { - MBEDTLS_SSL_TLS1_3_LABEL_LIST -}; -struct mbedtls_ssl_tls13_labels_struct { - MBEDTLS_SSL_TLS1_3_LABEL_LIST -}; -#undef MBEDTLS_SSL_TLS1_3_LABEL - -extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; - -#define MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL) \ - sizeof(mbedtls_ssl_tls13_labels.LABEL) - -#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(LABEL) \ - mbedtls_ssl_tls13_labels.LABEL, \ - MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL) - -/* Maximum length of the label field in the HkdfLabel struct defined in - * RFC 8446, Section 7.1, excluding the "tls13 " prefix. */ -#define MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN 249 - -/* The maximum length of HKDF contexts used in the TLS 1.3 standard. - * Since contexts are always hashes of message transcripts, this can - * be approximated from above by the maximum hash size. */ -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ - PSA_HASH_MAX_SIZE - -/* Maximum desired length for expanded key material generated - * by HKDF-Expand-Label. This algorithm can output up to 255 * hash_size - * bytes of key material where hash_size is the output size of the - * underlying hash function. */ -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN \ - (255 * MBEDTLS_TLS1_3_MD_MAX_SIZE) - -/** - * \brief The \c HKDF-Expand-Label function from - * the TLS 1.3 standard RFC 8446. - * - * - * HKDF-Expand-Label( Secret, Label, Context, Length ) = - * HKDF-Expand( Secret, HkdfLabel, Length ) - * - * - * \param hash_alg The identifier for the hash algorithm to use. - * \param secret The \c Secret argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length - * \p secret_len Bytes. - * \param secret_len The length of \p secret in Bytes. - * \param label The \c Label argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length - * \p label_len Bytes. - * \param label_len The length of \p label in Bytes. - * \param ctx The \c Context argument to \c HKDF-Expand-Label. - * This must be a readable buffer of length \p ctx_len Bytes. - * \param ctx_len The length of \p context in Bytes. - * \param buf The destination buffer to hold the expanded secret. - * This must be a writable buffer of length \p buf_len Bytes. - * \param buf_len The desired size of the expanded secret in Bytes. - * - * \returns \c 0 on success. - * \return A negative error code on failure. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_hkdf_expand_label( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - unsigned char *buf, size_t buf_len); - -/** - * \brief This function is part of the TLS 1.3 key schedule. - * It extracts key and IV for the actual client/server traffic - * from the client/server traffic secrets. - * - * From RFC 8446: - * - * - * [sender]_write_key = HKDF-Expand-Label(Secret, "key", "", key_length) - * [sender]_write_iv = HKDF-Expand-Label(Secret, "iv", "", iv_length)* - * - * - * \param hash_alg The identifier for the hash algorithm to be used - * for the HKDF-based expansion of the secret. - * \param client_secret The client traffic secret. - * This must be a readable buffer of size - * \p secret_len Bytes - * \param server_secret The server traffic secret. - * This must be a readable buffer of size - * \p secret_len Bytes - * \param secret_len Length of the secrets \p client_secret and - * \p server_secret in Bytes. - * \param key_len The desired length of the key to be extracted in Bytes. - * \param iv_len The desired length of the IV to be extracted in Bytes. - * \param keys The address of the structure holding the generated - * keys and IVs. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_make_traffic_keys( - psa_algorithm_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, size_t secret_len, - size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys); - -/** - * \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446. - * - * - * Derive-Secret( Secret, Label, Messages ) = - * HKDF-Expand-Label( Secret, Label, - * Hash( Messages ), - * Hash.Length ) ) - * - * - * \param hash_alg The identifier for the hash function used for the - * applications of HKDF. - * \param secret The \c Secret argument to the \c Derive-Secret function. - * This must be a readable buffer of length - * \p secret_len Bytes. - * \param secret_len The length of \p secret in Bytes. - * \param label The \c Label argument to the \c Derive-Secret function. - * This must be a readable buffer of length - * \p label_len Bytes. - * \param label_len The length of \p label in Bytes. - * \param ctx The hash of the \c Messages argument to the - * \c Derive-Secret function, or the \c Messages argument - * itself, depending on \p ctx_hashed. - * \param ctx_len The length of \p ctx in Bytes. - * \param ctx_hashed This indicates whether the \p ctx contains the hash of - * the \c Messages argument in the application of the - * \c Derive-Secret function - * (value MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED), or whether - * it is the content of \c Messages itself, in which case - * the function takes care of the hashing - * (value MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED). - * \param dstbuf The target buffer to write the output of - * \c Derive-Secret to. This must be a writable buffer of - * size \p dtsbuf_len Bytes. - * \param dstbuf_len The length of \p dstbuf in Bytes. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *ctx, size_t ctx_len, - int ctx_hashed, - unsigned char *dstbuf, size_t dstbuf_len); - -/** - * \brief Derive TLS 1.3 early data key material from early secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels. - * - * - * Early Secret - * | - * +-----> Derive-Secret(., "c e traffic", ClientHello) - * | = client_early_traffic_secret - * | - * +-----> Derive-Secret(., "e exp master", ClientHello) - * . = early_exporter_master_secret - * . - * . - * - * - * \note To obtain the actual key and IV for the early data traffic, - * the client secret derived by this function need to be - * further processed by mbedtls_ssl_tls13_make_traffic_keys(). - * - * \note The binder key, which is also generated from the early secret, - * is omitted here. Its calculation is part of the separate routine - * mbedtls_ssl_tls13_create_psk_binder(). - * - * \param hash_alg The hash algorithm associated with the PSK for which - * early data key material is being derived. - * \param early_secret The early secret from which the early data key material - * should be derived. This must be a readable buffer whose - * length is the digest size of the hash algorithm - * represented by \p md_size. - * \param transcript The transcript of the handshake so far, calculated with - * respect to \p hash_alg. This must be a readable buffer - * whose length is the digest size of the hash algorithm - * represented by \p md_size. - * \param derived The address of the structure in which to store - * the early data key material. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_early_secrets( - psa_algorithm_t hash_alg, - unsigned char const *early_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_early_secrets *derived); - -/** - * \brief Derive TLS 1.3 handshake key material from the handshake secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels from the standard. - * - * - * Handshake Secret - * | - * +-----> Derive-Secret( ., "c hs traffic", - * | ClientHello...ServerHello ) - * | = client_handshake_traffic_secret - * | - * +-----> Derive-Secret( ., "s hs traffic", - * . ClientHello...ServerHello ) - * . = server_handshake_traffic_secret - * . - * - * - * \note To obtain the actual key and IV for the encrypted handshake traffic, - * the client and server secret derived by this function need to be - * further processed by mbedtls_ssl_tls13_make_traffic_keys(). - * - * \param hash_alg The hash algorithm associated with the ciphersuite - * that's being used for the connection. - * \param handshake_secret The handshake secret from which the handshake key - * material should be derived. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param transcript The transcript of the handshake so far, calculated - * with respect to \p hash_alg. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param derived The address of the structure in which to - * store the handshake key material. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_handshake_secrets( - psa_algorithm_t hash_alg, - unsigned char const *handshake_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_handshake_secrets *derived); - -/** - * \brief Derive TLS 1.3 application key material from the master secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels from the standard. - * - * - * Master Secret - * | - * +-----> Derive-Secret( ., "c ap traffic", - * | ClientHello...server Finished ) - * | = client_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "s ap traffic", - * | ClientHello...Server Finished ) - * | = server_application_traffic_secret_0 - * | - * +-----> Derive-Secret( ., "exp master", - * . ClientHello...server Finished) - * . = exporter_master_secret - * . - * - * - * \note To obtain the actual key and IV for the (0-th) application traffic, - * the client and server secret derived by this function need to be - * further processed by mbedtls_ssl_tls13_make_traffic_keys(). - * - * \param hash_alg The hash algorithm associated with the ciphersuite - * that's being used for the connection. - * \param master_secret The master secret from which the application key - * material should be derived. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param transcript The transcript of the handshake up to and including - * the ServerFinished message, calculated with respect - * to \p hash_alg. This must be a readable buffer whose - * length is the digest size of the hash algorithm - * represented by \p hash_alg. - * \param derived The address of the structure in which to - * store the application key material. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_application_secrets( - psa_algorithm_t hash_alg, - unsigned char const *master_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived); - -/** - * \brief Derive TLS 1.3 resumption master secret from the master secret. - * - * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret() - * with the appropriate labels from the standard. - * - * \param hash_alg The hash algorithm used in the application for which - * key material is being derived. - * \param application_secret The application secret from which the resumption master - * secret should be derived. This must be a readable - * buffer whose length is the digest size of the hash - * algorithm represented by \p md_size. - * \param transcript The transcript of the handshake up to and including - * the ClientFinished message, calculated with respect - * to \p hash_alg. This must be a readable buffer whose - * length is the digest size of the hash algorithm - * represented by \p hash_alg. - * \param transcript_len The length of \p transcript in Bytes. - * \param derived The address of the structure in which to - * store the resumption master secret. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_derive_resumption_master_secret( - psa_algorithm_t hash_alg, - unsigned char const *application_secret, - unsigned char const *transcript, size_t transcript_len, - mbedtls_ssl_tls13_application_secrets *derived); - -/** - * \brief Compute the next secret in the TLS 1.3 key schedule - * - * The TLS 1.3 key schedule proceeds as follows to compute - * the three main secrets during the handshake: The early - * secret for early data, the handshake secret for all - * other encrypted handshake messages, and the master - * secret for all application traffic. - * - * - * 0 - * | - * v - * PSK -> HKDF-Extract = Early Secret - * | - * v - * Derive-Secret( ., "derived", "" ) - * | - * v - * (EC)DHE -> HKDF-Extract = Handshake Secret - * | - * v - * Derive-Secret( ., "derived", "" ) - * | - * v - * 0 -> HKDF-Extract = Master Secret - * - * - * Each of the three secrets in turn is the basis for further - * key derivations, such as the derivation of traffic keys and IVs; - * see e.g. mbedtls_ssl_tls13_make_traffic_keys(). - * - * This function implements one step in this evolution of secrets: - * - * - * old_secret - * | - * v - * Derive-Secret( ., "derived", "" ) - * | - * v - * input -> HKDF-Extract = new_secret - * - * - * \param hash_alg The identifier for the hash function used for the - * applications of HKDF. - * \param secret_old The address of the buffer holding the old secret - * on function entry. If not \c NULL, this must be a - * readable buffer whose size matches the output size - * of the hash function represented by \p hash_alg. - * If \c NULL, an all \c 0 array will be used instead. - * \param input The address of the buffer holding the additional - * input for the key derivation (e.g., the PSK or the - * ephemeral (EC)DH secret). If not \c NULL, this must be - * a readable buffer whose size \p input_len Bytes. - * If \c NULL, an all \c 0 array will be used instead. - * \param input_len The length of \p input in Bytes. - * \param secret_new The address of the buffer holding the new secret - * on function exit. This must be a writable buffer - * whose size matches the output size of the hash - * function represented by \p hash_alg. - * This may be the same as \p secret_old. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_evolve_secret( - psa_algorithm_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new); - -/** - * \brief Calculate a TLS 1.3 PSK binder. - * - * \param ssl The SSL context. This is used for debugging only and may - * be \c NULL if MBEDTLS_DEBUG_C is disabled. - * \param hash_alg The hash algorithm associated to the PSK \p psk. - * \param psk The buffer holding the PSK for which to create a binder. - * \param psk_len The size of \p psk in bytes. - * \param psk_type This indicates whether the PSK \p psk is externally - * provisioned (#MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL) or a - * resumption PSK (#MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION). - * \param transcript The handshake transcript up to the point where the - * PSK binder calculation happens. This must be readable, - * and its size must be equal to the digest size of - * the hash algorithm represented by \p hash_alg. - * \param result The address at which to store the PSK binder on success. - * This must be writable, and its size must be equal to the - * digest size of the hash algorithm represented by - * \p hash_alg. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_create_psk_binder(mbedtls_ssl_context *ssl, - const psa_algorithm_t hash_alg, - unsigned char const *psk, size_t psk_len, - int psk_type, - unsigned char const *transcript, - unsigned char *result); - -/** - * \bref Setup an SSL transform structure representing the - * record protection mechanism used by TLS 1.3 - * - * \param transform The SSL transform structure to be created. This must have - * been initialized through mbedtls_ssl_transform_init() and - * not used in any other way prior to calling this function. - * In particular, this function does not clean up the - * transform structure prior to installing the new keys. - * \param endpoint Indicates whether the transform is for the client - * (value #MBEDTLS_SSL_IS_CLIENT) or the server - * (value #MBEDTLS_SSL_IS_SERVER). - * \param ciphersuite The numerical identifier for the ciphersuite to use. - * This must be one of the identifiers listed in - * ssl_ciphersuites.h. - * \param traffic_keys The key material to use. No reference is stored in - * the SSL transform being generated, and the caller - * should destroy the key material afterwards. - * \param ssl (Debug-only) The SSL context to use for debug output - * in case of failure. This parameter is only needed if - * #MBEDTLS_DEBUG_C is set, and is ignored otherwise. - * - * \return \c 0 on success. In this case, \p transform is ready to - * be used with mbedtls_ssl_transform_decrypt() and - * mbedtls_ssl_transform_encrypt(). - * \return A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform, - int endpoint, - int ciphersuite, - mbedtls_ssl_key_set const *traffic_keys, - mbedtls_ssl_context *ssl); - -/* - * TLS 1.3 key schedule evolutions - * - * Early -> Handshake -> Application - * - * Small wrappers around mbedtls_ssl_tls13_evolve_secret(). - */ - -/** - * \brief Begin TLS 1.3 key schedule by calculating early secret. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Initial -> Early transition. - * - * \param ssl The SSL context to operate on. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl); - -/** - * \brief Compute TLS 1.3 resumption master secret. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Application, see - * mbedtls_ssl_tls13_key_schedule_stage_application(). - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl); - -/** - * \brief Calculate the verify_data value for the client or server TLS 1.3 - * Finished message. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Handshake, see - * mbedtls_ssl_tls13_key_schedule_stage_application(). - * \param dst The address at which to write the verify_data value. - * \param dst_len The size of \p dst in bytes. - * \param actual_len The address at which to store the amount of data - * actually written to \p dst upon success. - * \param which The message to calculate the `verify_data` for: - * - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message - * - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message - * - * \note Both client and server call this function twice, once to - * generate their own Finished message, and once to verify the - * peer's Finished message. - - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *actual_len, - int which); - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/** - * \brief Compute TLS 1.3 early transform - * - * \param ssl The SSL context to operate on. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - * - * \warning The function does not compute the early master secret. Call - * mbedtls_ssl_tls13_key_schedule_stage_early() before to - * call this function to generate the early master secret. - * \note For a client/server endpoint, the function computes only the - * encryption/decryption part of the transform as the decryption/ - * encryption part is not defined by the specification (no early - * traffic from the server to the client). - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_early_transform(mbedtls_ssl_context *ssl); -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/** - * \brief Compute TLS 1.3 handshake transform - * - * \param ssl The SSL context to operate on. The early secret must have been - * computed. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl); - -/** - * \brief Compute TLS 1.3 application transform - * - * \param ssl The SSL context to operate on. The early secret must have been - * computed. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/** - * \brief Export TLS 1.3 PSK from handshake context - * - * \param[in] ssl The SSL context to operate on. - * \param[out] psk PSK output pointer. - * \param[out] psk_len Length of PSK. - * - * \returns \c 0 if there is a configured PSK and it was exported - * successfully. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, - unsigned char **psk, - size_t *psk_len); -#endif - -/** - * \brief Calculate TLS-Exporter function as defined in RFC 8446, Section 7.5. - * - * \param[in] hash_alg The hash algorithm. - * \param[in] secret The secret to use. (Should be the exporter master secret.) - * \param[in] secret_len Length of secret. - * \param[in] label The label of the exported key. - * \param[in] label_len The length of label. - * \param[out] out The output buffer for the exported key. Must have room for at least out_len bytes. - * \param[in] out_len Length of the key to generate. - */ -int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, - const unsigned char *secret, const size_t secret_len, - const unsigned char *label, const size_t label_len, - const unsigned char *context_value, const size_t context_len, - uint8_t *out, const size_t out_len); - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c deleted file mode 100644 index 982e6f8c3b..0000000000 --- a/library/ssl_tls13_server.c +++ /dev/null @@ -1,3589 +0,0 @@ -/* - * TLS 1.3 server-side functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#include "debug_internal.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" -#include "mbedtls/constant_time.h" -#include "mbedtls/oid.h" -#include "mbedtls/psa_util.h" - -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" - - -static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite( - mbedtls_ssl_context *ssl, - unsigned int cipher_suite) -{ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) { - return NULL; - } - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite); - if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info, - ssl->tls_version, - ssl->tls_version) != 0)) { - return NULL; - } - return ciphersuite_info; -} - -static void ssl_tls13_select_ciphersuite( - mbedtls_ssl_context *ssl, - const unsigned char *cipher_suites, - const unsigned char *cipher_suites_end, - int psk_ciphersuite_id, - psa_algorithm_t psk_hash_alg, - const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info) -{ - *selected_ciphersuite_info = NULL; - - /* - * In a compliant ClientHello the byte-length of the list of ciphersuites - * is even and this function relies on this fact. This should have been - * checked in the main ClientHello parsing function. Double check here. - */ - if ((cipher_suites_end - cipher_suites) & 1) { - return; - } - - for (const unsigned char *p = cipher_suites; - p < cipher_suites_end; p += 2) { - /* - * "cipher_suites_end - p is even" is an invariant of the loop. As - * cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and it - * is thus safe to read two bytes. - */ - uint16_t id = MBEDTLS_GET_UINT16_BE(p, 0); - - const mbedtls_ssl_ciphersuite_t *info = - ssl_tls13_validate_peer_ciphersuite(ssl, id); - if (info == NULL) { - continue; - } - - /* - * If a valid PSK ciphersuite identifier has been passed in, we want - * an exact match. - */ - if (psk_ciphersuite_id != 0) { - if (id != psk_ciphersuite_id) { - continue; - } - } else if (psk_hash_alg != PSA_ALG_NONE) { - if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac) != - psk_hash_alg) { - continue; - } - } - - *selected_ciphersuite_info = info; - return; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx", - (unsigned) psk_ciphersuite_id, - (unsigned long) psk_hash_alg)); -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/* From RFC 8446: - * - * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; - * struct { - * PskKeyExchangeMode ke_modes<1..255>; - * } PskKeyExchangeModes; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t ke_modes_len; - int ke_modes = 0; - - /* Read ke_modes length (1 Byte) */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - ke_modes_len = *p++; - /* Currently, there are only two PSK modes, so even without looking - * at the content, something's wrong if the list has more than 2 items. */ - if (ke_modes_len > 2) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, ke_modes_len); - - while (ke_modes_len-- != 0) { - switch (*p++) { - case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: - ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK KEX MODE")); - break; - case MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: - ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK_EPHEMERAL KEX MODE")); - break; - default: - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - } - - ssl->handshake->tls13_kex_modes = ke_modes; - return 0; -} - -/* - * Non-error return values of - * ssl_tls13_offered_psks_check_identity_match_ticket() and - * ssl_tls13_offered_psks_check_identity_match(). They are positive to - * not collide with error codes that are negative. Zero - * (SSL_TLS1_3_PSK_IDENTITY_MATCH) in case of success as it may be propagated - * up by the callers of this function as a generic success condition. - * - * The return value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE means - * that the pre-shared-key identity matches that of a ticket or an externally- - * provisioned pre-shared-key. We have thus been able to retrieve the - * attributes of the pre-shared-key but at least one of them does not meet - * some criteria and the pre-shared-key cannot be used. For example, a ticket - * is expired or its version is not TLS 1.3. Note eventually that the return - * value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE does not have - * anything to do with binder check. A binder check is done only when a - * suitable pre-shared-key has been selected and only for that selected - * pre-shared-key: if the binder check fails, we fail the handshake and we do - * not try to find another pre-shared-key for which the binder check would - * succeed as recommended by the specification. - */ -#define SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH 2 -#define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1 -#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0 - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_offered_psks_check_identity_match_ticket( - mbedtls_ssl_context *ssl, - const unsigned char *identity, - size_t identity_len, - uint32_t obfuscated_ticket_age, - mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *ticket_buffer; -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t now; - mbedtls_ms_time_t server_age; - uint32_t client_age; - mbedtls_ms_time_t age_diff; -#endif - - ((void) obfuscated_ticket_age); - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> check_identity_match_ticket")); - - /* Ticket parser is not configured, Skip */ - if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { - return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - } - - /* We create a copy of the encrypted ticket since the ticket parsing - * function is allowed to use its input buffer as an output buffer - * (in-place decryption). We do, however, need the original buffer for - * computing the PSK binder value. - */ - ticket_buffer = mbedtls_calloc(1, identity_len); - if (ticket_buffer == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(ticket_buffer, identity, identity_len); - - ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, - session, - ticket_buffer, identity_len); - switch (ret) { - case 0: - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH; - break; - - case MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; - break; - - case MBEDTLS_ERR_SSL_INVALID_MAC: - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); - ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - break; - - default: - MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret); - ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - } - - /* We delete the temporary buffer */ - mbedtls_free(ticket_buffer); - - if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { - goto exit; - } - - /* - * The identity matches that of a ticket. Now check that it has suitable - * attributes and bet it will not be the case. - */ - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; - - if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3.")); - goto exit; - } - -#if defined(MBEDTLS_HAVE_TIME) - now = mbedtls_ms_time(); - - if (now < session->ticket_creation_time) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Invalid ticket creation time ( now = %" MBEDTLS_PRINTF_MS_TIME - ", creation_time = %" MBEDTLS_PRINTF_MS_TIME " )", - now, session->ticket_creation_time)); - goto exit; - } - - server_age = now - session->ticket_creation_time; - - /* RFC 8446 section 4.6.1 - * - * Servers MUST NOT use any value greater than 604800 seconds (7 days). - * - * RFC 8446 section 4.2.11.1 - * - * Clients MUST NOT attempt to use tickets which have ages greater than - * the "ticket_lifetime" value which was provided with the ticket. - * - */ - if (server_age > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME * 1000) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age exceeds limitation ticket_age = %" MBEDTLS_PRINTF_MS_TIME, - server_age)); - goto exit; - } - - /* RFC 8446 section 4.2.10 - * - * For PSKs provisioned via NewSessionTicket, a server MUST validate that - * the ticket age for the selected PSK identity (computed by subtracting - * ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is - * within a small tolerance of the time since the ticket was issued. - * - * NOTE: The typical accuracy of an RTC crystal is ±100 to ±20 parts per - * million (360 to 72 milliseconds per hour). Default tolerance - * window is 6s, thus in the worst case clients and servers must - * sync up their system time every 6000/360/2~=8 hours. - */ - client_age = obfuscated_ticket_age - session->ticket_age_add; - age_diff = server_age - (mbedtls_ms_time_t) client_age; - if (age_diff < -MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE || - age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age outside tolerance window ( diff = %" - MBEDTLS_PRINTF_MS_TIME ")", - age_diff)); - goto exit; - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * All good, we have found a suitable ticket. - */ - ret = SSL_TLS1_3_PSK_IDENTITY_MATCH; - -exit: - if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { - mbedtls_ssl_session_free(session); - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= check_identity_match_ticket")); - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_offered_psks_check_identity_match( - mbedtls_ssl_context *ssl, - const unsigned char *identity, - size_t identity_len, - uint32_t obfuscated_ticket_age, - int *psk_type, - mbedtls_ssl_session *session) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ((void) session); - ((void) obfuscated_ticket_age); - *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; - - MBEDTLS_SSL_DEBUG_BUF(4, "identity", identity, identity_len); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - ret = ssl_tls13_offered_psks_check_identity_match_ticket( - ssl, identity, identity_len, obfuscated_ticket_age, session); - if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH) { - *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; - ret = mbedtls_ssl_set_hs_psk(ssl, - session->resumption_key, - session->resumption_key_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "Ticket-resumed PSK:", - session->resumption_key, - session->resumption_key_len); - MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u", - (unsigned) obfuscated_ticket_age)); - return SSL_TLS1_3_PSK_IDENTITY_MATCH; - } else if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE) { - return SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - /* Check identity with external configured function */ - if (ssl->conf->f_psk != NULL) { - if (ssl->conf->f_psk( - ssl->conf->p_psk, ssl, identity, identity_len) == 0) { - return SSL_TLS1_3_PSK_IDENTITY_MATCH; - } - return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; - } - - MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len); - /* Check identity with pre-configured psk */ - if (ssl->conf->psk_identity != NULL && - identity_len == ssl->conf->psk_identity_len && - mbedtls_ct_memcmp(ssl->conf->psk_identity, - identity, identity_len) == 0) { - ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); - return ret; - } - return SSL_TLS1_3_PSK_IDENTITY_MATCH; - } - - return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; -} - -/* - * Non-error return values of ssl_tls13_offered_psks_check_binder_match(). - * They are positive to not collide with error codes that are negative. Zero - * (SSL_TLS1_3_BINDER_MATCH) in case of success as it may be propagated up - * by the callers of this function as a generic success condition. - */ -#define SSL_TLS1_3_BINDER_DOES_NOT_MATCH 1 -#define SSL_TLS1_3_BINDER_MATCH 0 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_offered_psks_check_binder_match( - mbedtls_ssl_context *ssl, - const unsigned char *binder, size_t binder_len, - int psk_type, psa_algorithm_t psk_hash_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - unsigned char transcript[PSA_HASH_MAX_SIZE]; - size_t transcript_len; - unsigned char *psk; - size_t psk_len; - unsigned char server_computed_binder[PSA_HASH_MAX_SIZE]; - - if (binder_len != PSA_HASH_LENGTH(psk_hash_alg)) { - return SSL_TLS1_3_BINDER_DOES_NOT_MATCH; - } - - /* Get current state of handshake transcript. */ - ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), - transcript, sizeof(transcript), &transcript_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg, - psk, psk_len, psk_type, - transcript, - server_computed_binder); - mbedtls_free((void *) psk); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed.")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( computed ): ", - server_computed_binder, transcript_len); - MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len); - - if (mbedtls_ct_memcmp(server_computed_binder, - binder, - PSA_HASH_LENGTH(psk_hash_alg)) == 0) { - return SSL_TLS1_3_BINDER_MATCH; - } - - mbedtls_platform_zeroize(server_computed_binder, - sizeof(server_computed_binder)); - return SSL_TLS1_3_BINDER_DOES_NOT_MATCH; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src) -{ - dst->ticket_age_add = src->ticket_age_add; - dst->ticket_flags = src->ticket_flags; - dst->resumption_key_len = src->resumption_key_len; - if (src->resumption_key_len == 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - memcpy(dst->resumption_key, src->resumption_key, src->resumption_key_len); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - dst->max_early_data_size = src->max_early_data_size; - -#if defined(MBEDTLS_SSL_ALPN) - int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_SSL_ALPN */ -#endif /* MBEDTLS_SSL_EARLY_DATA*/ - - return 0; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -struct psk_attributes { - int type; - int key_exchange_mode; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; -}; -#define PSK_ATTRIBUTES_INIT { 0, 0, NULL } - -/* Parser for pre_shared_key extension in client hello - * struct { - * opaque identity<1..2^16-1>; - * uint32 obfuscated_ticket_age; - * } PskIdentity; - * - * opaque PskBinderEntry<32..255>; - * - * struct { - * PskIdentity identities<7..2^16-1>; - * PskBinderEntry binders<33..2^16-1>; - * } OfferedPsks; - * - * struct { - * select (Handshake.msg_type) { - * case client_hello: OfferedPsks; - * .... - * }; - * } PreSharedKeyExtension; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_pre_shared_key_ext( - mbedtls_ssl_context *ssl, - const unsigned char *pre_shared_key_ext, - const unsigned char *pre_shared_key_ext_end, - const unsigned char *ciphersuites, - const unsigned char *ciphersuites_end, - struct psk_attributes *psk) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *identities = pre_shared_key_ext; - const unsigned char *p_identity_len; - size_t identities_len; - const unsigned char *identities_end; - const unsigned char *binders; - const unsigned char *p_binder_len; - size_t binders_len; - const unsigned char *binders_end; - int matched_identity = -1; - int identity_id = -1; - - MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key extension", - pre_shared_key_ext, - pre_shared_key_ext_end - pre_shared_key_ext); - - /* identities_len 2 bytes - * identities_data >= 7 bytes - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(identities, pre_shared_key_ext_end, 7 + 2); - identities_len = MBEDTLS_GET_UINT16_BE(identities, 0); - p_identity_len = identities + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, pre_shared_key_ext_end, - identities_len); - identities_end = p_identity_len + identities_len; - - /* binders_len 2 bytes - * binders >= 33 bytes - */ - binders = identities_end; - MBEDTLS_SSL_CHK_BUF_READ_PTR(binders, pre_shared_key_ext_end, 33 + 2); - binders_len = MBEDTLS_GET_UINT16_BE(binders, 0); - p_binder_len = binders + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len); - binders_end = p_binder_len + binders_len; - - ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, - identities_end - pre_shared_key_ext); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - - while (p_identity_len < identities_end && p_binder_len < binders_end) { - const unsigned char *identity; - size_t identity_len; - uint32_t obfuscated_ticket_age; - const unsigned char *binder; - size_t binder_len; - int psk_ciphersuite_id; - psa_algorithm_t psk_hash_alg; - int allowed_key_exchange_modes; - - mbedtls_ssl_session session; - mbedtls_ssl_session_init(&session); - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4); - identity_len = MBEDTLS_GET_UINT16_BE(p_identity_len, 0); - identity = p_identity_len + 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(identity, identities_end, identity_len + 4); - obfuscated_ticket_age = MBEDTLS_GET_UINT32_BE(identity, identity_len); - p_identity_len += identity_len + 6; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, binders_end, 1 + 32); - binder_len = *p_binder_len; - binder = p_binder_len + 1; - MBEDTLS_SSL_CHK_BUF_READ_PTR(binder, binders_end, binder_len); - p_binder_len += binder_len + 1; - - identity_id++; - if (matched_identity != -1) { - continue; - } - - ret = ssl_tls13_offered_psks_check_identity_match( - ssl, identity, identity_len, obfuscated_ticket_age, - &psk->type, &session); - if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(4, ("found matched identity")); - - switch (psk->type) { - case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - psk_ciphersuite_id = 0; - psk_hash_alg = PSA_ALG_SHA_256; - allowed_key_exchange_modes = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - break; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: - psk_ciphersuite_id = session.ciphersuite; - psk_hash_alg = PSA_ALG_NONE; - ssl->session_negotiate->ticket_flags = session.ticket_flags; - allowed_key_exchange_modes = - session.ticket_flags & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - break; -#endif - default: - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; - - if ((allowed_key_exchange_modes & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && - ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { - psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } else if ((allowed_key_exchange_modes & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && - ssl_tls13_key_exchange_is_psk_available(ssl)) { - psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } - - if (psk->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE) { - MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable PSK key exchange mode")); - continue; - } - - ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, - psk_ciphersuite_id, psk_hash_alg, - &psk->ciphersuite_info); - - if (psk->ciphersuite_info == NULL) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_session_free(&session); -#endif - /* - * We consider finding a ciphersuite suitable for the PSK as part - * of the validation of its binder. Thus if we do not find one, we - * abort the handshake with a decrypt_error alert. - */ - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - ret = ssl_tls13_offered_psks_check_binder_match( - ssl, binder, binder_len, psk->type, - mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) psk->ciphersuite_info->mac)); - if (ret != SSL_TLS1_3_BINDER_MATCH) { - /* For security reasons, the handshake should be aborted when we - * fail to validate a binder value. See RFC 8446 section 4.2.11.2 - * and appendix E.6. */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_session_free(&session); -#endif - MBEDTLS_SSL_DEBUG_MSG(3, ("Invalid binder.")); - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_offered_psks_check_binder_match", ret); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return ret; - } - - matched_identity = identity_id; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (psk->type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { - ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, - &session); - mbedtls_ssl_session_free(&session); - if (ret != 0) { - return ret; - } - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } - - if (p_identity_len != identities_end || p_binder_len != binders_end) { - MBEDTLS_SSL_DEBUG_MSG(3, ("pre_shared_key extension decode error")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Update the handshake transcript with the binder list. */ - ret = ssl->handshake->update_checksum( - ssl, identities_end, (size_t) (binders_end - identities_end)); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - if (matched_identity == -1) { - MBEDTLS_SSL_DEBUG_MSG(3, ("No usable PSK or ticket.")); - return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - - ssl->handshake->selected_identity = (uint16_t) matched_identity; - MBEDTLS_SSL_DEBUG_MSG(3, ("Pre shared key found")); - - return 0; -} - -/* - * struct { - * select ( Handshake.msg_type ) { - * .... - * case server_hello: - * uint16 selected_identity; - * } - * } PreSharedKeyExtension; - */ -static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *olen) -{ - unsigned char *p = (unsigned char *) buf; - - *olen = 0; - - int not_using_psk = 0; - not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); - if (not_using_psk) { - /* We shouldn't have called this extension writer unless we've - * chosen to use a PSK. */ - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding pre_shared_key extension")); - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PRE_SHARED_KEY, p, 0); - MBEDTLS_PUT_UINT16_BE(2, p, 2); - - MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4); - - *olen = 6; - - MBEDTLS_SSL_DEBUG_MSG(4, ("sent selected_identity: %u", - ssl->handshake->selected_identity)); - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); - - return 0; -} - -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -/* From RFC 8446: - * struct { - * ProtocolVersion versions<2..254>; - * } SupportedVersions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t versions_len; - const unsigned char *versions_end; - uint16_t tls_version; - int found_supported_version = 0; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1); - versions_len = p[0]; - p += 1; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, versions_len); - versions_end = p + versions_len; - while (p < versions_end) { - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, versions_end, 2); - tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport); - p += 2; - - if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) { - found_supported_version = 1; - break; - } - - if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) && - mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { - found_supported_version = 1; - break; - } - } - - if (!found_supported_version) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No supported version found.")); - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - MBEDTLS_SSL_DEBUG_MSG(1, ("Negotiated version: [%04x]", - (unsigned int) tls_version)); - - return (int) tls_version; -} - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) -/* - * - * From RFC 8446: - * enum { - * ... (0xFFFF) - * } NamedGroup; - * struct { - * NamedGroup named_group_list<2..2^16-1>; - * } NamedGroupList; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - const unsigned char *p = buf; - size_t named_group_list_len; - const unsigned char *named_group_list_end; - - MBEDTLS_SSL_DEBUG_BUF(3, "supported_groups extension", p, end - buf); - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - named_group_list_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, named_group_list_len); - named_group_list_end = p + named_group_list_len; - ssl->handshake->hrr_selected_group = 0; - - while (p < named_group_list_end) { - uint16_t named_group; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, named_group_list_end, 2); - named_group = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - MBEDTLS_SSL_DEBUG_MSG(2, - ("got named group: %s(%04x)", - mbedtls_ssl_named_group_to_str(named_group), - named_group)); - - if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) || - !mbedtls_ssl_named_group_is_supported(named_group) || - ssl->handshake->hrr_selected_group != 0) { - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(2, - ("add named group %s(%04x) into received list.", - mbedtls_ssl_named_group_to_str(named_group), - named_group)); - - ssl->handshake->hrr_selected_group = named_group; - } - - return 0; - -} -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */ - -#define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) -/* - * ssl_tls13_parse_key_shares_ext() verifies whether the information in the - * extension is correct and stores the first acceptable key share and its - * associated group. - * - * Possible return values are: - * - 0: Successful processing of the client provided key share extension. - * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by - * the client does not match a group supported by the server. A - * HelloRetryRequest will be needed. - * - A negative value for fatal errors. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char const *p = buf; - unsigned char const *client_shares_end; - size_t client_shares_len; - - /* From RFC 8446: - * - * struct { - * KeyShareEntry client_shares<0..2^16-1>; - * } KeyShareClientHello; - * - */ - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - client_shares_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, client_shares_len); - - ssl->handshake->offered_group_id = 0; - client_shares_end = p + client_shares_len; - - /* We try to find a suitable key share entry and copy it to the - * handshake context. Later, we have to find out whether we can do - * something with the provided key share or whether we have to - * dismiss it and send a HelloRetryRequest message. - */ - - while (p < client_shares_end) { - uint16_t group; - size_t key_exchange_len; - const unsigned char *key_exchange; - - /* - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, 4); - group = MBEDTLS_GET_UINT16_BE(p, 0); - key_exchange_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - key_exchange = p; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, key_exchange_len); - p += key_exchange_len; - - /* Continue parsing even if we have already found a match, - * for input validation purposes. - */ - if (!mbedtls_ssl_named_group_is_offered(ssl, group) || - !mbedtls_ssl_named_group_is_supported(group) || - ssl->handshake->offered_group_id != 0) { - continue; - } - - /* - * ECDHE and FFDHE groups are supported - */ - if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || - mbedtls_ssl_tls13_named_group_is_ffdh(group)) { - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH/FFDH group: %s (%04x)", - mbedtls_ssl_named_group_to_str(group), - group)); - ret = mbedtls_ssl_tls13_read_public_xxdhe_share( - ssl, key_exchange - 2, key_exchange_len + 2); - if (ret != 0) { - return ret; - } - - } else { - MBEDTLS_SSL_DEBUG_MSG(4, ("Unrecognized NamedGroup %u", - (unsigned) group)); - continue; - } - - ssl->handshake->offered_group_id = group; - } - - - if (ssl->handshake->offered_group_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no matching key share")); - return SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH; - } - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, - int exts_mask) -{ - int masked = ssl->handshake->received_extensions & exts_mask; - return masked == exts_mask; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( - mbedtls_ssl_context *ssl) -{ - return ssl_tls13_client_hello_has_exts( - ssl, - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | - MBEDTLS_SSL_EXT_MASK(SIG_ALG)); -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange( - mbedtls_ssl_context *ssl) -{ - return ssl_tls13_client_hello_has_exts( - ssl, - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)); -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( - mbedtls_ssl_context *ssl) -{ - return ssl_tls13_client_hello_has_exts( - ssl, - MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) | - MBEDTLS_SSL_EXT_MASK(KEY_SHARE) | - MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)); -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) - return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && - mbedtls_ssl_tls13_is_psk_supported(ssl) && - ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); -#else - ((void) ssl); - return 0; -#endif -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) - return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && - mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && - ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); -#else - ((void) ssl); - return 0; -#endif -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && - ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); -#else - ((void) ssl); - return 0; -#endif -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - -static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) -{ - switch (sig_alg) { - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256); - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_384); - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_512); - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256); - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - return PSA_ALG_RSA_PSS(PSA_ALG_SHA_384); - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - return PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256); - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384); - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512); - default: - return PSA_ALG_NONE; - } -} - -/* - * Pick best ( private key, certificate chain ) pair based on the signature - * algorithms supported by the client. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_key_cert *key_cert, *key_cert_list; - const uint16_t *sig_alg = ssl->handshake->received_sig_algs; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_key_cert != NULL) { - key_cert_list = ssl->handshake->sni_key_cert; - } else -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - key_cert_list = ssl->conf->key_cert; - - if (key_cert_list == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate")); - return -1; - } - - for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { - if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) { - continue; - } - - if (!mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(*sig_alg)) { - continue; - } - - for (key_cert = key_cert_list; key_cert != NULL; - key_cert = key_cert->next) { - psa_algorithm_t psa_alg = PSA_ALG_NONE; - - MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate", - key_cert->cert); - - /* - * This avoids sending the client a cert it'll reject based on - * keyUsage or other extensions. - */ - if (mbedtls_x509_crt_check_key_usage( - key_cert->cert, MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0 || - mbedtls_x509_crt_check_extended_key_usage( - key_cert->cert, MBEDTLS_OID_SERVER_AUTH, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) != 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " - "(extended) key usage extension")); - continue; - } - - MBEDTLS_SSL_DEBUG_MSG(3, - ("ssl_tls13_pick_key_cert:" - "check signature algorithm %s [%04x]", - mbedtls_ssl_sig_alg_to_str(*sig_alg), - *sig_alg)); - psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg); - - if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( - *sig_alg, &key_cert->cert->pk) - && psa_alg != PSA_ALG_NONE && - mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg, - PSA_KEY_USAGE_VERIFY_HASH) == 1 - ) { - ssl->handshake->key_cert = key_cert; - MBEDTLS_SSL_DEBUG_MSG(3, - ("ssl_tls13_pick_key_cert:" - "selected signature algorithm" - " %s [%04x]", - mbedtls_ssl_sig_alg_to_str(*sig_alg), - *sig_alg)); - MBEDTLS_SSL_DEBUG_CRT( - 3, "selected certificate (chain)", - ssl->handshake->key_cert->cert); - return 0; - } - } - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("ssl_tls13_pick_key_cert:" - "no suitable certificate found")); - return -1; -} -#endif /* MBEDTLS_X509_CRT_PARSE_C && - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * - * STATE HANDLING: ClientHello - * - * There are three possible classes of outcomes when parsing the ClientHello: - * - * 1) The ClientHello was well-formed and matched the server's configuration. - * - * In this case, the server progresses to sending its ServerHello. - * - * 2) The ClientHello was well-formed but didn't match the server's - * configuration. - * - * For example, the client might not have offered a key share which - * the server supports, or the server might require a cookie. - * - * In this case, the server sends a HelloRetryRequest. - * - * 3) The ClientHello was ill-formed - * - * In this case, we abort the handshake. - * - */ - -/* - * Structure of this message: - * - * uint16 ProtocolVersion; - * opaque Random[32]; - * uint8 CipherSuite[2]; // Cryptographic suite selector - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * Random random; - * opaque legacy_session_id<0..32>; - * CipherSuite cipher_suites<2..2^16-2>; - * opaque legacy_compression_methods<1..2^8-1>; - * Extension extensions<8..2^16-1>; - * } ClientHello; - */ - -#define SSL_CLIENT_HELLO_OK 0 -#define SSL_CLIENT_HELLO_HRR_REQUIRED 1 -#define SSL_CLIENT_HELLO_TLS1_2 2 - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *p = buf; - const unsigned char *random; - size_t legacy_session_id_len; - const unsigned char *legacy_session_id; - size_t cipher_suites_len; - const unsigned char *cipher_suites; - const unsigned char *cipher_suites_end; - size_t extensions_len; - const unsigned char *extensions_end; - const unsigned char *supported_versions_data; - const unsigned char *supported_versions_data_end; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - int hrr_required = 0; - int no_usable_share_for_key_agreement = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - int got_psk = 0; - struct psk_attributes psk = PSK_ATTRIBUTES_INIT; - const unsigned char *pre_shared_key_ext = NULL; - const unsigned char *pre_shared_key_ext_end = NULL; -#endif - - /* - * ClientHello layout: - * 0 . 1 protocol version - * 2 . 33 random bytes - * 34 . 34 session id length ( 1 byte ) - * 35 . 34+x session id - * .. . .. ciphersuite list length ( 2 bytes ) - * .. . .. ciphersuite list - * .. . .. compression alg. list length ( 1 byte ) - * .. . .. compression alg. list - * .. . .. extensions length ( 2 bytes, optional ) - * .. . .. extensions ( optional ) - */ - - /* - * Minimal length ( with everything empty and extensions omitted ) is - * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can - * read at least up to session id length without worrying. - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 38); - - /* ... - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * ... - * with ProtocolVersion defined as: - * uint16 ProtocolVersion; - */ - if (mbedtls_ssl_read_version(p, ssl->conf->transport) != - MBEDTLS_SSL_VERSION_TLS1_2) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Unsupported version of TLS.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - p += 2; - - /* ... - * Random random; - * ... - * with Random defined as: - * opaque Random[32]; - */ - random = p; - p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - - /* ... - * opaque legacy_session_id<0..32>; - * ... - */ - legacy_session_id_len = *(p++); - legacy_session_id = p; - - /* - * Check we have enough data for the legacy session identifier - * and the ciphersuite list length. - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_len + 2); - p += legacy_session_id_len; - - /* ... - * CipherSuite cipher_suites<2..2^16-2>; - * ... - * with CipherSuite defined as: - * uint8 CipherSuite[2]; - */ - cipher_suites_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - cipher_suites = p; - - /* - * The length of the ciphersuite list has to be even. - */ - if (cipher_suites_len & 1) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* Check we have enough data for the ciphersuite list, the legacy - * compression methods and the length of the extensions. - * - * cipher_suites cipher_suites_len bytes - * legacy_compression_methods length 1 byte - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 1); - p += cipher_suites_len; - cipher_suites_end = p; - - /* Check if we have enough data for legacy_compression_methods - * and the length of the extensions (2 bytes). - */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p + 1, end, p[0] + 2); - - /* - * Search for the supported versions extension and parse it to determine - * if the client supports TLS 1.3. - */ - ret = mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - ssl, p + 1 + p[0], end, - &supported_versions_data, &supported_versions_data_end); - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, - ("mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts"), ret); - return ret; - } - - if (ret == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("no supported_versions extension")); - return SSL_CLIENT_HELLO_TLS1_2; - } - - if (ret == 1) { - ret = ssl_tls13_parse_supported_versions_ext(ssl, - supported_versions_data, - supported_versions_data_end); - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET(1, - ("ssl_tls13_parse_supported_versions_ext"), ret); - return ret; - } - - /* - * The supported versions extension was parsed successfully as the - * value returned by ssl_tls13_parse_supported_versions_ext() is - * positive. The return value is then equal to - * MBEDTLS_SSL_VERSION_TLS1_2 or MBEDTLS_SSL_VERSION_TLS1_3, defining - * the TLS version to negotiate. - */ - if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) { - MBEDTLS_SSL_DEBUG_MSG(2, ("supported_versions without 1.3")); - return SSL_CLIENT_HELLO_TLS1_2; - } - } - - /* - * We negotiate TLS 1.3. - */ - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; - - /* - * We are negotiating the version 1.3 of the protocol. Do what we have - * postponed: copy of the client random bytes, copy of the legacy session - * identifier and selection of the TLS 1.3 cipher suite. - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", - random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - memcpy(&handshake->randbytes[0], random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - - if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - ssl->session_negotiate->id_len = legacy_session_id_len; - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", - legacy_session_id, legacy_session_id_len); - memcpy(&ssl->session_negotiate->id[0], - legacy_session_id, legacy_session_id_len); - - /* - * Search for a matching ciphersuite - */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, list of cipher suites", - cipher_suites, cipher_suites_len); - - ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end, - 0, PSA_ALG_NONE, &handshake->ciphersuite_info); - - if (handshake->ciphersuite_info == NULL) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; - - MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s", - ((unsigned) handshake->ciphersuite_info->id), - handshake->ciphersuite_info->name)); - - /* ... - * opaque legacy_compression_methods<1..2^8-1>; - * ... - */ - if (p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad legacy compression method")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - p += 2; - - /* ... - * Extension extensions<8..2^16-1>; - * ... - * with Extension defined as: - * struct { - * ExtensionType extension_type; - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len); - extensions_end = p + extensions_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", p, extensions_len); - handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - while (p < extensions_end) { - unsigned int extension_type; - size_t extension_data_len; - const unsigned char *extension_data_end; - uint32_t allowed_exts = MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH; - - if (ssl->handshake->hello_retry_request_flag) { - /* Do not accept early data extension in 2nd ClientHello */ - allowed_exts &= ~MBEDTLS_SSL_EXT_MASK(EARLY_DATA); - } - - /* RFC 8446, section 4.2.11 - * - * The "pre_shared_key" extension MUST be the last extension in the - * ClientHello (this facilitates implementation as described below). - * Servers MUST check that it is the last extension and otherwise fail - * the handshake with an "illegal_parameter" alert. - */ - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) { - MBEDTLS_SSL_DEBUG_MSG( - 3, ("pre_shared_key is not last extension.")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4); - extension_type = MBEDTLS_GET_UINT16_BE(p, 0); - extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2); - p += 4; - - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len); - extension_data_end = p + extension_data_len; - - ret = mbedtls_ssl_tls13_check_received_extension( - ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, - allowed_exts); - if (ret != 0) { - return ret; - } - - switch (extension_type) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension")); - ret = mbedtls_ssl_parse_server_name_ext(ssl, p, - extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_parse_servername_ext", ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension")); - - /* Supported Groups Extension - * - * When sent by the client, the "supported_groups" extension - * indicates the named groups which the client supports, - * ordered from most preferred to least preferred. - */ - ret = ssl_tls13_parse_supported_groups_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_supported_groups_ext", ret); - return ret; - } - - break; -#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - case MBEDTLS_TLS_EXT_KEY_SHARE: - MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); - - /* - * Key Share Extension - * - * When sent by the client, the "key_share" extension - * contains the endpoint's cryptographic parameters for - * ECDHE/DHE key establishment methods. - */ - ret = ssl_tls13_parse_key_shares_ext( - ssl, p, extension_data_end); - if (ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH) { - MBEDTLS_SSL_DEBUG_MSG(2, ("No usable share for key agreement.")); - no_usable_share_for_key_agreement = 1; - } - - if (ret < 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_key_shares_ext", ret); - return ret; - } - - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - - case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: - /* Already parsed */ - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: - MBEDTLS_SSL_DEBUG_MSG( - 3, ("found psk key exchange modes extension")); - - ret = ssl_tls13_parse_key_exchange_modes_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_key_exchange_modes_ext", ret); - return ret; - } - - break; -#endif - - case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: - MBEDTLS_SSL_DEBUG_MSG(3, ("found pre_shared_key extension")); - if ((handshake->received_extensions & - MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)) == 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* Delay processing of the PSK identity once we have - * found out which algorithms to use. We keep a pointer - * to the buffer and the size for later processing. - */ - pre_shared_key_ext = p; - pre_shared_key_ext_end = extension_data_end; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - break; - -#if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - - ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("mbedtls_ssl_parse_alpn_ext"), ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension")); - - ret = mbedtls_ssl_parse_sig_alg_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_parse_sig_alg_ext", ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: - MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension")); - - ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( - ssl, p, extension_data_end); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); - return ret; - } - break; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - - default: - MBEDTLS_SSL_PRINT_EXT( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, - extension_type, "( ignored )"); - break; - } - - p += extension_data_len; - } - - MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO, - handshake->received_extensions); - - ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, - MBEDTLS_SSL_HS_CLIENT_HELLO, - p - buf); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret); - return ret; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - /* Update checksum with either - * - The entire content of the CH message, if no PSK extension is present - * - The content up to but excluding the PSK extension, if present. - * Always parse the pre-shared-key extension when present in the - * ClientHello even if some pre-requisites for PSK key exchange modes are - * not met. That way we always validate the syntax of the extension. - */ - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) { - ret = handshake->update_checksum(ssl, buf, - pre_shared_key_ext - buf); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - ret = ssl_tls13_parse_pre_shared_key_ext(ssl, - pre_shared_key_ext, - pre_shared_key_ext_end, - cipher_suites, - cipher_suites_end, - &psk); - if (ret == 0) { - got_psk = 1; - } else if (ret != MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_pre_shared_key_ext", ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - { - ret = handshake->update_checksum(ssl, buf, p - buf); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } - } - - /* - * Determine the key exchange algorithm to use. - * There are three types of key exchanges supported in TLS 1.3: - * - (EC)DH with ECDSA, - * - (EC)DH with PSK, - * - plain PSK. - * - * The PSK-based key exchanges may additionally be used with 0-RTT. - * - * Our built-in order of preference is - * 1 ) (EC)DHE-PSK Mode ( psk_ephemeral ) - * 2 ) Certificate Mode ( ephemeral ) - * 3 ) Plain PSK Mode ( psk ) - */ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (got_psk && (psk.key_exchange_mode == - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) { - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral")); - - } else -#endif - if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { - handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral")); - - } -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - else if (got_psk && (psk.key_exchange_mode == - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) { - handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk")); - } -#endif - else { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("ClientHello message misses mandatory extensions.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (handshake->key_exchange_mode & - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL) { - handshake->ciphersuite_info = psk.ciphersuite_info; - ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id; - - MBEDTLS_SSL_DEBUG_MSG(2, ("Select PSK ciphersuite: %04x - %s", - ((unsigned) psk.ciphersuite_info->id), - psk.ciphersuite_info->name)); - - if (psk.type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { - handshake->resume = 1; - } - } -#endif - - if (handshake->key_exchange_mode != - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) { - hrr_required = (no_usable_share_for_key_agreement != 0); - } - - mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); - - return hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_handshake_params *handshake = ssl->handshake; - - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("EarlyData: rejected, feature disabled in server configuration.")); - return -1; - } - - if (!handshake->resume) { - /* We currently support early data only in the case of PSKs established - via a NewSessionTicket message thus in the case of a session - resumption. */ - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, not a session resumption.")); - return -1; - } - - /* RFC 8446 4.2.10 - * - * In order to accept early data, the server MUST have accepted a PSK cipher - * suite and selected the first key offered in the client's "pre_shared_key" - * extension. In addition, it MUST verify that the following values are the - * same as those associated with the selected PSK: - * - The TLS version number - * - The selected cipher suite - * - The selected ALPN [RFC7301] protocol, if any - * - * NOTE: - * - The TLS version number is checked in - * ssl_tls13_offered_psks_check_identity_match_ticket(). - */ - - if (handshake->selected_identity != 0) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, the selected key in " - "`pre_shared_key` is not the first one.")); - return -1; - } - - if (handshake->ciphersuite_info->id != - ssl->session_negotiate->ciphersuite) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, the selected ciphersuite is not the one " - "of the selected pre-shared key.")); - return -1; - - } - - if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("EarlyData: rejected, early_data not allowed in ticket " - "permission bits.")); - return -1; - } - -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl); - size_t alpn_len; - - if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) { - return 0; - } - - if (alpn != NULL) { - alpn_len = strlen(alpn); - } - - if (alpn == NULL || - ssl->session_negotiate->ticket_alpn == NULL || - alpn_len != strlen(ssl->session_negotiate->ticket_alpn) || - (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, the selected ALPN is different " - "from the one associated with the pre-shared key.")); - return -1; - } -#endif - - return 0; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/* Update the handshake state machine */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, - int hrr_required) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* - * Server certificate selection - */ - if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_cert_cb", ret); - return ret; - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ssl->handshake->sni_name = NULL; - ssl->handshake->sni_name_len = 0; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls1_3_key_schedule_stage_early", ret); - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { - ssl->handshake->early_data_accepted = - (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0); - - if (ssl->handshake->early_data_accepted) { - ret = mbedtls_ssl_tls13_compute_early_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_early_transform", ret); - return ret; - } - } else { - ssl->discard_early_data_record = - hrr_required ? - MBEDTLS_SSL_EARLY_DATA_DISCARD : - MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD; - } - } -#else - ((void) hrr_required); -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - return 0; -} - -/* - * Main entry point from the state machine; orchestrates the otherfunctions. - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) -{ - - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf = NULL; - size_t buflen = 0; - int parse_client_hello_ret; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - &buf, &buflen)); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf, - buf + buflen)); - parse_client_hello_ret = ret; /* Store positive return value of - * parse_client_hello, - * as negative error codes are handled - * by MBEDTLS_SSL_PROC_CHK_NEG. */ - - /* - * Version 1.2 of the protocol has to be used for the handshake. - * If TLS 1.2 is not supported, abort the handshake. Otherwise, set the - * ssl->keep_current_message flag for the ClientHello to be kept and parsed - * as a TLS 1.2 ClientHello. We also change ssl->tls_version to - * MBEDTLS_SSL_VERSION_TLS1_2 thus from now on mbedtls_ssl_handshake_step() - * will dispatch to the TLS 1.2 state machine. - */ - if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) { - /* Check if server supports TLS 1.2 */ - if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("TLS 1.2 not supported.")); - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, - MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); - return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - ssl->keep_current_message = 1; - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - MBEDTLS_SSL_DEBUG_MSG(1, ("non-1.3 ClientHello left for later processing")); - return 0; - } - - MBEDTLS_SSL_PROC_CHK( - ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret == - SSL_CLIENT_HELLO_HRR_REQUIRED)); - - if (SSL_CLIENT_HELLO_OK == parse_client_hello_ret) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST); - } - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_SERVER_HELLO - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *server_randbytes = - ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - - if ((ret = psa_generate_random(server_randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", server_randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - -#if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time(NULL); -#endif /* MBEDTLS_HAVE_TIME */ - - return ret; -} - -/* - * ssl_tls13_write_server_hello_supported_versions_ext (): - * - * struct { - * ProtocolVersion selected_version; - * } SupportedVersions; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_hello_supported_versions_ext( - mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, write selected version")); - - /* Check if we have space to write the extension: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - selected_version (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, buf, 0); - - MBEDTLS_PUT_UINT16_BE(2, buf, 2); - - mbedtls_ssl_write_version(buf + 4, - ssl->conf->transport, - ssl->tls_version); - - MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [%04x]", - ssl->tls_version)); - - *out_len = 6; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask( - ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS); - - return 0; -} - - - -/* Generate and export a single key share. For hybrid KEMs, this can - * be called multiple times with the different components of the hybrid. */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl, - uint16_t named_group, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - *out_len = 0; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || - mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { - ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( - ssl, named_group, buf, end, out_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange", - ret); - return ret; - } - } else -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ - if (0 /* Other kinds of KEMs */) { - } else { - ((void) ssl); - ((void) named_group); - ((void) buf); - ((void) end); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return ret; -} - -/* - * ssl_tls13_write_key_share_ext - * - * Structure of key_share extension in ServerHello: - * - * struct { - * NamedGroup group; - * opaque key_exchange<1..2^16-1>; - * } KeyShareEntry; - * struct { - * KeyShareEntry server_share; - * } KeyShareServerHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - uint16_t group = ssl->handshake->offered_group_id; - unsigned char *server_share = buf + 4; - size_t key_exchange_length; - - *out_len = 0; - - MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding key share extension")); - - MBEDTLS_SSL_DEBUG_MSG(2, ("server hello, write selected_group: %s (%04x)", - mbedtls_ssl_named_group_to_str(group), - group)); - - /* Check if we have space for header and length fields: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - group (2 bytes) - * - key_exchange_length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8); - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, p, 0); - MBEDTLS_PUT_UINT16_BE(group, server_share, 0); - p += 8; - - /* When we introduce PQC-ECDHE hybrids, we'll want to call this - * function multiple times. */ - ret = ssl_tls13_generate_and_write_key_share( - ssl, group, server_share + 4, end, &key_exchange_length); - if (ret != 0) { - return ret; - } - p += key_exchange_length; - - MBEDTLS_PUT_UINT16_BE(key_exchange_length, server_share + 2, 0); - - MBEDTLS_PUT_UINT16_BE(p - server_share, buf, 2); - - *out_len = p - buf; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - uint16_t selected_group = ssl->handshake->hrr_selected_group; - /* key_share Extension - * - * struct { - * select (Handshake.msg_type) { - * ... - * case hello_retry_request: - * NamedGroup selected_group; - * ... - * }; - * } KeyShare; - */ - - *out_len = 0; - - /* - * For a pure PSK key exchange, there is no group to agree upon. The purpose - * of the HRR is then to transmit a cookie to force the client to demonstrate - * reachability at their apparent network address (primarily useful for DTLS). - */ - if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { - return 0; - } - - /* We should only send the key_share extension if the client's initial - * key share was not acceptable. */ - if (ssl->handshake->offered_group_id != 0) { - MBEDTLS_SSL_DEBUG_MSG(4, ("Skip key_share extension in HRR")); - return 0; - } - - if (selected_group == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no matching named group found")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* Check if we have enough space: - * - extension_type (2 bytes) - * - extension_data_length (2 bytes) - * - selected_group (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6); - - MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0); - MBEDTLS_PUT_UINT16_BE(2, buf, 2); - MBEDTLS_PUT_UINT16_BE(selected_group, buf, 4); - - MBEDTLS_SSL_DEBUG_MSG(3, - ("HRR selected_group: %s (%x)", - mbedtls_ssl_named_group_to_str(selected_group), - selected_group)); - - *out_len = 6; - - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE); - - return 0; -} - -/* - * Structure of ServerHello message: - * - * struct { - * ProtocolVersion legacy_version = 0x0303; // TLS v1.2 - * Random random; - * opaque legacy_session_id_echo<0..32>; - * CipherSuite cipher_suite; - * uint8 legacy_compression_method = 0; - * Extension extensions<6..2^16-1>; - * } ServerHello; - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len, - int is_hrr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - unsigned char *p_extensions_len; - size_t output_len; - - *out_len = 0; - ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - /* ... - * ProtocolVersion legacy_version = 0x0303; // TLS 1.2 - * ... - * with ProtocolVersion defined as: - * uint16 ProtocolVersion; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(0x0303, p, 0); - p += 2; - - /* ... - * Random random; - * ... - * with Random defined as: - * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN]; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN); - if (is_hrr) { - memcpy(p, mbedtls_ssl_tls13_hello_retry_request_magic, - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - } else { - memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], - MBEDTLS_SERVER_HELLO_RANDOM_LEN); - } - MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", - p, MBEDTLS_SERVER_HELLO_RANDOM_LEN); - p += MBEDTLS_SERVER_HELLO_RANDOM_LEN; - - /* ... - * opaque legacy_session_id_echo<0..32>; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len); - *p++ = (unsigned char) ssl->session_negotiate->id_len; - if (ssl->session_negotiate->id_len > 0) { - memcpy(p, &ssl->session_negotiate->id[0], - ssl->session_negotiate->id_len); - p += ssl->session_negotiate->id_len; - - MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id, - ssl->session_negotiate->id_len); - } - - /* ... - * CipherSuite cipher_suite; - * ... - * with CipherSuite defined as: - * uint8 CipherSuite[2]; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_MSG(3, - ("server hello, chosen ciphersuite: %s ( id=%d )", - mbedtls_ssl_get_ciphersuite_name( - ssl->session_negotiate->ciphersuite), - ssl->session_negotiate->ciphersuite)); - - /* ... - * uint8 legacy_compression_method = 0; - * ... - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1); - *p++ = MBEDTLS_SSL_COMPRESS_NULL; - - /* ... - * Extension extensions<6..2^16-1>; - * ... - * struct { - * ExtensionType extension_type; (2 bytes) - * opaque extension_data<0..2^16-1>; - * } Extension; - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - - if ((ret = ssl_tls13_write_server_hello_supported_versions_ext( - ssl, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_write_server_hello_supported_versions_ext", ret); - return ret; - } - p += output_len; - - if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) { - if (is_hrr) { - ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len); - } else { - ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len); - } - if (ret != 0) { - return ret; - } - p += output_len; - } - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_server_pre_shared_key_ext", - ret); - return ret; - } - p += output_len; - } -#endif - - MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); - - MBEDTLS_SSL_DEBUG_BUF(4, "server hello extensions", - p_extensions_len, p - p_extensions_len); - - *out_len = p - buf; - - MBEDTLS_SSL_DEBUG_BUF(3, "server hello", buf, *out_len); - - MBEDTLS_SSL_PRINT_EXTS( - 3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST : - MBEDTLS_SSL_HS_SERVER_HELLO, - ssl->handshake->sent_extensions); - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_finalize_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls13_compute_handshake_transform", - ret); - return ret; - } - - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello")); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, - buf + buf_len, - &msg_len, - 0)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_server_hello(ssl)); - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /* The server sends a dummy change_cipher_spec record immediately - * after its first handshake message. This may either be after - * a ServerHello or a HelloRetryRequest. - */ - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - return ret; -} - - -/* - * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (ssl->handshake->hello_retry_request_flag) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Too many HRRs")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* - * Create stateless transcript hash for HRR - */ - MBEDTLS_SSL_DEBUG_MSG(4, ("Reset transcript for HRR")); - ret = mbedtls_ssl_reset_transcript_for_hrr(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_transcript_for_hrr", ret); - return ret; - } - mbedtls_ssl_session_reset_msg_layer(ssl, 0); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello retry request")); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, - buf + buf_len, - &msg_len, - 1)); - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); - - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, - msg_len)); - - ssl->handshake->hello_retry_request_flag = 1; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - /* The server sends a dummy change_cipher_spec record immediately - * after its first handshake message. This may either be after - * a ServerHello or a HelloRetryRequest. - */ - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST); -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - -cleanup: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello retry request")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS - */ - -/* - * struct { - * Extension extensions<0..2 ^ 16 - 1>; - * } EncryptedExtensions; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t extensions_len = 0; - unsigned char *p_extensions_len; - size_t output_len; - - *out_len = 0; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - - ((void) ssl); - ((void) ret); - ((void) output_len); - -#if defined(MBEDTLS_SSL_ALPN) - ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->early_data_accepted) { - ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 0, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) { - ret = mbedtls_ssl_tls13_write_record_size_limit_ext( - ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - p += output_len; - } -#endif - - extensions_len = (p - p_extensions_len) - 2; - MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); - - *out_len = p - buf; - - MBEDTLS_SSL_DEBUG_BUF(4, "encrypted extensions", buf, *out_len); - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len, msg_len; - - mbedtls_ssl_set_outbound_transform(ssl, - ssl->handshake->transform_handshake); - MBEDTLS_SSL_DEBUG_MSG( - 3, ("switching to handshake transform for outbound data")); - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write encrypted extensions")); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); - } -#else - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); -#endif - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write encrypted extensions")); - return ret; -} - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0 -#define SSL_CERTIFICATE_REQUEST_SKIP 1 -/* Coordination: - * Check whether a CertificateRequest message should be written. - * Returns a negative code on failure, or - * - SSL_CERTIFICATE_REQUEST_SEND_REQUEST - * - SSL_CERTIFICATE_REQUEST_SKIP - * indicating if the writing of the CertificateRequest - * should be skipped or not. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl) -{ - int authmode; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { - authmode = ssl->handshake->sni_authmode; - } else -#endif - authmode = ssl->conf->authmode; - - if (authmode == MBEDTLS_SSL_VERIFY_NONE) { - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; - return SSL_CERTIFICATE_REQUEST_SKIP; - } - - ssl->handshake->certificate_request_sent = 1; - - return SSL_CERTIFICATE_REQUEST_SEND_REQUEST; -} - -/* - * struct { - * opaque certificate_request_context<0..2^8-1>; - * Extension extensions<2..2^16-1>; - * } CertificateRequest; - * - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *out_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - size_t output_len = 0; - unsigned char *p_extensions_len; - - *out_len = 0; - - /* Check if we have enough space: - * - certificate_request_context (1 byte) - * - extensions length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3); - - /* - * Write certificate_request_context - */ - /* - * We use a zero length context for the normal handshake - * messages. For post-authentication handshake messages - * this request context would be set to a non-zero value. - */ - *p++ = 0x0; - - /* - * Write extensions - */ - /* The extensions must contain the signature_algorithms. */ - p_extensions_len = p; - p += 2; - ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); - if (ret != 0) { - return ret; - } - - p += output_len; - MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); - - *out_len = p - buf; - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions); - - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl)); - - if (ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST) { - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body( - ssl, buf, buf + buf_len, &msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - buf, msg_len)); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - ret = 0; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE); -cleanup: - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); - return ret; -} - -/* - * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if ((ssl_tls13_pick_key_cert(ssl) != 0) || - mbedtls_ssl_own_cert(ssl) == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("No certificate available.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - ret = mbedtls_ssl_tls13_write_certificate(ssl); - if (ret != 0) { - return ret; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) -{ - int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl); - if (ret != 0) { - return ret; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); - return 0; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -/* - * RFC 8446 section A.2 - * - * | Send ServerHello - * | K_send = handshake - * | Send EncryptedExtensions - * | [Send CertificateRequest] - * Can send | [Send Certificate + CertificateVerify] - * app data | Send Finished - * after --> | K_send = application - * here +--------+--------+ - * No 0-RTT | | 0-RTT - * | | - * K_recv = handshake | | K_recv = early data - * [Skip decrypt errors] | +------> WAIT_EOED -+ - * | | Recv | | Recv EndOfEarlyData - * | | early data | | K_recv = handshake - * | +------------+ | - * | | - * +> WAIT_FLIGHT2 <--------+ - * | - * +--------+--------+ - * No auth | | Client auth - * | | - * | v - * | WAIT_CERT - * | Recv | | Recv Certificate - * | empty | v - * | Certificate | WAIT_CV - * | | | Recv - * | v | CertificateVerify - * +-> WAIT_FINISHED <---+ - * | Recv Finished - * - * - * The following function handles the state changes after WAIT_FLIGHT2 in the - * above diagram. We are not going to receive early data related messages - * anymore, prepare to receive the first handshake message of the client - * second flight. - */ -static void ssl_tls13_prepare_for_handshake_second_flight( - mbedtls_ssl_context *ssl) -{ - if (ssl->handshake->certificate_request_sent) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate")); - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } -} - -/* - * Handler for MBEDTLS_SSL_SERVER_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_ssl_tls13_write_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_application_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - return ret; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->early_data_accepted) { - /* See RFC 8446 section A.2 for more information */ - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to early keys for inbound traffic. " - "( K_recv = early data )")); - mbedtls_ssl_set_inbound_transform( - ssl, ssl->handshake->transform_earlydata); - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - return 0; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to handshake keys for inbound traffic " - "( K_recv = handshake )")); - mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake); - - ssl_tls13_prepare_for_handshake_second_flight(ssl); - - return 0; -} - -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA - */ -#define SSL_GOT_END_OF_EARLY_DATA 0 -#define SSL_GOT_EARLY_DATA 1 -/* Coordination: - * Deals with the ambiguity of not knowing if the next message is an - * EndOfEarlyData message or an application message containing early data. - * Returns a negative code on failure, or - * - SSL_GOT_END_OF_EARLY_DATA - * - SSL_GOT_EARLY_DATA - * indicating which message is received. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - ssl->keep_current_message = 1; - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_END_OF_EARLY_DATA) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Received an end_of_early_data message.")); - return SSL_GOT_END_OF_EARLY_DATA; - } - - if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - if (ssl->in_offt == NULL) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data")); - /* Set the reading pointer */ - ssl->in_offt = ssl->in_msg; - ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen); - if (ret != 0) { - return ret; - } - } - return SSL_GOT_EARLY_DATA; - } - - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, - MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end) -{ - /* RFC 8446 section 4.5 - * - * struct {} EndOfEarlyData; - */ - if (buf != end) { - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - return 0; -} - -/* - * RFC 8446 section A.2 - * - * | Send ServerHello - * | K_send = handshake - * | Send EncryptedExtensions - * | [Send CertificateRequest] - * Can send | [Send Certificate + CertificateVerify] - * app data | Send Finished - * after --> | K_send = application - * here +--------+--------+ - * No 0-RTT | | 0-RTT - * | | - * K_recv = handshake | | K_recv = early data - * [Skip decrypt errors] | +------> WAIT_EOED -+ - * | | Recv | | Recv EndOfEarlyData - * | | early data | | K_recv = handshake - * | +------------+ | - * | | - * +> WAIT_FLIGHT2 <--------+ - * | - * +--------+--------+ - * No auth | | Client auth - * | | - * | v - * | WAIT_CERT - * | Recv | | Recv Certificate - * | empty | v - * | Certificate | WAIT_CV - * | | | Recv - * | v | CertificateVerify - * +-> WAIT_FINISHED <---+ - * | Recv Finished - * - * The function handles actions and state changes from 0-RTT to WAIT_FLIGHT2 in - * the above diagram. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_process_end_of_early_data")); - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_end_of_early_data_coordinate(ssl)); - - if (ret == SSL_GOT_END_OF_EARLY_DATA) { - unsigned char *buf; - size_t buf_len; - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_end_of_early_data( - ssl, buf, buf + buf_len)); - - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to handshake keys for inbound traffic" - "( K_recv = handshake )")); - mbedtls_ssl_set_inbound_transform( - ssl, ssl->handshake->transform_handshake); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, - buf, buf_len)); - - ssl_tls13_prepare_for_handshake_second_flight(ssl); - - } else if (ret == SSL_GOT_EARLY_DATA) { - ret = MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA; - goto cleanup; - } else { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto cleanup; - } - -cleanup: - MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_process_end_of_early_data")); - return ret; -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -/* - * Handler for MBEDTLS_SSL_CLIENT_FINISHED - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_ssl_tls13_process_finished_message(ssl); - if (ret != 0) { - return ret; - } - - ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_resumption_master_secret", ret); - } - - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); - return 0; -} - -/* - * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) -{ - MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - - mbedtls_ssl_tls13_handshake_wrapup(ssl); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) -/* TODO: Remove the check of SOME_PSK_ENABLED since SESSION_TICKETS requires - * SOME_PSK_ENABLED to be enabled. Here is just to make CI happy. It is - * expected to be resolved with issue#6395. - */ - /* Sent NewSessionTicket message only when client supports PSK */ - if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); - } else -#endif - { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - } - return 0; -} - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -/* - * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - */ -#define SSL_NEW_SESSION_TICKET_SKIP 0 -#define SSL_NEW_SESSION_TICKET_WRITE 1 -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl) -{ - /* Check whether the use of session tickets is enabled */ - if (ssl->conf->f_ticket_write == NULL) { - MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled," - " callback is not set")); - return SSL_NEW_SESSION_TICKET_SKIP; - } - if (ssl->conf->new_session_tickets_count == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled," - " configured count is zero")); - return SSL_NEW_SESSION_TICKET_SKIP; - } - - if (ssl->handshake->new_session_tickets_count == 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: all tickets have " - "been sent.")); - return SSL_NEW_SESSION_TICKET_SKIP; - } - - return SSL_NEW_SESSION_TICKET_WRITE; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, - unsigned char *ticket_nonce, - size_t ticket_nonce_size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session *session = ssl->session; - mbedtls_ssl_ciphersuite_t *ciphersuite_info; - psa_algorithm_t psa_hash_alg; - int hash_length; - - MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg")); - - /* Set ticket_flags depends on the advertised psk key exchange mode */ - mbedtls_ssl_tls13_session_clear_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) - mbedtls_ssl_tls13_session_set_ticket_flags( - session, ssl->handshake->tls13_kex_modes); -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED && - ssl->conf->max_early_data_size > 0) { - mbedtls_ssl_tls13_session_set_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); - session->max_early_data_size = ssl->conf->max_early_data_size; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); - -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - if (session->ticket_alpn == NULL) { - ret = mbedtls_ssl_session_set_ticket_alpn(session, ssl->alpn_chosen); - if (ret != 0) { - return ret; - } - } -#endif - - /* Generate ticket_age_add */ - if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add, - sizeof(session->ticket_age_add)) != 0)) { - MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u", - (unsigned int) session->ticket_age_add)); - - /* Generate ticket_nonce */ - ret = psa_generate_random(ticket_nonce, ticket_nonce_size); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret); - return ret; - } - MBEDTLS_SSL_DEBUG_BUF(3, "ticket_nonce:", - ticket_nonce, ticket_nonce_size); - - ciphersuite_info = - (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; - psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - hash_length = PSA_HASH_LENGTH(psa_hash_alg); - if (hash_length == -1 || - (size_t) hash_length > sizeof(session->resumption_key)) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* In this code the psk key length equals the length of the hash */ - session->resumption_key_len = hash_length; - session->ciphersuite = ciphersuite_info->id; - - /* Compute resumption key - * - * HKDF-Expand-Label( resumption_master_secret, - * "resumption", ticket_nonce, Hash.length ) - */ - ret = mbedtls_ssl_tls13_hkdf_expand_label( - psa_hash_alg, - session->app_secrets.resumption_master_secret, - hash_length, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(resumption), - ticket_nonce, - ticket_nonce_size, - session->resumption_key, - hash_length); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(2, - "Creating the ticket-resumed PSK failed", - ret); - return ret; - } - MBEDTLS_SSL_DEBUG_BUF(3, "Ticket-resumed PSK", - session->resumption_key, - session->resumption_key_len); - - MBEDTLS_SSL_DEBUG_BUF(3, "resumption_master_secret", - session->app_secrets.resumption_master_secret, - hash_length); - - return 0; -} - -/* This function creates a NewSessionTicket message in the following format: - * - * struct { - * uint32 ticket_lifetime; - * uint32 ticket_age_add; - * opaque ticket_nonce<0..255>; - * opaque ticket<1..2^16-1>; - * Extension extensions<0..2^16-2>; - * } NewSessionTicket; - * - * The ticket inside the NewSessionTicket message is an encrypted container - * carrying the necessary information so that the server is later able to - * re-start the communication. - * - * The following fields are placed inside the ticket by the - * f_ticket_write() function: - * - * - creation time (ticket_creation_time) - * - flags (ticket_flags) - * - age add (ticket_age_add) - * - key (resumption_key) - * - key length (resumption_key_len) - * - ciphersuite (ciphersuite) - * - max_early_data_size (max_early_data_size) - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len, - unsigned char *ticket_nonce, - size_t ticket_nonce_size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p = buf; - mbedtls_ssl_session *session = ssl->session; - size_t ticket_len; - uint32_t ticket_lifetime; - unsigned char *p_extensions_len; - - *out_len = 0; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg")); - - /* - * ticket_lifetime 4 bytes - * ticket_age_add 4 bytes - * ticket_nonce 1 + ticket_nonce_size bytes - * ticket >=2 bytes - */ - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + 4 + 1 + ticket_nonce_size + 2); - - /* Generate ticket and ticket_lifetime */ -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_creation_time = mbedtls_ms_time(); -#endif - ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, - session, - p + 9 + ticket_nonce_size + 2, - end, - &ticket_len, - &ticket_lifetime); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "write_ticket", ret); - return ret; - } - - /* RFC 8446 section 4.6.1 - * - * ticket_lifetime: Indicates the lifetime in seconds as a 32-bit - * unsigned integer in network byte order from the time of ticket - * issuance. Servers MUST NOT use any value greater than - * 604800 seconds (7 days) ... - */ - if (ticket_lifetime > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Ticket lifetime (%u) is greater than 7 days.", - (unsigned int) ticket_lifetime)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0); - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", - (unsigned int) ticket_lifetime)); - - /* Write ticket_age_add */ - MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 4); - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u", - (unsigned int) session->ticket_age_add)); - - /* Write ticket_nonce */ - p[8] = (unsigned char) ticket_nonce_size; - if (ticket_nonce_size > 0) { - memcpy(p + 9, ticket_nonce, ticket_nonce_size); - } - p += 9 + ticket_nonce_size; - - /* Write ticket */ - MBEDTLS_PUT_UINT16_BE(ticket_len, p, 0); - p += 2; - MBEDTLS_SSL_DEBUG_BUF(4, "ticket", p, ticket_len); - p += ticket_len; - - /* Ticket Extensions - * - * Extension extensions<0..2^16-2>; - */ - ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE; - - MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); - p_extensions_len = p; - p += 2; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_tls13_session_ticket_allow_early_data(session)) { - size_t output_len; - - if ((ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 1, p, end, &output_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_write_early_data_ext", ret); - return ret; - } - p += output_len; - } else { - MBEDTLS_SSL_DEBUG_MSG( - 4, ("early_data not allowed, " - "skip early_data extension in NewSessionTicket")); - } - -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0); - - *out_len = p - buf; - MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); - - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions); - - return 0; -} - -/* - * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - */ -static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl)); - - if (ret == SSL_NEW_SESSION_TICKET_WRITE) { - unsigned char ticket_nonce[MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH]; - unsigned char *buf; - size_t buf_len, msg_len; - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_new_session_ticket( - ssl, ticket_nonce, sizeof(ticket_nonce))); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg( - ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, - &buf, &buf_len)); - - MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_new_session_ticket_body( - ssl, buf, buf + buf_len, &msg_len, - ticket_nonce, sizeof(ticket_nonce))); - - MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len)); - - /* Limit session tickets count to one when resumption connection. - * - * See document of mbedtls_ssl_conf_new_session_tickets. - */ - if (ssl->handshake->resume == 1) { - ssl->handshake->new_session_tickets_count = 0; - } else { - ssl->handshake->new_session_tickets_count--; - } - - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH); - } else { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - } - -cleanup: - - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -/* - * TLS 1.3 State Machine -- server side - */ -int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)", - mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), - ssl->state)); - - switch (ssl->state) { - /* start state */ - case MBEDTLS_SSL_HELLO_REQUEST: - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - ret = 0; - break; - - case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_tls13_process_client_hello(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_process_client_hello", ret); - } - break; - - case MBEDTLS_SSL_HELLO_RETRY_REQUEST: - ret = ssl_tls13_write_hello_retry_request(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_hello_retry_request", ret); - return ret; - } - break; - - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_tls13_write_server_hello(ssl); - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - ret = ssl_tls13_write_encrypted_extensions(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_encrypted_extensions", ret); - return ret; - } - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_tls13_write_certificate_request(ssl); - break; - - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = ssl_tls13_write_server_certificate(ssl); - break; - - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_tls13_write_certificate_verify(ssl); - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - - /* - * Injection of dummy-CCS's for middlebox compatibility - */ -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); - } - break; - - case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: - ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret != 0) { - break; - } - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - break; -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - case MBEDTLS_SSL_SERVER_FINISHED: - ret = ssl_tls13_write_server_finished(ssl); - break; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - case MBEDTLS_SSL_END_OF_EARLY_DATA: - ret = ssl_tls13_process_end_of_early_data(ssl); - break; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = ssl_tls13_process_client_finished(ssl); - break; - - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - ret = ssl_tls13_handshake_wrapup(ssl); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_tls13_process_certificate(ssl); - if (ret == 0) { - if (ssl->session_negotiate->peer_cert != NULL) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY); - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify")); - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - } - break; - - case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: - ret = mbedtls_ssl_tls13_process_certificate_verify(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_FINISHED); - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: - ret = ssl_tls13_write_new_session_ticket(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "ssl_tls13_write_new_session_ticket ", - ret); - } - break; - case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: - /* This state is necessary to do the flush of the New Session - * Ticket message written in MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET - * as part of ssl_prepare_handshake_step. - */ - ret = 0; - - if (ssl->handshake->new_session_tickets_count == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - } else { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); - } - break; - -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - - return ret; -} - -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/timing.c b/library/timing.c deleted file mode 100644 index 1ed88639ef..0000000000 --- a/library/timing.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Portable interface to the CPU cycle counter - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_TIMING_C) - -#include "mbedtls/timing.h" - -#if !defined(MBEDTLS_TIMING_ALT) - -#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) -#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in mbedtls_config.h" -#endif - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the - * platform matches the ifdefs above, it will be used. */ -#include -#include -struct _hr_time { - struct timeval start; -}; -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -/** - * \brief Return the elapsed time in milliseconds - * - * \warning May change without notice - * - * \param val points to a timer structure - * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. - * - * \return Elapsed time since the previous reset in ms. When - * restarting, this is always 0. - * - * \note To initialize a timer, call this function with reset=1. - * - * Determining the elapsed time and resetting the timer is not - * atomic on all platforms, so after the sequence - * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = - * get_timer(0) }` the value time1+time2 is only approximately - * the delay since the first reset. - */ -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) -{ - struct _hr_time *t = (struct _hr_time *) val; - - if (reset) { - QueryPerformanceCounter(&t->start); - return 0; - } else { - unsigned long delta; - LARGE_INTEGER now, hfreq; - QueryPerformanceCounter(&now); - QueryPerformanceFrequency(&hfreq); - delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul - / hfreq.QuadPart); - return delta; - } -} - -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) -{ - struct _hr_time *t = (struct _hr_time *) val; - - if (reset) { - gettimeofday(&t->start, NULL); - return 0; - } else { - unsigned long delta; - struct timeval now; - gettimeofday(&now, NULL); - delta = (now.tv_sec - t->start.tv_sec) * 1000ul - + (now.tv_usec - t->start.tv_usec) / 1000; - return delta; - } -} - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -/* - * Set delays to watch - */ -void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms) -{ - mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; - - ctx->int_ms = int_ms; - ctx->fin_ms = fin_ms; - - if (fin_ms != 0) { - (void) mbedtls_timing_get_timer(&ctx->timer, 1); - } -} - -/* - * Get number of delays expired - */ -int mbedtls_timing_get_delay(void *data) -{ - mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; - unsigned long elapsed_ms; - - if (ctx->fin_ms == 0) { - return -1; - } - - elapsed_ms = mbedtls_timing_get_timer(&ctx->timer, 0); - - if (elapsed_ms >= ctx->fin_ms) { - return 2; - } - - if (elapsed_ms >= ctx->int_ms) { - return 1; - } - - return 0; -} - -/* - * Get the final delay. - */ -uint32_t mbedtls_timing_get_final_delay( - const mbedtls_timing_delay_context *data) -{ - return data->fin_ms; -} -#endif /* !MBEDTLS_TIMING_ALT */ -#endif /* MBEDTLS_TIMING_C */ diff --git a/library/version.c b/library/version.c deleted file mode 100644 index e828673c0d..0000000000 --- a/library/version.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Version information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_VERSION_C) - -#include "mbedtls/version.h" -#include - -unsigned int mbedtls_version_get_number(void) -{ - return MBEDTLS_VERSION_NUMBER; -} - -const char *mbedtls_version_get_string(void) -{ - return MBEDTLS_VERSION_STRING; -} - -const char *mbedtls_version_get_string_full(void) -{ - return MBEDTLS_VERSION_STRING_FULL; -} - -#endif /* MBEDTLS_VERSION_C */ diff --git a/library/x509.c b/library/x509.c deleted file mode 100644 index 1adff8fafc..0000000000 --- a/library/x509.c +++ /dev/null @@ -1,1831 +0,0 @@ -/* - * X.509 common functions for parsing and verification - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_USE_C) - -#include "mbedtls/asn1.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" - -#include -#include -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/asn1write.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#if defined(MBEDTLS_HAVE_TIME_DATE) -#include "mbedtls/platform_util.h" -#include -#endif - -#define CHECK(code) \ - do { \ - if ((ret = (code)) != 0) { \ - return ret; \ - } \ - } while (0) - -#define CHECK_RANGE(min, max, val) \ - do { \ - if ((val) < (min) || (val) > (max)) { \ - return ret; \ - } \ - } while (0) - -/* - * CertificateSerialNumber ::= INTEGER - */ -int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && - **p != MBEDTLS_ASN1_INTEGER) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - serial->tag = *(*p)++; - - if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret); - } - - serial->p = *p; - *p += serial->len; - - return 0; -} - -/* Get an algorithm identifier without parameters (eg for signatures) - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - */ -int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - return 0; -} - -/* - * Parse an algorithm identifier with (optional) parameters - */ -int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - return 0; -} - -/* - * Convert md type to string - */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - -static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) -{ - switch (md_alg) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return "MD5"; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return "SHA1"; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return "SHA224"; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return "SHA256"; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return "SHA384"; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return "SHA512"; -#endif -#if defined(PSA_WANT_ALG_RIPEMD160) - case MBEDTLS_MD_RIPEMD160: - return "RIPEMD160"; -#endif - case MBEDTLS_MD_NONE: - return NULL; - default: - return NULL; - } -} - -#endif /* !defined(MBEDTLS_X509_REMOVE_INFO) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -/* - * HashAlgorithm ::= AlgorithmIdentifier - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - * - * For HashAlgorithm, parameters MUST be NULL or absent. - */ -static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p; - const unsigned char *end; - mbedtls_x509_buf md_oid; - size_t len; - - /* Make sure we got a SEQUENCE and setup bounds */ - if (alg->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - p = alg->p; - end = p + alg->len; - - if (p >= end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - /* Parse md_oid */ - md_oid.tag = *p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - md_oid.p = p; - p += md_oid.len; - - /* Get md_alg from md_oid */ - if ((ret = mbedtls_x509_oid_get_md_alg(&md_oid, md_alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - /* Make sure params is absent of NULL */ - if (p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_NULL)) != 0 || len != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * RSASSA-PSS-params ::= SEQUENCE { - * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier, - * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier, - * saltLength [2] INTEGER DEFAULT 20, - * trailerField [3] INTEGER DEFAULT 1 } - * -- Note that the tags in this Sequence are explicit. - * - * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value - * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other - * option. Enforce this at parsing time. - */ -int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *p; - const unsigned char *end, *end2; - size_t len; - mbedtls_x509_buf alg_id, alg_params; - - /* First set everything to defaults */ - *md_alg = MBEDTLS_MD_SHA1; - *mgf_md = MBEDTLS_MD_SHA1; - *salt_len = 20; - - /* Make sure params is a SEQUENCE and setup bounds */ - if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - p = (unsigned char *) params->p; - end = p + params->len; - - if (p == end) { - return 0; - } - - /* - * HashAlgorithm - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 0)) == 0) { - end2 = p + len; - - /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */ - if ((ret = mbedtls_x509_get_alg_null(&p, end2, &alg_id)) != 0) { - return ret; - } - - if ((ret = mbedtls_x509_oid_get_md_alg(&alg_id, md_alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p == end) { - return 0; - } - - /* - * MaskGenAlgorithm - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 1)) == 0) { - end2 = p + len; - - /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */ - if ((ret = mbedtls_x509_get_alg(&p, end2, &alg_id, &alg_params)) != 0) { - return ret; - } - - /* Only MFG1 is recognised for now */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, - MBEDTLS_ERR_X509_UNKNOWN_OID); - } - - /* Parse HashAlgorithm */ - if ((ret = x509_get_hash_alg(&alg_params, mgf_md)) != 0) { - return ret; - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p == end) { - return 0; - } - - /* - * salt_len - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 2)) == 0) { - end2 = p + len; - - if ((ret = mbedtls_asn1_get_int(&p, end2, salt_len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p == end) { - return 0; - } - - /* - * trailer_field (if present, must be 1) - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 3)) == 0) { - int trailer_field; - - end2 = p + len; - - if ((ret = mbedtls_asn1_get_int(&p, end2, &trailer_field)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end2) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - if (trailer_field != 1) { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); - } - - if (p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - -/* - * AttributeTypeAndValue ::= SEQUENCE { - * type AttributeType, - * value AttributeValue } - * - * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY DEFINED BY AttributeType - */ -static int x509_get_attr_type_value(unsigned char **p, - const unsigned char *end, - mbedtls_x509_name *cur) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - mbedtls_x509_buf *oid; - mbedtls_x509_buf *val; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - } - - end = *p + len; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - oid = &cur->oid; - oid->tag = **p; - - if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - } - - oid->p = *p; - *p += oid->len; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && - **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && - **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && - **p != MBEDTLS_ASN1_BIT_STRING) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - val = &cur->val; - val->tag = *(*p)++; - - if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - } - - val->p = *p; - *p += val->len; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - cur->next = NULL; - - return 0; -} - -/* - * Name ::= CHOICE { -- only one possibility for now -- - * rdnSequence RDNSequence } - * - * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - * - * RelativeDistinguishedName ::= - * SET OF AttributeTypeAndValue - * - * AttributeTypeAndValue ::= SEQUENCE { - * type AttributeType, - * value AttributeValue } - * - * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY DEFINED BY AttributeType - * - * The data structure is optimized for the common case where each RDN has only - * one element, which is represented as a list of AttributeTypeAndValue. - * For the general case we still use a flat list, but we mark elements of the - * same set so that they are "merged" together in the functions that consume - * this list, eg mbedtls_x509_dn_gets(). - * - * On success, this function may allocate a linked list starting at cur->next - * that must later be free'd by the caller using mbedtls_free(). In error - * cases, this function frees all allocated memory internally and the caller - * has no freeing responsibilities. - */ -int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t set_len; - const unsigned char *end_set; - mbedtls_x509_name *head = cur; - - /* don't use recursion, we'd risk stack overflow if not optimized */ - while (1) { - /* - * parse SET - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &set_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); - goto error; - } - - end_set = *p + set_len; - - while (1) { - if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) { - goto error; - } - - if (*p == end_set) { - break; - } - - /* Mark this item as being no the only one in a set */ - cur->next_merged = 1; - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - - if (cur->next == NULL) { - ret = MBEDTLS_ERR_X509_ALLOC_FAILED; - goto error; - } - - cur = cur->next; - } - - /* - * continue until end of SEQUENCE is reached - */ - if (*p == end) { - return 0; - } - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - - if (cur->next == NULL) { - ret = MBEDTLS_ERR_X509_ALLOC_FAILED; - goto error; - } - - cur = cur->next; - } - -error: - /* Skip the first element as we did not allocate it */ - mbedtls_asn1_free_named_data_list_shallow(head->next); - head->next = NULL; - - return ret; -} - -static int x509_date_is_valid(const mbedtls_x509_time *t) -{ - unsigned int month_days; - unsigned int year; - switch (t->mon) { - case 1: case 3: case 5: case 7: case 8: case 10: case 12: - month_days = 31; - break; - case 4: case 6: case 9: case 11: - month_days = 30; - break; - case 2: - year = (unsigned int) t->year; - month_days = ((year & 3) || (!(year % 100) - && (year % 400))) - ? 28 : 29; - break; - default: - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - if ((unsigned int) (t->day - 1) >= month_days || /* (1 - days in month) */ - /* (unsigned int) (t->mon - 1) >= 12 || */ /* (1 - 12) checked above */ - (unsigned int) t->year > 9999 || /* (0 - 9999) */ - (unsigned int) t->hour > 23 || /* (0 - 23) */ - (unsigned int) t->min > 59 || /* (0 - 59) */ - (unsigned int) t->sec > 59) { /* (0 - 59) */ - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - return 0; -} - -static int x509_parse2_int(const unsigned char *p) -{ - uint32_t d1 = p[0] - '0'; - uint32_t d2 = p[1] - '0'; - return (d1 < 10 && d2 < 10) ? (int) (d1 * 10 + d2) : -1; -} - -/* - * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) - * field. - */ -static int x509_parse_time(const unsigned char *p, mbedtls_x509_time *tm, - size_t yearlen) -{ - int x; - - /* - * Parse year, month, day, hour, minute, second - */ - tm->year = x509_parse2_int(p); - if (tm->year < 0) { - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - if (4 == yearlen) { - x = tm->year * 100; - p += 2; - tm->year = x509_parse2_int(p); - if (tm->year < 0) { - return MBEDTLS_ERR_X509_INVALID_DATE; - } - } else { - x = (tm->year < 50) ? 2000 : 1900; - } - tm->year += x; - - tm->mon = x509_parse2_int(p + 2); - tm->day = x509_parse2_int(p + 4); - tm->hour = x509_parse2_int(p + 6); - tm->min = x509_parse2_int(p + 8); - tm->sec = x509_parse2_int(p + 10); - - return x509_date_is_valid(tm); -} - -/* - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - */ -int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, - mbedtls_x509_time *tm) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len, year_len; - unsigned char tag; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - tag = **p; - - if (tag == MBEDTLS_ASN1_UTC_TIME) { - year_len = 2; - } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) { - year_len = 4; - } else { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - (*p)++; - ret = mbedtls_asn1_get_len(p, end, &len); - - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); - } - - /* len is 12 or 14 depending on year_len, plus optional trailing 'Z' */ - if (len != year_len + 10 && - !(len == year_len + 11 && (*p)[(len - 1)] == 'Z')) { - return MBEDTLS_ERR_X509_INVALID_DATE; - } - - (*p) += len; - return x509_parse_time(*p - len, tm, year_len); -} - -int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - int tag_type; - - if ((end - *p) < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); - } - - tag_type = **p; - - if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret); - } - - sig->tag = tag_type; - sig->len = len; - sig->p = *p; - - *p += len; - - return 0; -} - -/* - * Get signature algorithm from alg OID and optional parameters - */ -int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); - } - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (*pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { - mbedtls_md_type_t mgf1_hash_id; - int expected_salt_len; - - ret = mbedtls_x509_get_rsassa_pss_params(sig_params, - md_alg, - &mgf1_hash_id, - &expected_salt_len); - if (ret != 0) { - return ret; - } - /* Ensure MGF1 hash alg is the same as the one used to hash the message. */ - if (mgf1_hash_id != *md_alg) { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - } else -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - { - /* Make sure parameters are absent or NULL */ - if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) || - sig_params->len != 0) { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - } - - return 0; -} - -/* - * X.509 Extensions (No parsing of extensions, pointer should - * be either manually updated or extensions should be parsed!) - */ -int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Extension structure use EXPLICIT tagging. That is, the actual - * `Extensions` structure is wrapped by a tag-length pair using - * the respective context-specific tag. */ - ret = mbedtls_asn1_get_tag(p, end, &ext->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; - ext->p = *p; - end = *p + ext->len; - - /* - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (end != *p + len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -static char nibble_to_hex_digit(int i) -{ - return (i < 10) ? (i + '0') : (i - 10 + 'A'); -} - -/* Return the x.y.z.... style numeric string for the given OID */ -int mbedtls_oid_get_numeric_string(char *buf, size_t size, - const mbedtls_asn1_buf *oid) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - char *p = buf; - size_t n = size; - unsigned int value = 0; - - if (size > INT_MAX) { - /* Avoid overflow computing return value */ - return MBEDTLS_ERR_ASN1_INVALID_LENGTH; - } - - if (oid->len <= 0) { - /* OID must not be empty */ - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - for (size_t i = 0; i < oid->len; i++) { - /* Prevent overflow in value. */ - if (value > (UINT_MAX >> 7)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - if ((value == 0) && ((oid->p[i]) == 0x80)) { - /* Overlong encoding is not allowed */ - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - - value <<= 7; - value |= oid->p[i] & 0x7F; - - if (!(oid->p[i] & 0x80)) { - /* Last byte */ - if (n == size) { - int component1; - unsigned int component2; - /* First subidentifier contains first two OID components */ - if (value >= 80) { - component1 = '2'; - component2 = value - 80; - } else if (value >= 40) { - component1 = '1'; - component2 = value - 40; - } else { - component1 = '0'; - component2 = value; - } - ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2); - } else { - ret = mbedtls_snprintf(p, n, ".%u", value); - } - if (ret < 2 || (size_t) ret >= n) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - n -= (size_t) ret; - p += ret; - value = 0; - } - } - - if (value != 0) { - /* Unterminated subidentifier */ - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - return (int) (size - n); -} - -/* - * Store the name in printable form into buf; no more - * than size characters will be written - */ -int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, j, n, asn1_len_size, asn1_tag_size, asn1_tag_len_buf_start; - /* 6 is enough as our asn1 write functions only write one byte for the tag and at most five bytes for the length*/ - unsigned char asn1_tag_len_buf[6]; - unsigned char *asn1_len_p; - unsigned char c, merge = 0; - const mbedtls_x509_name *name; - const char *short_name = NULL; - char lowbits, highbits; - char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; - int print_hexstring; - - memset(s, 0, sizeof(s)); - - name = dn; - p = buf; - n = size; - - while (name != NULL) { - if (!name->oid.p) { - name = name->next; - continue; - } - - if (name != dn) { - ret = mbedtls_snprintf(p, n, merge ? " + " : ", "); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) && - (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) && - (name->val.tag != MBEDTLS_ASN1_IA5_STRING); - - if ((ret = mbedtls_x509_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { - ret = mbedtls_snprintf(p, n, "%s=", short_name); - } else { - if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) { - n -= ret; - p += ret; - ret = mbedtls_snprintf(p, n, "="); - print_hexstring = 1; - } else if (ret == PSA_ERROR_BUFFER_TOO_SMALL) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } else { - ret = mbedtls_snprintf(p, n, "\?\?="); - } - } - MBEDTLS_X509_SAFE_SNPRINTF; - - if (print_hexstring) { - s[0] = '#'; - - asn1_len_p = asn1_tag_len_buf + sizeof(asn1_tag_len_buf); - if ((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - asn1_len_size = ret; - if ((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } - asn1_tag_size = ret; - asn1_tag_len_buf_start = sizeof(asn1_tag_len_buf) - asn1_len_size - asn1_tag_size; - for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - c = asn1_tag_len_buf[asn1_tag_len_buf_start+i]; - lowbits = (c & 0x0F); - highbits = c >> 4; - s[j++] = nibble_to_hex_digit(highbits); - s[j++] = nibble_to_hex_digit(lowbits); - } - for (i = 0; i < name->val.len; i++) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - c = name->val.p[i]; - lowbits = (c & 0x0F); - highbits = c >> 4; - s[j++] = nibble_to_hex_digit(highbits); - s[j++] = nibble_to_hex_digit(lowbits); - } - } else { - for (i = 0, j = 0; i < name->val.len; i++, j++) { - if (j >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - c = name->val.p[i]; - // Special characters requiring escaping, RFC 4514 Section 2.4 - if (c == '\0') { - return MBEDTLS_ERR_X509_INVALID_NAME; - } else { - if (strchr(",=+<>;\"\\", c) || - ((i == 0) && strchr("# ", c)) || - ((i == name->val.len-1) && (c == ' '))) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - s[j++] = '\\'; - } - } - if (c < 32 || c >= 127) { - if (j + 3 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - s[j++] = '\\'; - lowbits = (c & 0x0F); - highbits = c >> 4; - s[j++] = nibble_to_hex_digit(highbits); - s[j] = nibble_to_hex_digit(lowbits); - } else { - s[j] = c; - } - } - } - s[j] = '\0'; - ret = mbedtls_snprintf(p, n, "%s", s); - MBEDTLS_X509_SAFE_SNPRINTF; - - merge = name->next_merged; - name = name->next; - } - - return (int) (size - n); -} - -/* - * Store the serial in printable form into buf; no more - * than size characters will be written - */ -int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, n, nr; - char *p; - - p = buf; - n = size; - - nr = (serial->len <= 32) - ? serial->len : 28; - - for (i = 0; i < nr; i++) { - if (i == 0 && nr > 1 && serial->p[i] == 0x0) { - continue; - } - - ret = mbedtls_snprintf(p, n, "%02X%s", - serial->p[i], (i < nr - 1) ? ":" : ""); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - if (nr != serial->len) { - ret = mbedtls_snprintf(p, n, "...."); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -} - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Helper for writing signature algorithms - */ -int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - char *p = buf; - size_t n = size; - const char *desc = NULL; - - ret = mbedtls_x509_oid_get_sig_alg_desc(sig_oid, &desc); - if (ret != 0) { - ret = mbedtls_snprintf(p, n, "???"); - } else { - ret = mbedtls_snprintf(p, n, "%s", desc); - } - MBEDTLS_X509_SAFE_SNPRINTF; - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { - const char *name = md_type_to_string(md_alg); - if (name != NULL) { - ret = mbedtls_snprintf(p, n, " (%s)", name); - } else { - ret = mbedtls_snprintf(p, n, " (?)"); - } - MBEDTLS_X509_SAFE_SNPRINTF; - } -#else - ((void) pk_alg); - ((void) md_alg); -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -/* - * Helper for writing "RSA key size", "EC key size", etc - */ -int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name) -{ - char *p = buf; - size_t n = buf_size; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_snprintf(p, n, "%s key size", name); - MBEDTLS_X509_SAFE_SNPRINTF; - - return 0; -} - -int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, - const mbedtls_x509_time *t2) -{ - int x; - - x = (((t1->year << 9) | (t1->mon << 5) | (t1->day)) - - ((t2->year << 9) | (t2->mon << 5) | (t2->day))); - if (x != 0) { - return x; - } - - x = (((t1->hour << 12) | (t1->min << 6) | (t1->sec)) - - ((t2->hour << 12) | (t2->min << 6) | (t2->sec))); - return x; -} - -#if defined(MBEDTLS_HAVE_TIME_DATE) -int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now) -{ - struct tm tm; - - if (mbedtls_platform_gmtime_r(&tt, &tm) == NULL) { - return -1; - } - - now->year = tm.tm_year + 1900; - now->mon = tm.tm_mon + 1; - now->day = tm.tm_mday; - now->hour = tm.tm_hour; - now->min = tm.tm_min; - now->sec = tm.tm_sec; - return 0; -} - -static int x509_get_current_time(mbedtls_x509_time *now) -{ - return mbedtls_x509_time_gmtime(mbedtls_time(NULL), now); -} - -int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) -{ - mbedtls_x509_time now; - - if (x509_get_current_time(&now) != 0) { - return 1; - } - - return mbedtls_x509_time_cmp(to, &now) < 0; -} - -int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) -{ - mbedtls_x509_time now; - - if (x509_get_current_time(&now) != 0) { - return 1; - } - - return mbedtls_x509_time_cmp(from, &now) > 0; -} - -#else /* MBEDTLS_HAVE_TIME_DATE */ - -int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) -{ - ((void) to); - return 0; -} - -int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) -{ - ((void) from); - return 0; -} -#endif /* MBEDTLS_HAVE_TIME_DATE */ - -/* Common functions for parsing CRT and CSR. */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_X509_CSR_PARSE_C) -/* - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * HardwareModuleName ::= SEQUENCE { - * hwType OBJECT IDENTIFIER, - * hwSerialNum OCTET STRING } - * - * NOTE: we currently only parse and use otherName of type HwModuleName, - * as defined in RFC 4108. - */ -static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, - mbedtls_x509_san_other_name *other_name) -{ - int ret = 0; - size_t len; - unsigned char *p = subject_alt_name->p; - const unsigned char *end = p + subject_alt_name->len; - mbedtls_x509_buf cur_oid; - - if ((subject_alt_name->tag & - (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != - (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { - /* - * The given subject alternative name is not of type "othername". - */ - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - cur_oid.tag = MBEDTLS_ASN1_OID; - cur_oid.p = p; - cur_oid.len = len; - - /* - * Only HwModuleName is currently supported. - */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - other_name->type_id = cur_oid; - - p += len; - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (end != p + len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (end != p + len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; - other_name->value.hardware_module_name.oid.p = p; - other_name->value.hardware_module_name.oid.len = len; - - p += len; - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; - other_name->value.hardware_module_name.val.p = p; - other_name->value.hardware_module_name.val.len = len; - p += len; - if (p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - return 0; -} - -/* Check mbedtls_x509_get_subject_alt_name for detailed description. - * - * In some cases while parsing subject alternative names the sequence tag is optional - * (e.g. CertSerialNumber). This function is designed to handle such case. - */ -int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t tag_len; - mbedtls_asn1_sequence *cur = subject_alt_name; - - while (*p < end) { - mbedtls_x509_subject_alternative_name tmp_san_name; - mbedtls_x509_buf tmp_san_buf; - memset(&tmp_san_name, 0, sizeof(tmp_san_name)); - - tmp_san_buf.tag = **p; - (*p)++; - - if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - tmp_san_buf.p = *p; - tmp_san_buf.len = tag_len; - - if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != - MBEDTLS_ASN1_CONTEXT_SPECIFIC) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - /* - * Check that the SAN is structured correctly by parsing it. - * The SAN structure is discarded afterwards. - */ - ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name); - /* - * In case the extension is malformed, return an error, - * and clear the allocated sequences. - */ - if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - mbedtls_asn1_sequence_free(subject_alt_name->next); - subject_alt_name->next = NULL; - return ret; - } - - mbedtls_x509_free_subject_alt_name(&tmp_san_name); - /* Allocate and assign next pointer */ - if (cur->buf.p != NULL) { - if (cur->next != NULL) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; - } - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - - if (cur->next == NULL) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_ALLOC_FAILED); - } - - cur = cur->next; - } - - cur->buf = tmp_san_buf; - *p += tmp_san_buf.len; - } - - /* Set final sequence entry's next pointer to NULL */ - cur->next = NULL; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * SubjectAltName ::= GeneralNames - * - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER } - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - * - * We list all types, but use the following GeneralName types from RFC 5280: - * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" - * of type "otherName", as defined in RFC 4108. - */ -int mbedtls_x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Get main sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return mbedtls_x509_get_subject_alt_name_ext(p, end, subject_alt_name); -} - -int mbedtls_x509_get_ns_cert_type(unsigned char **p, - const unsigned char *end, - unsigned char *ns_cert_type) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_bitstring bs = { 0, 0, NULL }; - - if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* A bitstring with no flags set is still technically valid, as it will mean - that the certificate has no designated purpose at the time of creation. */ - if (bs.len == 0) { - *ns_cert_type = 0; - return 0; - } - - if (bs.len != 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH); - } - - /* Get actual bitstring */ - *ns_cert_type = *bs.p; - return 0; -} - -int mbedtls_x509_get_key_usage(unsigned char **p, - const unsigned char *end, - unsigned int *key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_x509_bitstring bs = { 0, 0, NULL }; - - if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* A bitstring with no flags set is still technically valid, as it will mean - that the certificate has no designated purpose at the time of creation. */ - if (bs.len == 0) { - *key_usage = 0; - return 0; - } - - /* Get actual bitstring */ - *key_usage = 0; - for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) { - *key_usage |= (unsigned int) bs.p[i] << (8*i); - } - - return 0; -} - -int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch (san_buf->tag & - (MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK)) { - /* - * otherName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): - { - mbedtls_x509_san_other_name other_name; - - ret = x509_get_other_name(san_buf, &other_name); - if (ret != 0) { - return ret; - } - - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy(&san->san.other_name, - &other_name, sizeof(other_name)); - - } - break; - /* - * uniformResourceIdentifier - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - - } - break; - /* - * dNSName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_DNS_NAME; - - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - } - break; - /* - * IP address - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_IP_ADDRESS): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_IP_ADDRESS; - // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported - if (san_buf->len == 4 || san_buf->len == 16) { - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - } else { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - } - break; - /* - * rfc822Name - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_RFC822_NAME; - memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf)); - } - break; - /* - * directoryName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DIRECTORY_NAME): - { - size_t name_len; - unsigned char *p = san_buf->p; - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - - ret = mbedtls_asn1_get_tag(&p, p + san_buf->len, &name_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - - if (ret != 0) { - return ret; - } - - if ((ret = mbedtls_x509_get_name(&p, p + name_len, - &san->san.directory_name)) != 0) { - return ret; - } - } - break; - /* - * Type not supported - */ - default: - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - return 0; -} - -void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san) -{ - if (san->type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_asn1_free_named_data_list_shallow(san->san.directory_name.next); - } -} - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - size_t n = *size; - char *p = *buf; - const mbedtls_x509_sequence *cur = subject_alt_name; - mbedtls_x509_subject_alternative_name san; - int parse_ret; - - while (cur != NULL) { - memset(&san, 0, sizeof(san)); - parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); - if (parse_ret != 0) { - if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } else { - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } - cur = cur->next; - continue; - } - - switch (san.type) { - /* - * otherName - */ - case MBEDTLS_X509_SAN_OTHER_NAME: - { - mbedtls_x509_san_other_name *other_name = &san.san.other_name; - - ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->type_id) == 0) { - ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = - mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_oid_get_numeric_string(p, - n, - &other_name->value.hardware_module_name.oid); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = - mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) { - ret = mbedtls_snprintf(p, - n, - "%02X", - other_name->value.hardware_module_name.val.p[i]); - MBEDTLS_X509_SAFE_SNPRINTF; - } - }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ - } - break; - /* - * uniformResourceIdentifier - */ - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - { - ret = mbedtls_snprintf(p, n, "\n%s uniformResourceIdentifier : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san.san.unstructured_name.len >= n) { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; - } - break; - /* - * dNSName - * RFC822 Name - */ - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_RFC822_NAME: - { - const char *dns_name = "dNSName"; - const char *rfc822_name = "rfc822Name"; - - ret = mbedtls_snprintf(p, n, - "\n%s %s : ", - prefix, - san.type == - MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san.san.unstructured_name.len >= n) { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; - } - break; - /* - * iPAddress - */ - case MBEDTLS_X509_SAN_IP_ADDRESS: - { - ret = mbedtls_snprintf(p, n, "\n%s %s : ", - prefix, "iPAddress"); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san.san.unstructured_name.len >= n) { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - unsigned char *ip = san.san.unstructured_name.p; - // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported - if (san.san.unstructured_name.len == 4) { - ret = mbedtls_snprintf(p, n, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); - MBEDTLS_X509_SAFE_SNPRINTF; - } else if (san.san.unstructured_name.len == 16) { - ret = mbedtls_snprintf(p, n, - "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", - ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], - ip[7], ip[8], ip[9], ip[10], ip[11], ip[12], ip[13], - ip[14], ip[15]); - MBEDTLS_X509_SAFE_SNPRINTF; - } else { - if (n > 0) { - *p = '\0'; - } - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - } - break; - /* - * directoryName - */ - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - { - ret = mbedtls_snprintf(p, n, "\n%s directoryName : ", prefix); - if (ret < 0 || (size_t) ret >= n) { - mbedtls_x509_free_subject_alt_name(&san); - } - - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &san.san.directory_name); - - if (ret < 0) { - mbedtls_x509_free_subject_alt_name(&san); - if (n > 0) { - *p = '\0'; - } - return ret; - } - - p += ret; - n -= ret; - } - break; - /* - * Type not supported, skip item. - */ - default: - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - break; - } - - /* So far memory is freed only in the case of directoryName - * parsing succeeding, as mbedtls_x509_get_name allocates memory. */ - mbedtls_x509_free_subject_alt_name(&san); - cur = cur->next; - } - - *p = '\0'; - - *size = n; - *buf = p; - - return 0; -} - -#define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) - -#define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -int mbedtls_x509_info_cert_type(char **buf, size_t *size, - unsigned char ns_cert_type) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n = *size; - char *p = *buf; - const char *sep = ""; - - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA"); - - *size = n; - *buf = p; - - return 0; -} - -#define KEY_USAGE(code, name) \ - do { \ - if ((key_usage) & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -int mbedtls_x509_info_key_usage(char **buf, size_t *size, - unsigned int key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n = *size; - char *p = *buf; - const char *sep = ""; - - KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature"); - KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment"); - KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign"); - KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign"); - KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only"); - KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only"); - - *size = n; - *buf = p; - - return 0; -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ -#endif /* MBEDTLS_X509_USE_C */ diff --git a/library/x509_create.c b/library/x509_create.c deleted file mode 100644 index 370eb9b2e1..0000000000 --- a/library/x509_create.c +++ /dev/null @@ -1,744 +0,0 @@ -/* - * X.509 base functions for creating certificates / CSRs - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CREATE_C) - -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" - -#include -#include - -#include "mbedtls/platform.h" - -#include "mbedtls/asn1.h" - -/* Structure linking OIDs for X.509 DN AttributeTypes to their - * string representations and default string encodings used by Mbed TLS. */ -typedef struct { - const char *name; /* String representation of AttributeType, e.g. - * "CN" or "emailAddress". */ - size_t name_len; /* Length of 'name', without trailing 0 byte. */ - const char *oid; /* String representation of OID of AttributeType, - * as per RFC 5280, Appendix A.1. encoded as per - * X.690 */ - int default_tag; /* The default character encoding used for the - * given attribute type, e.g. - * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ -} x509_attr_descriptor_t; - -#define ADD_STRLEN(s) s, sizeof(s) - 1 - -/* X.509 DN attributes from RFC 5280, Appendix A.1. */ -static const x509_attr_descriptor_t x509_attrs[] = -{ - { ADD_STRLEN("CN"), - MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("commonName"), - MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("C"), - MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("countryName"), - MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("O"), - MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("organizationName"), - MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("L"), - MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("locality"), - MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("R"), - MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN("OU"), - MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("organizationalUnitName"), - MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("ST"), - MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("stateOrProvinceName"), - MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("emailAddress"), - MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN("serialNumber"), - MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("postalAddress"), - MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("postalCode"), - MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("dnQualifier"), - MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN("title"), - MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("surName"), - MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("SN"), - MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("givenName"), - MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("GN"), - MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("initials"), - MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("pseudonym"), - MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("generationQualifier"), - MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN("domainComponent"), - MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN("DC"), - MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { NULL, 0, NULL, MBEDTLS_ASN1_NULL } -}; - -static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, size_t name_len) -{ - const x509_attr_descriptor_t *cur; - - for (cur = x509_attrs; cur->name != NULL; cur++) { - if (cur->name_len == name_len && - strncmp(cur->name, name, name_len) == 0) { - break; - } - } - - if (cur->name == NULL) { - return NULL; - } - - return cur; -} - -static int hex_to_int(char c) -{ - return ('0' <= c && c <= '9') ? (c - '0') : - ('a' <= c && c <= 'f') ? (c - 'a' + 10) : - ('A' <= c && c <= 'F') ? (c - 'A' + 10) : -1; -} - -static int hexpair_to_int(const char *hexpair) -{ - int n1 = hex_to_int(*hexpair); - int n2 = hex_to_int(*(hexpair + 1)); - - if (n1 != -1 && n2 != -1) { - return (n1 << 4) | n2; - } else { - return -1; - } -} - -static int parse_attribute_value_string(const char *s, - int len, - unsigned char *data, - size_t *data_len) -{ - const char *c; - const char *end = s + len; - unsigned char *d = data; - int n; - - for (c = s; c < end; c++) { - if (*c == '\\') { - c++; - - /* Check for valid escaped characters as per RFC 4514 Section 3 */ - if (c + 1 < end && (n = hexpair_to_int(c)) != -1) { - if (n == 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - *(d++) = n; - c++; - } else if (c < end && strchr(" ,=+<>#;\"\\", *c)) { - *(d++) = *c; - } else { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - } else { - *(d++) = *c; - } - - if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - } - *data_len = (size_t) (d - data); - return 0; -} - -/** Parse a hexstring containing a DER-encoded string. - * - * \param s A string of \p len bytes hexadecimal digits. - * \param len Number of bytes to read from \p s. - * \param data Output buffer of size \p data_size. - * On success, it contains the payload that's DER-encoded - * in the input (content without the tag and length). - * If the DER tag is a string tag, the payload is guaranteed - * not to contain null bytes. - * \param data_size Length of the \p data buffer. - * \param data_len On success, the length of the parsed string. - * It is guaranteed to be less than - * #MBEDTLS_X509_MAX_DN_NAME_SIZE. - * \param tag The ASN.1 tag that the payload in \p data is encoded in. - * - * \retval 0 on success. - * \retval #MBEDTLS_ERR_X509_INVALID_NAME if \p s does not contain - * a valid hexstring, - * or if the decoded hexstring is not valid DER, - * or if the payload does not fit in \p data, - * or if the payload is more than - * #MBEDTLS_X509_MAX_DN_NAME_SIZE bytes, - * of if \p *tag is an ASN.1 string tag and the payload - * contains a null byte. - * \retval #MBEDTLS_ERR_X509_ALLOC_FAILED on low memory. - */ -static int parse_attribute_value_hex_der_encoded(const char *s, - size_t len, - unsigned char *data, - size_t data_size, - size_t *data_len, - int *tag) -{ - /* Step 1: preliminary length checks. */ - /* Each byte is encoded by exactly two hexadecimal digits. */ - if (len % 2 != 0) { - /* Odd number of hex digits */ - return MBEDTLS_ERR_X509_INVALID_NAME; - } - size_t const der_length = len / 2; - if (der_length > MBEDTLS_X509_MAX_DN_NAME_SIZE + 4) { - /* The payload would be more than MBEDTLS_X509_MAX_DN_NAME_SIZE - * (after subtracting the ASN.1 tag and length). Reject this early - * to avoid allocating a large intermediate buffer. */ - return MBEDTLS_ERR_X509_INVALID_NAME; - } - if (der_length < 1) { - /* Avoid empty-buffer shenanigans. A valid DER encoding is never - * empty. */ - return MBEDTLS_ERR_X509_INVALID_NAME; - } - - /* Step 2: Decode the hex string into an intermediate buffer. */ - unsigned char *der = mbedtls_calloc(1, der_length); - if (der == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - /* Beyond this point, der needs to be freed on exit. */ - for (size_t i = 0; i < der_length; i++) { - int c = hexpair_to_int(s + 2 * i); - if (c < 0) { - goto error; - } - der[i] = c; - } - - /* Step 3: decode the DER. */ - /* We've checked that der_length >= 1 above. */ - *tag = der[0]; - { - unsigned char *p = der + 1; - if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { - goto error; - } - /* Now p points to the first byte of the payload inside der, - * and *data_len is the length of the payload. */ - - /* Step 4: payload validation */ - if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { - goto error; - } - /* Strings must not contain null bytes. */ - if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { - for (size_t i = 0; i < *data_len; i++) { - if (p[i] == 0) { - goto error; - } - } - } - - /* Step 5: output the payload. */ - if (*data_len > data_size) { - goto error; - } - memcpy(data, p, *data_len); - } - mbedtls_free(der); - - return 0; - -error: - mbedtls_free(der); - return MBEDTLS_ERR_X509_INVALID_NAME; -} - -static int oid_parse_number(unsigned int *num, const char **p, const char *bound) -{ - int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - - *num = 0; - - while (*p < bound && **p >= '0' && **p <= '9') { - ret = 0; - if (*num > (UINT_MAX / 10)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - *num *= 10; - *num += **p - '0'; - (*p)++; - } - return ret; -} - -static size_t oid_subidentifier_num_bytes(unsigned int value) -{ - size_t num_bytes = 0; - - do { - value >>= 7; - num_bytes++; - } while (value != 0); - - return num_bytes; -} - -static int oid_subidentifier_encode_into(unsigned char **p, - unsigned char *bound, - unsigned int value) -{ - size_t num_bytes = oid_subidentifier_num_bytes(value); - - if ((size_t) (bound - *p) < num_bytes) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); - value >>= 7; - - for (size_t i = 2; i <= num_bytes; i++) { - (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f); - value >>= 7; - } - *p += num_bytes; - - return 0; -} - -/* Return the OID for the given x.y.z.... style numeric string */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, - const char *oid_str, size_t size) -{ - int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - const char *str_ptr = oid_str; - const char *str_bound = oid_str + size; - unsigned int val = 0; - unsigned int component1, component2; - size_t encoded_len; - unsigned char *resized_mem; - - /* Count the number of dots to get a worst-case allocation size. */ - size_t num_dots = 0; - for (size_t i = 0; i < size; i++) { - if (oid_str[i] == '.') { - num_dots++; - } - } - /* Allocate maximum possible required memory: - * There are (num_dots + 1) integer components, but the first 2 share the - * same subidentifier, so we only need num_dots subidentifiers maximum. */ - if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - /* Each byte can store 7 bits, calculate number of bytes for a - * subidentifier: - * - * bytes = ceil(subidentifer_size * 8 / 7) - */ - size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) - + 1; - size_t max_possible_bytes = num_dots * bytes_per_subidentifier; - oid->p = mbedtls_calloc(max_possible_bytes, 1); - if (oid->p == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - unsigned char *out_ptr = oid->p; - unsigned char *out_bound = oid->p + max_possible_bytes; - - ret = oid_parse_number(&component1, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if (component1 > 2) { - /* First component can't be > 2 */ - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - if (str_ptr >= str_bound || *str_ptr != '.') { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - str_ptr++; - - ret = oid_parse_number(&component2, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if ((component1 < 2) && (component2 > 39)) { - /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - if (str_ptr < str_bound) { - if (*str_ptr == '.') { - str_ptr++; - } else { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - } - - if (component2 > (UINT_MAX - (component1 * 40))) { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, - (component1 * 40) + component2); - if (ret != 0) { - goto error; - } - - while (str_ptr < str_bound) { - ret = oid_parse_number(&val, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if (str_ptr < str_bound) { - if (*str_ptr == '.') { - str_ptr++; - } else { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - } - - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); - if (ret != 0) { - goto error; - } - } - - encoded_len = (size_t) (out_ptr - oid->p); - resized_mem = mbedtls_calloc(encoded_len, 1); - if (resized_mem == NULL) { - ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; - goto error; - } - memcpy(resized_mem, oid->p, encoded_len); - mbedtls_free(oid->p); - oid->p = resized_mem; - oid->len = encoded_len; - - oid->tag = MBEDTLS_ASN1_OID; - - return 0; - -error: - mbedtls_free(oid->p); - oid->p = NULL; - oid->len = 0; - return ret; -} - -int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) -{ - int ret = MBEDTLS_ERR_X509_INVALID_NAME; - int parse_ret = 0; - const char *s = name, *c = s; - const char *end = s + strlen(s); - mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = MBEDTLS_ASN1_NULL }; - const x509_attr_descriptor_t *attr_descr = NULL; - int in_attr_type = 1; - int tag; - int numericoid = 0; - unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - size_t data_len = 0; - - /* Ensure the output parameter is not already populated. - * (If it were, overwriting it would likely cause a memory leak.) - */ - if (*head != NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - while (c <= end) { - if (in_attr_type && *c == '=') { - if ((attr_descr = x509_attr_descr_from_name(s, (size_t) (c - s))) == NULL) { - if ((mbedtls_oid_from_numeric_string(&oid, s, (size_t) (c - s))) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } else { - numericoid = 1; - } - } else { - oid.len = strlen(attr_descr->oid); - oid.p = mbedtls_calloc(1, oid.len); - memcpy(oid.p, attr_descr->oid, oid.len); - numericoid = 0; - } - - s = c + 1; - in_attr_type = 0; - } - - if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { - if (s == c) { - mbedtls_free(oid.p); - return MBEDTLS_ERR_X509_INVALID_NAME; - } else if (*s == '#') { - /* We know that c >= s (loop invariant) and c != s (in this - * else branch), hence c - s - 1 >= 0. */ - parse_ret = parse_attribute_value_hex_der_encoded( - s + 1, (size_t) (c - s) - 1, - data, sizeof(data), &data_len, &tag); - if (parse_ret != 0) { - mbedtls_free(oid.p); - return parse_ret; - } - } else { - if (numericoid) { - mbedtls_free(oid.p); - return MBEDTLS_ERR_X509_INVALID_NAME; - } else { - if ((parse_ret = - parse_attribute_value_string(s, (int) (c - s), data, - &data_len)) != 0) { - mbedtls_free(oid.p); - return parse_ret; - } - tag = attr_descr->default_tag; - } - } - - mbedtls_asn1_named_data *cur = - mbedtls_asn1_store_named_data(head, (char *) oid.p, oid.len, - (unsigned char *) data, - data_len); - mbedtls_free(oid.p); - oid.p = NULL; - if (cur == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - // set tagType - cur->val.tag = tag; - - while (c < end && *(c + 1) == ' ') { - c++; - } - - s = c + 1; - in_attr_type = 1; - - /* Successfully parsed one name, update ret to success */ - ret = 0; - } - c++; - } - if (oid.p != NULL) { - mbedtls_free(oid.p); - } - return ret; -} - -/* The first byte of the value in the mbedtls_asn1_named_data structure is reserved - * to store the critical boolean for us - */ -int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, size_t val_len) -{ - mbedtls_asn1_named_data *cur; - - if (val_len > (SIZE_MAX - 1)) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len, - NULL, val_len + 1)) == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - cur->val.p[0] = critical; - memcpy(cur->val.p + 1, val, val_len); - - return 0; -} - -/* - * RelativeDistinguishedName ::= - * SET OF AttributeTypeAndValue - * - * AttributeTypeAndValue ::= SEQUENCE { - * type AttributeType, - * value AttributeValue } - * - * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY DEFINED BY AttributeType - */ -static int x509_write_name(unsigned char **p, - unsigned char *start, - mbedtls_asn1_named_data *cur_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - const char *oid = (const char *) cur_name->oid.p; - size_t oid_len = cur_name->oid.len; - const unsigned char *name = cur_name->val.p; - size_t name_len = cur_name->val.len; - - // Write correct string tag and value - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tagged_string(p, start, - cur_name->val.tag, - (const char *) name, - name_len)); - // Write OID - // - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, - oid_len)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SET)); - - return (int) len; -} - -int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - mbedtls_asn1_named_data *cur = first; - - while (cur != NULL) { - MBEDTLS_ASN1_CHK_ADD(len, x509_write_name(p, start, cur)); - cur = cur->next; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size, - mbedtls_pk_sigalg_t pk_alg) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int write_null_par; - size_t len = 0; - - if (*p < start || (size_t) (*p - start) < size) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - len = size; - (*p) -= len; - memcpy(*p, sig, len); - - if (*p - start < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = 0; - len += 1; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); - - // Write OID - // - if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) { - /* - * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature - * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and - * https://www.rfc-editor.org/rfc/rfc5758#section-3. - */ - write_null_par = 0; - } else { - write_null_par = 1; - } - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len, - 0, write_null_par)); - - return (int) len; -} - -static int x509_write_extension(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *ext) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->val.p + 1, - ext->val.len - 1)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->val.len - 1)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - - if (ext->val.p[0] != 0) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(p, start, 1)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->oid.p, - ext->oid.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->oid.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -/* - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING - * -- contains the DER encoding of an ASN.1 value - * -- corresponding to the extension type identified - * -- by extnID - * } - */ -int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - mbedtls_asn1_named_data *cur_ext = first; - - while (cur_ext != NULL) { - MBEDTLS_ASN1_CHK_ADD(len, x509_write_extension(p, start, cur_ext)); - cur_ext = cur_ext->next; - } - - return (int) len; -} - -#endif /* MBEDTLS_X509_CREATE_C */ diff --git a/library/x509_crl.c b/library/x509_crl.c deleted file mode 100644 index 0b98ba4664..0000000000 --- a/library/x509_crl.c +++ /dev/null @@ -1,701 +0,0 @@ -/* - * X.509 Certificate Revocation List (CRL) parsing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - -#include "mbedtls/x509_crl.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_HAVE_TIME) -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -#include -#else -#include -#endif -#endif - -#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) -#include -#endif - -/* - * Version ::= INTEGER { v1(0), v2(1) } - */ -static int x509_crl_get_version(unsigned char **p, - const unsigned char *end, - int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - *ver = 0; - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); - } - - return 0; -} - -/* - * X.509 CRL v2 extensions - * - * We currently don't parse any extension's content, but we do check that the - * list of extensions is well-formed and abort on critical extensions (that - * are unsupported as we don't support any extension so far) - */ -static int x509_get_crl_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (*p == end) { - return 0; - } - - /* - * crlExtensions [0] EXPLICIT Extensions OPTIONAL - * -- if present, version MUST be v2 - */ - if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) { - return ret; - } - - end = ext->p + ext->len; - - while (*p < end) { - /* - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING } - */ - int is_critical = 0; - const unsigned char *end_ext_data; - size_t len; - - /* Get enclosing sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_data = *p + len; - - /* Get OID (currently ignored) */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - *p += len; - - /* Get optional critical */ - if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, - &is_critical)) != 0 && - (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Data should be octet string type */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Ignore data so far and just check its length */ - *p += len; - if (*p != end_ext_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Abort on (unsupported) critical extensions */ - if (is_critical) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * X.509 CRL v2 entry extensions (no extensions parsed yet.) - */ -static int x509_get_crl_entry_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - /* OPTIONAL */ - if (end <= *p) { - return 0; - } - - ext->tag = **p; - ext->p = *p; - - /* - * Get CRL-entry extension sequence header - * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - ext->p = NULL; - return 0; - } - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end = *p + ext->len; - - if (end != *p + ext->len) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - while (*p < end) { - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - *p += len; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * X.509 CRL Entries - */ -static int x509_get_entries(unsigned char **p, - const unsigned char *end, - mbedtls_x509_crl_entry *entry) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t entry_len; - mbedtls_x509_crl_entry *cur_entry = entry; - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return 0; - } - - return ret; - } - - end = *p + entry_len; - - while (*p < end) { - size_t len2; - const unsigned char *end2; - - cur_entry->raw.tag = **p; - if ((ret = mbedtls_asn1_get_tag(p, end, &len2, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { - return ret; - } - - cur_entry->raw.p = *p; - cur_entry->raw.len = len2; - end2 = *p + len2; - - if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) { - return ret; - } - - if ((ret = mbedtls_x509_get_time(p, end2, - &cur_entry->revocation_date)) != 0) { - return ret; - } - - if ((ret = x509_get_crl_entry_ext(p, end2, - &cur_entry->entry_ext)) != 0) { - return ret; - } - - if (*p < end) { - cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry)); - - if (cur_entry->next == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - cur_entry = cur_entry->next; - } - } - - return 0; -} - -/* - * Parse one CRLs in DER format and append it to the chained list - */ -int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *p = NULL, *end = NULL; - mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; - mbedtls_x509_crl *crl = chain; - - /* - * Check for valid input - */ - if (crl == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); - - /* - * Add new CRL on the end of the chain if needed. - */ - while (crl->version != 0 && crl->next != NULL) { - crl = crl->next; - } - - if (crl->version != 0 && crl->next == NULL) { - crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl)); - - if (crl->next == NULL) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - mbedtls_x509_crl_init(crl->next); - crl = crl->next; - } - - /* - * Copy raw DER-encoded CRL - */ - if (buflen == 0) { - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - p = mbedtls_calloc(1, buflen); - if (p == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - memcpy(p, buf, buflen); - - crl->raw.p = p; - crl->raw.len = buflen; - - end = p + buflen; - - /* - * CertificateList ::= SEQUENCE { - * tbsCertList TBSCertList, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - if (len != (size_t) (end - p)) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * TBSCertList ::= SEQUENCE { - */ - crl->tbs.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = p + len; - crl->tbs.len = (size_t) (end - crl->tbs.p); - - /* - * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } - * -- if present, MUST be v2 - * - * signature AlgorithmIdentifier - */ - if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 || - (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if (crl->version < 0 || crl->version > 1) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_UNKNOWN_VERSION; - } - - crl->version++; - - if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1, - &crl->sig_md, &crl->sig_pk)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; - } - - /* - * issuer Name - */ - crl->issuer_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - crl->issuer_raw.len = (size_t) (p - crl->issuer_raw.p); - - /* - * thisUpdate Time - * nextUpdate Time OPTIONAL - */ - if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) { - if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) && - ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_OUT_OF_DATA))) { - mbedtls_x509_crl_free(crl); - return ret; - } - } - - /* - * revokedCertificates SEQUENCE OF SEQUENCE { - * userCertificate CertificateSerialNumber, - * revocationDate Time, - * crlEntryExtensions Extensions OPTIONAL - * -- if present, MUST be v2 - * } OPTIONAL - */ - if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - /* - * crlExtensions EXPLICIT Extensions OPTIONAL - * -- if present, MUST be v2 - */ - if (crl->version == 2) { - ret = x509_get_crl_ext(&p, end, &crl->crl_ext); - - if (ret != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - } - - if (p != end) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - end = crl->raw.p + crl->raw.len; - - /* - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING - */ - if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if (crl->sig_oid.len != sig_oid2.len || - memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 || - sig_params1.len != sig_params2.len || - (sig_params1.len != 0 && - memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERR_X509_SIG_MISMATCH; - } - - if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) { - mbedtls_x509_crl_free(crl); - return ret; - } - - if (p != end) { - mbedtls_x509_crl_free(crl); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse one or more CRLs and add them to the chained list - */ -int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) -{ -#if defined(MBEDTLS_PEM_PARSE_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t use_len = 0; - mbedtls_pem_context pem; - int is_pem = 0; - - if (chain == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - do { - mbedtls_pem_init(&pem); - - // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated - // string - if (buflen == 0 || buf[buflen - 1] != '\0') { - ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; - } else { - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len); - } - - if (ret == 0) { - /* - * Was PEM encoded - */ - is_pem = 1; - - buflen -= use_len; - buf += use_len; - - if ((ret = mbedtls_x509_crl_parse_der(chain, - pem.buf, pem.buflen)) != 0) { - mbedtls_pem_free(&pem); - return ret; - } - } else if (is_pem) { - mbedtls_pem_free(&pem); - return ret; - } - - mbedtls_pem_free(&pem); - } - /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. - * And a valid CRL cannot be less than 1 byte anyway. */ - while (is_pem && buflen > 1); - - if (is_pem) { - return 0; - } else -#endif /* MBEDTLS_PEM_PARSE_C */ - return mbedtls_x509_crl_parse_der(chain, buf, buflen); -} - -#if defined(MBEDTLS_FS_IO) -/* - * Load one or more CRLs and add them to the chained list - */ -int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - ret = mbedtls_x509_crl_parse(chain, buf, n); - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Return an informational string about the CRL. - */ -int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - char *p; - const mbedtls_x509_crl_entry *entry; - - p = buf; - n = size; - - ret = mbedtls_snprintf(p, n, "%sCRL version : %d", - prefix, crl->version); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &crl->issuer); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sthis update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->this_update.year, crl->this_update.mon, - crl->this_update.day, crl->this_update.hour, - crl->this_update.min, crl->this_update.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%snext update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->next_update.year, crl->next_update.mon, - crl->next_update.day, crl->next_update.hour, - crl->next_update.min, crl->next_update.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - entry = &crl->entry; - - ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:", - prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - while (entry != NULL && entry->raw.len != 0) { - ret = mbedtls_snprintf(p, n, "\n%sserial number: ", - prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_serial_gets(p, n, &entry->serial); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, " revocation date: " \ - "%04d-%02d-%02d %02d:%02d:%02d", - entry->revocation_date.year, entry->revocation_date.mon, - entry->revocation_date.day, entry->revocation_date.hour, - entry->revocation_date.min, entry->revocation_date.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - entry = entry->next; - } - - ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -/* - * Initialize a CRL chain - */ -void mbedtls_x509_crl_init(mbedtls_x509_crl *crl) -{ - memset(crl, 0, sizeof(mbedtls_x509_crl)); -} - -/* - * Unallocate all CRL data - */ -void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) -{ - mbedtls_x509_crl *crl_cur = crl; - mbedtls_x509_crl *crl_prv; - mbedtls_x509_crl_entry *entry_cur; - mbedtls_x509_crl_entry *entry_prv; - - while (crl_cur != NULL) { - mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next); - - entry_cur = crl_cur->entry.next; - while (entry_cur != NULL) { - entry_prv = entry_cur; - entry_cur = entry_cur->next; - mbedtls_zeroize_and_free(entry_prv, - sizeof(mbedtls_x509_crl_entry)); - } - - if (crl_cur->raw.p != NULL) { - mbedtls_zeroize_and_free(crl_cur->raw.p, crl_cur->raw.len); - } - - crl_prv = crl_cur; - crl_cur = crl_cur->next; - - mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl)); - if (crl_prv != crl) { - mbedtls_free(crl_prv); - } - } -} - -#endif /* MBEDTLS_X509_CRL_PARSE_C */ diff --git a/library/x509_crt.c b/library/x509_crt.c deleted file mode 100644 index e6b9252859..0000000000 --- a/library/x509_crt.c +++ /dev/null @@ -1,3268 +0,0 @@ -/* - * X.509 certificate parsing and verification - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - * - * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - -#include "mbedtls/x509_crt.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" -#include "mbedtls/platform_util.h" - -#include -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#include "psa/crypto.h" -#include "psa_util_internal.h" -#include "mbedtls/psa_util.h" -#include "pk_internal.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -#if defined(MBEDTLS_HAVE_TIME) -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#include -#endif -#endif - -#if defined(MBEDTLS_FS_IO) -#include -#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) -#include -#include -#if defined(__MBED__) -#include -#else -#include -#endif /* __MBED__ */ -#include -#endif /* !_WIN32 || EFIX64 || EFI32 */ -#endif - -/* - * Item in a verification chain: cert and flags for it - */ -typedef struct { - mbedtls_x509_crt *crt; - uint32_t flags; -} x509_crt_verify_chain_item; - -/* - * Max size of verification chain: end-entity + intermediates + trusted root - */ -#define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) - -/* Default profile. Do not remove items unless there are serious security - * concerns. */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = -{ - /* Hashes from SHA-256 and above. Note that this selection - * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFF, /* Any PK alg */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - /* Curves at or above 128-bit security level. Note that this selection - * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | - 0, -#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 0, -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 2048, -}; - -/* Next-generation profile. Currently identical to the default, but may - * be tightened at any time. */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = -{ - /* Hashes from SHA-256 and above. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFF, /* Any PK alg */ -#if defined(MBEDTLS_ECP_C) - /* Curves at or above 128-bit security level. */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1), -#else - 0, -#endif - 2048, -}; - -/* - * NSA Suite B Profile - */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = -{ - /* Only SHA-256 and 384 */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384), - /* Only ECDSA */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - /* Only NIST P-256 and P-384 */ - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), -#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 0, -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - 0, -}; - -/* - * Empty / all-forbidden profile - */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none = -{ - 0, - 0, - 0, - (uint32_t) -1, -}; - -/* - * Check md_alg against profile - * Return 0 if md_alg is acceptable for this profile, -1 otherwise - */ -static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, - mbedtls_md_type_t md_alg) -{ - if (md_alg == MBEDTLS_MD_NONE) { - return -1; - } - - if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { - return 0; - } - - return -1; -} - -/* - * Check pk_alg against profile - * Return 0 if pk_alg is acceptable for this profile, -1 otherwise - */ -static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, - mbedtls_pk_sigalg_t pk_alg) -{ - if (pk_alg == MBEDTLS_PK_SIGALG_NONE) { - return -1; - } - - if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { - return 0; - } - - return -1; -} - -/* - * Check key against profile - * Return 0 if pk is acceptable for this profile, -1 otherwise - */ -static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, - const mbedtls_pk_context *pk) -{ - const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); - -#if defined(MBEDTLS_RSA_C) - if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { - if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { - return 0; - } - - return -1; - } -#endif /* MBEDTLS_RSA_C */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - if (pk_alg == MBEDTLS_PK_ECDSA || - pk_alg == MBEDTLS_PK_ECKEY || - pk_alg == MBEDTLS_PK_ECKEY_DH) { - const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk); - - if (gid == MBEDTLS_ECP_DP_NONE) { - return -1; - } - - if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { - return 0; - } - - return -1; - } -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - - return -1; -} - -/* - * Like memcmp, but case-insensitive and always returns -1 if different - */ -static int x509_memcasecmp(const void *s1, const void *s2, size_t len) -{ - size_t i; - unsigned char diff; - const unsigned char *n1 = s1, *n2 = s2; - - for (i = 0; i < len; i++) { - diff = n1[i] ^ n2[i]; - - if (diff == 0) { - continue; - } - - if (diff == 32 && - ((n1[i] >= 'a' && n1[i] <= 'z') || - (n1[i] >= 'A' && n1[i] <= 'Z'))) { - continue; - } - - return -1; - } - - return 0; -} - -/* - * Return 0 if name matches wildcard, -1 otherwise - */ -static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name) -{ - size_t i; - size_t cn_idx = 0, cn_len = strlen(cn); - - /* We can't have a match if there is no wildcard to match */ - if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') { - return -1; - } - - for (i = 0; i < cn_len; ++i) { - if (cn[i] == '.') { - cn_idx = i; - break; - } - } - - if (cn_idx == 0) { - return -1; - } - - if (cn_len - cn_idx == name->len - 1 && - x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { - return 0; - } - - return -1; -} - -/* - * Compare two X.509 strings, case-insensitive, and allowing for some encoding - * variations (but not all). - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b) -{ - if (a->tag == b->tag && - a->len == b->len && - memcmp(a->p, b->p, b->len) == 0) { - return 0; - } - - if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && - (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && - a->len == b->len && - x509_memcasecmp(a->p, b->p, b->len) == 0) { - return 0; - } - - return -1; -} - -/* - * Compare two X.509 Names (aka rdnSequence). - * - * See RFC 5280 section 7.1, though we don't implement the whole algorithm: - * we sometimes return unequal when the full algorithm would return equal, - * but never the other way. (In particular, we don't do Unicode normalisation - * or space folding.) - * - * Return 0 if equal, -1 otherwise. - */ -static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b) -{ - /* Avoid recursion, it might not be optimised by the compiler */ - while (a != NULL || b != NULL) { - if (a == NULL || b == NULL) { - return -1; - } - - /* type */ - if (a->oid.tag != b->oid.tag || - a->oid.len != b->oid.len || - memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { - return -1; - } - - /* value */ - if (x509_string_cmp(&a->val, &b->val) != 0) { - return -1; - } - - /* structure of the list of sets */ - if (a->next_merged != b->next_merged) { - return -1; - } - - a = a->next; - b = b->next; - } - - /* a == NULL == b */ - return 0; -} - -/* - * Reset (init or clear) a verify_chain - */ -static void x509_crt_verify_chain_reset( - mbedtls_x509_crt_verify_chain *ver_chain) -{ - size_t i; - - for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { - ver_chain->items[i].crt = NULL; - ver_chain->items[i].flags = (uint32_t) -1; - } - - ver_chain->len = 0; - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - ver_chain->trust_ca_cb_result = NULL; -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -} - -/* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - */ -static int x509_get_version(unsigned char **p, - const unsigned char *end, - int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 0)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - *ver = 0; - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = *p + len; - - if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - */ -static int x509_get_dates(unsigned char **p, - const unsigned char *end, - mbedtls_x509_time *from, - mbedtls_x509_time *to) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); - } - - end = *p + len; - - if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { - return ret; - } - - if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { - return ret; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * X.509 v2/v3 unique identifier (not parsed) - */ -static int x509_get_uid(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *uid, int n) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (*p == end) { - return 0; - } - - uid->tag = **p; - - if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - n)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - uid->p = *p; - *p += uid->len; - - return 0; -} - -static int x509_get_basic_constraints(unsigned char **p, - const unsigned char *end, - int *ca_istrue, - int *max_pathlen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* - * BasicConstraints ::= SEQUENCE { - * cA BOOLEAN DEFAULT FALSE, - * pathLenConstraint INTEGER (0..MAX) OPTIONAL } - */ - *ca_istrue = 0; /* DEFAULT FALSE */ - *max_pathlen = 0; /* endless */ - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - ret = mbedtls_asn1_get_int(p, end, ca_istrue); - } - - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*ca_istrue != 0) { - *ca_istrue = 1; - } - } - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer - * overflow, which is an undefined behavior. */ - if (*max_pathlen == INT_MAX) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH); - } - - (*max_pathlen)++; - - return 0; -} - -/* - * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - * - * KeyPurposeId ::= OBJECT IDENTIFIER - */ -static int x509_get_ext_key_usage(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *ext_key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Sequence length must be >= 1 */ - if (ext_key_usage->buf.p == NULL) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_LENGTH); - } - - return 0; -} - -/* - * SubjectKeyIdentifier ::= KeyIdentifier - * - * KeyIdentifier ::= OCTET STRING - */ -static int x509_get_subject_key_id(unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *subject_key_id) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0u; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - subject_key_id->len = len; - subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; - subject_key_id->p = *p; - *p += len; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * AuthorityKeyIdentifier ::= SEQUENCE { - * keyIdentifier [0] KeyIdentifier OPTIONAL, - * authorityCertIssuer [1] GeneralNames OPTIONAL, - * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - * - * KeyIdentifier ::= OCTET STRING - */ -static int x509_get_authority_key_id(unsigned char **p, - unsigned char *end, - mbedtls_x509_authority *authority_key_id) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0u; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC); - - /* KeyIdentifier is an OPTIONAL field */ - if (ret == 0) { - authority_key_id->keyIdentifier.len = len; - authority_key_id->keyIdentifier.p = *p; - /* Setting tag of the keyIdentfier intentionally to 0x04. - * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), - * its tag with the content is the payload of on OCTET STRING primitive */ - authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; - - *p += len; - } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p < end) { - /* Getting authorityCertIssuer using the required specific class tag [1] */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 1)) != 0) { - /* authorityCertIssuer and authorityCertSerialNumber MUST both - be present or both be absent. At this point we expect to have both. */ - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - /* "end" also includes the CertSerialNumber field so "len" shall be used */ - ret = mbedtls_x509_get_subject_alt_name_ext(p, - (*p+len), - &authority_key_id->authorityCertIssuer); - if (ret != 0) { - return ret; - } - - /* Getting authorityCertSerialNumber using the required specific class tag [2] */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - authority_key_id->authorityCertSerialNumber.len = len; - authority_key_id->authorityCertSerialNumber.p = *p; - authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; - *p += len; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } - * - * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } - * - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * CertPolicyId ::= OBJECT IDENTIFIER - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * -- policyQualifierIds for Internet policy qualifiers - * - * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } - * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } - * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } - * - * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) - * - * Qualifier ::= CHOICE { - * cPSuri CPSuri, - * userNotice UserNotice } - * - * CPSuri ::= IA5String - * - * UserNotice ::= SEQUENCE { - * noticeRef NoticeReference OPTIONAL, - * explicitText DisplayText OPTIONAL } - * - * NoticeReference ::= SEQUENCE { - * organization DisplayText, - * noticeNumbers SEQUENCE OF INTEGER } - * - * DisplayText ::= CHOICE { - * ia5String IA5String (SIZE (1..200)), - * visibleString VisibleString (SIZE (1..200)), - * bmpString BMPString (SIZE (1..200)), - * utf8String UTF8String (SIZE (1..200)) } - * - * NOTE: we only parse and use anyPolicy without qualifiers at this point - * as defined in RFC 5280. - */ -static int x509_get_certificate_policies(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *certificate_policies) -{ - int ret, parse_ret = 0; - size_t len; - mbedtls_asn1_buf *buf; - mbedtls_asn1_sequence *cur = certificate_policies; - - /* Get main sequence tag */ - ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Cannot be an empty sequence. - */ - if (len == 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - while (*p < end) { - mbedtls_x509_buf policy_oid; - const unsigned char *policy_end; - - /* - * Get the policy sequence - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - policy_end = *p + len; - - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - policy_oid.tag = MBEDTLS_ASN1_OID; - policy_oid.len = len; - policy_oid.p = *p; - - /* - * Only AnyPolicy is currently supported when enforcing policy. - */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) { - /* - * Set the parsing return code but continue parsing, in case this - * extension is critical. - */ - parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - - /* Allocate and assign next pointer */ - if (cur->buf.p != NULL) { - if (cur->next != NULL) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; - } - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - - if (cur->next == NULL) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_ALLOC_FAILED); - } - - cur = cur->next; - } - - buf = &(cur->buf); - buf->tag = policy_oid.tag; - buf->p = policy_oid.p; - buf->len = policy_oid.len; - - *p += len; - - /* - * If there is an optional qualifier, then *p < policy_end - * Check the Qualifier len to verify it doesn't exceed policy_end. - */ - if (*p < policy_end) { - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - /* - * Skip the optional policy qualifiers. - */ - *p += len; - } - - if (*p != policy_end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } - - /* Set final sequence entry's next pointer to NULL */ - cur->next = NULL; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return parse_ret; -} - -/* - * X.509 v3 extensions - * - */ -static int x509_get_crt_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_crt *crt, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; - - if (*p == end) { - return 0; - } - - if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { - return ret; - } - - end = crt->v3_ext.p + crt->v3_ext.len; - while (*p < end) { - /* - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING } - */ - mbedtls_x509_buf extn_oid = { 0, 0, NULL }; - int is_critical = 0; /* DEFAULT FALSE */ - int ext_type = 0; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_data = *p + len; - - /* Get extension ID */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - extn_oid.tag = MBEDTLS_ASN1_OID; - extn_oid.p = *p; - *p += extn_oid.len; - - /* Get optional critical */ - if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && - (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Data should be octet string type */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - start_ext_octet = *p; - end_ext_octet = *p + len; - - if (end_ext_octet != end_ext_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Detect supported extensions - */ - ret = mbedtls_x509_oid_get_x509_ext_type(&extn_oid, &ext_type); - - if (ret != 0) { - /* Give the callback (if any) a chance to handle the extension */ - if (cb != NULL) { - ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); - if (ret != 0 && is_critical) { - return ret; - } - *p = end_ext_octet; - continue; - } - - /* No parser found, skip extension */ - *p = end_ext_octet; - - if (is_critical) { - /* Data is marked as critical: fail */ - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - continue; - } - - /* Forbid repeated extensions */ - if ((crt->ext_types & ext_type) != 0) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; - } - - crt->ext_types |= ext_type; - - switch (ext_type) { - case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: - /* Parse basic constraints */ - if ((ret = x509_get_basic_constraints(p, end_ext_octet, - &crt->ca_istrue, &crt->max_pathlen)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_KEY_USAGE: - /* Parse key usage */ - if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet, - &crt->key_usage)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: - /* Parse extended key usage */ - if ((ret = x509_get_ext_key_usage(p, end_ext_octet, - &crt->ext_key_usage)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: - /* Parse subject key identifier */ - if ((ret = x509_get_subject_key_id(p, end_ext_data, - &crt->subject_key_id)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: - /* Parse authority key identifier */ - if ((ret = x509_get_authority_key_id(p, end_ext_octet, - &crt->authority_key_id)) != 0) { - return ret; - } - break; - case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name - * SubjectAltName ::= GeneralNames - */ - if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, - &crt->subject_alt_names)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_NS_CERT_TYPE: - /* Parse netscape certificate type */ - if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet, - &crt->ns_cert_type)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_CERTIFICATE_POLICIES: - /* Parse certificate policies type */ - if ((ret = x509_get_certificate_policies(p, end_ext_octet, - &crt->certificate_policies)) != 0) { - /* Give the callback (if any) a chance to handle the extension - * if it contains unsupported policies */ - if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && - cb(p_ctx, crt, &extn_oid, is_critical, - start_ext_octet, end_ext_octet) == 0) { - break; - } - - if (is_critical) { - return ret; - } else - /* - * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we - * cannot interpret or enforce the policy. However, it is up to - * the user to choose how to enforce the policies, - * unless the extension is critical. - */ - if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - return ret; - } - } - break; - - default: - /* - * If this is a non-critical extension, which the oid layer - * supports, but there isn't an x509 parser for it, - * skip the extension. - */ - if (is_critical) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } else { - *p = end_ext_octet; - } - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse and fill a single X.509 certificate in DER format - */ -static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *p, *end, *crt_end; - mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; - - memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); - memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); - - /* - * Check for valid input - */ - if (crt == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - /* Use the original buffer until we figure out actual length. */ - p = (unsigned char *) buf; - len = buflen; - end = p + len; - - /* - * Certificate ::= SEQUENCE { - * tbsCertificate TBSCertificate, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - end = crt_end = p + len; - crt->raw.len = (size_t) (crt_end - buf); - if (make_copy != 0) { - /* Create and populate a new buffer for the raw field. */ - crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); - if (crt->raw.p == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - memcpy(crt->raw.p, buf, crt->raw.len); - crt->own_buffer = 1; - - p += crt->raw.len - len; - end = crt_end = p + len; - } else { - crt->raw.p = (unsigned char *) buf; - crt->own_buffer = 0; - } - - /* - * TBSCertificate ::= SEQUENCE { - */ - crt->tbs.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = p + len; - crt->tbs.len = (size_t) (end - crt->tbs.p); - - /* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - * - * CertificateSerialNumber ::= INTEGER - * - * signature AlgorithmIdentifier - */ - if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || - (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || - (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, - &sig_params1)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - if (crt->version < 0 || crt->version > 2) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERR_X509_UNKNOWN_VERSION; - } - - crt->version++; - - if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, - &crt->sig_md, &crt->sig_pk)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - /* - * issuer Name - */ - crt->issuer_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); - - /* - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - * - */ - if ((ret = x509_get_dates(&p, end, &crt->valid_from, - &crt->valid_to)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - /* - * subject Name - */ - crt->subject_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); - - /* - * SubjectPublicKeyInfo - */ - crt->pk_raw.p = p; - if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); - - /* - * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - * -- If present, version shall be v2 or v3 - * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - * -- If present, version shall be v2 or v3 - * extensions [3] EXPLICIT Extensions OPTIONAL - * -- If present, version shall be v3 - */ - if (crt->version == 2 || crt->version == 3) { - ret = x509_get_uid(&p, end, &crt->issuer_id, 1); - if (ret != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - } - - if (crt->version == 2 || crt->version == 3) { - ret = x509_get_uid(&p, end, &crt->subject_id, 2); - if (ret != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - } - - if (crt->version == 3) { - ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); - if (ret != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - } - - if (p != end) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - end = crt_end; - - /* - * } - * -- end of TBSCertificate - * - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING - */ - if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - if (crt->sig_oid.len != sig_oid2.len || - memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || - sig_params1.tag != sig_params2.tag || - sig_params1.len != sig_params2.len || - (sig_params1.len != 0 && - memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERR_X509_SIG_MISMATCH; - } - - if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { - mbedtls_x509_crt_free(crt); - return ret; - } - - if (p != end) { - mbedtls_x509_crt_free(crt); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse one X.509 certificate in DER format from a buffer and add them to a - * chained list - */ -static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_crt *crt = chain, *prev = NULL; - - /* - * Check for valid input - */ - if (crt == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - while (crt->version != 0 && crt->next != NULL) { - prev = crt; - crt = crt->next; - } - - /* - * Add new certificate on the end of the chain if needed. - */ - if (crt->version != 0 && crt->next == NULL) { - crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - - if (crt->next == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - prev = crt; - mbedtls_x509_crt_init(crt->next); - crt = crt->next; - } - - ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); - if (ret != 0) { - if (prev) { - prev->next = NULL; - } - - if (crt != chain) { - mbedtls_free(crt); - } - - return ret; - } - - return 0; -} - -int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen) -{ - return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL); -} - -int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx) -{ - return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx); -} - -int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen) -{ - return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); -} - -/* - * Parse one or more PEM certificates from a buffer and add them to the chained - * list - */ -int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen) -{ -#if defined(MBEDTLS_PEM_PARSE_C) - int success = 0, first_error = 0, total_failed = 0; - int buf_format = MBEDTLS_X509_FORMAT_DER; -#endif - - /* - * Check for valid input - */ - if (chain == NULL || buf == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - /* - * Determine buffer content. Buffer contains either one DER certificate or - * one or more PEM certificates. - */ -#if defined(MBEDTLS_PEM_PARSE_C) - if (buflen != 0 && buf[buflen - 1] == '\0' && - strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { - buf_format = MBEDTLS_X509_FORMAT_PEM; - } - - if (buf_format == MBEDTLS_X509_FORMAT_DER) { - return mbedtls_x509_crt_parse_der(chain, buf, buflen); - } -#else - return mbedtls_x509_crt_parse_der(chain, buf, buflen); -#endif - -#if defined(MBEDTLS_PEM_PARSE_C) - if (buf_format == MBEDTLS_X509_FORMAT_PEM) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pem_context pem; - - /* 1 rather than 0 since the terminating NULL byte is counted in */ - while (buflen > 1) { - size_t use_len; - mbedtls_pem_init(&pem); - - /* If we get there, we know the string is null-terminated */ - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN CERTIFICATE-----", - "-----END CERTIFICATE-----", - buf, NULL, 0, &use_len); - - if (ret == 0) { - /* - * Was PEM encoded - */ - buflen -= use_len; - buf += use_len; - } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { - return ret; - } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { - mbedtls_pem_free(&pem); - - /* - * PEM header and footer were found - */ - buflen -= use_len; - buf += use_len; - - if (first_error == 0) { - first_error = ret; - } - - total_failed++; - continue; - } else { - break; - } - - ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); - - mbedtls_pem_free(&pem); - - if (ret != 0) { - /* - * Quit parsing on a memory error - */ - if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) { - return ret; - } - - if (first_error == 0) { - first_error = ret; - } - - total_failed++; - continue; - } - - success = 1; - } - } - - if (success) { - return total_failed; - } else if (first_error) { - return first_error; - } else { - return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT; - } -#endif /* MBEDTLS_PEM_PARSE_C */ -} - -#if defined(MBEDTLS_FS_IO) -/* - * Load one or more certificates and add them to the chained list - */ -int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - ret = mbedtls_x509_crt_parse(chain, buf, n); - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} - -int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) -{ - int ret = 0; -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - int w_ret; - WCHAR szDir[MAX_PATH]; - char filename[MAX_PATH]; - char *p; - size_t len = strlen(path); - - WIN32_FIND_DATAW file_data; - HANDLE hFind; - - if (len > MAX_PATH - 3) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - memset(szDir, 0, sizeof(szDir)); - memset(filename, 0, MAX_PATH); - memcpy(filename, path, len); - filename[len++] = '\\'; - p = filename + len; - filename[len++] = '*'; - - /* - * Note this function uses the code page CP_ACP which is the system default - * ANSI codepage. The input string is always described in BYTES and the - * output length is described in WCHARs. - */ - w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir, - MAX_PATH - 3); - if (w_ret == 0) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - hFind = FindFirstFileW(szDir, &file_data); - if (hFind == INVALID_HANDLE_VALUE) { - return MBEDTLS_ERR_X509_FILE_IO_ERROR; - } - - len = MAX_PATH - len; - do { - memset(p, 0, len); - - if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { - continue; - } - w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, - -1, p, (int) len, NULL, NULL); - if (w_ret == 0) { - ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; - goto cleanup; - } - - w_ret = mbedtls_x509_crt_parse_file(chain, filename); - if (w_ret < 0) { - ret++; - } else { - ret += w_ret; - } - } while (FindNextFileW(hFind, &file_data) != 0); - - if (GetLastError() != ERROR_NO_MORE_FILES) { - ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; - } - -cleanup: - FindClose(hFind); -#else /* _WIN32 */ - int t_ret; - int snp_ret; - struct stat sb; - struct dirent *entry; - char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; - DIR *dir = opendir(path); - - if (dir == NULL) { - return MBEDTLS_ERR_X509_FILE_IO_ERROR; - } - -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) { - closedir(dir); - return ret; - } -#endif /* MBEDTLS_THREADING_C */ - - memset(&sb, 0, sizeof(sb)); - - while ((entry = readdir(dir)) != NULL) { - snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name), - "%s/%s", path, entry->d_name); - - if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) { - ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - goto cleanup; - } else if (stat(entry_name, &sb) == -1) { - if (errno == ENOENT) { - /* Broken symbolic link - ignore this entry. - stat(2) will return this error for either (a) a dangling - symlink or (b) a missing file. - Given that we have just obtained the filename from readdir, - assume that it does exist and therefore treat this as a - dangling symlink. */ - continue; - } else { - /* Some other file error; report the error. */ - ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; - goto cleanup; - } - } - - if (!S_ISREG(sb.st_mode)) { - continue; - } - - // Ignore parse errors - // - t_ret = mbedtls_x509_crt_parse_file(chain, entry_name); - if (t_ret < 0) { - ret++; - } else { - ret += t_ret; - } - } - -cleanup: - closedir(dir); - -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) { - ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; - } -#endif /* MBEDTLS_THREADING_C */ - -#endif /* _WIN32 */ - - return ret; -} -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) - -#define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -#define KEY_USAGE(code, name) \ - do { \ - if (key_usage & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) - -static int x509_info_ext_key_usage(char **buf, size_t *size, - const mbedtls_x509_sequence *extended_key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *desc; - size_t n = *size; - char *p = *buf; - const mbedtls_x509_sequence *cur = extended_key_usage; - const char *sep = ""; - - while (cur != NULL) { - if (mbedtls_x509_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { - desc = "???"; - } - - ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); - MBEDTLS_X509_SAFE_SNPRINTF; - - sep = ", "; - - cur = cur->next; - } - - *size = n; - *buf = p; - - return 0; -} - -static int x509_info_cert_policies(char **buf, size_t *size, - const mbedtls_x509_sequence *certificate_policies) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *desc; - size_t n = *size; - char *p = *buf; - const mbedtls_x509_sequence *cur = certificate_policies; - const char *sep = ""; - - while (cur != NULL) { - if (mbedtls_x509_oid_get_certificate_policies(&cur->buf, &desc) != 0) { - desc = "???"; - } - - ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); - MBEDTLS_X509_SAFE_SNPRINTF; - - sep = ", "; - - cur = cur->next; - } - - *size = n; - *buf = p; - - return 0; -} - -/* - * Return an informational string about the certificate. - */ -#define MBEDTLS_BEFORE_COLON 18 -#define MBEDTLS_BEFORE_COLON_STR "18" -int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - char *p; - char key_size_str[MBEDTLS_BEFORE_COLON]; - - p = buf; - n = size; - - if (NULL == crt) { - ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - return (int) (size - n); - } - - ret = mbedtls_snprintf(p, n, "%scert. version : %d\n", - prefix, crt->version); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf(p, n, "%sserial number : ", - prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_serial_gets(p, n, &crt->serial); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &crt->subject); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sissued on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_from.year, crt->valid_from.mon, - crt->valid_from.day, crt->valid_from.hour, - crt->valid_from.min, crt->valid_from.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_to.year, crt->valid_to.mon, - crt->valid_to.day, crt->valid_to.hour, - crt->valid_to.min, crt->valid_to.sec); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, crt->sig_md); - MBEDTLS_X509_SAFE_SNPRINTF; - - /* Key size */ - if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_get_name(&crt->pk))) != 0) { - return ret; - } - - ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits", - prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&crt->pk)); - MBEDTLS_X509_SAFE_SNPRINTF; - - /* - * Optional extensions - */ - - if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { - ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix, - crt->ca_istrue ? "true" : "false"); - MBEDTLS_X509_SAFE_SNPRINTF; - - if (crt->max_pathlen > 0) { - ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); - MBEDTLS_X509_SAFE_SNPRINTF; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n, - &crt->subject_alt_names, - prefix)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { - ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { - ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { - ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = x509_info_ext_key_usage(&p, &n, - &crt->ext_key_usage)) != 0) { - return ret; - } - } - - if (crt->ext_types & MBEDTLS_X509_EXT_CERTIFICATE_POLICIES) { - ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = x509_info_cert_policies(&p, &n, - &crt->certificate_policies)) != 0) { - return ret; - } - } - - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - return (int) (size - n); -} - -struct x509_crt_verify_string { - int code; - const char *string; -}; - -#define X509_CRT_ERROR_INFO(err, err_str, info) { err, info }, -static const struct x509_crt_verify_string x509_crt_verify_strings[] = { - MBEDTLS_X509_CRT_ERROR_INFO_LIST - { 0, NULL } -}; -#undef X509_CRT_ERROR_INFO - -int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, - uint32_t flags) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const struct x509_crt_verify_string *cur; - char *p = buf; - size_t n = size; - - for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) { - if ((flags & cur->code) == 0) { - continue; - } - - ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); - MBEDTLS_X509_SAFE_SNPRINTF; - flags ^= cur->code; - } - - if (flags != 0) { - ret = mbedtls_snprintf(p, n, "%sUnknown reason " - "(this should not happen)\n", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, - unsigned int usage) -{ - unsigned int usage_must, usage_may; - unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY - | MBEDTLS_X509_KU_DECIPHER_ONLY; - - if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { - return 0; - } - - usage_must = usage & ~may_mask; - - if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - usage_may = usage & may_mask; - - if (((crt->key_usage & may_mask) | usage_may) != usage_may) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - return 0; -} - -int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len) -{ - const mbedtls_x509_sequence *cur; - - /* Extension is not mandatory, absent means no restriction */ - if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { - return 0; - } - - /* - * Look for the requested usage (or wildcard ANY) in our list - */ - for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { - const mbedtls_x509_buf *cur_oid = &cur->buf; - - if (cur_oid->len == usage_len && - memcmp(cur_oid->p, usage_oid, usage_len) == 0) { - return 0; - } - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) { - return 0; - } - } - - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; -} - -#if defined(MBEDTLS_X509_CRL_PARSE_C) -/* - * Return 1 if the certificate is revoked, or 0 otherwise. - */ -int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) -{ - const mbedtls_x509_crl_entry *cur = &crl->entry; - - while (cur != NULL && cur->serial.len != 0) { - if (crt->serial.len == cur->serial.len && - memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { - return 1; - } - - cur = cur->next; - } - - return 0; -} - -/* - * Check that the given certificate is not revoked according to the CRL. - * Skip validation if no CRL for the given CA is present. - */ -static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, - mbedtls_x509_crl *crl_list, - const mbedtls_x509_crt_profile *profile, - const mbedtls_x509_time *now) -{ - int flags = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - psa_algorithm_t psa_algorithm; - size_t hash_length; - - if (ca == NULL) { - return flags; - } - - while (crl_list != NULL) { - if (crl_list->version == 0 || - x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { - crl_list = crl_list->next; - continue; - } - - /* - * Check if the CA is configured to sign CRLs - */ - if (mbedtls_x509_crt_check_key_usage(ca, - MBEDTLS_X509_KU_CRL_SIGN) != 0) { - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } - - /* - * Check if CRL is correctly signed by the trusted CA - */ - if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { - flags |= MBEDTLS_X509_BADCRL_BAD_MD; - } - - if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { - flags |= MBEDTLS_X509_BADCRL_BAD_PK; - } - - psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); - if (psa_hash_compute(psa_algorithm, - crl_list->tbs.p, - crl_list->tbs.len, - hash, - sizeof(hash), - &hash_length) != PSA_SUCCESS) { - /* Note: this can't happen except after an internal error */ - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } - - if (x509_profile_check_key(profile, &ca->pk) != 0) { - flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - } - - if (mbedtls_pk_verify_ext(crl_list->sig_pk, &ca->pk, - crl_list->sig_md, hash, hash_length, - crl_list->sig.p, crl_list->sig.len) != 0) { - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } - -#if defined(MBEDTLS_HAVE_TIME_DATE) - /* - * Check for validity of CRL (Do not drop out) - */ - if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) { - flags |= MBEDTLS_X509_BADCRL_EXPIRED; - } - - if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) { - flags |= MBEDTLS_X509_BADCRL_FUTURE; - } -#else - ((void) now); -#endif - - /* - * Check if certificate is revoked - */ - if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { - flags |= MBEDTLS_X509_BADCERT_REVOKED; - break; - } - - crl_list = crl_list->next; - } - - return flags; -} -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - -/* - * Check the signature of a certificate by its parent - */ -static int x509_crt_check_signature(const mbedtls_x509_crt *child, - mbedtls_x509_crt *parent, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - size_t hash_len; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - status = psa_hash_compute(hash_alg, - child->tbs.p, - child->tbs.len, - hash, - sizeof(hash), - &hash_len); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - - /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { - return -1; - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) { - return mbedtls_pk_verify_restartable(&parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len, &rs_ctx->pk); - } -#else - (void) rs_ctx; -#endif - - return mbedtls_pk_verify_ext(child->sig_pk, &parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len); -} - -/* - * Check if 'parent' is a suitable parent (signing CA) for 'child'. - * Return 0 if yes, -1 if not. - * - * top means parent is a locally-trusted certificate - */ -static int x509_crt_check_parent(const mbedtls_x509_crt *child, - const mbedtls_x509_crt *parent, - int top) -{ - int need_ca_bit; - - /* Parent must be the issuer */ - if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { - return -1; - } - - /* Parent must have the basicConstraints CA bit set as a general rule */ - need_ca_bit = 1; - - /* Exception: v1/v2 certificates that are locally trusted. */ - if (top && parent->version < 3) { - need_ca_bit = 0; - } - - if (need_ca_bit && !parent->ca_istrue) { - return -1; - } - - if (need_ca_bit && - mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { - return -1; - } - - return 0; -} - -/* - * Find a suitable parent for child in candidates, or return NULL. - * - * Here suitable is defined as: - * 1. subject name matches child's issuer - * 2. if necessary, the CA bit is set and key usage allows signing certs - * 3. for trusted roots, the signature is correct - * (for intermediates, the signature is checked and the result reported) - * 4. pathlen constraints are satisfied - * - * If there's a suitable candidate which is also time-valid, return the first - * such. Otherwise, return the first suitable candidate (or NULL if there is - * none). - * - * The rationale for this rule is that someone could have a list of trusted - * roots with two versions on the same root with different validity periods. - * (At least one user reported having such a list and wanted it to just work.) - * The reason we don't just require time-validity is that generally there is - * only one version, and if it's expired we want the flags to state that - * rather than NOT_TRUSTED, as would be the case if we required it here. - * - * The rationale for rule 3 (signature for trusted roots) is that users might - * have two versions of the same CA with different keys in their list, and the - * way we select the correct one is by checking the signature (as we don't - * rely on key identifier extensions). (This is one way users might choose to - * handle key rollover, another relies on self-issued certs, see [SIRO].) - * - * Arguments: - * - [in] child: certificate for which we're looking for a parent - * - [in] candidates: chained list of potential parents - * - [out] r_parent: parent found (or NULL) - * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 - * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top - * of the chain, 0 otherwise - * - [in] path_cnt: number of intermediates seen so far - * - [in] self_cnt: number of self-signed intermediates seen so far - * (will never be greater than path_cnt) - * - [in-out] rs_ctx: context for restarting operations - * - * Return value: - * - 0 on success - * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise - */ -static int x509_crt_find_parent_in( - mbedtls_x509_crt *child, - mbedtls_x509_crt *candidates, - mbedtls_x509_crt **r_parent, - int *r_signature_is_good, - int top, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx, - const mbedtls_x509_time *now) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_crt *parent, *fallback_parent; - int signature_is_good = 0, fallback_signature_is_good; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* did we have something in progress? */ - if (rs_ctx != NULL && rs_ctx->parent != NULL) { - /* restore saved state */ - parent = rs_ctx->parent; - fallback_parent = rs_ctx->fallback_parent; - fallback_signature_is_good = rs_ctx->fallback_signature_is_good; - - /* clear saved state */ - rs_ctx->parent = NULL; - rs_ctx->fallback_parent = NULL; - rs_ctx->fallback_signature_is_good = 0; - - /* resume where we left */ - goto check_signature; - } -#endif - - fallback_parent = NULL; - fallback_signature_is_good = 0; - - for (parent = candidates; parent != NULL; parent = parent->next) { - /* basic parenting skills (name, CA bit, key usage) */ - if (x509_crt_check_parent(child, parent, top) != 0) { - continue; - } - - /* +1 because stored max_pathlen is 1 higher that the actual value */ - if (parent->max_pathlen > 0 && - (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { - continue; - } - - /* Signature */ -#if defined(MBEDTLS_ECP_RESTARTABLE) -check_signature: -#endif - ret = x509_crt_check_signature(child, parent, rs_ctx); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - /* save state */ - rs_ctx->parent = parent; - rs_ctx->fallback_parent = fallback_parent; - rs_ctx->fallback_signature_is_good = fallback_signature_is_good; - - return ret; - } -#else - (void) ret; -#endif - - signature_is_good = ret == 0; - if (top && !signature_is_good) { - continue; - } - -#if defined(MBEDTLS_HAVE_TIME_DATE) - /* optional time check */ - if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */ - mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */ - if (fallback_parent == NULL) { - fallback_parent = parent; - fallback_signature_is_good = signature_is_good; - } - - continue; - } -#else - ((void) now); -#endif - - *r_parent = parent; - *r_signature_is_good = signature_is_good; - - break; - } - - if (parent == NULL) { - *r_parent = fallback_parent; - *r_signature_is_good = fallback_signature_is_good; - } - - return 0; -} - -/* - * Find a parent in trusted CAs or the provided chain, or return NULL. - * - * Searches in trusted CAs first, and return the first suitable parent found - * (see find_parent_in() for definition of suitable). - * - * Arguments: - * - [in] child: certificate for which we're looking for a parent, followed - * by a chain of possible intermediates - * - [in] trust_ca: list of locally trusted certificates - * - [out] parent: parent found (or NULL) - * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 - * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 - * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) - * - [in] self_cnt: number of self-signed certs in the chain so far - * (will always be no greater than path_cnt) - * - [in-out] rs_ctx: context for restarting operations - * - * Return value: - * - 0 on success - * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise - */ -static int x509_crt_find_parent( - mbedtls_x509_crt *child, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crt **parent, - int *parent_is_trusted, - int *signature_is_good, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx, - const mbedtls_x509_time *now) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_x509_crt *search_list; - - *parent_is_trusted = 1; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* restore then clear saved state if we have some stored */ - if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { - *parent_is_trusted = rs_ctx->parent_is_trusted; - rs_ctx->parent_is_trusted = -1; - } -#endif - - while (1) { - search_list = *parent_is_trusted ? trust_ca : child->next; - - ret = x509_crt_find_parent_in(child, search_list, - parent, signature_is_good, - *parent_is_trusted, - path_cnt, self_cnt, rs_ctx, now); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - /* save state */ - rs_ctx->parent_is_trusted = *parent_is_trusted; - return ret; - } -#else - (void) ret; -#endif - - /* stop here if found or already in second iteration */ - if (*parent != NULL || *parent_is_trusted == 0) { - break; - } - - /* prepare second iteration */ - *parent_is_trusted = 0; - } - - /* extra precaution against mistakes in the caller */ - if (*parent == NULL) { - *parent_is_trusted = 0; - *signature_is_good = 0; - } - - return 0; -} - -/* - * Check if an end-entity certificate is locally trusted - * - * Currently we require such certificates to be self-signed (actually only - * check for self-issued as self-signatures are not checked) - */ -static int x509_crt_check_ee_locally_trusted( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca) -{ - mbedtls_x509_crt *cur; - - /* must be self-issued */ - if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { - return -1; - } - - /* look for an exact match with trusted cert */ - for (cur = trust_ca; cur != NULL; cur = cur->next) { - if (crt->raw.len == cur->raw.len && - memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { - return 0; - } - } - - /* too bad */ - return -1; -} - -/* - * Build and verify a certificate chain - * - * Given a peer-provided list of certificates EE, C1, ..., Cn and - * a list of trusted certs R1, ... Rp, try to build and verify a chain - * EE, Ci1, ... Ciq [, Rj] - * such that every cert in the chain is a child of the next one, - * jumping to a trusted root as early as possible. - * - * Verify that chain and return it with flags for all issues found. - * - * Special cases: - * - EE == Rj -> return a one-element list containing it - * - EE, Ci1, ..., Ciq cannot be continued with a trusted root - * -> return that chain with NOT_TRUSTED set on Ciq - * - * Tests for (aspects of) this function should include at least: - * - trusted EE - * - EE -> trusted root - * - EE -> intermediate CA -> trusted root - * - if relevant: EE untrusted - * - if relevant: EE -> intermediate, untrusted - * with the aspect under test checked at each relevant level (EE, int, root). - * For some aspects longer chains are required, but usually length 2 is - * enough (but length 1 is not in general). - * - * Arguments: - * - [in] crt: the cert list EE, C1, ..., Cn - * - [in] trust_ca: the trusted list R1, ..., Rp - * - [in] ca_crl, profile: as in verify_with_profile() - * - [out] ver_chain: the built and verified chain - * Only valid when return value is 0, may contain garbage otherwise! - * Restart note: need not be the same when calling again to resume. - * - [in-out] rs_ctx: context for restarting operations - * - * Return value: - * - non-zero if the chain could not be fully built and examined - * - 0 is the chain was successfully built and examined, - * even if it was found to be invalid - */ -static int x509_crt_verify_chain( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - mbedtls_x509_crt_verify_chain *ver_chain, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - /* Don't initialize any of those variables here, so that the compiler can - * catch potential issues with jumping ahead when restarting */ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - uint32_t *flags; - mbedtls_x509_crt_verify_chain_item *cur; - mbedtls_x509_crt *child; - mbedtls_x509_crt *parent; - int parent_is_trusted; - int child_is_trusted; - int signature_is_good; - unsigned self_cnt; - mbedtls_x509_crt *cur_trust_ca = NULL; - mbedtls_x509_time now; - -#if defined(MBEDTLS_HAVE_TIME_DATE) - if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { - return MBEDTLS_ERR_X509_FATAL_ERROR; - } -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* resume if we had an operation in progress */ - if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { - /* restore saved state */ - *ver_chain = rs_ctx->ver_chain; /* struct copy */ - self_cnt = rs_ctx->self_cnt; - - /* restore derived state */ - cur = &ver_chain->items[ver_chain->len - 1]; - child = cur->crt; - flags = &cur->flags; - - goto find_parent; - } -#endif /* MBEDTLS_ECP_RESTARTABLE */ - - child = crt; - self_cnt = 0; - parent_is_trusted = 0; - child_is_trusted = 0; - - while (1) { - /* Add certificate to the verification chain */ - cur = &ver_chain->items[ver_chain->len]; - cur->crt = child; - cur->flags = 0; - ver_chain->len++; - flags = &cur->flags; - -#if defined(MBEDTLS_HAVE_TIME_DATE) - /* Check time-validity (all certificates) */ - if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) { - *flags |= MBEDTLS_X509_BADCERT_EXPIRED; - } - - if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) { - *flags |= MBEDTLS_X509_BADCERT_FUTURE; - } -#endif - - /* Stop here for trusted roots (but not for trusted EE certs) */ - if (child_is_trusted) { - return 0; - } - - /* Check signature algorithm: MD & PK algs */ - if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { - *flags |= MBEDTLS_X509_BADCERT_BAD_MD; - } - - if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { - *flags |= MBEDTLS_X509_BADCERT_BAD_PK; - } - - /* Special case: EE certs that are locally trusted */ - if (ver_chain->len == 1 && - x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { - return 0; - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) -find_parent: -#endif - - /* Obtain list of potential trusted signers from CA callback, - * or use statically provided list. */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (f_ca_cb != NULL) { - mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); - mbedtls_free(ver_chain->trust_ca_cb_result); - ver_chain->trust_ca_cb_result = NULL; - - ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); - if (ret != 0) { - return MBEDTLS_ERR_X509_FATAL_ERROR; - } - - cur_trust_ca = ver_chain->trust_ca_cb_result; - } else -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - { - ((void) f_ca_cb); - ((void) p_ca_cb); - cur_trust_ca = trust_ca; - } - - /* Look for a parent in trusted CAs or up the chain */ - ret = x509_crt_find_parent(child, cur_trust_ca, &parent, - &parent_is_trusted, &signature_is_good, - ver_chain->len - 1, self_cnt, rs_ctx, - &now); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - /* save state */ - rs_ctx->in_progress = x509_crt_rs_find_parent; - rs_ctx->self_cnt = self_cnt; - rs_ctx->ver_chain = *ver_chain; /* struct copy */ - - return ret; - } -#else - (void) ret; -#endif - - /* No parent? We're done here */ - if (parent == NULL) { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - return 0; - } - - /* Count intermediate self-issued (not necessarily self-signed) certs. - * These can occur with some strategies for key rollover, see [SIRO], - * and should be excluded from max_pathlen checks. */ - if (ver_chain->len != 1 && - x509_name_cmp(&child->issuer, &child->subject) == 0) { - self_cnt++; - } - - /* path_cnt is 0 for the first intermediate CA, - * and if parent is trusted it's not an intermediate CA */ - if (!parent_is_trusted && - ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { - /* return immediately to avoid overflow the chain array */ - return MBEDTLS_ERR_X509_FATAL_ERROR; - } - - /* signature was checked while searching parent */ - if (!signature_is_good) { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - } - - /* check size of signing key */ - if (x509_profile_check_key(profile, &parent->pk) != 0) { - *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - } - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - /* Check trusted CA's CRL for the given crt */ - *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now); -#else - (void) ca_crl; -#endif - - /* prepare for next iteration */ - child = parent; - parent = NULL; - child_is_trusted = parent_is_trusted; - signature_is_good = 0; - } -} - -#ifdef _WIN32 -#ifdef _MSC_VER -#pragma comment(lib, "ws2_32.lib") -#include -#include -#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 -#include -#include -#else -/* inet_pton() is not supported, fallback to software version */ -#define MBEDTLS_TEST_SW_INET_PTON -#endif -#elif defined(__sun) -/* Solaris requires -lsocket -lnsl for inet_pton() */ -#elif defined(__has_include) -#if __has_include() -#include -#endif -#if __has_include() -#include -#endif -#endif - -/* Use whether or not AF_INET6 is defined to indicate whether or not to use - * the platform inet_pton() or a local implementation (below). The local - * implementation may be used even in cases where the platform provides - * inet_pton(), e.g. when there are different includes required and/or the - * platform implementation requires dependencies on additional libraries. - * Specifically, Windows requires custom includes and additional link - * dependencies, and Solaris requires additional link dependencies. - * Also, as a coarse heuristic, use the local implementation if the compiler - * does not support __has_include(), or if the definition of AF_INET6 is not - * provided by headers included (or not) via __has_include() above. - * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names - * despite having a platform that has inet_pton. */ -#if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names -/* Definition located further below to possibly reduce compiler inlining */ -static int x509_inet_pton_ipv4(const char *src, void *dst); - -#define li_cton(c, n) \ - (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0)) - -static int x509_inet_pton_ipv6(const char *src, void *dst) -{ - const unsigned char *p = (const unsigned char *) src; - int nonzero_groups = 0, num_digits, zero_group_start = -1; - uint16_t addr[8]; - do { - /* note: allows excess leading 0's, e.g. 1:0002:3:... */ - uint16_t group = num_digits = 0; - for (uint8_t digit; num_digits < 4; num_digits++) { - if (li_cton(*p, digit) == 0) { - break; - } - group = (group << 4) | digit; - p++; - } - if (num_digits != 0) { - MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups); - nonzero_groups++; - if (*p == '\0') { - break; - } else if (*p == '.') { - /* Don't accept IPv4 too early or late */ - if ((nonzero_groups == 0 && zero_group_start == -1) || - nonzero_groups >= 7) { - break; - } - - /* Walk back to prior ':', then parse as IPv4-mapped */ - int steps = 4; - do { - p--; - steps--; - } while (*p != ':' && steps > 0); - - if (*p != ':') { - break; - } - p++; - nonzero_groups--; - if (x509_inet_pton_ipv4((const char *) p, - addr + nonzero_groups) != 0) { - break; - } - - nonzero_groups += 2; - p = (const unsigned char *) ""; - break; - } else if (*p != ':') { - return -1; - } - } else { - /* Don't accept a second zero group or an invalid delimiter */ - if (zero_group_start != -1 || *p != ':') { - return -1; - } - zero_group_start = nonzero_groups; - - /* Accept a zero group at start, but it has to be a double colon */ - if (zero_group_start == 0 && *++p != ':') { - return -1; - } - - if (p[1] == '\0') { - ++p; - break; - } - } - ++p; - } while (nonzero_groups < 8); - - if (*p != '\0') { - return -1; - } - - if (zero_group_start != -1) { - if (nonzero_groups > 6) { - return -1; - } - int zero_groups = 8 - nonzero_groups; - int groups_after_zero = nonzero_groups - zero_group_start; - - /* Move the non-zero part to after the zeroes */ - if (groups_after_zero) { - memmove(addr + zero_group_start + zero_groups, - addr + zero_group_start, - groups_after_zero * sizeof(*addr)); - } - memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr)); - } else { - if (nonzero_groups != 8) { - return -1; - } - } - memcpy(dst, addr, sizeof(addr)); - return 0; -} - -static int x509_inet_pton_ipv4(const char *src, void *dst) -{ - const unsigned char *p = (const unsigned char *) src; - uint8_t *res = (uint8_t *) dst; - uint8_t digit, num_digits = 0; - uint8_t num_octets = 0; - uint16_t octet; - - do { - octet = num_digits = 0; - do { - digit = *p - '0'; - if (digit > 9) { - break; - } - - /* Don't allow leading zeroes. These might mean octal format, - * which this implementation does not support. */ - if (octet == 0 && num_digits > 0) { - return -1; - } - - octet = octet * 10 + digit; - num_digits++; - p++; - } while (num_digits < 3); - - if (octet >= 256 || num_digits > 3 || num_digits == 0) { - return -1; - } - *res++ = (uint8_t) octet; - num_octets++; - } while (num_octets < 4 && *p++ == '.'); - return num_octets == 4 && *p == '\0' ? 0 : -1; -} - -#else - -static int x509_inet_pton_ipv6(const char *src, void *dst) -{ - return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; -} - -static int x509_inet_pton_ipv4(const char *src, void *dst) -{ - return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; -} - -#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names - -size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst) -{ - return strchr(cn, ':') == NULL - ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 - : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; -} - -/* - * Check for CN match - */ -static int x509_crt_check_cn(const mbedtls_x509_buf *name, - const char *cn, size_t cn_len) -{ - /* try exact match */ - if (name->len == cn_len && - x509_memcasecmp(cn, name->p, cn_len) == 0) { - return 0; - } - - /* try wildcard match */ - if (x509_check_wildcard(cn, name) == 0) { - return 0; - } - - return -1; -} - -static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) -{ - uint32_t ip[4]; - cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip); - if (cn_len == 0) { - return -1; - } - - for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { - const unsigned char san_type = (unsigned char) cur->buf.tag & - MBEDTLS_ASN1_TAG_VALUE_MASK; - if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && - cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { - return 0; - } - } - - return -1; -} - -static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) -{ - for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { - const unsigned char san_type = (unsigned char) cur->buf.tag & - MBEDTLS_ASN1_TAG_VALUE_MASK; - if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER && - cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { - return 0; - } - } - - return -1; -} - -/* - * Check for SAN match, see RFC 5280 Section 4.2.1.6 - */ -static int x509_crt_check_san(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) -{ - int san_ip = 0; - int san_uri = 0; - /* Prioritize DNS name over other subtypes due to popularity */ - for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { - switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { - case MBEDTLS_X509_SAN_DNS_NAME: - if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { - return 0; - } - break; - case MBEDTLS_X509_SAN_IP_ADDRESS: - san_ip = 1; - break; - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - san_uri = 1; - break; - /* (We may handle other types here later.) */ - default: /* Unrecognized type */ - break; - } - } - if (san_ip) { - if (x509_crt_check_san_ip(san, cn, cn_len) == 0) { - return 0; - } - } - if (san_uri) { - if (x509_crt_check_san_uri(san, cn, cn_len) == 0) { - return 0; - } - } - - return -1; -} - -/* - * Verify the requested CN - only call this if cn is not NULL! - */ -static void x509_crt_verify_name(const mbedtls_x509_crt *crt, - const char *cn, - uint32_t *flags) -{ - const mbedtls_x509_name *name; - size_t cn_len = strlen(cn); - - if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { - return; - } - } else { - for (name = &crt->subject; name != NULL; name = name->next) { - if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && - x509_crt_check_cn(&name->val, cn, cn_len) == 0) { - return; - } - } - - } - - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; -} - -/* - * Merge the flags for all certs in the chain, after calling callback - */ -static int x509_crt_merge_flags_with_cb( - uint32_t *flags, - const mbedtls_x509_crt_verify_chain *ver_chain, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned i; - uint32_t cur_flags; - const mbedtls_x509_crt_verify_chain_item *cur; - - for (i = ver_chain->len; i != 0; --i) { - cur = &ver_chain->items[i-1]; - cur_flags = cur->flags; - - if (NULL != f_vrfy) { - if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { - return ret; - } - } - - *flags |= cur_flags; - } - - return 0; -} - -/* - * Verify the certificate validity, with profile, restartable version - * - * This function: - * - checks the requested CN (if any) - * - checks the type and size of the EE cert's key, - * as that isn't done as part of chain building/verification currently - * - builds and verifies the chain - * - then calls the callback and merges the flags - * - * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` - * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the - * verification routine to search for trusted signers, and CRLs will - * be disabled. Otherwise, `trust_ca` will be used as the static list - * of trusted signers, and `ca_crl` will be use as the static list - * of CRLs. - */ -static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, - mbedtls_x509_crt *, - int, - uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_type_t pk_type; - mbedtls_x509_crt_verify_chain ver_chain; - uint32_t ee_flags; - - *flags = 0; - ee_flags = 0; - x509_crt_verify_chain_reset(&ver_chain); - - if (profile == NULL) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto exit; - } - - /* check name if requested */ - if (cn != NULL) { - x509_crt_verify_name(crt, cn, &ee_flags); - } - - /* Check the type and size of the key */ - pk_type = mbedtls_pk_get_type(&crt->pk); - - if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t) pk_type) != 0) { - ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; - } - - if (x509_profile_check_key(profile, &crt->pk) != 0) { - ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - } - - /* Check the chain */ - ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, - f_ca_cb, p_ca_cb, profile, - &ver_chain, rs_ctx); - - if (ret != 0) { - goto exit; - } - - /* Merge end-entity flags */ - ver_chain.items[0].flags |= ee_flags; - - /* Build final flags, calling callback on the way if any */ - ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); - -exit: - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); - mbedtls_free(ver_chain.trust_ca_cb_result); - ver_chain.trust_ca_cb_result = NULL; -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { - mbedtls_x509_crt_restart_free(rs_ctx); - } -#endif - - /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by - * the SSL module for authmode optional, but non-zero return from the - * callback means a fatal error so it shouldn't be ignored */ - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { - ret = MBEDTLS_ERR_X509_FATAL_ERROR; - } - - if (ret != 0) { - *flags = (uint32_t) -1; - return ret; - } - - if (*flags != 0) { - return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; - } - - return 0; -} - - -/* - * Verify the certificate validity (default profile, not restartable) - */ -int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, - NULL, NULL, - &mbedtls_x509_crt_profile_default, - cn, flags, - f_vrfy, p_vrfy, NULL); -} - -/* - * Verify the certificate validity (user-chosen profile, not restartable) - */ -int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, NULL); -} - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -/* - * Verify the certificate validity (user-chosen profile, CA callback, - * not restartable). - */ -int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy) -{ - return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, - f_ca_cb, p_ca_cb, - profile, cn, flags, - f_vrfy, p_vrfy, NULL); -} -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx) -{ - return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, rs_ctx); -} - - -/* - * Initialize a certificate chain - */ -void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) -{ - memset(crt, 0, sizeof(mbedtls_x509_crt)); -} - -/* - * Unallocate all certificate data - */ -void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) -{ - mbedtls_x509_crt *cert_cur = crt; - mbedtls_x509_crt *cert_prv; - - while (cert_cur != NULL) { - mbedtls_pk_free(&cert_cur->pk); - - mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); - mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); - mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); - mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); - mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); - mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); - - if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { - mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); - } - - cert_prv = cert_cur; - cert_cur = cert_cur->next; - - mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); - if (cert_prv != crt) { - mbedtls_free(cert_prv); - } - } -} - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/* - * Initialize a restart context - */ -void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx) -{ - mbedtls_pk_restart_init(&ctx->pk); - - ctx->parent = NULL; - ctx->fallback_parent = NULL; - ctx->fallback_signature_is_good = 0; - - ctx->parent_is_trusted = -1; - - ctx->in_progress = x509_crt_rs_none; - ctx->self_cnt = 0; - x509_crt_verify_chain_reset(&ctx->ver_chain); -} - -/* - * Free the components of a restart context - */ -void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_pk_restart_free(&ctx->pk); - mbedtls_x509_crt_restart_init(ctx); -} -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) -{ - if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { - return crt->MBEDTLS_PRIVATE(ca_istrue); - } - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; -} - -#endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/x509_csr.c b/library/x509_csr.c deleted file mode 100644 index 32a3bb2e78..0000000000 --- a/library/x509_csr.c +++ /dev/null @@ -1,633 +0,0 @@ -/* - * X.509 Certificate Signing Request (CSR) parsing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CSR_PARSE_C) - -#include "mbedtls/x509_csr.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_PEM_PARSE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) -#include -#endif - -/* - * Version ::= INTEGER { v1(0) } - */ -static int x509_csr_get_version(unsigned char **p, - const unsigned char *end, - int *ver) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - *ver = 0; - return 0; - } - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); - } - - return 0; -} - -/* - * Parse CSR extension requests in DER format - */ -static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, - unsigned char **p, const unsigned char *end, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *end_ext_data, *end_ext_octet; - - while (*p < end) { - mbedtls_x509_buf extn_oid = { 0, 0, NULL }; - int is_critical = 0; /* DEFAULT FALSE */ - int ext_type = 0; - - /* Read sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_data = *p + len; - - /* Get extension ID */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - extn_oid.tag = MBEDTLS_ASN1_OID; - extn_oid.p = *p; - *p += extn_oid.len; - - /* Get optional critical */ - if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && - (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* Data should be octet string type */ - if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - end_ext_octet = *p + len; - - if (end_ext_octet != end_ext_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Detect supported extensions and skip unsupported extensions - */ - ret = mbedtls_x509_oid_get_x509_ext_type(&extn_oid, &ext_type); - - if (ret != 0) { - /* Give the callback (if any) a chance to handle the extension */ - if (cb != NULL) { - ret = cb(p_ctx, csr, &extn_oid, is_critical, *p, end_ext_octet); - if (ret != 0 && is_critical) { - return ret; - } - *p = end_ext_octet; - continue; - } - - /* No parser found, skip extension */ - *p = end_ext_octet; - - if (is_critical) { - /* Data is marked as critical: fail */ - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - continue; - } - - /* Forbid repeated extensions */ - if ((csr->ext_types & ext_type) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_DATA); - } - - csr->ext_types |= ext_type; - - switch (ext_type) { - case MBEDTLS_X509_EXT_KEY_USAGE: - /* Parse key usage */ - if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data, - &csr->key_usage)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name */ - if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data, - &csr->subject_alt_names)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_NS_CERT_TYPE: - /* Parse netscape certificate type */ - if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data, - &csr->ns_cert_type)) != 0) { - return ret; - } - break; - default: - /* - * If this is a non-critical extension, which the oid layer - * supports, but there isn't an x509 parser for it, - * skip the extension. - */ - if (is_critical) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } else { - *p = end_ext_octet; - } - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse CSR attributes in DER format - */ -static int x509_csr_parse_attributes(mbedtls_x509_csr *csr, - const unsigned char *start, const unsigned char *end, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - int ret; - size_t len; - unsigned char *end_attr_data; - unsigned char **p = (unsigned char **) &start; - - while (*p < end) { - mbedtls_x509_buf attr_oid = { 0, 0, NULL }; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - end_attr_data = *p + len; - - /* Get attribute ID */ - if ((ret = mbedtls_asn1_get_tag(p, end_attr_data, &attr_oid.len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - attr_oid.tag = MBEDTLS_ASN1_OID; - attr_oid.p = *p; - *p += attr_oid.len; - - /* Check that this is an extension-request attribute */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_CSR_EXT_REQ, &attr_oid) == 0) { - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if ((ret = x509_csr_parse_extensions(csr, p, *p + len, cb, p_ctx)) != 0) { - return ret; - } - - if (*p != end_attr_data) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } - - *p = end_attr_data; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse a CSR in DER format - */ -static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - unsigned char *p, *end; - mbedtls_x509_buf sig_params; - - memset(&sig_params, 0, sizeof(mbedtls_x509_buf)); - - /* - * Check for valid input - */ - if (csr == NULL || buf == NULL || buflen == 0) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - mbedtls_x509_csr_init(csr); - - /* - * first copy the raw DER data - */ - p = mbedtls_calloc(1, len = buflen); - - if (p == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - memcpy(p, buf, buflen); - - csr->raw.p = p; - csr->raw.len = len; - end = p + len; - - /* - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING - * } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - if (len != (size_t) (end - p)) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * CertificationRequestInfo ::= SEQUENCE { - */ - csr->cri.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - end = p + len; - csr->cri.len = (size_t) (end - csr->cri.p); - - /* - * Version ::= INTEGER { v1(0) } - */ - if ((ret = x509_csr_get_version(&p, end, &csr->version)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - if (csr->version != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERR_X509_UNKNOWN_VERSION; - } - - csr->version++; - - /* - * subject Name - */ - csr->subject_raw.p = p; - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = mbedtls_x509_get_name(&p, p + len, &csr->subject)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - csr->subject_raw.len = (size_t) (p - csr->subject_raw.p); - - /* - * subjectPKInfo SubjectPublicKeyInfo - */ - if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &csr->pk)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - /* - * attributes [0] Attributes - * - * The list of possible attributes is open-ended, though RFC 2985 - * (PKCS#9) defines a few in section 5.4. We currently don't support any, - * so we just ignore them. This is a safe thing to do as the worst thing - * that could happen is that we issue a certificate that does not match - * the requester's expectations - this cannot cause a violation of our - * signature policies. - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != - 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); - } - - if ((ret = x509_csr_parse_attributes(csr, p, p + len, cb, p_ctx)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - p += len; - - end = csr->raw.p + csr->raw.len; - - /* - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING - */ - if ((ret = mbedtls_x509_get_alg(&p, end, &csr->sig_oid, &sig_params)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params, - &csr->sig_md, &csr->sig_pk)) != 0) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; - } - - if ((ret = mbedtls_x509_get_sig(&p, end, &csr->sig)) != 0) { - mbedtls_x509_csr_free(csr); - return ret; - } - - if (p != end) { - mbedtls_x509_csr_free(csr); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * Parse a CSR in DER format - */ -int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen) -{ - return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, NULL, NULL); -} - -/* - * Parse a CSR in DER format with callback for unknown extensions - */ -int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) -{ - return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, cb, p_ctx); -} - -/* - * Parse a CSR, allowing for PEM or raw DER encoding - */ -int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen) -{ -#if defined(MBEDTLS_PEM_PARSE_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t use_len; - mbedtls_pem_context pem; -#endif - - /* - * Check for valid input - */ - if (csr == NULL || buf == NULL || buflen == 0) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - -#if defined(MBEDTLS_PEM_PARSE_C) - /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if (buf[buflen - 1] == '\0') { - mbedtls_pem_init(&pem); - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN CERTIFICATE REQUEST-----", - "-----END CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len); - if (ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { - ret = mbedtls_pem_read_buffer(&pem, - "-----BEGIN NEW CERTIFICATE REQUEST-----", - "-----END NEW CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len); - } - - if (ret == 0) { - /* - * Was PEM encoded, parse the result - */ - ret = mbedtls_x509_csr_parse_der(csr, pem.buf, pem.buflen); - } - - mbedtls_pem_free(&pem); - if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { - return ret; - } - } -#endif /* MBEDTLS_PEM_PARSE_C */ - return mbedtls_x509_csr_parse_der(csr, buf, buflen); -} - -#if defined(MBEDTLS_FS_IO) -/* - * Load a CSR into the structure - */ -int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - ret = mbedtls_x509_csr_parse(csr, buf, n); - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} -#endif /* MBEDTLS_FS_IO */ - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define MBEDTLS_BEFORE_COLON 14 -#define MBEDTLS_BEFORE_COLON_STR "14" -/* - * Return an informational string about the CSR. - */ -int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - char *p; - char key_size_str[MBEDTLS_BEFORE_COLON]; - - p = buf; - n = size; - - ret = mbedtls_snprintf(p, n, "%sCSR version : %d", - prefix, csr->version); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &csr->subject); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_get_name(&csr->pk))) != 0) { - return ret; - } - - ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits\n", - prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&csr->pk)); - MBEDTLS_X509_SAFE_SNPRINTF; - - /* - * Optional extensions - */ - - if (csr->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n, - &csr->subject_alt_names, - prefix)) != 0) { - return ret; - } - } - - if (csr->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { - ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_cert_type(&p, &n, csr->ns_cert_type)) != 0) { - return ret; - } - } - - if (csr->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { - ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if ((ret = mbedtls_x509_info_key_usage(&p, &n, csr->key_usage)) != 0) { - return ret; - } - } - - if (csr->ext_types != 0) { - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -/* - * Initialize a CSR - */ -void mbedtls_x509_csr_init(mbedtls_x509_csr *csr) -{ - memset(csr, 0, sizeof(mbedtls_x509_csr)); -} - -/* - * Unallocate all CSR data - */ -void mbedtls_x509_csr_free(mbedtls_x509_csr *csr) -{ - if (csr == NULL) { - return; - } - - mbedtls_pk_free(&csr->pk); - - mbedtls_asn1_free_named_data_list_shallow(csr->subject.next); - mbedtls_asn1_sequence_free(csr->subject_alt_names.next); - - if (csr->raw.p != NULL) { - mbedtls_zeroize_and_free(csr->raw.p, csr->raw.len); - } - - mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr)); -} - -#endif /* MBEDTLS_X509_CSR_PARSE_C */ diff --git a/library/x509_internal.h b/library/x509_internal.h deleted file mode 100644 index 5505b9778c..0000000000 --- a/library/x509_internal.h +++ /dev/null @@ -1,85 +0,0 @@ -/** - * \file x509.h - * - * \brief Internal part of the public "x509.h". - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_INTERNAL_H -#define MBEDTLS_X509_INTERNAL_H - -#include "tf_psa_crypto_common.h" -#include "mbedtls/build_info.h" -#include "mbedtls/private_access.h" - -#include "mbedtls/x509.h" -#include "mbedtls/asn1.h" -#include "pk_internal.h" - -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/private/rsa.h" -#endif - -int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur); -int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg); -int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len); -#endif -int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); -int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg); -int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, - mbedtls_x509_time *t); -int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial); -int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag); -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg); -#endif -int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); -int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, - size_t val_len); -int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first); -int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first); -int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size, - mbedtls_pk_sigalg_t pk_alg); -int mbedtls_x509_get_ns_cert_type(unsigned char **p, - const unsigned char *end, - unsigned char *ns_cert_type); -int mbedtls_x509_get_key_usage(unsigned char **p, - const unsigned char *end, - unsigned int *key_usage); -int mbedtls_x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name); -int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name); -int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix); -int mbedtls_x509_info_cert_type(char **buf, size_t *size, - unsigned char ns_cert_type); -int mbedtls_x509_info_key_usage(char **buf, size_t *size, - unsigned int key_usage); - -int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, - const mbedtls_x509_san_list *san_list); - -#endif /* MBEDTLS_X509_INTERNAL_H */ diff --git a/library/x509_oid.c b/library/x509_oid.c deleted file mode 100644 index cc0063bcd3..0000000000 --- a/library/x509_oid.c +++ /dev/null @@ -1,603 +0,0 @@ -/** - * \file x509_oid.c - * - * \brief Object Identifier (OID) database - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "x509_internal.h" - -/* Each group of tables and functions has its own dependencies, but - * don't even bother to define helper macros if X.509 is completely - * disabled. */ -#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) - -#include "mbedtls/oid.h" -#include "x509_oid.h" - -#include -#include - -#include "mbedtls/platform.h" - -/* - * Macro to automatically add the size of #define'd OIDs - */ -#define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) - -/* - * Macro to generate mbedtls_x509_oid_descriptor_t - */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) -#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } -#define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } -#else -#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) } -#define NULL_OID_DESCRIPTOR { NULL, 0 } -#endif - -/* - * Macro to generate an internal function for oid_XXX_from_asn1() (used by - * the other functions) - */ -#define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ - static const TYPE_T *oid_ ## NAME ## _from_asn1( \ - const mbedtls_asn1_buf *oid) \ - { \ - const TYPE_T *p = (LIST); \ - const mbedtls_x509_oid_descriptor_t *cur = \ - (const mbedtls_x509_oid_descriptor_t *) p; \ - if (p == NULL || oid == NULL) return NULL; \ - while (cur->asn1 != NULL) { \ - if (cur->asn1_len == oid->len && \ - memcmp(cur->asn1, oid->p, oid->len) == 0) { \ - return p; \ - } \ - p++; \ - cur = (const mbedtls_x509_oid_descriptor_t *) p; \ - } \ - return NULL; \ - } - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Macro to generate a function for retrieving a single attribute from the - * descriptor of an mbedtls_x509_oid_descriptor_t wrapper. - */ -#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ - int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ - { \ - const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ - *ATTR1 = data->descriptor.ATTR1; \ - return 0; \ - } -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -/* - * Macro to generate a function for retrieving a single attribute from an - * mbedtls_x509_oid_descriptor_t wrapper. - */ -#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ - int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ - { \ - const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ - *ATTR1 = data->ATTR1; \ - return 0; \ - } - -/* - * Macro to generate a function for retrieving two attributes from an - * mbedtls_x509_oid_descriptor_t wrapper. - */ -#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ - ATTR2_TYPE, ATTR2) \ - int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ - ATTR2_TYPE * ATTR2) \ - { \ - const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ - *(ATTR1) = data->ATTR1; \ - *(ATTR2) = data->ATTR2; \ - return 0; \ - } - -/* - * Macro to generate a function for retrieving the OID based on a single - * attribute from a mbedtls_x509_oid_descriptor_t wrapper. - */ -#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ - int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ - { \ - const TYPE_T *cur = (LIST); \ - while (cur->descriptor.asn1 != NULL) { \ - if (cur->ATTR1 == (ATTR1)) { \ - *oid = cur->descriptor.asn1; \ - *olen = cur->descriptor.asn1_len; \ - return 0; \ - } \ - cur++; \ - } \ - return MBEDTLS_ERR_X509_UNKNOWN_OID; \ - } - -/* - * Macro to generate a function for retrieving the OID based on two - * attributes from a mbedtls_x509_oid_descriptor_t wrapper. - */ -#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ - ATTR2_TYPE, ATTR2) \ - int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ - size_t *olen) \ - { \ - const TYPE_T *cur = (LIST); \ - while (cur->descriptor.asn1 != NULL) { \ - if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ - *oid = cur->descriptor.asn1; \ - *olen = cur->descriptor.asn1_len; \ - return 0; \ - } \ - cur++; \ - } \ - return MBEDTLS_ERR_X509_UNKNOWN_OID; \ - } - -/* - * For X520 attribute types - */ -#if defined(MBEDTLS_X509_USE_C) -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - const char *short_name; -} oid_x520_attr_t; - -static const oid_x520_attr_t oid_x520_attr_type[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name"), - "CN", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country"), - "C", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality"), - "L", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE, "id-at-state", "State"), - "ST", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName", - "Organization"), - "O", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit"), - "OU", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL, - "emailAddress", - "E-mail address"), - "emailAddress", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER, - "id-at-serialNumber", - "Serial number"), - "serialNumber", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS, - "id-at-postalAddress", - "Postal address"), - "postalAddress", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code"), - "postalCode", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname"), - "SN", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name"), - "GN", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials"), - "initials", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER, - "id-at-generationQualifier", - "Generation qualifier"), - "generationQualifier", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE, "id-at-title", "Title"), - "title", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER, - "id-at-dnQualifier", - "Distinguished Name qualifier"), - "dnQualifier", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym"), - "pseudonym", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_UID, "id-uid", "User Id"), - "uid", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT, - "id-domainComponent", - "Domain component"), - "DC", - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, - "id-at-uniqueIdentifier", - "Unique Identifier"), - "uniqueIdentifier", - }, - { - NULL_OID_DESCRIPTOR, - NULL, - } -}; - -FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_attr_short_name, - oid_x520_attr_t, - x520_attr, - const char *, - short_name) -#endif /* MBEDTLS_X509_USE_C */ - -/* - * For X509 extensions - */ -#if defined(MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE) -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - int ext_type; -} oid_x509_ext_t; - -static const oid_x509_ext_t oid_x509_ext[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, - "id-ce-basicConstraints", - "Basic Constraints"), - MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), - MBEDTLS_X509_EXT_KEY_USAGE, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, - "id-ce-extKeyUsage", - "Extended Key Usage"), - MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, - "id-ce-subjectAltName", - "Subject Alt Name"), - MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, - "id-netscape-certtype", - "Netscape Certificate Type"), - MBEDTLS_X509_EXT_NS_CERT_TYPE, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, - "id-ce-certificatePolicies", - "Certificate Policies"), - MBEDTLS_X509_EXT_CERTIFICATE_POLICIES, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, - "id-ce-subjectKeyIdentifier", - "Subject Key Identifier"), - MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, - "id-ce-authorityKeyIdentifier", - "Authority Key Identifier"), - MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER, - }, - { - NULL_OID_DESCRIPTOR, - 0, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) -#endif /* MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = -{ - OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, - "id-kp-serverAuth", - "TLS Web Server Authentication"), - OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH, - "id-kp-clientAuth", - "TLS Web Client Authentication"), - OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing"), - OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"), - OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping"), - OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing"), - OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN, - "id-kp-wisun-fan-device", - "Wi-SUN Alliance Field Area Network (FAN)"), - NULL_OID_DESCRIPTOR, -}; - -FN_OID_TYPED_FROM_ASN1(mbedtls_x509_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_extended_key_usage, - mbedtls_x509_oid_descriptor_t, - ext_key_usage, - const char *, - description) - -static const mbedtls_x509_oid_descriptor_t oid_certificate_policies[] = -{ - OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), - NULL_OID_DESCRIPTOR, -}; - -FN_OID_TYPED_FROM_ASN1(mbedtls_x509_oid_descriptor_t, certificate_policies, - oid_certificate_policies) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, - mbedtls_x509_oid_descriptor_t, - certificate_policies, - const char *, - description) -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ - -/* - * For SignatureAlgorithmIdentifier - */ -#if defined(MBEDTLS_X509_USE_C) || \ - defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_md_type_t md_alg; - mbedtls_pk_sigalg_t pk_alg; -} oid_sig_alg_t; - -static const oid_sig_alg_t oid_sig_alg[] = -{ -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_MD5) - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), - MBEDTLS_MD_MD5, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, - }, -#endif /* PSA_WANT_ALG_MD5 */ -#if defined(PSA_WANT_ALG_SHA_1) - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, - }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", - "RSA with SHA-224"), - MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, - }, -#endif /* PSA_WANT_ALG_SHA_224 */ -#if defined(PSA_WANT_ALG_SHA_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", - "RSA with SHA-256"), - MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, - }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", - "RSA with SHA-384"), - MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, - }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", - "RSA with SHA-512"), - MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, - }, -#endif /* PSA_WANT_ALG_SHA_512 */ -#if defined(PSA_WANT_ALG_SHA_1) - { - OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, - }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) -#if defined(PSA_WANT_ALG_SHA_1) - { - OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_ECDSA, - }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), - MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_ECDSA, - }, -#endif -#if defined(PSA_WANT_ALG_SHA_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), - MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_ECDSA, - }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), - MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_ECDSA, - }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), - MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_ECDSA, - }, -#endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ -#if defined(MBEDTLS_RSA_C) - { - OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), - MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS, - }, -#endif /* MBEDTLS_RSA_C */ - { - NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) - -#if defined(MBEDTLS_X509_USE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_x509_oid_get_sig_alg_desc, - oid_sig_alg_t, - sig_alg, - const char *, - description) -#endif /* MBEDTLS_X509_USE_C && !MBEDTLS_X509_REMOVE_INFO */ - -#if defined(MBEDTLS_X509_USE_C) -FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, - oid_sig_alg_t, - sig_alg, - mbedtls_md_type_t, - md_alg, - mbedtls_pk_sigalg_t, - pk_alg) -#endif /* MBEDTLS_X509_USE_C */ -#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) -FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, - oid_sig_alg_t, - oid_sig_alg, - mbedtls_pk_sigalg_t, - pk_alg, - mbedtls_md_type_t, - md_alg) -#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ - -#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ - -#if defined(MBEDTLS_X509_OID_HAVE_GET_MD_ALG) -/* - * For digestAlgorithm - */ -/* The table of digest OIDs is duplicated in TF-PSA-Crypto (which uses it to - * look up the OID for a hash algorithm in RSA PKCS#1v1.5 signature and - * verification). */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_md_type_t md_alg; -} oid_md_alg_t; - -static const oid_md_alg_t oid_md_alg[] = -{ -#if defined(PSA_WANT_ALG_MD5) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5"), - MBEDTLS_MD_MD5, - }, -#endif -#if defined(PSA_WANT_ALG_SHA_1) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1"), - MBEDTLS_MD_SHA1, - }, -#endif -#if defined(PSA_WANT_ALG_SHA_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"), - MBEDTLS_MD_SHA224, - }, -#endif -#if defined(PSA_WANT_ALG_SHA_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256"), - MBEDTLS_MD_SHA256, - }, -#endif -#if defined(PSA_WANT_ALG_SHA_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"), - MBEDTLS_MD_SHA384, - }, -#endif -#if defined(PSA_WANT_ALG_SHA_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512"), - MBEDTLS_MD_SHA512, - }, -#endif -#if defined(PSA_WANT_ALG_RIPEMD160) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), - MBEDTLS_MD_RIPEMD160, - }, -#endif -#if defined(PSA_WANT_ALG_SHA3_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"), - MBEDTLS_MD_SHA3_224, - }, -#endif -#if defined(PSA_WANT_ALG_SHA3_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"), - MBEDTLS_MD_SHA3_256, - }, -#endif -#if defined(PSA_WANT_ALG_SHA3_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"), - MBEDTLS_MD_SHA3_384, - }, -#endif -#if defined(PSA_WANT_ALG_SHA3_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"), - MBEDTLS_MD_SHA3_512, - }, -#endif - { - NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) - -#endif /* MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ - -#endif /* some X.509 is enabled */ diff --git a/library/x509_oid.h b/library/x509_oid.h deleted file mode 100644 index 0752953aac..0000000000 --- a/library/x509_oid.h +++ /dev/null @@ -1,153 +0,0 @@ -/** - * \file x509_oid.h - * - * \brief Object Identifier (OID) database - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_X509_OID_H -#define MBEDTLS_X509_OID_H -#include "mbedtls/private_access.h" - -#include "mbedtls/asn1.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include "mbedtls/x509.h" - -#include - -#include "mbedtls/md.h" - -/* - * Maximum number of OID components allowed - */ -#define MBEDTLS_OID_MAX_COMPONENTS 128 - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Base OID descriptor structure - */ -typedef struct { - const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */ - size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) - const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */ - const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */ -#endif -} mbedtls_x509_oid_descriptor_t; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_X509_CSR_PARSE_C) -#define MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE -/** - * \brief Translate an X.509 extension OID into local values - * - * \param oid OID to use - * \param ext_type place to store the extension type - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); -#endif /* MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ - -#if defined(MBEDTLS_X509_USE_C) -/** - * \brief Translate an X.509 attribute type OID into the short name - * (e.g. the OID for an X520 Common Name into "CN") - * - * \param oid OID to use - * \param short_name place to store the string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); -#endif /* MBEDTLS_X509_USE_C */ - -#if defined(MBEDTLS_X509_USE_C) -/** - * \brief Translate SignatureAlgorithm OID into md_type and pk_type - * - * \param oid OID to use - * \param md_alg place to store message digest algorithm - * \param pk_alg place to store public key algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Translate SignatureAlgorithm OID into description - * - * \param oid OID to use - * \param desc place to store string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_USE_C */ - -#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) -/** - * \brief Translate md_type and pk_type into SignatureAlgorithm OID - * - * \param md_alg message digest algorithm - * \param pk_alg public key algorithm - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg, - const char **oid, size_t *olen); -#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ - -#if (defined(MBEDTLS_X509_USE_C) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)) || \ - defined(MBEDTLS_PKCS7_C) -#define MBEDTLS_X509_OID_HAVE_GET_MD_ALG -/** - * \brief Translate hash algorithm OID into md_type - * - * \param oid OID to use - * \param md_alg place to store message digest algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); -#endif /* MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Translate Extended Key Usage OID into description - * - * \param oid OID to use - * \param desc place to store string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); - -/** - * \brief Translate certificate policies OID into description - * - * \param oid OID to use - * \param desc place to store string pointer - * - * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID - */ -int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ - -#ifdef __cplusplus -} -#endif - -#endif /* x509_oid.h */ diff --git a/library/x509write.c b/library/x509write.c deleted file mode 100644 index 0906a5a9d1..0000000000 --- a/library/x509write.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * X.509 internal, common functions for writing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) - -#include "mbedtls/x509_crt.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#include "mbedtls/pem.h" -#endif /* MBEDTLS_PEM_WRITE_C */ - -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" -#include "md_psa.h" - -#define CHECK_OVERFLOW_ADD(a, b) \ - do \ - { \ - if (a > SIZE_MAX - (b)) \ - { \ - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ - } \ - a += b; \ - } while (0) - -int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, - const mbedtls_x509_san_list *san_list) -{ - int ret = 0; - const mbedtls_x509_san_list *cur; - unsigned char *buf; - unsigned char *p; - size_t len; - size_t buflen = 0; - - /* Determine the maximum size of the SubjectAltName list */ - for (cur = san_list; cur != NULL; cur = cur->next) { - /* Calculate size of the required buffer */ - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - case MBEDTLS_X509_SAN_RFC822_NAME: - /* length of value for each name entry, - * maximum 4 bytes for the length field, - * 1 byte for the tag/type. - */ - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - { - const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; - while (chunk != NULL) { - // Max 4 bytes for length, +1 for tag, - // additional 4 max for length, +1 for tag. - // See x509_write_name for more information. - CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); - CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); - CHECK_OVERFLOW_ADD(buflen, chunk->val.len); - chunk = chunk->next; - } - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - break; - } - default: - /* Not supported - return. */ - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - } - - /* Add the extra length field and tag */ - CHECK_OVERFLOW_ADD(buflen, 4 + 1); - - /* Allocate buffer */ - buf = mbedtls_calloc(1, buflen); - if (buf == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - p = buf + buflen; - - /* Write ASN.1-based structure */ - cur = san_list; - len = 0; - while (cur != NULL) { - size_t single_san_len = 0; - switch (cur->node.type) { - case MBEDTLS_X509_SAN_DNS_NAME: - case MBEDTLS_X509_SAN_RFC822_NAME: - case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: - case MBEDTLS_X509_SAN_IP_ADDRESS: - { - const unsigned char *unstructured_name = - (const unsigned char *) cur->node.san.unstructured_name.p; - size_t unstructured_name_len = cur->node.san.unstructured_name.len; - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_raw_buffer( - &p, buf, - unstructured_name, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( - &p, buf, unstructured_name_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag( - &p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); - } - break; - case MBEDTLS_X509_SAN_DIRECTORY_NAME: - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_x509_write_names(&p, buf, - (mbedtls_asn1_named_data *) & - cur->node - .san.directory_name)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_len(&p, buf, single_san_len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_X509_SAN_DIRECTORY_NAME)); - break; - default: - /* Error out on an unsupported SAN */ - ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - goto cleanup; - } - cur = cur->next; - /* check for overflow */ - if (len > SIZE_MAX - single_san_len) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - len += single_san_len; - } - - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); - MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, - mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - ret = mbedtls_x509_set_extension(extensions, - MBEDTLS_OID_SUBJECT_ALT_NAME, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), - 0, - buf + buflen - len, len); - - /* If we exceeded the allocated buffer it means that maximum size of the SubjectAltName list - * was incorrectly calculated and memory is corrupted. */ - if (p < buf) { - ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } -cleanup: - mbedtls_free(buf); - return ret; -} - -#endif /* MBEDTLS_X509_CSR_WRITE_C || MBEDTLS_X509_CRT_WRITE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c deleted file mode 100644 index e4cdd5064b..0000000000 --- a/library/x509write_crt.c +++ /dev/null @@ -1,637 +0,0 @@ -/* - * X.509 certificate writing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * References: - * - certificates: RFC 5280, updated by RFC 6818 - * - CSRs: PKCS#10 v1.7 aka RFC 2986 - * - attributes: PKCS#9 v2.0 aka RFC 2985 - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CRT_WRITE_C) - -#include "mbedtls/x509_crt.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/md.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#include "mbedtls/pem.h" -#endif /* MBEDTLS_PEM_WRITE_C */ - -#include "psa/crypto.h" -#include "psa_util_internal.h" -#include "mbedtls/psa_util.h" - -void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) -{ - memset(ctx, 0, sizeof(mbedtls_x509write_cert)); - - ctx->version = MBEDTLS_X509_CRT_VERSION_3; -} - -void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_asn1_free_named_data_list(&ctx->subject); - mbedtls_asn1_free_named_data_list(&ctx->issuer); - mbedtls_asn1_free_named_data_list(&ctx->extensions); - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert)); -} - -void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, - int version) -{ - ctx->version = version; -} - -void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, - mbedtls_md_type_t md_alg) -{ - ctx->md_alg = md_alg; -} - -void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key) -{ - ctx->subject_key = key; -} - -void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key) -{ - ctx->issuer_key = key; -} - -int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, - const char *subject_name) -{ - mbedtls_asn1_free_named_data_list(&ctx->subject); - return mbedtls_x509_string_to_names(&ctx->subject, subject_name); -} - -int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, - const char *issuer_name) -{ - mbedtls_asn1_free_named_data_list(&ctx->issuer); - return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name); -} - -int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - const unsigned char *serial, size_t serial_len) -{ - if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - ctx->serial_len = serial_len; - memcpy(ctx->serial, serial, serial_len); - - return 0; -} - -int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, - const char *not_before, - const char *not_after) -{ - if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || - strlen(not_after) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); - strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); - ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; - ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; - - return 0; -} - -int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, - const mbedtls_x509_san_list *san_list) -{ - return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list); -} - - -int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len) -{ - return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, - critical, val, val_len); -} - -int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char buf[9]; - unsigned char *c = buf + sizeof(buf); - size_t len = 0; - - memset(buf, 0, sizeof(buf)); - - if (is_ca && max_pathlen > 127) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if (is_ca) { - if (max_pathlen >= 0) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, - max_pathlen)); - } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return - mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, - MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS), - is_ca, buf + sizeof(buf) - len, len); -} - -#if defined(PSA_WANT_ALG_SHA_1) -static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, - int is_ca, - unsigned char tag) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof(buf); - size_t len = 0; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; - - memset(buf, 0, sizeof(buf)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_pk_write_pubkey(&c, - buf, - is_ca ? - ctx->issuer_key : - ctx->subject_key)); - - - status = psa_hash_compute(PSA_ALG_SHA_1, - buf + sizeof(buf) - len, - len, - buf + sizeof(buf) - 20, - 20, - &hash_length); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - - c = buf + sizeof(buf) - 20; - len = 20; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, tag)); - - if (is_ca) { // writes AuthorityKeyIdentifier sequence - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, - buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - } - - if (is_ca) { - return mbedtls_x509write_crt_set_extension(ctx, - MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( - MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER), - 0, buf + sizeof(buf) - len, len); - } else { - return mbedtls_x509write_crt_set_extension(ctx, - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER), - 0, buf + sizeof(buf) - len, len); - } -} - -int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx) -{ - return mbedtls_x509write_crt_set_key_identifier(ctx, - 0, - MBEDTLS_ASN1_OCTET_STRING); -} - -int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx) -{ - return mbedtls_x509write_crt_set_key_identifier(ctx, - 1, - (MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0)); -} -#endif /* PSA_WANT_ALG_SHA_1 */ - -int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, - unsigned int key_usage) -{ - unsigned char buf[5] = { 0 }, ku[2] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE | - MBEDTLS_X509_KU_NON_REPUDIATION | - MBEDTLS_X509_KU_KEY_ENCIPHERMENT | - MBEDTLS_X509_KU_DATA_ENCIPHERMENT | - MBEDTLS_X509_KU_KEY_AGREEMENT | - MBEDTLS_X509_KU_KEY_CERT_SIGN | - MBEDTLS_X509_KU_CRL_SIGN | - MBEDTLS_X509_KU_ENCIPHER_ONLY | - MBEDTLS_X509_KU_DECIPHER_ONLY; - - /* Check that nothing other than the allowed flags is set */ - if ((key_usage & ~allowed_bits) != 0) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - - c = buf + 5; - MBEDTLS_PUT_UINT16_LE(key_usage, ku, 0); - ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9); - - if (ret < 0) { - return ret; - } else if (ret < 3 || ret > 5) { - return MBEDTLS_ERR_X509_INVALID_FORMAT; - } - - ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), - 1, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, - const mbedtls_asn1_sequence *exts) -{ - unsigned char buf[256]; - unsigned char *c = buf + sizeof(buf); - int ret; - size_t len = 0; - const mbedtls_asn1_sequence *last_ext = NULL; - const mbedtls_asn1_sequence *ext; - - memset(buf, 0, sizeof(buf)); - - /* We need at least one extension: SEQUENCE SIZE (1..MAX) OF KeyPurposeId */ - if (exts == NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - /* Iterate over exts backwards, so we write them out in the requested order */ - while (last_ext != exts) { - for (ext = exts; ext->next != last_ext; ext = ext->next) { - } - if (ext->buf.tag != MBEDTLS_ASN1_OID) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, ext->buf.p, ext->buf.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, ext->buf.len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OID)); - last_ext = ext; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - return mbedtls_x509write_crt_set_extension(ctx, - MBEDTLS_OID_EXTENDED_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), - 1, c, len); -} - -int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type) -{ - unsigned char buf[4] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - c = buf + 4; - - ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); - if (ret < 3 || ret > 4) { - return ret; - } - - ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), - 0, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -static int x509_write_time(unsigned char **p, unsigned char *start, - const char *t, size_t size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - /* - * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) - */ - if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, - (const unsigned char *) t + 2, - size - 2)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_UTC_TIME)); - } else { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, - (const unsigned char *) t, - size)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_GENERALIZED_TIME)); - } - - return (int) len; -} - -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, - unsigned char *buf, size_t size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *sig_oid; - size_t sig_oid_len = 0; - unsigned char *c, *c2; - unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - size_t hash_length = 0; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t psa_algorithm; - - size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; - size_t len = 0; - mbedtls_pk_sigalg_t pk_alg; - int write_sig_null_par; - - /* - * Prepare data to be signed at the end of the target buffer - */ - c = buf + size; - - /* Signature algorithm needed in TBS, and later for actual signature */ - - /* There's no direct way of extracting a signature algorithm - * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ - if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; - } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_SIGALG_ECDSA; - } else { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { - return ret; - } - - /* - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - */ - - /* Only for v3 */ - if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) { - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_x509_write_extensions(&c, - buf, ctx->extensions)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 3)); - } - - /* - * SubjectPublicKeyInfo - */ - MBEDTLS_ASN1_CHK_ADD(pub_len, - mbedtls_pk_write_pubkey_der(ctx->subject_key, - buf, (size_t) (c - buf))); - c -= pub_len; - len += pub_len; - - /* - * Subject ::= Name - */ - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_x509_write_names(&c, buf, - ctx->subject)); - - /* - * Validity ::= SEQUENCE { - * notBefore Time, - * notAfter Time } - */ - sub_len = 0; - - MBEDTLS_ASN1_CHK_ADD(sub_len, - x509_write_time(&c, buf, ctx->not_after, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); - - MBEDTLS_ASN1_CHK_ADD(sub_len, - x509_write_time(&c, buf, ctx->not_before, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); - - len += sub_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - /* - * Issuer ::= Name - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, - ctx->issuer)); - - /* - * Signature ::= AlgorithmIdentifier - */ - if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) { - /* - * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature - * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and - * https://www.rfc-editor.org/rfc/rfc5758#section-3. - */ - write_sig_null_par = 0; - } else { - write_sig_null_par = 1; - } - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, - sig_oid, strlen(sig_oid), - 0, write_sig_null_par)); - - /* - * Serial ::= INTEGER - * - * Written data is: - * - "ctx->serial_len" bytes for the raw serial buffer - * - if MSb of "serial" is 1, then prepend an extra 0x00 byte - * - 1 byte for the length - * - 1 byte for the TAG - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, - ctx->serial, ctx->serial_len)); - if (*c & 0x80) { - if (c - buf < 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - *(--c) = 0x0; - len++; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, - ctx->serial_len + 1)); - } else { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, - ctx->serial_len)); - } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_INTEGER)); - - /* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - */ - - /* Can be omitted for v1 */ - if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) { - sub_len = 0; - MBEDTLS_ASN1_CHK_ADD(sub_len, - mbedtls_asn1_write_int(&c, buf, ctx->version)); - len += sub_len; - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_len(&c, buf, sub_len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - /* - * Make signature - */ - - /* Compute hash of CRT. */ - psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg); - - status = psa_hash_compute(psa_algorithm, - c, - len, - hash, - sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - - - if ((ret = mbedtls_pk_sign_ext(pk_alg, ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { - return ret; - } - - /* Move CRT to the front of the buffer to have space - * for the signature. */ - memmove(buf, c, len); - c = buf + len; - - /* Add signature at the end of the buffer, - * making sure that it doesn't underflow - * into the CRT buffer. */ - c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, - sig_oid, sig_oid_len, - sig, sig_len, - pk_alg)); - - /* - * Memory layout after this step: - * - * buf c=buf+len c2 buf+size - * [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm] - */ - - /* Move raw CRT to just before the signature. */ - c = c2 - len; - memmove(c, buf, len); - - len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - -#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n" -#define PEM_END_CRT "-----END CERTIFICATE-----\n" - -#if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, - unsigned char *buf, size_t size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t olen; - - if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) { - return ret; - } - - if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, - buf + size - ret, ret, - buf, size, &olen)) != 0) { - return ret; - } - - return 0; -} -#endif /* MBEDTLS_PEM_WRITE_C */ - -#endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/library/x509write_csr.c b/library/x509write_csr.c deleted file mode 100644 index 0fac775106..0000000000 --- a/library/x509write_csr.c +++ /dev/null @@ -1,317 +0,0 @@ -/* - * X.509 Certificate Signing Request writing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * References: - * - CSRs: PKCS#10 v1.7 aka RFC 2986 - * - attributes: PKCS#9 v2.0 aka RFC 2985 - */ - -#include "x509_internal.h" - -#if defined(MBEDTLS_X509_CSR_WRITE_C) - -#include "mbedtls/x509_csr.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/error.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" -#include "mbedtls/platform_util.h" - -#include "psa/crypto.h" -#include "psa_util_internal.h" -#include "mbedtls/psa_util.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#include "mbedtls/pem.h" -#endif - -#include "mbedtls/platform.h" - -void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx) -{ - memset(ctx, 0, sizeof(mbedtls_x509write_csr)); -} - -void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_asn1_free_named_data_list(&ctx->subject); - mbedtls_asn1_free_named_data_list(&ctx->extensions); - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr)); -} - -void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg) -{ - ctx->md_alg = md_alg; -} - -void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key) -{ - ctx->key = key; -} - -int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, - const char *subject_name) -{ - mbedtls_asn1_free_named_data_list(&ctx->subject); - return mbedtls_x509_string_to_names(&ctx->subject, subject_name); -} - -int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len) -{ - return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, - critical, val, val_len); -} - -int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx, - const mbedtls_x509_san_list *san_list) -{ - return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list); -} - -int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage) -{ - unsigned char buf[4] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - c = buf + 4; - - ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8); - if (ret < 3 || ret > 4) { - return ret; - } - - ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), - 0, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type) -{ - unsigned char buf[4] = { 0 }; - unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - c = buf + 4; - - ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); - if (ret < 3 || ret > 4) { - return ret; - } - - ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), - 0, c, (size_t) ret); - if (ret != 0) { - return ret; - } - - return 0; -} - -static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, - unsigned char *buf, - size_t size, - unsigned char *sig, size_t sig_size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const char *sig_oid; - size_t sig_oid_len = 0; - unsigned char *c, *c2; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - size_t pub_len = 0, sig_and_oid_len = 0, sig_len; - size_t len = 0; - mbedtls_pk_sigalg_t pk_alg; - size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); - - /* Write the CSR backwards starting from the end of buf */ - c = buf + size; - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf, - ctx->extensions)); - - if (len) { - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)); - - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_oid( - &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, - MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ))); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)); - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key, - buf, (size_t) (c - buf))); - c -= pub_len; - len += pub_len; - - /* - * Subject ::= Name - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, - ctx->subject)); - - /* - * Version ::= INTEGER { v1(0), v2(1), v3(2) } - */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - /* - * Sign the written CSR data into the sig buffer - * Note: hash errors can happen only after an internal error - */ - if (psa_hash_compute(hash_alg, - c, - len, - hash, - sizeof(hash), - &hash_len) != PSA_SUCCESS) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - - if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; - } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_SIGALG_ECDSA; - } else { - return MBEDTLS_ERR_X509_INVALID_ALG; - } - - if ((ret = mbedtls_pk_sign_ext(pk_alg, ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len)) != 0) { - return ret; - } - - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { - return ret; - } - - /* - * Move the written CSR data to the start of buf to create space for - * writing the signature into buf. - */ - memmove(buf, c, len); - - /* - * Write sig and its OID into buf backwards from the end of buf. - * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len - * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed. - */ - c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, - mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, pk_alg)); - - /* - * Compact the space between the CSR data and signature by moving the - * CSR data to the start of the signature. - */ - c2 -= len; - memmove(c2, buf, len); - - /* ASN encode the total size and tag the CSR data with it. */ - len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, - mbedtls_asn1_write_tag( - &c2, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - - /* Zero the unused bytes at the start of buf */ - memset(buf, 0, (size_t) (c2 - buf)); - - return (int) len; -} - -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size) -{ - int ret; - unsigned char *sig; - - if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - - ret = x509write_csr_der_internal(ctx, buf, size, - sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE); - - mbedtls_free(sig); - - return ret; -} - -#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" -#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" - -#if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t olen = 0; - - if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) { - return ret; - } - - if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR, - buf + size - ret, - ret, buf, size, &olen)) != 0) { - return ret; - } - - return 0; -} -#endif /* MBEDTLS_PEM_WRITE_C */ - -#endif /* MBEDTLS_X509_CSR_WRITE_C */ diff --git a/pkgconfig/.gitignore b/pkgconfig/.gitignore deleted file mode 100644 index 5460c20766..0000000000 --- a/pkgconfig/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -Makefile -*.pc diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt deleted file mode 100644 index 7dfc043ce1..0000000000 --- a/pkgconfig/CMakeLists.txt +++ /dev/null @@ -1,25 +0,0 @@ -if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) - include(JoinPaths.cmake) - join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}") - join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}") - - #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below. - # Prefix with something that won't clash with newer versions of CMAKE. - set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.") - set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/") - - configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY) - install(FILES - ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - - configure_file(mbedtls.pc.in mbedtls.pc @ONLY) - install(FILES - ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - - configure_file(mbedx509.pc.in mbedx509.pc @ONLY) - install(FILES - ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) -endif() diff --git a/pkgconfig/JoinPaths.cmake b/pkgconfig/JoinPaths.cmake deleted file mode 100644 index 193caed76a..0000000000 --- a/pkgconfig/JoinPaths.cmake +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# This module provides function for joining paths -# known from most languages -# -# Copyright The Mbed TLS Contributors -# -# This script originates from: -# - https://github.com/jtojnar/cmake-snips -# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and -# allowed for the change of Copyright. -# -# Modelled after Python’s os.path.join -# https://docs.python.org/3.7/library/os.path.html#os.path.join -# Windows not supported -function(join_paths joined_path first_path_segment) - set(temp_path "${first_path_segment}") - foreach(current_segment IN LISTS ARGN) - if(NOT ("${current_segment}" STREQUAL "")) - if(IS_ABSOLUTE "${current_segment}") - set(temp_path "${current_segment}") - else() - set(temp_path "${temp_path}/${current_segment}") - endif() - endif() - endforeach() - set(${joined_path} "${temp_path}" PARENT_SCOPE) -endfunction() diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in deleted file mode 100644 index 303f8852cd..0000000000 --- a/pkgconfig/mbedcrypto.pc.in +++ /dev/null @@ -1,10 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -includedir=@PKGCONFIG_INCLUDEDIR@ -libdir=@PKGCONFIG_LIBDIR@ - -Name: @PROJECT_NAME@ -Description: @PKGCONFIG_PROJECT_DESCRIPTION@ -URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ -Version: @PROJECT_VERSION@ -Cflags: -I"${includedir}" -Libs: -L"${libdir}" -ltfpsacrypto diff --git a/pkgconfig/mbedtls.pc.in b/pkgconfig/mbedtls.pc.in deleted file mode 100644 index 2bfce80b69..0000000000 --- a/pkgconfig/mbedtls.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -includedir=@PKGCONFIG_INCLUDEDIR@ -libdir=@PKGCONFIG_LIBDIR@ - -Name: @PROJECT_NAME@ -Description: @PKGCONFIG_PROJECT_DESCRIPTION@ -URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ -Version: @PROJECT_VERSION@ -Requires.private: mbedcrypto mbedx509 -Cflags: -I"${includedir}" -Libs: -L"${libdir}" -lmbedtls diff --git a/pkgconfig/mbedx509.pc.in b/pkgconfig/mbedx509.pc.in deleted file mode 100644 index 0ab2e31ea1..0000000000 --- a/pkgconfig/mbedx509.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -includedir=@PKGCONFIG_INCLUDEDIR@ -libdir=@PKGCONFIG_LIBDIR@ - -Name: @PROJECT_NAME@ -Description: @PKGCONFIG_PROJECT_DESCRIPTION@ -URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ -Version: @PROJECT_VERSION@ -Requires.private: mbedcrypto -Cflags: -I"${includedir}" -Libs: -L"${libdir}" -lmbedx509 diff --git a/programs/.gitignore b/programs/.gitignore deleted file mode 100644 index 004dcf22f7..0000000000 --- a/programs/.gitignore +++ /dev/null @@ -1,48 +0,0 @@ -# Ignore makefiles generated by CMake, but not the makefile that's checked in. -*/Makefile -!fuzz/Makefile - -*.sln -*.vcxproj - -hash/md5sum -hash/sha1sum -hash/sha2sum -ssl/dtls_client -ssl/dtls_server -ssl/mini_client -ssl/ssl_client1 -ssl/ssl_client2 -ssl/ssl_context_info -ssl/ssl_fork_server -ssl/ssl_mail_client -ssl/ssl_pthread_server -ssl/ssl_server -ssl/ssl_server2 -test/cpp_dummy_build -test/cpp_dummy_build.cpp -test/dlopen -test/ecp-bench -test/metatest -test/query_compile_time_config -test/query_included_headers -test/selftest -test/ssl_cert_test -test/udp_proxy -test/zeroize -util/pem2der -util/strerror -x509/cert_app -x509/cert_req -x509/cert_write -x509/crl_app -x509/load_roots -x509/req_app - -###START_GENERATED_FILES### -# Generated source files -/test/query_config.c - -# Generated data files -pkey/keyfile.key -###END_GENERATED_FILES### diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt deleted file mode 100644 index 1aba21b756..0000000000 --- a/programs/CMakeLists.txt +++ /dev/null @@ -1,11 +0,0 @@ -set(programs_target "${MBEDTLS_TARGET_PREFIX}programs") -add_custom_target(${programs_target}) - -if (NOT WIN32) - add_subdirectory(fuzz) -endif() - -add_subdirectory(ssl) -add_subdirectory(test) -add_subdirectory(util) -add_subdirectory(x509) diff --git a/programs/Makefile b/programs/Makefile deleted file mode 100644 index 6c9d4d7342..0000000000 --- a/programs/Makefile +++ /dev/null @@ -1,309 +0,0 @@ -MBEDTLS_TEST_PATH = ../tests -FRAMEWORK = ${MBEDTLS_PATH}/framework -include ../scripts/common.make - -ifeq ($(shell uname -s),Linux) -DLOPEN_LDFLAGS ?= -ldl -else -DLOPEN_LDFLAGS ?= -endif - -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG -endif -DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS} - -# Only build the dlopen test in shared library builds, and not when building -# for Windows. -ifdef BUILD_DLOPEN -# Don't override the value -else ifdef WINDOWS_BUILD -BUILD_DLOPEN = -else ifdef SHARED -BUILD_DLOPEN = y -else -BUILD_DLOPEN = -endif - -LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs - -## The following assignment is the list of base names of applications that -## will be built on Windows. Extra Linux/Unix/POSIX-only applications can -## be declared by appending with `APPS += ...` afterwards. -## See the get_app_list function in scripts/generate_visualc_files.pl and -## make sure to check that it still works if you tweak the format here. -## -## Note: Variables cannot be used to define an apps path. This cannot be -## substituted by the script generate_visualc_files.pl. -APPS = \ - ../tf-psa-crypto/programs/psa/aead_demo \ - ../tf-psa-crypto/programs/psa/crypto_examples \ - ../tf-psa-crypto/programs/psa/hmac_demo \ - ../tf-psa-crypto/programs/psa/key_ladder_demo \ - ../tf-psa-crypto/programs/psa/psa_constant_names \ - ../tf-psa-crypto/programs/psa/psa_hash \ - ../tf-psa-crypto/programs/test/which_aes \ - ssl/dtls_client \ - ssl/dtls_server \ - ssl/mini_client \ - ssl/ssl_client1 \ - ssl/ssl_client2 \ - ssl/ssl_context_info \ - ssl/ssl_fork_server \ - ssl/ssl_mail_client \ - ssl/ssl_server \ - ssl/ssl_server2 \ - test/metatest \ - test/query_compile_time_config \ - test/query_included_headers \ - test/selftest \ - test/udp_proxy \ - test/zeroize \ - util/pem2der \ - util/strerror \ - x509/cert_app \ - x509/cert_req \ - x509/cert_write \ - x509/crl_app \ - x509/load_roots \ - x509/req_app \ -# End of APPS - -ifeq ($(THREADING),pthread) -APPS += ssl/ssl_pthread_server -endif - -ifdef BUILD_DLOPEN -APPS += test/dlopen -endif - -ifdef TEST_CPP -APPS += test/cpp_dummy_build -endif - -EXES = $(patsubst %,%$(EXEXT),$(APPS)) - -.SILENT: - -.PHONY: all clean list fuzz - -all: $(EXES) -ifndef WINDOWS -# APPS doesn't include the fuzzing programs, which aren't "normal" -# sample or test programs, and don't build with MSVC which is -# warning about fopen -all: fuzz -endif - -SSL_OPT_APPS = $(filter ssl/%,$(APPS)) -SSL_OPT_APPS += test/query_compile_time_config test/udp_proxy -# Just the programs needed to run ssl-opt.sh (and compat.sh) -ssl-opt: $(patsubst %,%$(EXEXT),$(SSL_OPT_APPS)) -.PHONY: ssl-opt - -fuzz: ${MBEDTLS_TEST_OBJS} - $(MAKE) -C fuzz - -${MBEDTLS_TEST_OBJS}: - $(MAKE) -C ../tests mbedtls_test - -.PHONY: generated_files -GENERATED_FILES = ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c test/query_config.c -generated_files: $(GENERATED_FILES) - -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: - echo " Gen $@" - cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py - -test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl -## The generated file only depends on the options that are present in mbedtls_config.h, -## not on which options are set. To avoid regenerating this file all the time -## when switching between configurations, don't declare mbedtls_config.h as a -## dependency. Remove this file from your working tree if you've just added or -## removed an option in mbedtls_config.h. -#test/query_config.c: $(gen_file_dep) ../include/mbedtls/mbedtls_config.h -test/query_config.c: $(gen_file_dep) ../scripts/data_files/query_config.fmt -test/query_config.c: - echo " Gen $@" - $(PERL) ../scripts/generate_query_config.pl - -../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) - echo " CC psa/aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP) - echo " CC psa/crypto_examples.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP) - echo " CC psa/hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP) - echo " CC psa/key_ladder_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP) - echo " CC psa/psa_constant_names.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP) - echo " CC psa/psa_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) - echo " CC test/which_aes.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) - echo " CC ssl/dtls_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/dtls_server$(EXEXT): ssl/dtls_server.c $(DEP) - echo " CC ssl/dtls_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP) - echo " CC ssl/ssl_client1.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o -SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \ - $(FRAMEWORK)/tests/programs/query_config.h \ - ssl/ssl_test_lib.h \ - ssl/ssl_test_common_source.c \ - $(DEP) - -ssl/ssl_test_lib.o: ssl/ssl_test_lib.c ssl/ssl_test_lib.h $(DEP) - echo " CC ssl/ssl_test_lib.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c ssl/ssl_test_lib.c -o $@ - -ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c $(SSL_TEST_DEPS) - echo " CC ssl/ssl_client2.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP) - echo " CC ssl/ssl_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(SSL_TEST_DEPS) - echo " CC ssl/ssl_server2.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) - echo " CC ssl/ssl_context_info.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP) - echo " CC ssl/ssl_fork_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/ssl_pthread_server$(EXEXT): ssl/ssl_pthread_server.c $(DEP) - echo " CC ssl/ssl_pthread_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_pthread_server.c $(LOCAL_LDFLAGS) -lpthread $(LDFLAGS) -o $@ - -ssl/ssl_mail_client$(EXEXT): ssl/ssl_mail_client.c $(DEP) - echo " CC ssl/ssl_mail_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_mail_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP) - echo " CC ssl/mini_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh - echo " Gen test/cpp_dummy_build.cpp" - test/generate_cpp_dummy_build.sh - -test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP) - echo " CXX test/cpp_dummy_build.cpp" - $(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -ifdef BUILD_DLOPEN -test/dlopen$(EXEXT): test/dlopen.c $(DEP) - echo " CC test/dlopen.c" -# Do not link any test objects (that would bring in a static dependency on -# libmbedcrypto at least). Do not link with libmbed* (that would defeat the -# purpose of testing dynamic loading). - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@ -endif - -test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) - echo " CC $(FRAMEWORK)/tests/programs/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/include -I../tf-psa-crypto/drivers/builtin/src $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) - echo " CC test/query_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ - -test/query_included_headers$(EXEXT): $(FRAMEWORK)/tests/programs/query_included_headers.c $(DEP) - echo " CC $(FRAMEWORK)/tests/programs/query_included_headers.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/selftest$(EXEXT): test/selftest.c $(DEP) - echo " CC test/selftest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) - echo " CC test/udp_proxy.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/zeroize$(EXEXT): $(FRAMEWORK)/tests/programs/zeroize.c $(DEP) - echo " CC $(FRAMEWORK)/tests/programs/zeroize.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -test/query_compile_time_config$(EXEXT): $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) - echo " CC $(FRAMEWORK)/tests/programs/query_compile_time_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -util/pem2der$(EXEXT): util/pem2der.c $(DEP) - echo " CC util/pem2der.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -util/strerror$(EXEXT): util/strerror.c $(DEP) - echo " CC util/strerror.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/strerror.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/cert_app$(EXEXT): x509/cert_app.c $(DEP) - echo " CC x509/cert_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/cert_write$(EXEXT): x509/cert_write.c $(DEP) - echo " CC x509/cert_write.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_write.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/crl_app$(EXEXT): x509/crl_app.c $(DEP) - echo " CC x509/crl_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/crl_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/cert_req$(EXEXT): x509/cert_req.c $(DEP) - echo " CC x509/cert_req.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/load_roots$(EXEXT): x509/load_roots.c $(DEP) - echo " CC x509/load_roots.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/load_roots.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -x509/req_app$(EXEXT): x509/req_app.c $(DEP) - echo " CC x509/req_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -clean: -ifndef WINDOWS - rm -f $(EXES) - rm -f */*.o - -rm -f ssl/ssl_pthread_server$(EXEXT) - -rm -f test/cpp_dummy_build.cpp test/cpp_dummy_build$(EXEXT) - -rm -f test/dlopen$(EXEXT) -else - if exist *.o del /Q /F *.o - if exist *.exe del /Q /F *.exe - if exist test\cpp_dummy_build.cpp del /Q /F test\cpp_dummy_build.cpp -endif - $(MAKE) -C fuzz clean - -list: - echo $(EXES) diff --git a/programs/README.md b/programs/README.md deleted file mode 100644 index b9260bffe9..0000000000 --- a/programs/README.md +++ /dev/null @@ -1,58 +0,0 @@ -Mbed TLS sample programs -======================== - -This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. - -### SSL/TLS sample applications - -* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. - -* [`ssl/dtls_server.c`](ssl/dtls_server.c): a simple DTLS server program, which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification. - -* [`ssl/mini_client.c`](ssl/mini_client.c): a minimalistic SSL client, which sends a short string and disconnects. This is primarily intended as a benchmark; for a better example of a typical TLS client, see `ssl/ssl_client1.c`. - -* [`ssl/ssl_client1.c`](ssl/ssl_client1.c): a simple HTTPS client that sends a fixed request and displays the response. - -* [`ssl/ssl_fork_server.c`](ssl/ssl_fork_server.c): a simple HTTPS server using one process per client to send a fixed response. This program requires a Unix/POSIX environment implementing the `fork` system call. - -* [`ssl/ssl_mail_client.c`](ssl/ssl_mail_client.c): a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with fixed content. - -* [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires the pthread library. - -* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. It serves a single client at a time. - -### SSL/TLS feature demonstrators - -Note: unlike most of the other programs under the `programs/` directory, these two programs are not intended as a basis for writing an application. They combine most of the features supported by the library, and most applications require only a few features. To write a new application, we recommended that you start with `ssl_client1.c` or `ssl_server.c`, and then look inside `ssl/ssl_client2.c` or `ssl/ssl_server2.c` to see how to use the specific features that your application needs. - -* [`ssl/ssl_client2.c`](ssl/ssl_client2.c): an HTTPS client that sends a fixed request and displays the response, with options to select TLS protocol features and Mbed TLS library features. - -* [`ssl/ssl_server2.c`](ssl/ssl_server2.c): an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features. - -In addition to providing options for testing client-side features, the `ssl_client2` program has options that allow you to trigger certain behaviors in the server. For example, there are options to select ciphersuites, or to force a renegotiation. These options are useful for testing the corresponding features in a TLS server. Likewise, `ssl_server2` has options to activate certain behaviors that are useful for testing a TLS client. - -## Test utilities - -* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. - -* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. - -* [`test/zeroize.c`](../framework/tests/programs/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`test_zeroize.gdb`](../framework/tests/programs/test_zeroize.gdb). - -## Development utilities - -* [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support. - -* [`util/strerror.c`](util/strerror.c): prints the error description corresponding to an integer status returned by an Mbed TLS function. - -## X.509 certificate examples - -* [`x509/cert_app.c`](x509/cert_app.c): connects to a TLS server and verifies its certificate chain. - -* [`x509/cert_req.c`](x509/cert_req.c): generates a certificate signing request (CSR) for a private key. - -* [`x509/cert_write.c`](x509/cert_write.c): signs a certificate signing request, or self-signs a certificate. - -* [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL). - -* [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR). diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore deleted file mode 100644 index 9b8da61954..0000000000 --- a/programs/fuzz/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -fuzz_client -fuzz_dtlsclient -fuzz_dtlsserver -fuzz_pkcs7 -fuzz_server -fuzz_x509crl -fuzz_x509crt -fuzz_x509csr diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt deleted file mode 100644 index d5995aa194..0000000000 --- a/programs/fuzz/CMakeLists.txt +++ /dev/null @@ -1,56 +0,0 @@ -set(libs - ${mbedtls_target} - ${CMAKE_THREAD_LIBS_INIT} -) - -find_library(FUZZINGENGINE_LIB FuzzingEngine) -if(FUZZINGENGINE_LIB) - project(fuzz CXX) -endif() - -set(executables_no_common_c - fuzz_x509crl - fuzz_x509crt - fuzz_x509csr - fuzz_pkcs7 -) -add_dependencies(${programs_target} ${executables_no_common_c}) - -set(executables_with_common_c - fuzz_client - fuzz_dtlsclient - fuzz_dtlsserver - fuzz_server -) -add_dependencies(${programs_target} ${executables_with_common_c}) - -foreach(exe IN LISTS executables_no_common_c executables_with_common_c) - - set(exe_sources - ${exe}.c - $ - $) - if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_onefile.c) - endif() - - # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 - list(FIND executables_with_common_c ${exe} exe_index) - if(${exe_index} GREATER -1) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) - endif() - - add_executable(${exe} ${exe_sources}) - set_base_compile_options(${exe}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ - ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) - - if (NOT FUZZINGENGINE_LIB) - target_link_libraries(${exe} ${libs}) - else() - target_link_libraries(${exe} ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(${exe} PROPERTIES LINKER_LANGUAGE CXX) - endif() - -endforeach() diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile deleted file mode 100644 index 65ac6f8949..0000000000 --- a/programs/fuzz/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -MBEDTLS_TEST_PATH:=../../tests - -MBEDTLS_PATH := ../.. -include ../../scripts/common.make - -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz - -DEP=${MBEDLIBS} - -ifdef FUZZINGENGINE -LOCAL_LDFLAGS += -lFuzzingEngine -endif - -LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH) - -# A test application is built for each fuzz_*.c file. -APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(PROGRAM_FUZZ_PATH)/fuzz_privkey.c) -APPS += $(basename $(PROGRAM_FUZZ_PATH)/fuzz_pubkey.c) - -# Construct executable name by adding OS specific suffix $(EXEXT). -BINARIES := $(addsuffix $(EXEXT),$(APPS)) - -.SILENT: - -.PHONY: all check test clean - -all: $(BINARIES) - -C_FILES := $(addsuffix .c,$(APPS)) - -%.o: %.c - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< -o $@ - - -ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) - echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -else -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $(DEP) - echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -endif - -clean: -ifndef WINDOWS - rm -rf $(BINARIES) *.o - rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o -else - if exist *.o del /Q /F *.o - if exist *.exe del /Q /F *.exe - if exist $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o del /Q /F $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o -endif diff --git a/programs/fuzz/README.md b/programs/fuzz/README.md deleted file mode 100644 index aaef03015d..0000000000 --- a/programs/fuzz/README.md +++ /dev/null @@ -1,68 +0,0 @@ -What is it? ------- - -This directory contains fuzz targets. -Fuzz targets are simple codes using the library. -They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance). - -These targets were meant to be used with oss-fuzz but can be used in other contexts. - -This code was contributed by Philippe Antoine ( Catena cyber ). - -How to run? ------- - -To run the fuzz targets like oss-fuzz: -``` -git clone https://github.com/google/oss-fuzz -cd oss-fuzz -python infra/helper.py build_image mbedtls -python infra/helper.py build_fuzzers --sanitizer address mbedtls -python infra/helper.py run_fuzzer mbedtls fuzz_client -``` -You can use `undefined` sanitizer as well as `address` sanitizer. -And you can run any of the fuzz targets like `fuzz_client`. - -To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance). -Then you need to compile the code with the compiler flags of the wished sanitizer. -``` -perl scripts/config.py set MBEDTLS_PLATFORM_TIME_ALT -mkdir build -cd build -cmake .. -make -``` -Finally, you can run the targets like `./test/fuzz/fuzz_client`. - - -Corpus generation for network traffic targets ------- - -These targets use network traffic as inputs : -* client : simulates a client against (fuzzed) server traffic -* server : simulates a server against (fuzzed) client traffic -* dtls_client -* dtls_server - -They also use the last bytes as configuration options. - -To generate corpus for these targets, you can do the following, not fully automated steps : -* Build mbedtls programs ssl_server2 and ssl_client2 -* Run them one against the other with `reproducible` option turned on while capturing traffic into test.pcap -* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt` -* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor` -* Finally, you can add the options by appending the last bytes to the file test.cor - -Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command) -``` -import sys -import binascii - -f = open(sys.argv[1]) -for l in f.readlines(): - portAndPl=l.split() - if len(portAndPl) == 2: - # determine client or server based on port - if portAndPl[0] == "4433": - print(binascii.unhexlify(portAndPl[1].replace(":",""))) -``` diff --git a/programs/fuzz/corpuses/client b/programs/fuzz/corpuses/client deleted file mode 100644 index 48d0a67c8f36ace60ccf4013a5b985207703ed80..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4037 zcmeH~c{o)2AIHy`8T&qD>`Tbb8T(Gxk|o8ErjclDkqky_x`$1_j$U1{?2p$IG^wNp3n1rKA-RFyx(75I2>?<0l#`t7=xuH8BqrwtHx79!|=M4uzdQ)O)jn z@;IGr&&3`UxKmtzIJOP~0FKWf00ICC000&M1_HcrIBPWvzdaleofBgLvTIp zbA&()grdOhTUQCv0q`i01E7sF!=gYCsJG60F+~yXM)X?*RHc=&2TkbcS$67h^LF7T zD0#rSqIr>{sYMua@>|7#5Ch3;Yj@R3B^OVQ?Qo0FxGfW&GxR3@b&F8ygN=Fwrc$Ff z@6*fj69dWhhshoojock}B{u^PF@*C+J(n90%^qYEQnc{+=qN=rqq3ae>&1EpNPamK z#px0LtGztQJ@`V-_~Ay1kp<)Y5!QF4vpr@HyQ)gK;3B6SiUmYW_&7MukcLPmhsOCH zxnNB~X38r^V*noqocGak7K4Ox9@oG>>61_6*Tt&GC#2wntF0Ugz? zYIxLz!v<;XQtVb{O)|a&iEh4@K=47lkvwGFL_y_94`%6pUttQzjKPEE_0L-iPTLl= zf`dSY=RsL)cCcVkjZm?`EPud)5BoAvqhk_fg#>-(%loW`Hi(3isS^)n2l0y1{Kc#T z`(^!XKR7(dlfiKf$Ys9ZjH!C0J~6XFbmk*03h9}9>Xk&4iK8d_6g~83=0eN`$`i41 zZc3^_L5C06iuyNm*1`L<>q1feLVk~oJZtG*;K2ur8};j=EkTyUsA;P5?py8kfquz1 zl;aCySUHTW@A~)P^%RbxEyqeiht^NZyuRBXG@I$wCs@$wN225(v?pCO_*! zuupkhda2MF7uUpQsr~fg)I&8K_oz8@-6wWAm|I@Re$AqI-a_679fDUI)P0?EcM0wS z;3OJ7u{3%J-{=AUQl@{C9_Y{XK)9bv{v(L$Mm5(^zm2748lD|VRS7pK;LWCpzf0?# zebW}khh@B6Fq{5}G%6sHrj-^e5?Ys_J*ws87sT-N`rsw%{Q%oX9eEJu#=?}5A5WV} zZU9Teq|u7OWFdRy%B-bpU6m{ln6Y2CxB!vt|E?x_(C}HoxSm|nTWOcZ$60OFvo7KH zUdO1^?p?+1*baB>CHJi^zDiZ{tD8`&SyP%H-?^_&O(|S5z^iRnIge3vxaWtnOX!>L zg7YixC?Qv3P`~2|(gxhva(g!MYedZ)sFQGUcxigA^tqBucLdBzB756{mb)9%8&=;$ zK~%Q?lgjj#o70U8ow2D&kua6(X;?yT-&crEr$DDKLadu`a3km-I0$~;Leh6Zas5it zK?wJKl5!05^?#~$QQ%*<*%unC*6jxX`(%>TZRr;&l-!Ro48pN-mQ6ui0}OZix7#F| z&)`E;;%Z%Y*?qoS`%Wp|zAnu$`@W_`fHRxffuw<5lqB0#d0%SZy-^(o!|-rX>*x{j4l)vzAoYz)_-ua$F4u2t99B*j+xDA z->kR|iuX0WCFRh_$FXVqAJEA1_gcpKzgouneJ#_3)M=Wfp{@y`H)-4q)xU***V2EM z{Qorma~l7vWdAyU|EO7;{Qdclu*EXbw%HdNh02;m$b%}ueJWQDJ(Dx2jZ`c-^lH56 zuu@gye8N+aVJ;tyyC=lT3U48A9-~C#+wo^+bp=?~d6-8eLTyU-4L2kqYak~?ZF0U` zoPK)wr&pP-+l15YwOT!>cHaKoh3kR}BMX^Fy$;GbOJYJEw(eJ7p|2Or*12QV6;PAb z;@KBH9X}Z?zNa$r(2RywRX*X&ZDfy~6t_wD=L)^C9y@)*8iP>Sg%8YrVcmC`DtH<6 z{1>jyxCa4YvO5$@d{?5E*mA0-;zcsjPfs`!(@Zf^(@T6=$Jk75)E#tn_z-)_qP-pC z4411#U5CjEx0^m?%831PWqX5i%%_h_?PzlV=0MX$49%1Ef7M1Npx$^q0&m<-g_!9X zX%4eP9|4C!20wIwLXZIMk4m$b++XY^k?8Z)UYZ*J;V@MpZ51`Nx|+6{)+Uvkp~|=L zr}Lkn`A>!~tA&B|bn>SWz;-wuKr{}?tL@apD#to(ti@H!8e8od^KE3`Z>Oq_?ZuEU zq-e89j5?zv@#bp+DY6|3im?snFp*`?yl;xXsCp{oi>+#6k?efDXcwW6 zUv{6@H9K7~vInn=sz~1HZ0L067OBZRCMIbC8p^i?-Qj-_A=&bLRU-`Y{VFw{kb5N0 z_a@~0l5h006^Po>xIgduEp3E*0gwj_4K$MRLE)>L1XYVbjFH9X0!^6LFayjhEnsTQMv&*TjYV%2V& zEG};=>6`@LWKnvW6^>YUcd$0@nv-`yA31ow#REz*ezN8$al{1d4T}Qrg%x$?3PnXZ zTd|fddp%b@CwQRx!=jVu1vhe^K!X1M8vVdvBzfZs=S!CB{Fe=Uw576{vRpE$yyi#& zS@)=0BPRy%ZaUXH*U!J!n!{eme@|)FJEKXMTHSU2jkDIatfwJ~ULOQvoMmGp-?yHc z%Z|vG%Zc|k%aB(*&Gqs%SU(;GeaZeTXL6~{1j}g2uDI+ z3P&+E2wKG86mk`4T>%j6v?C@D?EwTgLm681<$}%|>5hE--TDBjbferpg=$#0GKxyL zC(}}4l=wutqZ~z>{Oh;5;F+vFDNs6U#sRkHEC>H1XDK-^3uTUb-dwys)zv=G8#Zdq zo}=u}MY@;Y>aL}nNl26FDMnK~D%u5M1!~N&Pz$^%+9Sla(rIsc(~aK*aeWuF->DbY zxZqY}yMA@QBdOtf^};Jsv2F}CT4~{U*k$Sb21;9!>8RhnF1{6#h%P1obEzSvF~vK< z)MDW+u7WM+@iKYdq!W=3af-@0Fw02F*iUF|qb*tB+mc~|&773RYt+2AHUAf15O9M5fCB)2@OD^P z_QavCV+nbVoAxrH2~*BpSIS%NXH?p9b4CVkmDC%Ik?@<+&)NE9iKGvPr9B_?PEFEu zlAkHld5zxCYqR zSYibs^x6=dcf;o)30n_JpoGy@NDPg_Vj&zBhgDToh14CtiWJ(|u2}-ShOOOeGM}k}cW1Jlp34%baRo>7 zsCVVPdvfh?Z*r|`r6*oJce73Ll|W~fP{GIn`CjqtK9q=}ndj?0n<(2SIey;hg{%US zpY%s=@C^OMc1xT`(5akJ*SZ!%GuGMt$ho)^o!jrU(~7y_V#n-@gv7Q9aB&@v>yO*! zJSuRXsNCS0@NRE!=quS+40tb@(?E6(`pum4<)h(-23hY0CcWT#nC^K|eXdE>b9ks=|d2){2z4BQ@8=`6V)W)V)C@uoz1rc3Sl5TNWsU&u+ThUW*`bDs* z(6vNDth!}l=&4C%%aZ2W zK)>Y6%JGHKNG?OGYX456u7Wq#e55#}fBA^qv+5q|OqN%-a6y}2TuZ)_ZQN;NKJonq zveY)GZsk$g#X>8`*m{(?*2B{icT^pDADgn%-*L*r-1CARG%m&S7xLd~6+U-Y&DSN@ zMA!s?$1&)MVbDYVL=W({W%@7af&NMlE4xX^6{{Mjv% zbLm|(&zp`45LnL^%w*h)dn_cDu9+Sq7D7+ZdaSwEkIM4!Lf@Im8v(oSwdO(i%kvY4 zetb>aasxQ-jvKz!A1~yrcspb6MyFwbz)T07q5?#+|J?1UK7&UEqq_1*FJ<@D-M`p$ zb7o)Y^=Hwznw{?no2B4;x+=ThFFZ|E@}rL_-Ck0f9o=e2S5*p?3Giw%xyEN06-xT! z#3J^}Tu^>_l@ia}X!P$yvaCKY;hHT<@;pT&2Wlgq9$cJSx;mgF*AWJ@kj~yXuj%2= z_8jS(D2&eb|E(gU@yb-)d|OOvQaB8EA)P?Z?fwW+L<$sf8bYqY!HZym;2^lVj-+pb z;`WgwC&=;JB;^?7>-|vbBEi3x*#{bF%eK9MZF1bEGTEV&mfY9TETS>7=JizWUY4pJ zDeFYjX<{%gw#LoGX0^IzPAT4&o^FtRLqj^i1+{&5Qm;u%n&m|nBoC2ITV_nXZ%UzG zvz>CtwWro+b6mzq_aNy-ythhEpp>rVKvjZ#s{)F3HxnCEq1MF;lJIEM_>&}?Mbepu zx8%dy2t1S8U1<|jbp4{>0KFI+@o|Od=!x?ej(PTpXDslVmRa$2442FFQ9~EhnhAm( zo#`*FC~w4LyByo`t!xX|w(mLsBC zJ8G}pjHET1{~5D+i}Ud7kty5n(8%%6y$t!ky$t#7UZw%5F?yD|ng)bjqjAkt`(*x8 zO8;H(|I_&IY5dyB{&W8RRkGIj`|B5Bon&H^*#{a$N*lx~`*1;#lTmAC?ZWzG^pkH;Lyqv=>p6 zoG%}%mvQag(=4}*q8YZD4?HJr4)}KzE(a%dCrVwo8cV|ys+#`sNBivkx9qKvK8>~*vS5Iahv z4(y3Fcym+SZLm_Ito~h=oWxIQQg@Z3-@RUJ#+m{!dq!WxGc;Mx$KJ>W)EbS35sjKB zA$Dd~hQe&sL%?B>{&y9i2qeV#qB7(q?+1BFq4<21m&Qh)6{ZTLg;T|Q)Vca*X}TQtVBPk;RS?-#ShQ8x<`= z7rydTiWZ0TV;8gx(R4{D1=Fga7<2a|KD_kNfh&?jw1*gOyj_N^`nsQ$5umv zJi__DH6iDxe8V4Ifyi}<`)k#&OC#J1fIMMXpstcgv6o8$La98PJN-ih-~4<||MZH= zg|VQ{mEh|!fx260Jzi%y@<>N$6*V2|IEKqIDf6r}iEe+>LS-Xx|7kOpRUtF3|MDSe zWt!Z?d?uf^A?Q?!EN=@u23=$|Dv|iQoq>btNB~R#82c}PafSne#}QyIzvg&*gpZY?z2OC}lrfz~-I%7h;?HH9Qr(Ce0p% z3B>1^CB4`g6lf-gcar>7?YCFV3~3xwk@cLp32i*v}n@bfjlI#|nl_X_j>GIZjs zL8y3#t=^&JqLtxeHZwpeM*GeI*70XMOyN%1bgjL&J59Q9r;pzKr z+tFE@3vcUOL_|cLtxR}caLOCda^CedO9%kTxt1Wr+8+S$ecAmo0U)?G?c?qj0HDuT z&id`LQeE9i24*F2(or_*bb*l=?CqOIPo8kfl`;WYrX043LSQ8p{lyssBtJQWzgvJC zhKOEO_gDrr)8x+554UKhgz`QyZrJ!`HVhE@G#l1lH6pcBTeNsq{uxgX9PgCc`zK~= B`4|8I diff --git a/programs/fuzz/corpuses/dtlsserver b/programs/fuzz/corpuses/dtlsserver deleted file mode 100644 index 7a7a117900781be46a5b985b275d625ef98b8c96..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1189 zcmeHGYfQ~y9Dd&OKed!oraGZql5k2FMY=IQC>?!Zlr0-G3@h3y2VpKLUDct`kxFiL zI@MfO(=3nsd|;W|T-LITvM_BKnvOSJKKta8=gaT;-S+<8-}AoOek+C`jthv~K}Y2F z|JrnKOX_l~zFYUOxwfaTBWlmBmEYYvKNJ`e{MQFpJTL*mma`a$3f8fL(>N1}w5JQg z*ub+q%slR8DtF)xvgykJl+(g;dT|CeaTJ{q%z9Qai@Dsx6dKTi#kAvCXi>|H48;|O zz(^xc@dRsO<^|5fWzIzri+G$SnmGrBIL*_TkGTw@51r`G>9pY)?gnv)1>D6PZbuo* z5QzZJrjCyEqc_#8WICF$i22;fY^K4U8Y-wm6H0iDrLdq8#XQQBIEEUYM*|92$P(6| zn&(iDd>&yjtC0t*021Wh95EUgm6W`GUDD>{)HG=1O$PAg6%QydpL{k!aD&v!y&pqjC5YuX;$QKk01-+D78Z(T-D;xh4H!ha&+uK~#s{3VYWqz0{Yv%U$#2?KR;OS5)KIu)%fV2}8-ZCHmf{)6Q&l z`Wj@ezdduJ@=~YnePn8R7weHT)un%UJOx5%rT6EB$pHh0nOm69Ps&R#Ee{{vl#uQa z6*IZLyl+*;oW>RLapA2+_O`~3lWiL}zj7OC7VsQu7N0X?t_LSahlF-py54Bl1}u2i nv9Hu>xftj=Qmv9dVDL~?`zO!puqtOwgrV+z*#6Zm+cJIwp9Z@o diff --git a/programs/fuzz/corpuses/server b/programs/fuzz/corpuses/server deleted file mode 100644 index fbeb019f200a63d8f40815551f07375c0265c4e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 675 zcmXYsSxD4z6ot>v|0wF@SUPGhQKaUUySADrl!Z=#p*;u%p=F^VsJTZNxsH>2mbq6h zmlop{>)-gi7Q%?T>4Qdgvyo18MFLH!#(wtlE(@sT6{av9Pf$n? zdZU3|Y@j1u5Kj|Y!k;~CVLpqQ!(^sm1V?C03s|F*ZQO?e?m;=rd51OZgr2S3i+%>8 zjAgvZTIv~qQq;2^hY(0Vy3?Fq+(kn+GaJNp>X^wQUPc}35Cm`f(v2#5(wPc2F$=>8 zWeGD_$W)lpj1syrglbmuHo7o~Dpv3oD$&9F=!K4@tY!z=c@I4(;SE-?9a^jlAO?U6 zn*fu@m+YzHf-VF?Q; zAp>#)xd$BOC`l;Z4CLo2#Hpj^o^wkFhE&cUp02V=<2=7GYU}9tu_W)$FORrBjoE{d z@Wt|V|5sB7iyyTXrWuz{)&{){i%w8x&Gqk?Y#D=fhU$0nHJw{-UFpi1h`zPFOnbA} zvk!%PbXkXIZ=6*~O#{2OX(K-Ys diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c deleted file mode 100644 index 70eb656487..0000000000 --- a/programs/fuzz/fuzz_client.c +++ /dev/null @@ -1,188 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "test/certs.h" -#include "fuzz_common.h" -#include -#include -#include - - -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt cacert; -#endif -const char *alpn_list[3]; - - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif - -const char *pers = "fuzz_client"; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - uint16_t options; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&cacert); - if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } -#endif - - alpn_list[0] = "HTTP"; - alpn_list[1] = "fuzzalpn"; - alpn_list[2] = NULL; - - dummy_init(); - - initialized = 1; - } - - //we take 1 byte as options input - if (Size < 2) { - return 0; - } - options = (Data[Size - 2] << 8) | Data[Size - 1]; - //Avoid warnings if compile options imply no options - (void) options; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (options & 2) { - mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), - (const unsigned char *) psk_id, sizeof(psk_id) - 1); - } -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if (options & 4) { - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); - } else -#endif - { - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - } -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - mbedtls_ssl_conf_extended_master_secret(&conf, - (options & - 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - mbedtls_ssl_conf_encrypt_then_mac(&conf, - (options & - 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED); -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, - (options & - 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_session_tickets(&conf, - (options & - 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ALPN) - if (options & 0x200) { - mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); - } -#endif - //There may be other options to add : - // mbedtls_ssl_conf_cert_profile - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if ((options & 1) == 0) { - if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { - goto exit; - } - } -#endif - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size-2; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); - - ret = mbedtls_ssl_handshake(&ssl); - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_free(&ssl); - mbedtls_psa_crypto_free(); - -#else - (void) Data; - (void) Size; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - return 0; -} diff --git a/programs/fuzz/fuzz_client.options b/programs/fuzz/fuzz_client.options deleted file mode 100644 index 4d7340f497..0000000000 --- a/programs/fuzz/fuzz_client.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c deleted file mode 100644 index c83f314138..0000000000 --- a/programs/fuzz/fuzz_dtlsclient.c +++ /dev/null @@ -1,132 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "fuzz_common.h" -#include "mbedtls/ssl.h" -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/timing.h" -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt cacert; -#endif - -const char *pers = "fuzz_dtlsclient"; -#endif -#endif // MBEDTLS_SSL_PROTO_DTLS - - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_timing_delay_context timer; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&cacert); - if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } -#endif - dummy_init(); - - initialized = 1; - } - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); -#endif - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { - goto exit; - } -#endif - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); - - ret = mbedtls_ssl_handshake(&ssl); - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_free(&ssl); - mbedtls_psa_crypto_free(); - -#else - (void) Data; - (void) Size; -#endif - return 0; -} diff --git a/programs/fuzz/fuzz_dtlsclient.options b/programs/fuzz/fuzz_dtlsclient.options deleted file mode 100644 index 4d7340f497..0000000000 --- a/programs/fuzz/fuzz_dtlsclient.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c deleted file mode 100644 index dd2a8b644b..0000000000 --- a/programs/fuzz/fuzz_dtlsserver.c +++ /dev/null @@ -1,174 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "fuzz_common.h" -#include "mbedtls/ssl.h" -#include "test/certs.h" -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/timing.h" -#include "mbedtls/ssl_cookie.h" - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) && \ - (defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_256)) -const char *pers = "fuzz_dtlsserver"; -const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 }; -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt srvcert; -static mbedtls_pk_context pkey; -#endif -#endif -#endif // MBEDTLS_SSL_PROTO_DTLS - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) && \ - (defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_256)) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_timing_delay_context timer; - mbedtls_ssl_cookie_ctx cookie_ctx; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); -#endif - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_cookie_init(&cookie_ctx); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len) != 0) { - return 1; - } - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } - if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0) != 0) { - return 1; - } -#endif - dummy_init(); - - initialized = 1; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { - goto exit; - } -#endif - - if (mbedtls_ssl_cookie_setup(&cookie_ctx) != 0) { - goto exit; - } - - mbedtls_ssl_conf_dtls_cookies(&conf, - mbedtls_ssl_cookie_write, - mbedtls_ssl_cookie_check, - &cookie_ctx); - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); - if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) { - goto exit; - } - - ret = mbedtls_ssl_handshake(&ssl); - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - biomemfuzz.Offset = ssl.MBEDTLS_PRIVATE(next_record_offset); - mbedtls_ssl_session_reset(&ssl); - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); - if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) { - goto exit; - } - - ret = mbedtls_ssl_handshake(&ssl); - - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - } - -exit: - mbedtls_ssl_cookie_free(&cookie_ctx); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pk_free(&pkey); - mbedtls_x509_crt_free(&srvcert); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_free(&ssl); - mbedtls_psa_crypto_free(); - -#else - (void) Data; - (void) Size; -#endif - return 0; -} diff --git a/programs/fuzz/fuzz_dtlsserver.options b/programs/fuzz/fuzz_dtlsserver.options deleted file mode 100644 index 4d7340f497..0000000000 --- a/programs/fuzz/fuzz_dtlsserver.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c deleted file mode 100644 index f236190c2c..0000000000 --- a/programs/fuzz/fuzz_pkcs7.c +++ /dev/null @@ -1,23 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include "mbedtls/pkcs7.h" -#include "fuzz_common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_PKCS7_C - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init(&pkcs7); - - mbedtls_pkcs7_parse_der(&pkcs7, Data, Size); - - mbedtls_pkcs7_free(&pkcs7); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/programs/fuzz/fuzz_pkcs7.options b/programs/fuzz/fuzz_pkcs7.options deleted file mode 100644 index 0824b19fab..0000000000 --- a/programs/fuzz/fuzz_pkcs7.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_privkey.options b/programs/fuzz/fuzz_privkey.options deleted file mode 100644 index 0824b19fab..0000000000 --- a/programs/fuzz/fuzz_privkey.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_pubkey.options b/programs/fuzz/fuzz_pubkey.options deleted file mode 100644 index 0824b19fab..0000000000 --- a/programs/fuzz/fuzz_pubkey.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c deleted file mode 100644 index 3b1054e16a..0000000000 --- a/programs/fuzz/fuzz_server.c +++ /dev/null @@ -1,211 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/ssl_ticket.h" -#include "test/certs.h" -#include "fuzz_common.h" -#include -#include -#include - - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -const char *pers = "fuzz_server"; -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt srvcert; -static mbedtls_pk_context pkey; -#endif -const char *alpn_list[3]; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif -#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_context ticket_ctx; -#endif - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - uint8_t options; - - //we take 1 byte as options input - if (Size < 1) { - return 0; - } - options = Data[Size - 1]; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); -#endif - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_init(&ticket_ctx); -#endif - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - return 1; - } - - if (initialized == 0) { - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len) != 0) { - return 1; - } - if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len) != 0) { - return 1; - } - if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0) != 0) { - return 1; - } -#endif - - alpn_list[0] = "HTTP"; - alpn_list[1] = "fuzzalpn"; - alpn_list[2] = NULL; - - dummy_init(); - - initialized = 1; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { - goto exit; - } -#endif - - mbedtls_ssl_conf_cert_req_ca_list(&conf, - (options & - 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED); -#if defined(MBEDTLS_SSL_ALPN) - if (options & 0x2) { - mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); - } -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - if (options & 0x4) { - if (mbedtls_ssl_ticket_setup(&ticket_ctx, //context - PSA_ALG_GCM, //alg - PSA_KEY_TYPE_AES, //key_type - 256, //key_bits - 86400) != 0) { //lifetime - goto exit; - } - - mbedtls_ssl_conf_session_tickets_cb(&conf, - mbedtls_ssl_ticket_write, - mbedtls_ssl_ticket_parse, - &ticket_ctx); - } -#endif -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - mbedtls_ssl_conf_extended_master_secret(&conf, - (options & - 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - mbedtls_ssl_conf_encrypt_then_mac(&conf, - (options & - 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (options & 0x40) { - mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), - (const unsigned char *) psk_id, sizeof(psk_id) - 1); - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, - (options & - 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); -#endif - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - goto exit; - } - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size-1; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); - - mbedtls_ssl_session_reset(&ssl); - ret = mbedtls_ssl_handshake(&ssl); - if (ret == 0) { - //keep reading data from server until the end - do { - len = sizeof(buf) - 1; - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ) { - continue; - } else if (ret <= 0) { - //EOF or error - break; - } - } while (1); - } - -exit: -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_free(&ticket_ctx); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_ssl_config_free(&conf); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */ - mbedtls_ssl_free(&ssl); - mbedtls_psa_crypto_free(); -#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - (void) Data; - (void) Size; -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - return 0; -} diff --git a/programs/fuzz/fuzz_server.options b/programs/fuzz/fuzz_server.options deleted file mode 100644 index 4d7340f497..0000000000 --- a/programs/fuzz/fuzz_server.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c deleted file mode 100644 index af50e25f13..0000000000 --- a/programs/fuzz/fuzz_x509crl.c +++ /dev/null @@ -1,38 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include "mbedtls/x509_crl.h" -#include "fuzz_common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_X509_CRL_PARSE_C - int ret; - mbedtls_x509_crl crl; - unsigned char buf[4096]; - - mbedtls_x509_crl_init(&crl); - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - ret = mbedtls_x509_crl_parse(&crl, Data, Size); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (ret == 0) { - ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); - } -#else /* !MBEDTLS_X509_REMOVE_INFO */ - ((void) ret); - ((void) buf); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -exit: - mbedtls_psa_crypto_free(); - mbedtls_x509_crl_free(&crl); -#else /* MBEDTLS_X509_CRL_PARSE_C */ - (void) Data; - (void) Size; -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - - return 0; -} diff --git a/programs/fuzz/fuzz_x509crl.options b/programs/fuzz/fuzz_x509crl.options deleted file mode 100644 index 0824b19fab..0000000000 --- a/programs/fuzz/fuzz_x509crl.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c deleted file mode 100644 index 709fd200f9..0000000000 --- a/programs/fuzz/fuzz_x509crt.c +++ /dev/null @@ -1,38 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include "mbedtls/x509_crt.h" -#include "fuzz_common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_X509_CRT_PARSE_C - int ret; - mbedtls_x509_crt crt; - unsigned char buf[4096]; - - mbedtls_x509_crt_init(&crt); - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - ret = mbedtls_x509_crt_parse(&crt, Data, Size); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (ret == 0) { - ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt); - } -#else - ((void) ret); - ((void) buf); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -exit: - mbedtls_psa_crypto_free(); - mbedtls_x509_crt_free(&crt); -#else /* MBEDTLS_X509_CRT_PARSE_C */ - (void) Data; - (void) Size; -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - return 0; -} diff --git a/programs/fuzz/fuzz_x509crt.options b/programs/fuzz/fuzz_x509crt.options deleted file mode 100644 index 0824b19fab..0000000000 --- a/programs/fuzz/fuzz_x509crt.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c deleted file mode 100644 index 1c26e6f082..0000000000 --- a/programs/fuzz/fuzz_x509csr.c +++ /dev/null @@ -1,38 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include "mbedtls/x509_csr.h" -#include "fuzz_common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_X509_CSR_PARSE_C - int ret; - mbedtls_x509_csr csr; - unsigned char buf[4096]; - - mbedtls_x509_csr_init(&csr); - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } - ret = mbedtls_x509_csr_parse(&csr, Data, Size); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (ret == 0) { - ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); - } -#else /* !MBEDTLS_X509_REMOVE_INFO */ - ((void) ret); - ((void) buf); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -exit: - mbedtls_psa_crypto_free(); - mbedtls_x509_csr_free(&csr); -#else /* MBEDTLS_X509_CSR_PARSE_C */ - (void) Data; - (void) Size; -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - - return 0; -} diff --git a/programs/fuzz/fuzz_x509csr.options b/programs/fuzz/fuzz_x509csr.options deleted file mode 100644 index 0824b19fab..0000000000 --- a/programs/fuzz/fuzz_x509csr.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt deleted file mode 100644 index 65f65b9bdd..0000000000 --- a/programs/ssl/CMakeLists.txt +++ /dev/null @@ -1,73 +0,0 @@ -find_package(Threads) - -set(libs - ${mbedtls_target} -) - -set(executables - dtls_client - dtls_server - mini_client - ssl_client1 - ssl_client2 - ssl_context_info - ssl_fork_server - ssl_mail_client - ssl_server - ssl_server2 -) -add_dependencies(${programs_target} ${executables}) -add_dependencies(${ssl_opt_target} ${executables}) - -if(GEN_FILES) - # Inform CMake that the following file will be generated as part of the build - # process, so it doesn't complain that it doesn't exist yet. Starting from - # CMake 3.20, this will no longer be necessary as CMake will automatically - # propagate this information across the tree, for now it's only visible - # inside the same directory, so we need to propagate manually. - set_source_files_properties( - ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c - PROPERTIES GENERATED TRUE) -endif() - -foreach(exe IN LISTS executables) - set(extra_sources "") - if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") - list(APPEND extra_sources - ssl_test_lib.c - ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h - ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c) - endif() - add_executable(${exe} - ${exe}.c - $ - $ - ${extra_sources}) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs - ${MBEDTLS_FRAMEWORK_DIR}/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) - if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") - if(GEN_FILES) - add_dependencies(${exe} generate_query_config_c) - endif() - endif() -endforeach() - -if(THREADS_FOUND) - add_executable(ssl_pthread_server - ssl_pthread_server.c - $ - $) - set_base_compile_options(ssl_pthread_server) - target_include_directories(ssl_pthread_server PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs - ${MBEDTLS_FRAMEWORK_DIR}/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) - target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) - list(APPEND executables ssl_pthread_server) -endif(THREADS_FOUND) - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c deleted file mode 100644 index bb1d5af2e3..0000000000 --- a/programs/ssl/dtls_client.c +++ /dev/null @@ -1,337 +0,0 @@ -/* - * Simple DTLS client demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include - -#include "mbedtls/net_sockets.h" -#include "mbedtls/debug.h" -#include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/error.h" -#include "mbedtls/timing.h" -#include "test/certs.h" - -/* Uncomment out the following line to default to IPv4 and disable IPv6 */ -//#define FORCE_IPV4 - -#define SERVER_PORT "4433" -#define SERVER_NAME "localhost" - -#ifdef FORCE_IPV4 -#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */ -#else -#define SERVER_ADDR SERVER_NAME -#endif - -#define MESSAGE "Echo this" - -#define READ_TIMEOUT_MS 1000 -#define MAX_RETRY 5 - -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(int argc, char *argv[]) -{ - int ret, len; - mbedtls_net_context server_fd; - uint32_t flags; - unsigned char buf[1024]; - const char *pers = "dtls_client"; - int retry_left = MAX_RETRY; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - mbedtls_timing_delay_context timer; - - ((void) argc); - ((void) argv); - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 0. Load certificates - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1. Start the connection - */ - mbedtls_printf(" . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, SERVER_ADDR, - SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the DTLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - /* OPTIONAL is usually a bad choice for security, but makes interop easier - * in this simplified example, in which the ca chain is hardcoded. - * Production code should set a proper ca chain and use REQUIRED. */ - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, - mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout); - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - - mbedtls_printf(" ok\n"); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the DTLS handshake..."); - fflush(stdout); - - do { - ret = mbedtls_ssl_handshake(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - /* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the - * handshake would not succeed if the peer's cert is bad. Even if we used - * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */ - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) - char vrfy_buf[512]; -#endif - - mbedtls_printf(" failed\n"); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); -#endif - } else { - mbedtls_printf(" ok\n"); - } - - /* - * 6. Write the echo request - */ -send_request: - mbedtls_printf(" > Write to server:"); - fflush(stdout); - - len = sizeof(MESSAGE) - 1; - - do { - ret = mbedtls_ssl_write(&ssl, (unsigned char *) MESSAGE, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - - len = ret; - mbedtls_printf(" %d bytes written\n\n%s\n\n", len, MESSAGE); - - /* - * 7. Read the echo response - */ - mbedtls_printf(" < Read from server:"); - fflush(stdout); - - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - - do { - ret = mbedtls_ssl_read(&ssl, buf, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_TIMEOUT: - mbedtls_printf(" timeout\n\n"); - if (retry_left-- > 0) { - goto send_request; - } - goto exit; - - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - goto close_notify; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - } - - len = ret; - mbedtls_printf(" %d bytes read\n\n%s\n\n", len, buf); - - /* - * 8. Done, cleanly close the connection - */ -close_notify: - mbedtls_printf(" . Closing the connection..."); - - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - - mbedtls_printf(" done\n"); - - /* - * 9. Final clean-ups and exit - */ -exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - /* Shell can not handle large exit numbers -> 1 for errors */ - if (ret < 0) { - ret = 1; - } - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c deleted file mode 100644 index 479b5430f9..0000000000 --- a/programs/ssl/dtls_server.c +++ /dev/null @@ -1,407 +0,0 @@ -/* - * Simple DTLS server demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -/* Uncomment out the following line to default to IPv4 and disable IPv6 */ -//#define FORCE_IPV4 - -#ifdef FORCE_IPV4 -#define BIND_IP "0.0.0.0" /* Forces IPv4 */ -#else -#define BIND_IP "::" -#endif - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ - !defined(MBEDTLS_SSL_COOKIE_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " - "MBEDTLS_SSL_COOKIE_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#if defined(_WIN32) -#include -#endif - -#include -#include -#include - -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "mbedtls/debug.h" -#include "mbedtls/timing.h" - -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#define READ_TIMEOUT_MS 10000 /* 10 seconds */ -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret, len; - mbedtls_net_context listen_fd, client_fd; - unsigned char buf[1024]; - const char *pers = "dtls_server"; - unsigned char client_ip[16] = { 0 }; - size_t cliip_len; - mbedtls_ssl_cookie_ctx cookie_ctx; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; - mbedtls_timing_delay_context timer; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_cookie_init(&cookie_ctx); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 1. Seed the RNG - */ - printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - printf(" ok\n"); - - /* - * 2. Load the certificates and private RSA key - */ - printf("\n . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, - NULL, - 0); - if (ret != 0) { - printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - printf(" ok\n"); - - /* - * 3. Setup the "listening" UDP socket - */ - printf(" . Bind on udp/*/4433 ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP)) != 0) { - printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - printf(" ok\n"); - - /* - * 4. Setup stuff - */ - printf(" . Setting up the DTLS data..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) { - printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, - &cookie_ctx); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); - - printf(" ok\n"); - -reset: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - - mbedtls_ssl_session_reset(&ssl); - - /* - * 5. Wait until a client connects - */ - printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - client_ip, sizeof(client_ip), &cliip_len)) != 0) { - printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - /* For HelloVerifyRequest cookies */ - if ((ret = mbedtls_ssl_set_client_transport_id(&ssl, - client_ip, cliip_len)) != 0) { - printf(" failed\n ! " - "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &client_fd, - mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout); - - printf(" ok\n"); - - /* - * 6. Handshake - */ - printf(" . Performing the DTLS handshake..."); - fflush(stdout); - - do { - ret = mbedtls_ssl_handshake(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - printf(" hello verification requested\n"); - ret = 0; - goto reset; - } else if (ret != 0) { - printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret); - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { - printf(" An unexpected message was received from our peer. If this happened at\n"); - printf(" the beginning of the handshake, this is likely a duplicated packet or\n"); - printf(" a close_notify alert from the previous connection, which is harmless.\n"); - ret = 0; - } - printf("\n"); - goto reset; - } - - printf(" ok\n"); - - /* - * 7. Read the echo Request - */ - printf(" < Read from client:"); - fflush(stdout); - - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - - do { - ret = mbedtls_ssl_read(&ssl, buf, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_TIMEOUT: - printf(" timeout\n\n"); - goto reset; - - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - printf(" connection was closed gracefully\n"); - goto close_notify; - - default: - printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret); - goto reset; - } - } - - len = ret; - printf(" %d bytes read\n\n%s\n\n", len, buf); - - /* - * 8. Write the 200 Response - */ - printf(" > Write to client:"); - fflush(stdout); - - do { - ret = mbedtls_ssl_write(&ssl, buf, len); - } while (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - - if (ret < 0) { - printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - - len = ret; - printf(" %d bytes written\n\n%s\n\n", len, buf); - - /* - * 9. Done, cleanly close the connection - */ -close_notify: - printf(" . Closing the connection..."); - - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - - printf(" done\n"); - - goto reset; - - /* - * Final clean-ups and exit - */ -exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_cookie_free(&cookie_ctx); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - /* Shell can not handle large exit numbers -> 1 for errors */ - if (ret < 0) { - ret = 1; - } - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c deleted file mode 100644 index 96d41b35ba..0000000000 --- a/programs/ssl/mini_client.c +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Minimal SSL client, used for memory measurements. - * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -/* - * We're creating and connecting the socket "manually" rather than using the - * NET module, in order to avoid the overhead of getaddrinfo() which tends to - * dominate memory usage in small configurations. For the sake of simplicity, - * only a Unix version is implemented. - * - * Warning: we are breaking some of the abstractions from the NET layer here. - * This is not a good example for general use. This programs has the specific - * goal of minimizing use of the libc functions on full-blown OSes. - */ -#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__) -#define UNIX -#endif - -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(UNIX) - -int main(void) -{ - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include - -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" - -#include -#include -#include - -/* - * Hardcoded values for server host and port - */ -#define PORT_BE 0x1151 /* 4433 */ -#define PORT_LE 0x5111 -#define ADDR_BE 0x7f000001 /* 127.0.0.1 */ -#define ADDR_LE 0x0100007f -#define HOSTNAME "localhost" /* for cert verification if enabled */ - -#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" - -const char *pers = "mini_client"; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -/* This is framework/data_files/test-ca2.crt, a CA using EC secp384r1 */ -const unsigned char ca_cert[] = { - 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x01, 0xd7, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, - 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, - 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, - 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, - 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, - 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x39, - 0x32, 0x34, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x32, - 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, - 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, - 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, - 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, - 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, - 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, - 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, - 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, - 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, - 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, - 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, - 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, - 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, - 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, - 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x81, 0xa0, 0x30, 0x81, 0x9d, 0x30, 0x1d, - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0x6d, 0x20, - 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, - 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0c, 0x06, - 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, - 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, - 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xb4, 0x62, 0x73, 0x56, - 0x28, 0x95, 0x00, 0x7d, 0x78, 0x12, 0x26, 0xd2, 0x71, 0x7b, 0x19, 0xf8, - 0x8a, 0x98, 0x3e, 0x92, 0xfe, 0x33, 0x9e, 0xe4, 0x79, 0xd2, 0xfe, 0x7a, - 0xb7, 0x87, 0x74, 0x3c, 0x2b, 0xb8, 0xd7, 0x69, 0x94, 0x0b, 0xa3, 0x67, - 0x77, 0xb8, 0xb3, 0xbe, 0xd1, 0x36, 0x32, 0x02, 0x31, 0x00, 0xfd, 0x67, - 0x9c, 0x94, 0x23, 0x67, 0xc0, 0x56, 0xba, 0x4b, 0x33, 0x15, 0x00, 0xc6, - 0xe3, 0xcc, 0x31, 0x08, 0x2c, 0x9c, 0x8b, 0xda, 0xa9, 0x75, 0x23, 0x2f, - 0xb8, 0x28, 0xe7, 0xf2, 0x9c, 0x14, 0x3a, 0x40, 0x01, 0x5c, 0xaf, 0x0c, - 0xb2, 0xcf, 0x74, 0x7f, 0x30, 0x9f, 0x08, 0x43, 0xad, 0x20, -}; -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -enum exit_codes { - exit_ok = 0, - ctr_drbg_seed_failed, - ssl_config_defaults_failed, - ssl_setup_failed, - hostname_failed, - socket_failed, - connect_failed, - x509_crt_parse_failed, - ssl_handshake_failed, - ssl_write_failed, -}; - - -int main(void) -{ - int ret = exit_ok; - mbedtls_net_context server_fd; - struct sockaddr_in addr; -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt ca; -#endif - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_init(&ctr_drbg); - - /* - * 0. Initialize and setup stuff - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_init(&ca); -#endif - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - ret = ctr_drbg_seed_failed; - goto exit; - } - - if (mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) != 0) { - ret = ssl_config_defaults_failed; - goto exit; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), - (const unsigned char *) psk_id, sizeof(psk_id) - 1); -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if (mbedtls_x509_crt_parse_der(&ca, ca_cert, sizeof(ca_cert)) != 0) { - ret = x509_crt_parse_failed; - goto exit; - } - - mbedtls_ssl_conf_ca_chain(&conf, &ca, NULL); - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); -#endif - - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { - ret = ssl_setup_failed; - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if (mbedtls_ssl_set_hostname(&ssl, HOSTNAME) != 0) { - ret = hostname_failed; - goto exit; - } -#endif - - /* - * 1. Start the connection - */ - memset(&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - - ret = 1; /* for endianness detection */ - addr.sin_port = *((char *) &ret) == ret ? PORT_LE : PORT_BE; - addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; - ret = 0; - - if ((server_fd.fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - ret = socket_failed; - goto exit; - } - - if (connect(server_fd.fd, - (const struct sockaddr *) &addr, sizeof(addr)) < 0) { - ret = connect_failed; - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - if (mbedtls_ssl_handshake(&ssl) != 0) { - ret = ssl_handshake_failed; - goto exit; - } - - /* - * 2. Write the GET request and close the connection - */ - if (mbedtls_ssl_write(&ssl, (const unsigned char *) GET_REQUEST, - sizeof(GET_REQUEST) - 1) <= 0) { - ret = ssl_write_failed; - goto exit; - } - - mbedtls_ssl_close_notify(&ssl); - -exit: - mbedtls_net_free(&server_fd); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_free(&ca); -#endif - mbedtls_psa_crypto_free(); - - mbedtls_exit(ret); -} -#endif diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c deleted file mode 100644 index c56ff0702f..0000000000 --- a/programs/ssl/ssl_client1.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * SSL client demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/net_sockets.h" -#include "mbedtls/debug.h" -#include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/error.h" -#include "test/certs.h" - -#include - -#define SERVER_PORT "4433" -#define SERVER_NAME "localhost" -#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" - -#define DEBUG_LEVEL 1 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret = 1, len; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context server_fd; - uint32_t flags; - unsigned char buf[1024]; - const char *pers = "ssl_client1"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 0. Initialize certificates - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1. Start the connection - */ - mbedtls_printf(" . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME, - SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* OPTIONAL is not optimal for security, - * but makes interop easier in this simplified example */ - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - /* In real life, we probably want to bail out when ret != 0 */ - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) - char vrfy_buf[512]; -#endif - - mbedtls_printf(" failed\n"); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); -#endif - } else { - mbedtls_printf(" ok\n"); - } - - /* - * 3. Write the GET request - */ - mbedtls_printf(" > Write to server:"); - fflush(stdout); - - len = sprintf((char *) buf, GET_REQUEST); - - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - } - - len = ret; - mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf); - - /* - * 7. Read the HTTP response - */ - mbedtls_printf(" < Read from server:"); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - mbedtls_printf("The return value %d from mbedtls_ssl_read() means that the server\n" - "closed the connection first. We're ok with that.\n", - MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY); - break; - } - - if (ret < 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret); - break; - } - - if (ret == 0) { - mbedtls_printf("\n\nEOF\n\n"); - break; - } - - len = ret; - mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf); - } while (1); - - mbedtls_ssl_close_notify(&ssl); - - if (ret == 0 || ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - exit_code = MBEDTLS_EXIT_SUCCESS; - } - -exit: - -#ifdef MBEDTLS_ERROR_C - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c deleted file mode 100644 index b099fded5a..0000000000 --- a/programs/ssl/ssl_client2.c +++ /dev/null @@ -1,3252 +0,0 @@ -/* - * SSL client with certificate authentication - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "mbedtls/private/pk_private.h" - -#include "ssl_test_lib.h" - -#include "test/psa_crypto_helpers.h" - -#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) -int main(void) -{ - mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE); - mbedtls_exit(0); -} -#elif !defined(MBEDTLS_SSL_CLI_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_SSL_CLI_C not defined.\n"); - mbedtls_exit(0); -} -#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */ - -/* Size of memory to be allocated for the heap, when using the library's memory - * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 - -#define MAX_REQUEST_SIZE 20000 -#define MAX_REQUEST_SIZE_STR "20000" - -#define DFL_SERVER_NAME "localhost" -#define DFL_SERVER_ADDR NULL -#define DFL_SERVER_PORT "4433" -#define DFL_REQUEST_PAGE "/" -#define DFL_REQUEST_SIZE -1 -#define DFL_DEBUG_LEVEL 0 -#define DFL_CONTEXT_CRT_CB 0 -#define DFL_NBIO 0 -#define DFL_EVENT 0 -#define DFL_READ_TIMEOUT 0 -#define DFL_MAX_RESEND 0 -#define DFL_CA_FILE "" -#define DFL_CA_PATH "" -#define DFL_CRT_FILE "" -#define DFL_KEY_FILE "" -#define DFL_KEY_OPAQUE 0 -#define DFL_KEY_PWD "" -#define DFL_PSK "" -#define DFL_EARLY_DATA -1 -#define DFL_PSK_OPAQUE 0 -#define DFL_PSK_IDENTITY "Client_identity" -#define DFL_ECJPAKE_PW NULL -#define DFL_ECJPAKE_PW_OPAQUE 0 -#define DFL_EC_MAX_OPS -1 -#define DFL_FORCE_CIPHER 0 -#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL -#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED -#define DFL_ALLOW_LEGACY -2 -#define DFL_RENEGOTIATE 0 -#define DFL_EXCHANGES 1 -#define DFL_MIN_VERSION -1 -#define DFL_MAX_VERSION -1 -#define DFL_SHA1 -1 -#define DFL_AUTH_MODE -1 -#define DFL_SET_HOSTNAME 1 -#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE -#define DFL_TRUNC_HMAC -1 -#define DFL_RECSPLIT -1 -#define DFL_RECONNECT 0 -#define DFL_RECO_SERVER_NAME NULL -#define DFL_RECO_DELAY 0 -#define DFL_RECO_MODE 1 -#define DFL_RENEGO_DELAY -2 -#define DFL_CID_ENABLED 0 -#define DFL_CID_VALUE "" -#define DFL_CID_ENABLED_RENEGO -1 -#define DFL_CID_VALUE_RENEGO NULL -#define DFL_RECONNECT_HARD 0 -#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED -#define DFL_ALPN_STRING NULL -#define DFL_GROUPS NULL -#define DFL_SIG_ALGS NULL -#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM -#define DFL_HS_TO_MIN 0 -#define DFL_HS_TO_MAX 0 -#define DFL_DTLS_MTU -1 -#define DFL_DGRAM_PACKING 1 -#define DFL_FALLBACK -1 -#define DFL_EXTENDED_MS -1 -#define DFL_ETM -1 -#define DFL_SERIALIZE 0 -#define DFL_CONTEXT_FILE "" -#define DFL_EXTENDED_MS_ENFORCE -1 -#define DFL_CA_CALLBACK 0 -#define DFL_EAP_TLS 0 -#define DFL_REPRODUCIBLE 0 -#define DFL_NSS_KEYLOG 0 -#define DFL_NSS_KEYLOG_FILE NULL -#define DFL_SKIP_CLOSE_NOTIFY 0 -#define DFL_EXP_LABEL NULL -#define DFL_EXP_LEN 20 -#define DFL_QUERY_CONFIG_MODE 0 -#define DFL_USE_SRTP 0 -#define DFL_SRTP_FORCE_PROFILE 0 -#define DFL_SRTP_MKI "" -#define DFL_KEY_OPAQUE_ALG "none" - -#define GET_REQUEST "GET %s HTTP/1.0\r\nHost: %s\r\nExtra-header: " -#define GET_REQUEST_END "\r\n\r\n" - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_CONTEXT_CRT_CB \ - " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \ - " to the SSL configuration of the SSL context.\n" \ - " Possible values:\n" \ - " - 0 (default): Use CRT callback bound to configuration\n" \ - " - 1: Use CRT callback bound to SSL context\n" -#else -#define USAGE_CONTEXT_CRT_CB "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_FS_IO) -#define USAGE_IO \ - " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded) (overrides ca_file)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ - " default: \"\" (pre-loaded)\n" \ - " key_file=%%s default: \"\" (pre-loaded)\n" \ - " key_pwd=%%s Password for key specified by key_file argument\n" \ - " default: none\n" -#else -#define USAGE_IO \ - " No file operations available (MBEDTLS_FS_IO not defined)\n" -#endif /* MBEDTLS_FS_IO */ -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#define USAGE_IO "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_KEY_OPAQUE \ - " key_opaque=%%d Handle your private key as if it were opaque\n" \ - " default: 0 (disabled)\n" -#else -#define USAGE_KEY_OPAQUE "" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define USAGE_CID \ - " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \ - " default: 0 (disabled)\n" \ - " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \ - " default: same as 'cid' parameter\n" \ - " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \ - " default: \"\"\n" \ - " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \ - " default: same as 'cid_val' parameter\n" -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#define USAGE_CID "" -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#define USAGE_PSK_RAW \ - " psk=%%s default: \"\" (disabled)\n" \ - " The PSK values are in hex, without 0x.\n" \ - " psk_identity=%%s default: \"Client_identity\"\n" -#define USAGE_PSK_SLOT \ - " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ - " Enable this to store the PSK configured through command line\n" \ - " parameter `psk` in a PSA-based key slot.\n" \ - " Note: Currently only supported in conjunction with\n" \ - " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \ - " to force a particular PSK-only ciphersuite.\n" \ - " Note: This is to test integration of PSA-based opaque PSKs with\n" \ - " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ - " with prepopulated key slots instead of importing raw key material.\n" -#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT -#else -#define USAGE_PSK "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -#define USAGE_CA_CALLBACK \ - " ca_callback=%%d default: 0 (disabled)\n" \ - " Enable this to use the trusted certificate callback function\n" -#else -#define USAGE_CA_CALLBACK "" -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#define USAGE_TICKETS \ - " tickets=%%d default: 1 (enabled)\n" -#else -#define USAGE_TICKETS "" -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#define USAGE_EAP_TLS \ - " eap_tls=%%d default: 0 (disabled)\n" -#define USAGE_NSS_KEYLOG \ - " nss_keylog=%%d default: 0 (disabled)\n" \ - " This cannot be used with eap_tls=1\n" -#define USAGE_NSS_KEYLOG_FILE \ - " nss_keylog_file=%%s\n" -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#define USAGE_SRTP \ - " use_srtp=%%d default: 0 (disabled)\n" \ - " This cannot be used with eap_tls=1 or " \ - " nss_keylog=1\n" \ - " srtp_force_profile=%%d default: 0 (all enabled)\n" \ - " available profiles:\n" \ - " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ - " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ - " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ - " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ - " mki=%%s default: \"\" (in hex, without 0x)\n" -#else /* MBEDTLS_SSL_DTLS_SRTP */ -#define USAGE_SRTP "" -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -#define USAGE_MAX_FRAG_LEN \ - " max_frag_len=%%d default: 16384 (tls default)\n" \ - " options: 512, 1024, 2048, 4096\n" -#else -#define USAGE_MAX_FRAG_LEN "" -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ALPN) -#define USAGE_ALPN \ - " alpn=%%s default: \"\" (disabled)\n" \ - " example: spdy/1,http/1.1\n" -#else -#define USAGE_ALPN "" -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) -#define USAGE_GROUPS \ - " groups=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"secp521r1,brainpoolP512r1\"\n" \ - " - use \"none\" for empty list\n" \ - " - see mbedtls_ecp_curve_list()\n" \ - " for acceptable EC group names\n" \ - " - the following ffdh groups are supported:\n" \ - " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \ - " ffdhe8192\n" -#else -#define USAGE_GROUPS "" -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_SIG_ALGS \ - " sig_algs=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n" -#else -#define USAGE_SIG_ALGS "" -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#define USAGE_DTLS \ - " dtls=%%d default: 0 (TLS)\n" \ - " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \ - " range of DTLS handshake timeouts in millisecs\n" \ - " mtu=%%d default: (library default: unlimited)\n" \ - " dgram_packing=%%d default: 1 (allowed)\n" \ - " allow or forbid packing of multiple\n" \ - " records within a single datgram.\n" -#else -#define USAGE_DTLS "" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -#define USAGE_EMS \ - " extended_ms=0/1 default: (library default: on)\n" -#else -#define USAGE_EMS "" -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define USAGE_ETM \ - " etm=0/1 default: (library default: on)\n" -#else -#define USAGE_ETM "" -#endif - -#define USAGE_REPRODUCIBLE \ - " reproducible=0/1 default: 0 (disabled)\n" - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -#define USAGE_RENEGO \ - " renegotiation=%%d default: 0 (disabled)\n" \ - " renegotiate=%%d default: 0 (disabled)\n" \ - " renego_delay=%%d default: -2 (library default)\n" -#else -#define USAGE_RENEGO "" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" \ - " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#define USAGE_ECJPAKE "" -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) -#define USAGE_ECRESTART \ - " ec_max_ops=%%s default: library default (restart disabled)\n" -#else -#define USAGE_ECRESTART "" -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -#define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" \ - " context_file=%%s The file path to write a serialized connection\n" \ - " in the form of base64 code (serialize option\n" \ - " must be set)\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" -#else -#define USAGE_SERIALIZATION "" -#endif - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#define USAGE_EARLY_DATA \ - " early_data=%%d default: library default\n" \ - " options: 0 (disabled), 1 (enabled)\n" -#else -#define USAGE_EARLY_DATA "" -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ - -#define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" \ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " tls13_kex_modes=%%s default: all\n" \ - " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \ - " ephemeral_all, all, psk_or_ephemeral\n" -#else -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) -#define USAGE_EXPORT \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" -#else -#define USAGE_EXPORT "" -#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ - -/* USAGE is arbitrarily split to stay under the portable string literal - * length limit: 4095 bytes in C99. */ -#define USAGE1 \ - "\n usage: ssl_client2 param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_name=%%s default: localhost\n" \ - " server_addr=%%s default: given by name\n" \ - " server_port=%%d default: 4433\n" \ - " request_page=%%s default: \".\"\n" \ - " request_size=%%d default: about 34 (basic request)\n" \ - " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \ - " If 0, in the first exchange only an empty\n" \ - " application data message is sent followed by\n" \ - " a second non-empty message before attempting\n" \ - " to read a response from the server\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " build_version=%%d default: none (disabled)\n" \ - " option: 1 (print build version only and stop)\n" \ - " nbio=%%d default: 0 (blocking I/O)\n" \ - " options: 1 (non-blocking), 2 (added delays)\n" \ - " event=%%d default: 0 (loop)\n" \ - " options: 1 (level-triggered, implies nbio=1),\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ - " max_resend=%%d default: 0 (no resend on timeout)\n" \ - " skip_close_notify=%%d default: 0 (send close_notify)\n" \ - "\n" \ - USAGE_DTLS \ - USAGE_CID \ - USAGE_SRTP \ - "\n" -#define USAGE2 \ - " auth_mode=%%s default: (library default: none)\n" \ - " options: none, optional, required\n" \ - " set_hostname=%%s call mbedtls_ssl_set_hostname()?" \ - " options: no, server_name, NULL\n" \ - " default: server_name (but ignored if certs disabled)\n" \ - USAGE_IO \ - USAGE_KEY_OPAQUE \ - USAGE_CA_CALLBACK \ - "\n" \ - USAGE_PSK \ - USAGE_ECJPAKE \ - USAGE_ECRESTART \ - "\n" -#define USAGE3 \ - " allow_legacy=%%d default: (library default: no)\n" \ - USAGE_RENEGO \ - " exchanges=%%d default: 1\n" \ - " reconnect=%%d number of reconnections using session resumption\n" \ - " default: 0 (disabled)\n" \ - " reco_server_name=%%s default: NULL\n" \ - " reco_delay=%%d default: 0 milliseconds\n" \ - " reco_mode=%%d 0: copy session, 1: serialize session\n" \ - " default: 1\n" \ - " reconnect_hard=%%d default: 0 (disabled)\n" \ - USAGE_TICKETS \ - USAGE_EAP_TLS \ - USAGE_MAX_FRAG_LEN \ - USAGE_CONTEXT_CRT_CB \ - USAGE_ALPN \ - USAGE_EMS \ - USAGE_ETM \ - USAGE_REPRODUCIBLE \ - USAGE_GROUPS \ - USAGE_SIG_ALGS \ - USAGE_EARLY_DATA \ - USAGE_KEY_OPAQUE_ALGS \ - "\n" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define TLS1_3_VERSION_OPTIONS ", tls13" -#else /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#define TLS1_3_VERSION_OPTIONS "" -#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */ - -#define USAGE4 \ - " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls12)\n" \ - " max_version=%%s default: (library default: tls12)\n" \ - " force_version=%%s default: \"\" (none)\n" \ - " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \ - "\n\n" \ - " force_ciphersuite= default: all enabled\n" \ - USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " query_config= return 0 if the specified\n" \ - " configuration macro is defined and 1\n" \ - " otherwise. The expansion of the macro\n" \ - " is printed if it is defined\n" \ - USAGE_SERIALIZATION \ - USAGE_EXPORT \ - "\n" - -/* - * global options - */ -struct options { - const char *server_name; /* hostname of the server (client only) */ - const char *server_addr; /* address of the server (client only) */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int nbio; /* should I/O be blocking? */ - int event; /* loop or event-driven IO? level or edge triggered? */ - uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ - int max_resend; /* DTLS times to resend on read timeout */ - const char *request_page; /* page on server to request */ - int request_size; /* pad request with header to requested size */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *ca_path; /* the path with the CA certificate(s) reside */ - const char *crt_file; /* the file with the client certificate */ - const char *key_file; /* the file with the client key */ - int key_opaque; /* handle private key as if it were opaque */ - int psk_opaque; -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - int ca_callback; /* Use callback for trusted certificate list */ -#endif - const char *key_pwd; /* the password for the client key */ - const char *psk; /* the pre-shared key */ - const char *psk_identity; /* the pre-shared key identity */ - const char *ecjpake_pw; /* the EC J-PAKE password */ - int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ - int ec_max_ops; /* EC consecutive operations limit */ - int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - int renegotiation; /* enable / disable renegotiation */ - int allow_legacy; /* allow legacy renegotiation */ - int renegotiate; /* attempt renegotiation? */ - int renego_delay; /* delay before enforcing renegotiation */ - int exchanges; /* number of data exchanges */ - int min_version; /* minimum protocol version accepted */ - int max_version; /* maximum protocol version accepted */ - int allow_sha1; /* flag for SHA-1 support */ - int auth_mode; /* verify mode for connection */ - int set_hostname; /* call mbedtls_ssl_set_hostname()? */ - /* 0=no, 1=yes, -1=NULL */ - unsigned char mfl_code; /* code for maximum fragment length */ - int trunc_hmac; /* negotiate truncated hmac or not */ - int recsplit; /* enable record splitting? */ - int reconnect; /* attempt to resume session */ - const char *reco_server_name; /* hostname of the server (re-connect) */ - int reco_delay; /* delay in seconds before resuming session */ - int reco_mode; /* how to keep the session around */ - int reconnect_hard; /* unexpectedly reconnect from the same port */ - int tickets; /* enable / disable session tickets */ - const char *groups; /* list of supported groups */ - const char *sig_algs; /* supported TLS 1.3 signature algorithms */ - const char *alpn_string; /* ALPN supported protocols */ - int transport; /* TLS or DTLS? */ - uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ - uint32_t hs_to_max; /* Max value of DTLS handshake timer */ - int dtls_mtu; /* UDP Maximum transport unit for DTLS */ - int fallback; /* is this a fallback connection? */ - int dgram_packing; /* allow/forbid datagram packing */ - int extended_ms; /* negotiate extended master secret? */ - int etm; /* negotiate encrypt then mac? */ - int context_crt_cb; /* use context-specific CRT verify callback */ - int eap_tls; /* derive EAP-TLS keying material? */ - int nss_keylog; /* export NSS key log material */ - const char *nss_keylog_file; /* NSS key log file */ - int cid_enabled; /* whether to use the CID extension or not */ - int cid_enabled_renego; /* whether to use the CID extension or not - * during renegotiation */ - const char *cid_val; /* the CID to use for incoming messages */ - int serialize; /* serialize/deserialize connection */ - const char *context_file; /* the file to write a serialized connection - * in the form of base64 code (serialize - * option must be set) */ - const char *cid_val_renego; /* the CID to use for incoming messages - * after renegotiation */ - int reproducible; /* make communication reproducible */ - int skip_close_notify; /* skip sending the close_notify alert */ - const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ - int exp_len; /* Length of key to export using mbedtls_ssl_export_keying_material() */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* early data enablement flag */ -#endif - int query_config_mode; /* whether to read config */ - int use_srtp; /* Support SRTP */ - int force_srtp_profile; /* SRTP protection profile to use or all */ - const char *mki; /* The dtls mki value to use */ - const char *key_opaque_alg1; /* Allowed opaque key alg 1 */ - const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */ -} opt; - -#include "ssl_test_common_source.c" - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static unsigned char peer_crt_info[1024]; - -/* - * Enabled if debug_level > 1 in code below - */ -static int my_verify(void *data, mbedtls_x509_crt *crt, - int depth, uint32_t *flags) -{ - char buf[1024]; - ((void) data); - - mbedtls_printf("\nVerify requested for (Depth %d):\n", depth); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); - if (depth == 0) { - memcpy(peer_crt_info, buf, sizeof(buf)); - } - - if (opt.debug_level == 0) { - return 0; - } - - mbedtls_printf("%s", buf); -#else - ((void) crt); - ((void) depth); -#endif - - if ((*flags) == 0) { - mbedtls_printf(" This certificate has no flags\n"); - } else { - x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags); - mbedtls_printf("%s\n", buf); - } - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static int report_cid_usage(mbedtls_ssl_context *ssl, - const char *additional_description) -{ - int ret; - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; - size_t peer_cid_len; - int cid_negotiated; - - if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } - - /* Check if the use of a CID has been negotiated, - * but don't ask for the CID value and length. - * - * Note: Here and below, we're demonstrating the various ways - * in which mbedtls_ssl_get_peer_cid() can be called, - * depending on whether or not the length/value of the - * peer's CID is needed. - * - * An actual application, however, should use - * just one call to mbedtls_ssl_get_peer_cid(). */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - NULL, NULL); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - - if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) { - if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) { - mbedtls_printf("(%s) Use of Connection ID was rejected by the server.\n", - additional_description); - } - } else { - size_t idx = 0; - mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n", - additional_description); - - /* Ask for just the length of the peer's CID. */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - NULL, &peer_cid_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - - /* Ask for just length + value of the peer's CID. */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - peer_cid, &peer_cid_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - mbedtls_printf("(%s) Peer CID (length %u Bytes): ", - additional_description, - (unsigned) peer_cid_len); - while (idx < peer_cid_len) { - mbedtls_printf("%02x ", peer_cid[idx]); - idx++; - } - mbedtls_printf("\n"); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -static int ssl_save_session_serialize(mbedtls_ssl_context *ssl, - unsigned char **session_data, - size_t *session_data_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_session exported_session; - - /* free any previously saved data */ - if (*session_data != NULL) { - mbedtls_platform_zeroize(*session_data, *session_data_len); - mbedtls_free(*session_data); - *session_data = NULL; - *session_data_len = 0; - } - - mbedtls_ssl_session_init(&exported_session); - ret = mbedtls_ssl_get_session(ssl, &exported_session); - if (ret != 0) { - mbedtls_printf( - "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n", - (unsigned) -ret); - goto exit; - } - - /* get size of the buffer needed */ - (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len); - *session_data = mbedtls_calloc(1, *session_data_len); - if (*session_data == NULL) { - mbedtls_printf(" failed\n ! alloc %u bytes for session data\n", - (unsigned) *session_data_len); - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - - /* actually save session data */ - if ((ret = mbedtls_ssl_session_save(&exported_session, - *session_data, *session_data_len, - session_data_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", - (unsigned int) -ret); - goto exit; - } - -exit: - mbedtls_ssl_session_free(&exported_session); - return ret; -} - -/* - * Build HTTP request - */ -static int build_http_request(unsigned char *buf, size_t buf_size, size_t *request_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len, tail_len, request_size; - - ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page, opt.server_name); - if (ret < 0) { - return ret; - } - - len = (size_t) ret; - tail_len = strlen(GET_REQUEST_END); - if (opt.request_size != DFL_REQUEST_SIZE) { - request_size = (size_t) opt.request_size; - } else { - request_size = len + tail_len; - } - - if (request_size > buf_size) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* Add padding to GET request to reach opt.request_size in length */ - if (opt.request_size != DFL_REQUEST_SIZE && - len + tail_len < request_size) { - memset(buf + len, 'A', request_size - len - tail_len); - len = request_size - tail_len; - } - - strncpy((char *) buf + len, GET_REQUEST_END, buf_size - len); - len += tail_len; - - /* Truncate if request size is smaller than the "natural" size */ - if (opt.request_size != DFL_REQUEST_SIZE && - len > request_size) { - len = request_size; - - /* Still end with \r\n unless that's really not possible */ - if (len >= 2) { - buf[len - 2] = '\r'; - } - if (len >= 1) { - buf[len - 1] = '\n'; - } - } - - *request_len = len; - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 0, i; - size_t len, written, frags, retry_left; - int query_config_ret = 0; - mbedtls_net_context server_fd; - io_ctx_t io_ctx; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; -#endif - - unsigned char buf[MAX_REQUEST_SIZE + 1]; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - unsigned char psk[MBEDTLS_PSK_MAX_LEN]; - size_t psk_len = 0; -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; - size_t cid_len = 0; - size_t cid_renego_len = 0; -#endif - -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn_list[ALPN_LIST_SIZE]; -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[MEMORY_HEAP_SIZE]; -#endif - uint16_t group_list[GROUP_LIST_SIZE]; -#if defined(MBEDTLS_SSL_DTLS_SRTP) - unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; - size_t mki_len = 0; -#endif - - const char *pers = "ssl_client2"; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; - psa_algorithm_t alg = 0; - psa_key_attributes_t key_attributes; -#endif - psa_status_t status; - - rng_context_t rng; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ssl_session saved_session; - unsigned char *session_data = NULL; - size_t session_data_len = 0; -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer; -#endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint32_t flags; - mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; - mbedtls_pk_context pkey; - mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - char *p, *q; - const int *list; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; -#endif - unsigned char eap_tls_keymaterial[16]; - unsigned char eap_tls_iv[8]; - const char *eap_tls_label = "client EAP encryption"; - eap_tls_keys eap_tls_keying; -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; - const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp"; - dtls_srtp_keys dtls_srtp_keying; - const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_UNSET - }; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - -#if defined(MBEDTLS_TEST_HOOKS) - test_hooks_init(); -#endif /* MBEDTLS_TEST_HOOKS */ - - /* - * Make sure memory references are valid. - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_session_init(&saved_session); - rng_init(&rng); -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_init(&cacert); - mbedtls_x509_crt_init(&clicert); - mbedtls_pk_init(&pkey); -#endif -#if defined(MBEDTLS_SSL_ALPN) - memset((void *) alpn_list, 0, sizeof(alpn_list)); -#endif - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - mbedtls_test_enable_insecure_external_rng(); -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - - opt.server_name = DFL_SERVER_NAME; - opt.server_addr = DFL_SERVER_ADDR; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.cid_enabled = DFL_CID_ENABLED; - opt.cid_val = DFL_CID_VALUE; - opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO; - opt.cid_val_renego = DFL_CID_VALUE_RENEGO; - opt.nbio = DFL_NBIO; - opt.event = DFL_EVENT; - opt.context_crt_cb = DFL_CONTEXT_CRT_CB; - opt.read_timeout = DFL_READ_TIMEOUT; - opt.max_resend = DFL_MAX_RESEND; - opt.request_page = DFL_REQUEST_PAGE; - opt.request_size = DFL_REQUEST_SIZE; - opt.ca_file = DFL_CA_FILE; - opt.ca_path = DFL_CA_PATH; - opt.crt_file = DFL_CRT_FILE; - opt.key_file = DFL_KEY_FILE; - opt.key_opaque = DFL_KEY_OPAQUE; - opt.key_pwd = DFL_KEY_PWD; - opt.psk = DFL_PSK; - opt.psk_opaque = DFL_PSK_OPAQUE; -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - opt.ca_callback = DFL_CA_CALLBACK; -#endif - opt.psk_identity = DFL_PSK_IDENTITY; - opt.ecjpake_pw = DFL_ECJPAKE_PW; - opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; - opt.ec_max_ops = DFL_EC_MAX_OPS; - opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - opt.renegotiation = DFL_RENEGOTIATION; - opt.allow_legacy = DFL_ALLOW_LEGACY; - opt.renegotiate = DFL_RENEGOTIATE; - opt.renego_delay = DFL_RENEGO_DELAY; - opt.exchanges = DFL_EXCHANGES; - opt.min_version = DFL_MIN_VERSION; - opt.max_version = DFL_MAX_VERSION; - opt.allow_sha1 = DFL_SHA1; - opt.auth_mode = DFL_AUTH_MODE; - opt.set_hostname = DFL_SET_HOSTNAME; - opt.mfl_code = DFL_MFL_CODE; - opt.trunc_hmac = DFL_TRUNC_HMAC; - opt.recsplit = DFL_RECSPLIT; - opt.reconnect = DFL_RECONNECT; - opt.reco_server_name = DFL_RECO_SERVER_NAME; - opt.reco_delay = DFL_RECO_DELAY; - opt.reco_mode = DFL_RECO_MODE; - opt.reconnect_hard = DFL_RECONNECT_HARD; - opt.tickets = DFL_TICKETS; - opt.alpn_string = DFL_ALPN_STRING; - opt.groups = DFL_GROUPS; - opt.sig_algs = DFL_SIG_ALGS; -#if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA; -#endif - opt.transport = DFL_TRANSPORT; - opt.hs_to_min = DFL_HS_TO_MIN; - opt.hs_to_max = DFL_HS_TO_MAX; - opt.dtls_mtu = DFL_DTLS_MTU; - opt.fallback = DFL_FALLBACK; - opt.extended_ms = DFL_EXTENDED_MS; - opt.etm = DFL_ETM; - opt.dgram_packing = DFL_DGRAM_PACKING; - opt.serialize = DFL_SERIALIZE; - opt.context_file = DFL_CONTEXT_FILE; - opt.eap_tls = DFL_EAP_TLS; - opt.reproducible = DFL_REPRODUCIBLE; - opt.nss_keylog = DFL_NSS_KEYLOG; - opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; - opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; - opt.exp_label = DFL_EXP_LABEL; - opt.exp_len = DFL_EXP_LEN; - opt.query_config_mode = DFL_QUERY_CONFIG_MODE; - opt.use_srtp = DFL_USE_SRTP; - opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; - opt.mki = DFL_SRTP_MKI; - opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG; - opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG; - - p = q = NULL; - if (argc < 1) { -usage: - if (p != NULL && q != NULL) { - printf("unrecognized value for '%s': '%s'\n", p, q); - } else if (p != NULL && q == NULL) { - printf("unrecognized param: '%s'\n", p); - } - - mbedtls_printf("usage: ssl_client2 [param=value] [...]\n"); - mbedtls_printf(" ssl_client2 help[_theme]\n"); - mbedtls_printf("'help' lists acceptable 'param' and 'value'\n"); - mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n"); - mbedtls_printf("\n"); - - if (ret == 0) { - ret = 1; - } - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - - if (strcmp(p, "help") == 0) { - mbedtls_printf(USAGE1); - mbedtls_printf(USAGE2); - mbedtls_printf(USAGE3); - mbedtls_printf(USAGE4); - - ret = 0; - goto exit; - } - if (strcmp(p, "help_ciphersuites") == 0) { - mbedtls_printf(" acceptable ciphersuite names:\n"); - for (list = mbedtls_ssl_list_ciphersuites(); - *list != 0; - list++) { - mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); - } - - ret = 0; - goto exit; - } - - if ((q = strchr(p, '=')) == NULL) { - mbedtls_printf("param requires a value: '%s'\n", p); - p = NULL; // avoid "unrecnognized param" message - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "server_name") == 0) { - opt.server_name = q; - } else if (strcmp(p, "server_addr") == 0) { - opt.server_addr = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "dtls") == 0) { - int t = atoi(q); - if (t == 0) { - opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM; - } else if (t == 1) { - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } else { - goto usage; - } - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "build_version") == 0) { - if (strcmp(q, "1") == 0) { - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, - MBEDTLS_VERSION_NUMBER); - goto exit; - } - } else if (strcmp(p, "context_crt_cb") == 0) { - opt.context_crt_cb = atoi(q); - if (opt.context_crt_cb != 0 && opt.context_crt_cb != 1) { - goto usage; - } - } else if (strcmp(p, "nbio") == 0) { - opt.nbio = atoi(q); - if (opt.nbio < 0 || opt.nbio > 2) { - goto usage; - } - } else if (strcmp(p, "event") == 0) { - opt.event = atoi(q); - if (opt.event < 0 || opt.event > 2) { - goto usage; - } - } else if (strcmp(p, "read_timeout") == 0) { - opt.read_timeout = atoi(q); - } else if (strcmp(p, "max_resend") == 0) { - opt.max_resend = atoi(q); - if (opt.max_resend < 0) { - goto usage; - } - } else if (strcmp(p, "request_page") == 0) { - opt.request_page = q; - } else if (strcmp(p, "request_size") == 0) { - opt.request_size = atoi(q); - if (opt.request_size < 0 || - opt.request_size > MAX_REQUEST_SIZE) { - goto usage; - } - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "ca_path") == 0) { - opt.ca_path = q; - } else if (strcmp(p, "crt_file") == 0) { - opt.crt_file = q; - } else if (strcmp(p, "key_file") == 0) { - opt.key_file = q; - } else if (strcmp(p, "key_pwd") == 0) { - opt.key_pwd = q; - } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "key_opaque") == 0) { - opt.key_opaque = atoi(q); - } -#endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - else if (strcmp(p, "cid") == 0) { - opt.cid_enabled = atoi(q); - if (opt.cid_enabled != 0 && opt.cid_enabled != 1) { - goto usage; - } - } else if (strcmp(p, "cid_renego") == 0) { - opt.cid_enabled_renego = atoi(q); - if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) { - goto usage; - } - } else if (strcmp(p, "cid_val") == 0) { - opt.cid_val = q; - } else if (strcmp(p, "cid_val_renego") == 0) { - opt.cid_val_renego = q; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - else if (strcmp(p, "psk") == 0) { - opt.psk = q; - } else if (strcmp(p, "psk_opaque") == 0) { - opt.psk_opaque = atoi(q); - } -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - else if (strcmp(p, "ca_callback") == 0) { - opt.ca_callback = atoi(q); - } -#endif - else if (strcmp(p, "psk_identity") == 0) { - opt.psk_identity = q; - } else if (strcmp(p, "ecjpake_pw") == 0) { - opt.ecjpake_pw = q; - } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { - opt.ecjpake_pw_opaque = atoi(q); - } else if (strcmp(p, "ec_max_ops") == 0) { - opt.ec_max_ops = atoi(q); - } else if (strcmp(p, "force_ciphersuite") == 0) { - opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); - - if (opt.force_ciphersuite[0] == 0) { - ret = 2; - goto usage; - } - opt.force_ciphersuite[1] = 0; - } else if (strcmp(p, "renegotiation") == 0) { - opt.renegotiation = (atoi(q)) ? - MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; - } else if (strcmp(p, "allow_legacy") == 0) { - switch (atoi(q)) { - case -1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; - break; - case 0: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - break; - case 1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; - break; - default: goto usage; - } - } else if (strcmp(p, "renego_delay") == 0) { - opt.renego_delay = (atoi(q)); - } else if (strcmp(p, "renegotiate") == 0) { - opt.renegotiate = atoi(q); - if (opt.renegotiate < 0 || opt.renegotiate > 1) { - goto usage; - } - } else if (strcmp(p, "exchanges") == 0) { - opt.exchanges = atoi(q); - if (opt.exchanges < 1) { - goto usage; - } - } else if (strcmp(p, "reconnect") == 0) { - opt.reconnect = atoi(q); - if (opt.reconnect < 0 || opt.reconnect > 2) { - goto usage; - } - } else if (strcmp(p, "reco_server_name") == 0) { - opt.reco_server_name = q; - } else if (strcmp(p, "reco_delay") == 0) { - opt.reco_delay = atoi(q); - if (opt.reco_delay < 0) { - goto usage; - } - } else if (strcmp(p, "reco_mode") == 0) { - opt.reco_mode = atoi(q); - if (opt.reco_mode < 0) { - goto usage; - } - } else if (strcmp(p, "reconnect_hard") == 0) { - opt.reconnect_hard = atoi(q); - if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) { - goto usage; - } - } else if (strcmp(p, "tickets") == 0) { - opt.tickets = atoi(q); - if (opt.tickets < 0) { - goto usage; - } - } else if (strcmp(p, "alpn") == 0) { - opt.alpn_string = q; - } else if (strcmp(p, "extended_ms") == 0) { - switch (atoi(q)) { - case 0: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; - break; - case 1: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "groups") == 0) { - opt.groups = q; - } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "sig_algs") == 0) { - opt.sig_algs = q; - } -#endif - else if (strcmp(p, "etm") == 0) { - switch (atoi(q)) { - case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break; - case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break; - default: goto usage; - } - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_SSL_EARLY_DATA) - else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - else if (strcmp(p, "tls13_kex_modes") == 0) { - if (strcmp(q, "psk") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } else if (strcmp(q, "psk_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } else if (strcmp(q, "ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else if (strcmp(q, "ephemeral_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL; - } else if (strcmp(q, "psk_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - } else if (strcmp(q, "all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; - } else if (strcmp(q, "psk_or_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else { - goto usage; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else if (strcmp(p, "min_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "max_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "allow_sha1") == 0) { - switch (atoi(q)) { - case 0: opt.allow_sha1 = 0; break; - case 1: opt.allow_sha1 = 1; break; - default: goto usage; - } - } else if (strcmp(p, "force_version") == 0) { - if (strcmp(q, "tls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } else if (strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "auth_mode") == 0) { - if (strcmp(q, "none") == 0) { - opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE; - } else if (strcmp(q, "optional") == 0) { - opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - } else if (strcmp(q, "required") == 0) { - opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; - } else { - goto usage; - } - } else if (strcmp(p, "set_hostname") == 0) { - if (strcmp(q, "no") == 0) { - opt.set_hostname = 0; - } else if (strcmp(q, "server_name") == 0) { - opt.set_hostname = 1; - } else if (strcmp(q, "NULL") == 0) { - opt.set_hostname = -1; - } else { - goto usage; - } - } else if (strcmp(p, "max_frag_len") == 0) { - if (strcmp(q, "512") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; - } else if (strcmp(q, "1024") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024; - } else if (strcmp(q, "2048") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048; - } else if (strcmp(q, "4096") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096; - } else { - goto usage; - } - } else if (strcmp(p, "trunc_hmac") == 0) { - switch (atoi(q)) { - case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break; - case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break; - default: goto usage; - } - } else if (strcmp(p, "hs_timeout") == 0) { - if ((p = strchr(q, '-')) == NULL) { - goto usage; - } - *p++ = '\0'; - opt.hs_to_min = atoi(q); - opt.hs_to_max = atoi(p); - if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) { - goto usage; - } - } else if (strcmp(p, "mtu") == 0) { - opt.dtls_mtu = atoi(q); - if (opt.dtls_mtu < 0) { - goto usage; - } - } else if (strcmp(p, "dgram_packing") == 0) { - opt.dgram_packing = atoi(q); - if (opt.dgram_packing != 0 && - opt.dgram_packing != 1) { - goto usage; - } - } else if (strcmp(p, "recsplit") == 0) { - opt.recsplit = atoi(q); - if (opt.recsplit < 0 || opt.recsplit > 1) { - goto usage; - } - } else if (strcmp(p, "query_config") == 0) { - opt.query_config_mode = 1; - query_config_ret = query_config(q); - goto exit; - } else if (strcmp(p, "serialize") == 0) { - opt.serialize = atoi(q); - if (opt.serialize < 0 || opt.serialize > 2) { - goto usage; - } - } else if (strcmp(p, "context_file") == 0) { - opt.context_file = q; - } else if (strcmp(p, "eap_tls") == 0) { - opt.eap_tls = atoi(q); - if (opt.eap_tls < 0 || opt.eap_tls > 1) { - goto usage; - } - } else if (strcmp(p, "reproducible") == 0) { - opt.reproducible = 1; - } else if (strcmp(p, "nss_keylog") == 0) { - opt.nss_keylog = atoi(q); - if (opt.nss_keylog < 0 || opt.nss_keylog > 1) { - goto usage; - } - } else if (strcmp(p, "nss_keylog_file") == 0) { - opt.nss_keylog_file = q; - } else if (strcmp(p, "skip_close_notify") == 0) { - opt.skip_close_notify = atoi(q); - if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) { - goto usage; - } - } else if (strcmp(p, "exp_label") == 0) { - opt.exp_label = q; - } else if (strcmp(p, "exp_len") == 0) { - opt.exp_len = atoi(q); - } else if (strcmp(p, "use_srtp") == 0) { - opt.use_srtp = atoi(q); - } else if (strcmp(p, "srtp_force_profile") == 0) { - opt.force_srtp_profile = atoi(q); - } else if (strcmp(p, "mki") == 0) { - opt.mki = q; - } else if (strcmp(p, "key_opaque_algs") == 0) { - if (key_opaque_alg_parse(q, &opt.key_opaque_alg1, - &opt.key_opaque_alg2) != 0) { - goto usage; - } - } else { - /* This signals that the problem is with p not q */ - q = NULL; - goto usage; - } - } - /* This signals that any further errors are not with a single option */ - p = q = NULL; - - if (opt.nss_keylog != 0 && opt.eap_tls != 0) { - mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n"); - goto usage; - } - - /* Event-driven IO is incompatible with the above custom - * receive and send functions, as the polling builds on - * refers to the underlying net_context. */ - if (opt.event == 1 && opt.nbio != 1) { - mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n"); - opt.nbio = 1; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(opt.debug_level); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - /* - * Unhexify the pre-shared key if any is given - */ - if (strlen(opt.psk)) { - if (mbedtls_test_unhexify(psk, sizeof(psk), - opt.psk, &psk_len) != 0) { - mbedtls_printf("pre-shared key not valid\n"); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - - if (opt.psk_opaque != 0) { - if (opt.psk == NULL) { - mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); - ret = 2; - goto usage; - } - - if (opt.force_ciphersuite[0] <= 0) { - mbedtls_printf( - "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n"); - ret = 2; - goto usage; - } - } - - if (opt.force_ciphersuite[0] > 0) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]); - - if (opt.max_version != -1 && - ciphersuite_info->min_tls_version > opt.max_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - if (opt.min_version != -1 && - ciphersuite_info->max_tls_version < opt.min_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - - /* If the server selects a version that's not supported by - * this suite, then there will be no common ciphersuite... */ - if (opt.max_version == -1 || - opt.max_version > ciphersuite_info->max_tls_version) { - opt.max_version = ciphersuite_info->max_tls_version; - } - if (opt.min_version < ciphersuite_info->min_tls_version) { - opt.min_version = ciphersuite_info->min_tls_version; - /* DTLS starts with TLS 1.2 */ - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (opt.psk_opaque != 0) { - /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else -#endif /* PSA_WANT_ALG_SHA_384 */ - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (mbedtls_test_unhexify(cid, sizeof(cid), - opt.cid_val, &cid_len) != 0) { - mbedtls_printf("CID not valid\n"); - goto exit; - } - - /* Keep CID settings for renegotiation unless - * specified otherwise. */ - if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) { - opt.cid_enabled_renego = opt.cid_enabled; - } - if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) { - opt.cid_val_renego = opt.cid_val; - } - - if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego), - opt.cid_val_renego, &cid_renego_len) != 0) { - mbedtls_printf("CID not valid\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if (opt.groups != NULL) { - if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) { - goto exit; - } - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - p = (char *) opt.sig_algs; - i = 0; - - /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */ - while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') { - q = p; - - /* Terminate the current string */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - - if (strcmp(q, "rsa_pkcs1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; - } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; - } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; - } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - } else if (strcmp(q, "ed25519") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; - } else if (strcmp(q, "ed448") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; - } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; - } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; - } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; - } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; - } else if (strcmp(q, "ecdsa_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; - } else { - ret = -1; - mbedtls_printf("unknown signature algorithm \"%s\"\n", q); - mbedtls_print_supported_sig_algs(); - goto exit; - } - } - - if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') { - mbedtls_printf("signature algorithm list too long, maximum %d", - SIG_ALG_LIST_SIZE - 1); - goto exit; - } - - sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE; - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - p = (char *) opt.alpn_string; - i = 0; - - /* Leave room for a final NULL in alpn_list */ - while (i < ALPN_LIST_SIZE - 1 && *p != '\0') { - alpn_list[i++] = p; - - /* Terminate the current string and move on to next one */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - } - } -#endif /* MBEDTLS_SSL_ALPN */ - - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER); - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - ret = rng_seed(&rng, opt.reproducible, pers); - if (ret != 0) { - goto exit; - } - mbedtls_printf(" ok\n"); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - if (strcmp(opt.ca_path, "none") == 0 || - strcmp(opt.ca_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.ca_path)) { - ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path); - } else if (strlen(opt.ca_file)) { - ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); - } else -#endif - { -#if defined(MBEDTLS_PEM_PARSE_C) - for (i = 0; mbedtls_test_cas[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse(&cacert, - (const unsigned char *) mbedtls_test_cas[i], - mbedtls_test_cas_len[i]); - if (ret != 0) { - break; - } - } -#endif /* MBEDTLS_PEM_PARSE_C */ - if (ret == 0) { - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der(&cacert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - if (ret != 0) { - break; - } - } - } - } - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1.2. Load own certificate and private key - * - * (can be skipped if client authentication is not required) - */ - mbedtls_printf(" . Loading the client cert. and key..."); - fflush(stdout); - - if (strcmp(opt.crt_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.crt_file)) { - ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file); - } else -#endif - { ret = mbedtls_x509_crt_parse(&clicert, - (const unsigned char *) mbedtls_test_cli_crt, - mbedtls_test_cli_crt_len); } - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (strcmp(opt.key_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd); - } else -#endif - { ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, NULL, 0); } - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.key_opaque != 0) { - psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; - psa_key_usage_t usage = 0; - - if (key_opaque_set_alg_usage(opt.key_opaque_alg1, - opt.key_opaque_alg2, - &psa_alg, &psa_alg2, - &usage, - mbedtls_pk_get_type(&pkey)) == 0) { - ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot); - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "mbedtls_pk_get_psa_attributes returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - } - - mbedtls_printf(" ok (key type: %s)\n", - strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - mbedtls_pk_get_name(&pkey) : "none"); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - opt.transport, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* The default algorithms profile disables SHA-1, but our tests still - rely on it heavily. */ - if (opt.allow_sha1 > 0) { - crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1); - mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test); - mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test); - } - if (opt.context_crt_cb == 0) { - mbedtls_ssl_conf_verify(&conf, my_verify, NULL); - } - - memset(peer_crt_info, 0, sizeof(peer_crt_info)); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) { - if (opt.cid_enabled == 1 && - opt.cid_enabled_renego == 1 && - cid_len != cid_renego_len) { - mbedtls_printf("CID length must not change during renegotiation\n"); - goto usage; - } - - if (opt.cid_enabled == 1) { - ret = mbedtls_ssl_conf_cid(&conf, cid_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } else { - ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", - (unsigned int) -ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - if (opt.auth_mode != DFL_AUTH_MODE) { - mbedtls_ssl_conf_authmode(&conf, opt.auth_mode); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) { - mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min, - opt.hs_to_max); - } - - if (opt.dgram_packing != DFL_DGRAM_PACKING) { - mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", - ret); - goto exit; - } -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - const mbedtls_ssl_srtp_profile forced_profile[] = - { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; - if (opt.use_srtp == 1) { - if (opt.force_srtp_profile != 0) { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile); - } else { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", - ret); - goto exit; - } - - } else if (opt.force_srtp_profile != 0) { - mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if (opt.extended_ms != DFL_EXTENDED_MS) { - mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms); - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (opt.etm != DFL_ETM) { - mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm); - } -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", - ret); - goto exit; - } - } -#endif - - if (opt.reproducible) { -#if defined(MBEDTLS_HAVE_TIME) -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: reproducible option used without constant time\n"); -#endif -#endif /* MBEDTLS_HAVE_TIME */ - } - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_session_tickets(&conf, opt.tickets); -#endif - - if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { - mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (opt.allow_legacy != DFL_ALLOW_LEGACY) { - mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy); - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation); - if (opt.renego_delay != DFL_RENEGO_DELAY) { - mbedtls_ssl_conf_renegotiation_enforced(&conf, opt.renego_delay); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (strcmp(opt.ca_path, "none") != 0 && - strcmp(opt.ca_file, "none") != 0) { -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (opt.ca_callback != 0) { - mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert); - } else -#endif - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - } - if (strcmp(opt.crt_file, "none") != 0 && - strcmp(opt.key_file, "none") != 0) { - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) - if (opt.groups != NULL && - strcmp(opt.groups, "default") != 0) { - mbedtls_ssl_conf_groups(&conf, group_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (opt.psk_opaque != 0) { - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, psk, psk_len, &slot); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, slot, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n", - ret); - goto exit; - } - } else - if (psk_len > 0) { - ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - - if (opt.min_version != DFL_MIN_VERSION) { - mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version); - } - - if (opt.max_version != DFL_MAX_VERSION) { - mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version); - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (opt.early_data != DFL_EARLY_DATA) { - mbedtls_ssl_conf_early_data(&conf, opt.early_data); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.eap_tls != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation, - &eap_tls_keying); - } else if (opt.nss_keylog != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, - nss_keylog_export, - NULL); - } -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation, - &dtls_srtp_keying); - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - switch (opt.set_hostname) { - case -1: - if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", - ret); - goto exit; - } - break; - case 0: - /* Skip the call */ - break; - default: - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", - ret); - goto exit; - } - break; - } -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { - if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - status = psa_import_key(&attributes, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw), - &ecjpake_pw_slot); - if (status != PSA_SUCCESS) { - mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n", - status); - goto exit; - } - if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, - ecjpake_pw_slot)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n", - ret); - goto exit; - } - mbedtls_printf("using opaque password\n"); - } else { - if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", - ret); - goto exit; - } - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.context_crt_cb == 1) { - mbedtls_ssl_set_verify(&ssl, my_verify, NULL); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - io_ctx.ssl = &ssl; - io_ctx.net = &server_fd; - mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb, - opt.nbio == 0 ? recv_timeout_cb : NULL); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled, - cid, cid_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.dtls_mtu != DFL_DTLS_MTU) { - mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu); - } -#endif - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (opt.ec_max_ops != DFL_EC_MAX_OPS) { - psa_interruptible_set_max_ops(opt.ec_max_ops); - } -#endif - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - if (opt.use_srtp != 0 && strlen(opt.mki) != 0) { - if (mbedtls_test_unhexify(mki, sizeof(mki), - opt.mki, &mki_len) != 0) { - mbedtls_printf("mki value not valid hex\n"); - goto exit; - } - - mbedtls_ssl_conf_srtp_mki_value_supported(&conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED); - if ((ret = mbedtls_ssl_dtls_srtp_set_mki_value(&ssl, mki, - (uint16_t) strlen(opt.mki) / 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret); - goto exit; - } - } -#endif - - mbedtls_printf(" ok\n"); - - /* - * 3. Start the connection - */ - if (opt.server_addr == NULL) { - opt.server_addr = opt.server_name; - } - - mbedtls_printf(" . Connecting to %s/%s/%s...", - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp", - opt.server_addr, opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, - opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.nbio > 0) { - ret = mbedtls_net_set_nonblock(&server_fd); - } else { - ret = mbedtls_net_set_block(&server_fd); - } - if (ret != 0) { - mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", - (unsigned int) -ret); -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) { - mbedtls_printf( - " Unable to verify the server's certificate. " - "Either it is invalid,\n" - " or you didn't set ca_file or ca_path " - "to an appropriate value.\n" - " Alternatively, you may want to use " - "auth_mode=optional for testing purposes if " - "not using TLS 1.3.\n" - " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`" - "or other folder that has root certificates\n"); - - flags = mbedtls_ssl_get_verify_result(&ssl); - char vrfy_buf[512]; - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - mbedtls_printf("%s\n", vrfy_buf); - } -#endif - mbedtls_printf("\n"); - goto exit; - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - ret = idle(&server_fd, &timer, ret); -#else - ret = idle(&server_fd, ret); -#endif - if (ret != 0) { - goto exit; - } - } - } - - { - int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl); - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); - - mbedtls_printf(" ok\n [ Protocol is %s ]\n" - " [ Ciphersuite is %s ]\n" - " [ Key size is %u ]\n", - mbedtls_ssl_get_version(&ssl), - mbedtls_ssl_ciphersuite_get_name(ciphersuite_info), - (unsigned int) - mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info)); - } - - if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) { - mbedtls_printf(" [ Record expansion is %d ]\n", ret); - } else { - mbedtls_printf(" [ Record expansion is unknown ]\n"); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl)); - mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl)); -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl); - mbedtls_printf(" [ Application Layer Protocol is %s ]\n", - alp ? alp : "(none)"); - } -#endif - - if (opt.eap_tls != 0) { - size_t j = 0; - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, - eap_tls_keying.master_secret, - sizeof(eap_tls_keying.master_secret), - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_keymaterial, - sizeof(eap_tls_keymaterial))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" EAP-TLS key material is:"); - for (j = 0; j < sizeof(eap_tls_keymaterial); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_keymaterial[j]); - } - mbedtls_printf("\n"); - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0, - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_iv, - sizeof(eap_tls_iv))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" EAP-TLS IV is:"); - for (j = 0; j < sizeof(eap_tls_iv); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_iv[j]); - } - mbedtls_printf("\n"); - } - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - size_t j = 0; - mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; - mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result); - - if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile - == MBEDTLS_TLS_SRTP_UNSET) { - mbedtls_printf(" Unable to negotiate " - "the use of DTLS-SRTP\n"); - } else { - if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof(dtls_srtp_keying.master_secret), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof(dtls_srtp_keying.randbytes), - dtls_srtp_key_material, - sizeof(dtls_srtp_key_material))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" DTLS-SRTP key material is:"); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - /* produce a less readable output used to perform automatic checks - * - compare client and server output - * - interop test with openssl which client produces this kind of output - */ - mbedtls_printf(" Keying material: "); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - mbedtls_printf("%02X", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - if (dtls_srtp_negotiation_result.mki_len > 0) { - mbedtls_printf(" DTLS-SRTP mki value: "); - for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) { - mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]); - } - } else { - mbedtls_printf(" DTLS-SRTP no mki value negotiated"); - } - mbedtls_printf("\n"); - } - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - if (opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - mbedtls_printf(" . Saving session for reuse..."); - fflush(stdout); - - if (opt.reco_mode == 1) { - if ((ret = ssl_save_session_serialize(&ssl, - &session_data, &session_data_len)) != 0) { - mbedtls_printf(" failed\n ! ssl_save_session_serialize returned -0x%04x\n\n", - (unsigned int) -ret); - goto exit; - } - - } else { - if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - if (opt.reco_mode == 1) { - mbedtls_printf(" [ Saved %u bytes of session data]\n", - (unsigned) session_data_len); - } - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { - char vrfy_buf[512]; - mbedtls_printf(" failed\n"); - - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), - " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); - } else { - mbedtls_printf(" ok\n"); - } - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_printf(" . Peer certificate information ...\n"); - mbedtls_printf("%s\n", peer_crt_info); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "initial handshake"); - if (ret != 0) { - goto exit; - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego, - cid_renego, - cid_renego_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (opt.renegotiate) { - /* - * Perform renegotiation (this must be done when the server is waiting - * for input from our side). - */ - mbedtls_printf(" . Performing renegotiation..."); - fflush(stdout); - while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", - ret); - goto exit; - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - - } - mbedtls_printf(" ok\n"); - } - - -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "after renegotiation"); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) - if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = mbedtls_calloc((size_t) opt.exp_len, sizeof(unsigned char)); - if (exported_key == NULL) { - mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); - ret = 3; - goto exit; - } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, - opt.exp_label, strlen(opt.exp_label), - NULL, 0, 0); - if (ret != 0) { - mbedtls_free(exported_key); - goto exit; - } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", - opt.exp_len, - opt.exp_label); - for (i = 0; i < opt.exp_len; i++) { - mbedtls_printf("%02X", exported_key[i]); - } - mbedtls_printf("\n\n"); - fflush(stdout); - mbedtls_free(exported_key); - } -#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ - - /* - * 6. Write the GET request - */ - retry_left = opt.max_resend; -send_request: - mbedtls_printf(" > Write to server:"); - fflush(stdout); - - ret = build_http_request(buf, sizeof(buf) - 1, &len); - if (ret != 0) { - goto exit; - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - written = 0; - frags = 0; - - do { - while ((ret = mbedtls_ssl_write(&ssl, buf + written, - len - written)) < 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - frags++; - written += ret; - } while (written < len); - } else { /* Not stream, so datagram */ - while (1) { - ret = mbedtls_ssl_write(&ssl, buf, len); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", - ret); - goto exit; - } - - frags = 1; - written = ret; - - if (written < len) { - mbedtls_printf(" warning\n ! request didn't fit into single datagram and " - "was truncated to size %u", (unsigned) written); - } - } - - buf[written] = '\0'; - mbedtls_printf( - " %" MBEDTLS_PRINTF_SIZET " bytes written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n", - written, - frags, - (char *) buf); - - /* Send a non-empty request if request_size == 0 */ - if (len == 0) { - opt.request_size = DFL_REQUEST_SIZE; - goto send_request; - } - - /* - * 7. Read the HTTP response - */ - - /* - * TLS and DTLS need different reading styles (stream vs datagram) - */ - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - int ticket_id = 0; -#endif - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - ret = 0; - goto close_notify; - - case 0: - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" connection was reset by peer\n"); - ret = 0; - goto reconnect; - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: - /* We were waiting for application data but got - * a NewSessionTicket instead. */ - mbedtls_printf(" got new session ticket ( %d ).\n", - ticket_id++); - if (opt.reconnect != 0) { - mbedtls_printf(" . Saving session for reuse..."); - fflush(stdout); - - if (opt.reco_mode == 1) { - if ((ret = ssl_save_session_serialize(&ssl, - &session_data, - &session_data_len)) != 0) { - mbedtls_printf( - " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n", - (unsigned int) -ret); - goto exit; - } - } else { - if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - if (opt.reco_mode == 1) { - mbedtls_printf(" [ Saved %u bytes of session data]\n", - (unsigned) session_data_len); - } - } - continue; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", - (unsigned int) -ret); - goto exit; - } - } - - len = ret; - buf[len] = '\0'; - mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s", - len, - (char *) buf); - fflush(stdout); - /* End of message should be detected according to the syntax of the - * application protocol (eg HTTP), just use a dummy test here. */ - if (ret > 0 && buf[len-1] == '\n') { - ret = 0; - break; - } - } while (1); - } else { /* Not stream, so datagram */ - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - - while (1) { - ret = mbedtls_ssl_read(&ssl, buf, len); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - continue; - } -#endif - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_TIMEOUT: - mbedtls_printf(" timeout\n"); - if (retry_left-- > 0) { - goto send_request; - } - goto exit; - - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - ret = 0; - goto close_notify; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - goto exit; - } - } - - len = ret; - buf[len] = '\0'; - mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s", - len, - (char *) buf); - ret = 0; - } - - /* - * 7b. Simulate hard reset and reconnect from same port? - */ - if (opt.reconnect_hard != 0) { - opt.reconnect_hard = 0; - - mbedtls_printf(" . Restarting connection from same port..."); - fflush(stdout); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - memset(peer_crt_info, 0, sizeof(peer_crt_info)); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - mbedtls_printf(" ok\n"); - - goto send_request; - } - - /* - * 7c. Simulate serialize/deserialize and go back to data exchange - */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (opt.serialize != 0) { - size_t buf_len; - - mbedtls_printf(" . Serializing live connection..."); - - ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) { - mbedtls_printf(" failed\n ! Couldn't allocate buffer for " - "serialized context"); - - goto exit; - } - context_buf_len = buf_len; - - if ((ret = mbedtls_ssl_context_save(&ssl, context_buf, - buf_len, &buf_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* Save serialized context to the 'opt.context_file' as a base64 code */ - if (0 < strlen(opt.context_file)) { - FILE *b64_file; - uint8_t *b64_buf; - size_t b64_len; - - mbedtls_printf(" . Save serialized context to a file... "); - - mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len); - - if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) { - mbedtls_printf("failed\n ! Couldn't allocate buffer for " - "the base64 code\n"); - goto exit; - } - - if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len, - context_buf, buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_base64_encode returned " - "-0x%x\n", (unsigned int) -ret); - mbedtls_free(b64_buf); - goto exit; - } - - if ((b64_file = fopen(opt.context_file, "w")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n", - opt.context_file); - mbedtls_free(b64_buf); - goto exit; - } - - if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) { - mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n", - (long) b64_len); - mbedtls_free(b64_buf); - fclose(b64_file); - goto exit; - } - - mbedtls_free(b64_buf); - fclose(b64_file); - - mbedtls_printf("ok\n"); - } - - if (opt.serialize == 1) { - /* nothing to do here, done by context_save() already */ - mbedtls_printf(" . Context has been reset... ok\n"); - } - - if (opt.serialize == 2) { - mbedtls_printf(" . Freeing and reinitializing context..."); - - mbedtls_ssl_free(&ssl); - - mbedtls_ssl_init(&ssl); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned " - "-0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - if (opt.nbio == 2) { - mbedtls_ssl_set_bio(&ssl, &server_fd, delayed_send, - delayed_recv, NULL); - } else { - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, - mbedtls_net_recv, - opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL); - } - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif /* MBEDTLS_TIMING_C */ - - mbedtls_printf(" ok\n"); - } - - mbedtls_printf(" . Deserializing connection..."); - - if ((ret = mbedtls_ssl_context_load(&ssl, context_buf, - buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_free(context_buf); - context_buf = NULL; - context_buf_len = 0; - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - - /* - * 7d. Continue doing data exchanges? - */ - if (--opt.exchanges > 0) { - goto send_request; - } - - /* - * 8. Done, cleanly close the connection - */ -close_notify: - mbedtls_printf(" . Closing the connection..."); - fflush(stdout); - - /* - * Most of the time sending a close_notify before closing is the right - * thing to do. However, when the server already knows how many messages - * are expected and closes the connection by itself, this alert becomes - * redundant. Sometimes with DTLS this redundancy becomes a problem by - * leading to a race condition where the server might close the connection - * before seeing the alert, and since UDP is connection-less when the - * alert arrives it will be seen as a new connection, which will fail as - * the alert is clearly not a valid ClientHello. This may cause spurious - * failures in tests that use DTLS and resumption with ssl_server2 in - * ssl-opt.sh, avoided by enabling skip_close_notify client-side. - */ - if (opt.skip_close_notify == 0) { - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - } - - mbedtls_printf(" done\n"); - - /* - * 9. Reconnect? - */ -reconnect: - if (opt.reconnect != 0) { - --opt.reconnect; - - mbedtls_net_free(&server_fd); - -#if defined(MBEDTLS_TIMING_C) - if (opt.reco_delay > 0) { - mbedtls_net_usleep(1000 * opt.reco_delay); - } -#endif - - mbedtls_printf(" . Reconnecting with saved session..."); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - memset(peer_crt_info, 0, sizeof(peer_crt_info)); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.reco_mode == 1) { - if ((ret = mbedtls_ssl_session_load(&saved_session, - session_data, - session_data_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - if ((ret = mbedtls_ssl_set_session(&ssl, &saved_session)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if (opt.reco_server_name != NULL && - (ret = mbedtls_ssl_set_hostname(&ssl, - opt.reco_server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", - ret); - goto exit; - } -#endif - - if ((ret = mbedtls_net_connect(&server_fd, - opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - if (opt.nbio > 0) { - ret = mbedtls_net_set_nonblock(&server_fd); - } else { - ret = mbedtls_net_set_block(&server_fd); - } - if (ret != 0) { - mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - ret = build_http_request(buf, sizeof(buf) - 1, &len); - if (ret != 0) { - goto exit; - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl.conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - frags = 0; - written = 0; - do { - while ((ret = mbedtls_ssl_write_early_data(&ssl, buf + written, - len - written)) < 0) { - if (ret == MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) { - goto end_of_early_data; - } - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&server_fd, &timer, ret); -#else - idle(&server_fd, ret); -#endif - } - } - - frags++; - written += ret; - } while (written < len); - -end_of_early_data: - - buf[written] = '\0'; - mbedtls_printf( - " %" MBEDTLS_PRINTF_SIZET " bytes of early data written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n", - written, - frags, - (char *) buf); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - goto send_request; - } - - /* - * Cleanup and exit - */ -exit: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf); - } -#endif - - mbedtls_net_free(&server_fd); - - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ssl_session_free(&saved_session); - - if (session_data != NULL) { - mbedtls_platform_zeroize(session_data, session_data_len); - } - mbedtls_free(session_data); -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_platform_zeroize(context_buf, context_buf_len); - } - mbedtls_free(context_buf); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_free(&clicert); - mbedtls_x509_crt_free(&cacert); - mbedtls_pk_free(&pkey); - psa_destroy_key(key_slot); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (opt.psk_opaque != 0) { - /* This is ok even if the slot hasn't been - * initialized (we might have jumed here - * immediately because of bad cmd line params, - * for example). */ - status = psa_destroy_key(slot); - if ((status != PSA_SUCCESS) && - (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) { - mbedtls_printf("Failed to destroy key slot %u - error was %d", - (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot), - (int) status); - if (ret == 0) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - /* - * In case opaque keys it's the user responsibility to keep the key valid - * for the duration of the handshake and destroy it at the end - */ - if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) { - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - - /* Verify that the key is still valid before destroying it */ - if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) != - PSA_SUCCESS) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n"); - } else { - psa_destroy_key(ecjpake_pw_slot); - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - - const char *message = mbedtls_test_helper_is_psa_leaking(); - if (message) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("PSA memory leak detected: %s\n", message); - } - - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); - -#if defined(MBEDTLS_TEST_HOOKS) - if (test_hooks_failure_detected()) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("Test hooks detected errors.\n"); - } - test_hooks_free(); -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - mbedtls_memory_buffer_alloc_free(); -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ - - // Shell can not handle large exit numbers -> 1 for errors - if (ret < 0) { - ret = 1; - } - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_exit(ret); - } else { - mbedtls_exit(query_config_ret); - } -} -#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */ diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c deleted file mode 100644 index 7bcd50fe65..0000000000 --- a/programs/ssl/ssl_context_info.c +++ /dev/null @@ -1,987 +0,0 @@ -/* - * Mbed TLS SSL context deserializer from base64 code - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" -#include "mbedtls/debug.h" -#include "mbedtls/platform.h" - -#include -#include - -#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \ - !defined(MBEDTLS_SSL_TLS_C) -int main(void) -{ - printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or " - "MBEDTLS_SSL_TLS_C not defined.\n"); - return 0; -} -#else - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#include -#include -#include -#if defined(MBEDTLS_HAVE_TIME) -#include -#endif -#include "mbedtls/ssl.h" -#include "mbedtls/error.h" -#include "mbedtls/base64.h" -#include "mbedtls/md.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/ssl_ciphersuites.h" - -/* - * This program version - */ -#define PROG_NAME "ssl_context_info" -#define VER_MAJOR 0 -#define VER_MINOR 1 - -/* - * Flags copied from the Mbed TLS library. - */ -#define SESSION_CONFIG_TIME_BIT (1 << 0) -#define SESSION_CONFIG_CRT_BIT (1 << 1) -#define SESSION_CONFIG_CLIENT_TICKET_BIT (1 << 2) -#define SESSION_CONFIG_MFL_BIT (1 << 3) -#define SESSION_CONFIG_TRUNC_HMAC_BIT (1 << 4) -#define SESSION_CONFIG_ETM_BIT (1 << 5) -#define SESSION_CONFIG_TICKET_BIT (1 << 6) - -#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT (1 << 0) -#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT (1 << 1) -#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT (1 << 2) -#define CONTEXT_CONFIG_ALPN_BIT (1 << 3) - -#define TRANSFORM_RANDBYTE_LEN 64 - -/* - * Minimum and maximum number of bytes for specific data: context, sessions, - * certificates, tickets and buffers in the program. The context and session - * size values have been calculated based on the 'print_deserialized_ssl_context()' - * and 'print_deserialized_ssl_session()' content. - */ -#define MIN_CONTEXT_LEN 84 -#define MIN_SESSION_LEN 88 - -#define MAX_CONTEXT_LEN 875 /* without session data */ -#define MAX_SESSION_LEN 109 /* without certificate and ticket data */ -#define MAX_CERTIFICATE_LEN ((1 << 24) - 1) -#define MAX_TICKET_LEN ((1 << 24) - 1) - -#define MIN_SERIALIZED_DATA (MIN_CONTEXT_LEN + MIN_SESSION_LEN) -#define MAX_SERIALIZED_DATA (MAX_CONTEXT_LEN + MAX_SESSION_LEN + \ - MAX_CERTIFICATE_LEN + MAX_TICKET_LEN) - -#define MIN_BASE64_LEN (MIN_SERIALIZED_DATA * 4 / 3) -#define MAX_BASE64_LEN (MAX_SERIALIZED_DATA * 4 / 3 + 3) - -/* - * A macro that prevents from reading out of the ssl buffer range. - */ -#define CHECK_SSL_END(LEN) \ - do \ - { \ - if (end - ssl < (int) (LEN)) \ - { \ - printf_err("%s", buf_ln_err); \ - return; \ - } \ - } while (0) - -/* - * Global values - */ -FILE *b64_file = NULL; /* file with base64 codes to deserialize */ -char conf_keep_peer_certificate = 1; /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE from mbedTLS configuration */ -char conf_dtls_proto = 1; /* MBEDTLS_SSL_PROTO_DTLS from mbedTLS configuration */ -char debug = 0; /* flag for debug messages */ -const char alloc_err[] = "Cannot allocate memory\n"; -const char buf_ln_err[] = "Buffer does not have enough data to complete the parsing\n"; - -/* - * Basic printing functions - */ -static void print_version(void) -{ - printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR); -} - -static void print_usage(void) -{ - print_version(); - printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n" - "in the text file. The program can deserialize many codes from one file, but they must be\n" - "separated, e.g. by a newline.\n\n"); - printf( - "Usage:\n" - "\t-f path - Path to the file with base64 code\n" - "\t-v - Show version\n" - "\t-h - Show this usage\n" - "\t-d - Print more information\n" - "\t--keep-peer-cert=0 - Use this option if you know that the Mbed TLS library\n" - "\t has been compiled with the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE\n" - "\t flag. You can also use it if there are some problems with reading\n" - "\t the information about certificate\n" - "\t--dtls-protocol=0 - Use this option if you know that the Mbed TLS library\n" - "\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n" - "\n" - ); -} - -static void printf_dbg(const char *str, ...) -{ - if (debug) { - va_list args; - va_start(args, str); - printf("debug: "); - vprintf(str, args); - fflush(stdout); - va_end(args); - } -} - -MBEDTLS_PRINTF_ATTRIBUTE(1, 2) -static void printf_err(const char *str, ...) -{ - va_list args; - va_start(args, str); - fflush(stdout); - fprintf(stderr, "ERROR: "); - vfprintf(stderr, str, args); - fflush(stderr); - va_end(args); -} - -/* - * Exit from the program in case of error - */ -static void error_exit(void) -{ - if (NULL != b64_file) { - fclose(b64_file); - } - exit(-1); -} - -/* - * This function takes the input arguments of this program - */ -static void parse_arguments(int argc, char *argv[]) -{ - int i = 1; - - if (argc < 2) { - print_usage(); - error_exit(); - } - - while (i < argc) { - if (strcmp(argv[i], "-d") == 0) { - debug = 1; - } else if (strcmp(argv[i], "-h") == 0) { - print_usage(); - } else if (strcmp(argv[i], "-v") == 0) { - print_version(); - } else if (strcmp(argv[i], "-f") == 0) { - if (++i >= argc) { - printf_err("File path is empty\n"); - error_exit(); - } - - if (NULL != b64_file) { - printf_err("Cannot specify more than one file with -f\n"); - error_exit(); - } - - if ((b64_file = fopen(argv[i], "r")) == NULL) { - printf_err("Cannot find file \"%s\"\n", argv[i]); - error_exit(); - } - } else if (strcmp(argv[i], "--keep-peer-cert=0") == 0) { - conf_keep_peer_certificate = 0; - } else if (strcmp(argv[i], "--dtls-protocol=0") == 0) { - conf_dtls_proto = 0; - } else { - print_usage(); - error_exit(); - } - - i++; - } -} - -/* - * This function prints base64 code to the stdout - */ -static void print_b64(const uint8_t *b, size_t len) -{ - size_t i = 0; - const uint8_t *end = b + len; - printf("\t"); - while (b < end) { - if (++i > 75) { - printf("\n\t"); - i = 0; - } - printf("%c", *b++); - } - printf("\n"); - fflush(stdout); -} - -/* - * This function prints hex code from the buffer to the stdout. - * - * /p b buffer with data to print - * /p len number of bytes to print - * /p in_line number of bytes in one line - * /p prefix prefix for the new lines - */ -static void print_hex(const uint8_t *b, size_t len, - const size_t in_line, const char *prefix) -{ - size_t i = 0; - const uint8_t *end = b + len; - - if (prefix == NULL) { - prefix = ""; - } - - while (b < end) { - if (++i > in_line) { - printf("\n%s", prefix); - i = 1; - } - printf("%02X ", (uint8_t) *b++); - } - printf("\n"); - fflush(stdout); -} - -/* - * Print the value of time_t in format e.g. 2020-01-23 13:05:59 - */ -static void print_time(const uint64_t *time) -{ -#if defined(MBEDTLS_HAVE_TIME) - char buf[20]; - struct tm *t = gmtime((time_t *) time); - static const char format[] = "%Y-%m-%d %H:%M:%S"; - if (NULL != t) { - strftime(buf, sizeof(buf), format, t); - printf("%s\n", buf); - } else { - printf("unknown\n"); - } -#else - (void) time; - printf("not supported\n"); -#endif -} - -/* - * Print the input string if the bit is set in the value - */ -static void print_if_bit(const char *str, int bit, int val) -{ - if (bit & val) { - printf("\t%s\n", str); - } -} - -/* - * Return pointer to hardcoded "enabled" or "disabled" depending on the input value - */ -static const char *get_enabled_str(int is_en) -{ - return (is_en) ? "enabled" : "disabled"; -} - -/* - * Return pointer to hardcoded MFL string value depending on the MFL code at the input - */ -static const char *get_mfl_str(int mfl_code) -{ - switch (mfl_code) { - case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return "none"; - case MBEDTLS_SSL_MAX_FRAG_LEN_512: - return "512"; - case MBEDTLS_SSL_MAX_FRAG_LEN_1024: - return "1024"; - case MBEDTLS_SSL_MAX_FRAG_LEN_2048: - return "2048"; - case MBEDTLS_SSL_MAX_FRAG_LEN_4096: - return "4096"; - default: - return "error"; - } -} - -/* - * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened - * previously. After each call to this function, the internal file position - * indicator of the global b64_file is advanced. - * - * Note - This function checks the size of the input buffer and if necessary, - * increases it to the maximum MAX_BASE64_LEN - * - * /p b64 pointer to the pointer of the buffer for input data - * /p max_len pointer to the current buffer capacity. It can be changed if - * the buffer needs to be increased - * - * \retval number of bytes written in to the b64 buffer or 0 in case no more - * data was found - */ -static size_t read_next_b64_code(uint8_t **b64, size_t *max_len) -{ - int valid_balance = 0; /* balance between valid and invalid characters */ - size_t len = 0; - char pad = 0; - int c = 0; - - while (EOF != c) { - char c_valid = 0; - - c = fgetc(b64_file); - - if (pad > 0) { - if (c == '=' && pad == 1) { - c_valid = 1; - pad = 2; - } - } else if ((c >= 'A' && c <= 'Z') || - (c >= 'a' && c <= 'z') || - (c >= '0' && c <= '9') || - c == '+' || c == '/') { - c_valid = 1; - } else if (c == '=') { - c_valid = 1; - pad = 1; - } else if (c == '-') { - c = '+'; - c_valid = 1; - } else if (c == '_') { - c = '/'; - c_valid = 1; - } - - if (c_valid) { - /* A string of characters that could be a base64 code. */ - valid_balance++; - - if (len < *max_len) { - (*b64)[len++] = c; - } else if (*max_len < MAX_BASE64_LEN) { - /* Current buffer is too small, but can be resized. */ - void *ptr; - size_t new_size = (MAX_BASE64_LEN - 4096 > *max_len) ? - *max_len + 4096 : MAX_BASE64_LEN; - - ptr = realloc(*b64, new_size); - if (NULL == ptr) { - printf_err(alloc_err); - return 0; - } - *b64 = ptr; - *max_len = new_size; - (*b64)[len++] = c; - } else { - /* Too much data so it will be treated as invalid */ - len++; - } - } else if (len > 0) { - /* End of a string that could be a base64 code, but need to check - * that the length of the characters is correct. */ - - valid_balance--; - - if (len < MIN_CONTEXT_LEN) { - printf_dbg("The code found is too small to be a SSL context.\n"); - len = pad = 0; - } else if (len > *max_len) { - printf_err("The code found is too large by %" MBEDTLS_PRINTF_SIZET " bytes.\n", - len - *max_len); - len = pad = 0; - } else if (len % 4 != 0) { - printf_err("The length of the base64 code found should be a multiple of 4.\n"); - len = pad = 0; - } else { - /* Base64 code with valid character length. */ - return len; - } - } else { - valid_balance--; - } - - /* Detection of potentially wrong file format like: binary, zip, ISO, etc. */ - if (valid_balance < -100) { - printf_err("Too many bad symbols detected. File check aborted.\n"); - return 0; - } - } - - printf_dbg("End of file\n"); - return 0; -} - -#if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * This function deserializes and prints to the stdout all obtained information - * about the certificates from provided data. - * - * /p ssl pointer to serialized certificate - * /p len number of bytes in the buffer - */ -static void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len) -{ - enum { STRLEN = 4096 }; - mbedtls_x509_crt crt; - int ret; - char str[STRLEN]; - - printf("\nCertificate:\n"); - - mbedtls_x509_crt_init(&crt); - ret = mbedtls_x509_crt_parse_der(&crt, ssl, len); - if (0 != ret) { - mbedtls_strerror(ret, str, STRLEN); - printf_err("Invalid format of X.509 - %s\n", str); - printf("Cannot deserialize:\n\t"); - print_hex(ssl, len, 25, "\t"); - } else { - mbedtls_x509_crt *current = &crt; - - while (current != NULL) { - ret = mbedtls_x509_crt_info(str, STRLEN, "\t", current); - if (0 > ret) { - mbedtls_strerror(ret, str, STRLEN); - printf_err("Cannot write to the output - %s\n", str); - } else { - printf("%s", str); - } - - current = current->next; - - if (current) { - printf("\n"); - } - - } - } - - mbedtls_x509_crt_free(&crt); -} -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -/* - * This function deserializes and prints to the stdout all obtained information - * about the session from provided data. This function was built based on - * mbedtls_ssl_session_load(). mbedtls_ssl_session_load() could not be used - * due to dependencies on the mbedTLS configuration. - * - * The data structure in the buffer: - * uint64 start_time; - * uint8 ciphersuite[2]; // defined by the standard - * uint8 compression; // 0 or 1 - * uint8 session_id_len; // at most 32 - * opaque session_id[32]; - * opaque master[48]; // fixed length in the standard - * uint32 verify_result; - * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert - * opaque ticket<0..2^24-1>; // length 0 means no ticket - * uint32 ticket_lifetime; - * uint8 mfl_code; // up to 255 according to standard - * uint8 trunc_hmac; // 0 or 1 - * uint8 encrypt_then_mac; // 0 or 1 - * - * /p ssl pointer to serialized session - * /p len number of bytes in the buffer - * /p session_cfg_flag session configuration flags - */ -static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, - int session_cfg_flag) -{ - const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info; - int ciphersuite_id; - uint32_t cert_len, ticket_len; - uint32_t verify_result, ticket_lifetime; - const uint8_t *end = ssl + len; - - printf("\nSession info:\n"); - - if (session_cfg_flag & SESSION_CONFIG_TIME_BIT) { - uint64_t start; - CHECK_SSL_END(8); - start = ((uint64_t) ssl[0] << 56) | - ((uint64_t) ssl[1] << 48) | - ((uint64_t) ssl[2] << 40) | - ((uint64_t) ssl[3] << 32) | - ((uint64_t) ssl[4] << 24) | - ((uint64_t) ssl[5] << 16) | - ((uint64_t) ssl[6] << 8) | - ((uint64_t) ssl[7]); - ssl += 8; - printf("\tstart time : "); - print_time(&start); - } - - CHECK_SSL_END(2); - ciphersuite_id = ((int) ssl[0] << 8) | (int) ssl[1]; - printf_dbg("Ciphersuite ID: %d\n", ciphersuite_id); - ssl += 2; - - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if (ciphersuite_info == NULL) { - printf_err("Cannot find ciphersuite info\n"); - } else { - printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); - printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); - printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); - printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); - } - - CHECK_SSL_END(1); - printf("\tcompression : %s\n", get_enabled_str(*ssl++)); - - /* Note - Here we can get session ID length from serialized data, but we - * use hardcoded 32-bytes length. This approach was taken from - * 'mbedtls_ssl_session_load()'. */ - CHECK_SSL_END(1 + 32); - printf_dbg("Session id length: %u\n", (uint32_t) *ssl++); - printf("\tsession ID : "); - print_hex(ssl, 32, 16, "\t "); - ssl += 32; - - printf("\tmaster secret : "); - CHECK_SSL_END(48); - print_hex(ssl, 48, 16, "\t "); - ssl += 48; - - CHECK_SSL_END(4); - verify_result = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf("\tverify result : 0x%08X\n", verify_result); - - if (SESSION_CONFIG_CRT_BIT & session_cfg_flag) { - if (conf_keep_peer_certificate) { - CHECK_SSL_END(3); - cert_len = ((uint32_t) ssl[0] << 16) | - ((uint32_t) ssl[1] << 8) | - ((uint32_t) ssl[2]); - ssl += 3; - printf_dbg("Certificate length: %u\n", cert_len); - - if (cert_len > 0) { - CHECK_SSL_END(cert_len); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - print_deserialized_ssl_cert(ssl, cert_len); -#endif - ssl += cert_len; - } - } else { - printf("\tPeer digest : "); - - CHECK_SSL_END(1); - switch ((mbedtls_md_type_t) *ssl++) { - case MBEDTLS_MD_NONE: - printf("none\n"); - break; - case MBEDTLS_MD_MD5: - printf("MD5\n"); - break; - case MBEDTLS_MD_SHA1: - printf("SHA1\n"); - break; - case MBEDTLS_MD_SHA224: - printf("SHA224\n"); - break; - case MBEDTLS_MD_SHA256: - printf("SHA256\n"); - break; - case MBEDTLS_MD_SHA384: - printf("SHA384\n"); - break; - case MBEDTLS_MD_SHA512: - printf("SHA512\n"); - break; - case MBEDTLS_MD_RIPEMD160: - printf("RIPEMD160\n"); - break; - default: - printf("undefined or erroneous\n"); - break; - } - - CHECK_SSL_END(1); - cert_len = (uint32_t) *ssl++; - printf_dbg("Message-Digest length: %u\n", cert_len); - - if (cert_len > 0) { - printf("\tPeer digest cert : "); - CHECK_SSL_END(cert_len); - print_hex(ssl, cert_len, 16, "\t "); - ssl += cert_len; - } - } - } - - if (SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag) { - printf("\nTicket:\n"); - - CHECK_SSL_END(3); - ticket_len = ((uint32_t) ssl[0] << 16) | - ((uint32_t) ssl[1] << 8) | - ((uint32_t) ssl[2]); - ssl += 3; - printf_dbg("Ticket length: %u\n", ticket_len); - - if (ticket_len > 0) { - printf("\t"); - CHECK_SSL_END(ticket_len); - print_hex(ssl, ticket_len, 22, "\t"); - ssl += ticket_len; - printf("\n"); - } - - CHECK_SSL_END(4); - ticket_lifetime = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf("\tlifetime : %u sec.\n", ticket_lifetime); - } - - if (ssl < end) { - printf("\nSession others:\n"); - } - - if (SESSION_CONFIG_MFL_BIT & session_cfg_flag) { - CHECK_SSL_END(1); - printf("\tMFL : %s\n", get_mfl_str(*ssl++)); - } - - if (SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag) { - CHECK_SSL_END(1); - printf("\tnegotiate truncated HMAC : %s\n", get_enabled_str(*ssl++)); - } - - if (SESSION_CONFIG_ETM_BIT & session_cfg_flag) { - CHECK_SSL_END(1); - printf("\tEncrypt-then-MAC : %s\n", get_enabled_str(*ssl++)); - } - - if (0 != (end - ssl)) { - printf_err("%i bytes left to analyze from session\n", (int32_t) (end - ssl)); - } -} - -/* - * This function deserializes and prints to the stdout all obtained information - * about the context from provided data. This function was built based on - * mbedtls_ssl_context_load(). mbedtls_ssl_context_load() could not be used - * due to dependencies on the mbedTLS configuration and the configuration of - * the context when serialization was created. - * - * The data structure in the buffer: - * // header - * uint8 version[3]; - * uint8 configuration[5]; - * // session sub-structure - * uint32_t session_len; - * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save() - * // transform sub-structure - * uint8 random[64]; // ServerHello.random+ClientHello.random - * uint8 in_cid_len; - * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value - * uint8 out_cid_len; - * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use - * // fields from ssl_context - * uint32 badmac_seen; // DTLS: number of records with failing MAC - * uint64 in_window_top; // DTLS: last validated record seq_num - * uint64 in_window; // DTLS: bitmask for replay protection - * uint8 disable_datagram_packing; // DTLS: only one record per datagram - * uint64 cur_out_ctr; // Record layer: outgoing sequence number - * uint16 mtu; // DTLS: path mtu (max outgoing fragment size) - * uint8 alpn_chosen_len; - * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol - * - * /p ssl pointer to serialized session - * /p len number of bytes in the buffer - */ -static void print_deserialized_ssl_context(const uint8_t *ssl, size_t len) -{ - const uint8_t *end = ssl + len; - uint32_t session_len; - int session_cfg_flag; - int context_cfg_flag; - - printf("\nMbed TLS version:\n"); - - CHECK_SSL_END(3 + 2 + 3); - - printf("\tmajor %u\n", (uint32_t) *ssl++); - printf("\tminor %u\n", (uint32_t) *ssl++); - printf("\tpath %u\n", (uint32_t) *ssl++); - - printf("\nEnabled session and context configuration:\n"); - - session_cfg_flag = ((int) ssl[0] << 8) | ((int) ssl[1]); - ssl += 2; - - context_cfg_flag = ((int) ssl[0] << 16) | - ((int) ssl[1] << 8) | - ((int) ssl[2]); - ssl += 3; - - printf_dbg("Session config flags 0x%04X\n", session_cfg_flag); - printf_dbg("Context config flags 0x%06X\n", context_cfg_flag); - - print_if_bit("MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag); - print_if_bit("MBEDTLS_SSL_SESSION_TICKETS and client", - SESSION_CONFIG_CLIENT_TICKET_BIT, - session_cfg_flag); - - print_if_bit("MBEDTLS_SSL_DTLS_CONNECTION_ID", - CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, - context_cfg_flag); - print_if_bit("MBEDTLS_SSL_DTLS_ANTI_REPLAY", - CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, - context_cfg_flag); - print_if_bit("MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag); - - CHECK_SSL_END(4); - session_len = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf_dbg("Session length %u\n", session_len); - - CHECK_SSL_END(session_len); - print_deserialized_ssl_session(ssl, session_len, session_cfg_flag); - ssl += session_len; - - printf("\nRandom bytes:\n\t"); - - CHECK_SSL_END(TRANSFORM_RANDBYTE_LEN); - print_hex(ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t"); - ssl += TRANSFORM_RANDBYTE_LEN; - - printf("\nContext others:\n"); - - if (CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag) { - uint8_t cid_len; - - CHECK_SSL_END(1); - cid_len = *ssl++; - printf_dbg("In CID length %u\n", (uint32_t) cid_len); - - printf("\tin CID : "); - if (cid_len > 0) { - CHECK_SSL_END(cid_len); - print_hex(ssl, cid_len, 20, "\t"); - ssl += cid_len; - } else { - printf("none\n"); - } - - CHECK_SSL_END(1); - cid_len = *ssl++; - printf_dbg("Out CID length %u\n", (uint32_t) cid_len); - - printf("\tout CID : "); - if (cid_len > 0) { - CHECK_SSL_END(cid_len); - print_hex(ssl, cid_len, 20, "\t"); - ssl += cid_len; - } else { - printf("none\n"); - } - } - - if (CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag) { - uint32_t badmac_seen; - - CHECK_SSL_END(4); - badmac_seen = ((uint32_t) ssl[0] << 24) | - ((uint32_t) ssl[1] << 16) | - ((uint32_t) ssl[2] << 8) | - ((uint32_t) ssl[3]); - ssl += 4; - printf("\tbad MAC seen number : %u\n", badmac_seen); - - /* value 'in_window_top' from mbedtls_ssl_context */ - printf("\tlast validated record sequence no. : "); - CHECK_SSL_END(8); - print_hex(ssl, 8, 20, ""); - ssl += 8; - - /* value 'in_window' from mbedtls_ssl_context */ - printf("\tbitmask for replay detection : "); - CHECK_SSL_END(8); - print_hex(ssl, 8, 20, ""); - ssl += 8; - } - - if (conf_dtls_proto) { - CHECK_SSL_END(1); - printf("\tDTLS datagram packing : %s\n", - get_enabled_str(!(*ssl++))); - } - - /* value 'cur_out_ctr' from mbedtls_ssl_context */ - printf("\toutgoing record sequence no. : "); - CHECK_SSL_END(8); - print_hex(ssl, 8, 20, ""); - ssl += 8; - - if (conf_dtls_proto) { - uint16_t mtu; - CHECK_SSL_END(2); - mtu = (ssl[0] << 8) | ssl[1]; - ssl += 2; - printf("\tMTU : %u\n", mtu); - } - - - if (CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag) { - uint8_t alpn_len; - - CHECK_SSL_END(1); - alpn_len = *ssl++; - printf_dbg("ALPN length %u\n", (uint32_t) alpn_len); - - printf("\tALPN negotiation : "); - CHECK_SSL_END(alpn_len); - if (alpn_len > 0) { - if (strlen((const char *) ssl) == alpn_len) { - printf("%s\n", ssl); - } else { - printf("\n"); - printf_err("\tALPN negotiation is incorrect\n"); - } - ssl += alpn_len; - } else { - printf("not selected\n"); - } - } - - if (0 != (end - ssl)) { - printf_err("%i bytes left to analyze from context\n", (int32_t) (end - ssl)); - } - printf("\n"); -} - -int main(int argc, char *argv[]) -{ - enum { SSL_INIT_LEN = 4096 }; - - uint32_t b64_counter = 0; - uint8_t *b64_buf = NULL; - uint8_t *ssl_buf = NULL; - size_t b64_max_len = SSL_INIT_LEN; - size_t ssl_max_len = SSL_INIT_LEN; - size_t ssl_len = 0; - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - } - - /* The 'b64_file' is opened when parsing arguments to check that the - * file name is correct */ - parse_arguments(argc, argv); - - if (NULL != b64_file) { - b64_buf = malloc(SSL_INIT_LEN); - ssl_buf = malloc(SSL_INIT_LEN); - - if (NULL == b64_buf || NULL == ssl_buf) { - printf_err(alloc_err); - fclose(b64_file); - b64_file = NULL; - } - } - - while (NULL != b64_file) { - size_t b64_len = read_next_b64_code(&b64_buf, &b64_max_len); - if (b64_len > 0) { - int ret; - size_t ssl_required_len = b64_len * 3 / 4 + 1; - - /* Allocate more memory if necessary. */ - if (ssl_required_len > ssl_max_len) { - void *ptr = realloc(ssl_buf, ssl_required_len); - if (NULL == ptr) { - printf_err(alloc_err); - fclose(b64_file); - b64_file = NULL; - break; - } - ssl_buf = ptr; - ssl_max_len = ssl_required_len; - } - - printf("\nDeserializing number %u:\n", ++b64_counter); - - printf("\nBase64 code:\n"); - print_b64(b64_buf, b64_len); - - ret = mbedtls_base64_decode(ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len); - if (ret != 0) { - mbedtls_strerror(ret, (char *) b64_buf, b64_max_len); - printf_err("base64 code cannot be decoded - %s\n", b64_buf); - continue; - } - - if (debug) { - printf("\nDecoded data in hex:\n\t"); - print_hex(ssl_buf, ssl_len, 25, "\t"); - } - - print_deserialized_ssl_context(ssl_buf, ssl_len); - - } else { - fclose(b64_file); - b64_file = NULL; - } - } - - free(b64_buf); - free(ssl_buf); - - if (b64_counter > 0) { - printf_dbg("Finished. Found %u base64 codes\n", b64_counter); - } else { - printf("Finished. No valid base64 code found\n"); - } - - mbedtls_psa_crypto_free(); - - return 0; -} - -#endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c deleted file mode 100644 index ff1c877ee2..0000000000 --- a/programs/ssl/ssl_fork_server.c +++ /dev/null @@ -1,376 +0,0 @@ -/* - * SSL server demonstration program using fork() for handling multiple clients - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#elif defined(_WIN32) -int main(void) -{ - mbedtls_printf("_WIN32 defined. This application requires fork() and signals " - "to work correctly.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "test/certs.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/timing.h" - -#include -#include - -#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32) -#include -#endif - -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" - -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret = 1, len, cnt = 0, pid; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context listen_fd, client_fd; - unsigned char buf[1024]; - const char *pers = "ssl_fork_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pkey); - mbedtls_x509_crt_init(&srvcert); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - signal(SIGCHLD, SIG_IGN); - - /* - * 0. Initial seeding of the RNG - */ - mbedtls_printf("\n . Initial seeding of the random generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1. Load the certificates and private RSA key - */ - mbedtls_printf(" . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0); - if (ret != 0) { - mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1b. Prepare SSL configuration - */ - mbedtls_printf(" . Configuring SSL..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - mbedtls_printf(" failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on https://localhost:4433/ ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - while (1) { - /* - * 3. Wait until a client connects - */ - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - - mbedtls_printf(" . Waiting for a remote connection ...\n"); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - /* - * 3.5. Forking server thread - */ - - mbedtls_printf(" . Forking to handle connection ..."); - fflush(stdout); - - pid = fork(); - - if (pid < 0) { - mbedtls_printf(" failed! fork returned %d\n\n", pid); - goto exit; - } - - if (pid != 0) { - mbedtls_printf(" ok\n"); - mbedtls_net_close(&client_fd); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "parent", - 6)) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret); - goto exit; - } - - continue; - } - - mbedtls_net_close(&listen_fd); - - pid = getpid(); - - /* - * 4. Setup stuff - */ - mbedtls_printf("pid %d: Setting up the SSL data.\n", pid); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "child", - 5)) != 0) { - mbedtls_printf( - "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n", - pid, ret); - goto exit; - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf( - "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n", - pid, ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - mbedtls_printf("pid %d: SSL setup ok\n", pid); - - /* - * 5. Handshake - */ - mbedtls_printf("pid %d: Performing the SSL/TLS handshake.\n", pid); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf( - "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n", - pid, ret); - goto exit; - } - } - - mbedtls_printf("pid %d: SSL handshake ok\n", pid); - fflush(stdout); - - /* - * 6. Read the HTTP Request - */ - mbedtls_printf("pid %d: Start reading from client.\n", pid); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf("pid %d: connection was closed gracefully\n", pid); - break; - - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf("pid %d: connection was reset by peer\n", pid); - break; - - default: - mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret); - break; - } - fflush(stdout); - - break; - } - - len = ret; - mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf); - fflush(stdout); - - if (ret > 0) { - break; - } - } while (1); - - /* - * 7. Write the 200 Response - */ - mbedtls_printf("pid %d: Start writing to client.\n", pid); - fflush(stdout); - - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - while (cnt++ < 10) { - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf( - "pid %d: Write failed! peer closed the connection\n\n", pid); - goto exit; - } - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf( - "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n", - pid, ret); - goto exit; - } - } - len = ret; - mbedtls_printf("pid %d: %d bytes written (cnt=%d)\n\n%s\n", - pid, len, cnt, (char *) buf); - fflush(stdout); - - mbedtls_net_usleep(1000000); - } - - mbedtls_ssl_close_notify(&ssl); - mbedtls_printf("pid %d: shutting down\n", pid); - fflush(stdout); - goto exit; - } - -exit: - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && - MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C && - ! _WIN32 */ diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c deleted file mode 100644 index 0c2822cb30..0000000000 --- a/programs/ssl/ssl_mail_client.c +++ /dev/null @@ -1,811 +0,0 @@ -/* - * SSL client for SMTP servers - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of gethostname() even when compiling with -std=c99. Must - * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ - -#define _POSIX_C_SOURCE 200112L -#define _XOPEN_SOURCE 600 -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/base64.h" -#include "mbedtls/error.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "test/certs.h" -#include "mbedtls/x509.h" - -#include -#include - -#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32) -#include -#else -#include -#endif - -#if defined(_WIN32) || defined(_WIN32_WCE) -#include -#include - -#if defined(_MSC_VER) -#if defined(_WIN32_WCE) -#pragma comment( lib, "ws2.lib" ) -#else -#pragma comment( lib, "ws2_32.lib" ) -#endif -#endif /* _MSC_VER */ -#endif - -#define DFL_SERVER_NAME "localhost" -#define DFL_SERVER_PORT "465" -#define DFL_USER_NAME "user" -#define DFL_USER_PWD "password" -#define DFL_MAIL_FROM "" -#define DFL_MAIL_TO "" -#define DFL_DEBUG_LEVEL 0 -#define DFL_CA_FILE "" -#define DFL_CRT_FILE "" -#define DFL_KEY_FILE "" -#define DFL_FORCE_CIPHER 0 -#define DFL_MODE 0 -#define DFL_AUTHENTICATION 0 - -#define MODE_SSL_TLS 0 -#define MODE_STARTTLS 0 - -#if defined(MBEDTLS_BASE64_C) -#define USAGE_AUTH \ - " authentication=%%d default: 0 (disabled)\n" \ - " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \ - " user_pwd=%%s default: \"" \ - DFL_USER_PWD "\"\n" -#else -#define USAGE_AUTH \ - " authentication options disabled. (Require MBEDTLS_BASE64_C)\n" -#endif /* MBEDTLS_BASE64_C */ - -#if defined(MBEDTLS_FS_IO) -#define USAGE_IO \ - " ca_file=%%s default: \"\" (pre-loaded)\n" \ - " crt_file=%%s default: \"\" (pre-loaded)\n" \ - " key_file=%%s default: \"\" (pre-loaded)\n" -#else -#define USAGE_IO \ - " No file operations available (MBEDTLS_FS_IO not defined)\n" -#endif /* MBEDTLS_FS_IO */ - -#define USAGE \ - "\n usage: ssl_mail_client param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_name=%%s default: " DFL_SERVER_NAME "\n" \ - " server_port=%%d default: " \ - DFL_SERVER_PORT "\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \ - USAGE_AUTH \ - " mail_from=%%s default: \"\"\n" \ - " mail_to=%%s default: \"\"\n" \ - USAGE_IO \ - " force_ciphersuite= default: all enabled\n" \ - " acceptable ciphersuite names:\n" - - -/* - * global options - */ -struct options { - const char *server_name; /* hostname of the server (client only) */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int authentication; /* if authentication is required */ - int mode; /* SSL/TLS (0) or STARTTLS (1) */ - const char *user_name; /* username to use for authentication */ - const char *user_pwd; /* password to use for authentication */ - const char *mail_from; /* E-Mail address to use as sender */ - const char *mail_to; /* E-Mail address to use as recipient */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *crt_file; /* the file with the client certificate */ - const char *key_file; /* the file with the client key */ - int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ -} opt; - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -static int do_handshake(mbedtls_ssl_context *ssl) -{ - int ret; - uint32_t flags; - unsigned char buf[1024]; - memset(buf, 0, 1024); - - /* - * 4. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { -#if defined(MBEDTLS_ERROR_C) - mbedtls_strerror(ret, (char *) buf, 1024); -#endif - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf); - return -1; - } - } - - mbedtls_printf(" ok\n [ Ciphersuite is %s ]\n", - mbedtls_ssl_get_ciphersuite(ssl)); - - /* - * 5. Verify the server certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - /* In real life, we probably want to bail out when ret != 0 */ - if ((flags = mbedtls_ssl_get_verify_result(ssl)) != 0) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) - char vrfy_buf[512]; -#endif - - mbedtls_printf(" failed\n"); - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); -#endif - } else { - mbedtls_printf(" ok\n"); - } - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_printf(" . Peer certificate information ...\n"); - mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", - mbedtls_ssl_get_peer_cert(ssl)); - mbedtls_printf("%s\n", buf); -#endif - - return 0; -} - -static int write_ssl_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - int ret; - - mbedtls_printf("\n%s", buf); - while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - return -1; - } - } - - return 0; -} - -static int write_ssl_and_get_response(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) -{ - int ret; - unsigned char data[128]; - char code[4]; - size_t i, idx = 0; - - mbedtls_printf("\n%s", buf); - while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - return -1; - } - } - - do { - len = sizeof(data) - 1; - memset(data, 0, sizeof(data)); - ret = mbedtls_ssl_read(ssl, data, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - return -1; - } - - if (ret <= 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret); - return -1; - } - - mbedtls_printf("\n%s", data); - len = ret; - for (i = 0; i < len; i++) { - if (data[i] != '\n') { - if (idx < 4) { - code[idx++] = data[i]; - } - continue; - } - - if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') { - code[3] = '\0'; - return atoi(code); - } - - idx = 0; - } - } while (1); -} - -static int write_and_get_response(mbedtls_net_context *sock_fd, unsigned char *buf, size_t len) -{ - int ret; - unsigned char data[128]; - char code[4]; - size_t i, idx = 0; - - mbedtls_printf("\n%s", buf); - if (len && (ret = mbedtls_net_send(sock_fd, buf, len)) <= 0) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - return -1; - } - - do { - len = sizeof(data) - 1; - memset(data, 0, sizeof(data)); - ret = mbedtls_net_recv(sock_fd, data, len); - - if (ret <= 0) { - mbedtls_printf("failed\n ! mbedtls_net_recv returned %d\n\n", ret); - return -1; - } - - data[len] = '\0'; - mbedtls_printf("\n%s", data); - len = ret; - for (i = 0; i < len; i++) { - if (data[i] != '\n') { - if (idx < 4) { - code[idx++] = data[i]; - } - continue; - } - - if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') { - code[3] = '\0'; - return atoi(code); - } - - idx = 0; - } - } while (1); -} - -int main(int argc, char *argv[]) -{ - int ret = 1, len; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context server_fd; -#if defined(MBEDTLS_BASE64_C) - unsigned char base[1024]; - /* buf is used as the destination buffer for printing base with the format: - * "%s\r\n". Hence, the size of buf should be at least the size of base - * plus 2 bytes for the \r and \n characters. - */ - unsigned char buf[sizeof(base) + 2]; -#else - unsigned char buf[1024]; -#endif - char hostname[32]; - const char *pers = "ssl_mail_client"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - mbedtls_x509_crt clicert; - mbedtls_pk_context pkey; - int i; - size_t n; - char *p, *q; - const int *list; - - /* - * Make sure memory references are valid in case we exit early. - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - memset(&buf, 0, sizeof(buf)); - mbedtls_x509_crt_init(&cacert); - mbedtls_x509_crt_init(&clicert); - mbedtls_pk_init(&pkey); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - - list = mbedtls_ssl_list_ciphersuites(); - while (*list) { - mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); - list++; - } - mbedtls_printf("\n"); - goto exit; - } - - opt.server_name = DFL_SERVER_NAME; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.authentication = DFL_AUTHENTICATION; - opt.mode = DFL_MODE; - opt.user_name = DFL_USER_NAME; - opt.user_pwd = DFL_USER_PWD; - opt.mail_from = DFL_MAIL_FROM; - opt.mail_to = DFL_MAIL_TO; - opt.ca_file = DFL_CA_FILE; - opt.crt_file = DFL_CRT_FILE; - opt.key_file = DFL_KEY_FILE; - opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "server_name") == 0) { - opt.server_name = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "authentication") == 0) { - opt.authentication = atoi(q); - if (opt.authentication < 0 || opt.authentication > 1) { - goto usage; - } - } else if (strcmp(p, "mode") == 0) { - opt.mode = atoi(q); - if (opt.mode < 0 || opt.mode > 1) { - goto usage; - } - } else if (strcmp(p, "user_name") == 0) { - opt.user_name = q; - } else if (strcmp(p, "user_pwd") == 0) { - opt.user_pwd = q; - } else if (strcmp(p, "mail_from") == 0) { - opt.mail_from = q; - } else if (strcmp(p, "mail_to") == 0) { - opt.mail_to = q; - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "crt_file") == 0) { - opt.crt_file = q; - } else if (strcmp(p, "key_file") == 0) { - opt.key_file = q; - } else if (strcmp(p, "force_ciphersuite") == 0) { - opt.force_ciphersuite[0] = -1; - - opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); - - if (opt.force_ciphersuite[0] <= 0) { - goto usage; - } - - opt.force_ciphersuite[1] = 0; - } else { - goto usage; - } - } - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.ca_file)) { - ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); - } else -#endif -#if defined(MBEDTLS_PEM_PARSE_C) - ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); -#else - { - mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); - goto exit; - } -#endif - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1.2. Load own certificate and private key - * - * (can be skipped if client authentication is not required) - */ - mbedtls_printf(" . Loading the client cert. and key..."); - fflush(stdout); - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.crt_file)) { - ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file); - } else -#endif - ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt, - mbedtls_test_cli_crt_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, ""); - } else -#endif -#if defined(MBEDTLS_PEM_PARSE_C) - { - ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, - NULL, - 0); - } -#else - { - mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); - goto exit; - } -#endif - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Start the connection - */ - mbedtls_printf(" . Connecting to tcp/%s/%s...", opt.server_name, - opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, opt.server_name, - opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 3. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - /* OPTIONAL is not optimal for security, - * but makes interop easier in this simplified example */ - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { - mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); - } - - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - mbedtls_printf(" ok\n"); - - if (opt.mode == MODE_SSL_TLS) { - if (do_handshake(&ssl) != 0) { - goto exit; - } - - mbedtls_printf(" > Get header from server:"); - fflush(stdout); - - ret = write_ssl_and_get_response(&ssl, buf, 0); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write EHLO to server:"); - fflush(stdout); - - gethostname(hostname, 32); - len = sprintf((char *) buf, "EHLO %s\r\n", hostname); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - } else { - mbedtls_printf(" > Get header from server:"); - fflush(stdout); - - ret = write_and_get_response(&server_fd, buf, 0); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write EHLO to server:"); - fflush(stdout); - - gethostname(hostname, 32); - len = sprintf((char *) buf, "EHLO %s\r\n", hostname); - ret = write_and_get_response(&server_fd, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write STARTTLS to server:"); - fflush(stdout); - - gethostname(hostname, 32); - len = sprintf((char *) buf, "STARTTLS\r\n"); - ret = write_and_get_response(&server_fd, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - if (do_handshake(&ssl) != 0) { - goto exit; - } - } - -#if defined(MBEDTLS_BASE64_C) - if (opt.authentication) { - mbedtls_printf(" > Write AUTH LOGIN to server:"); - fflush(stdout); - - len = sprintf((char *) buf, "AUTH LOGIN\r\n"); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write username to server: %s", opt.user_name); - fflush(stdout); - - ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_name, - strlen(opt.user_name)); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret); - goto exit; - } - len = sprintf((char *) buf, "%s\r\n", base); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 300 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write password to server: %s", opt.user_pwd); - fflush(stdout); - - ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_pwd, - strlen(opt.user_pwd)); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret); - goto exit; - } - len = sprintf((char *) buf, "%s\r\n", base); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif - - mbedtls_printf(" > Write MAIL FROM to server:"); - fflush(stdout); - - len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); - if (len < 0 || (size_t) len >= sizeof(buf)) { - mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); - goto exit; - } - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write RCPT TO to server:"); - fflush(stdout); - - len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); - if (len < 0 || (size_t) len >= sizeof(buf)) { - mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); - goto exit; - } - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write DATA to server:"); - fflush(stdout); - - len = sprintf((char *) buf, "DATA\r\n"); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 300 || ret > 399) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" > Write content to server:"); - fflush(stdout); - - len = mbedtls_snprintf((char *) buf, sizeof(buf), - "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" - "This is a simple test mail from the " - "Mbed TLS mail client example.\r\n" - "\r\n" - "Enjoy!", opt.mail_from); - if (len < 0 || (size_t) len >= sizeof(buf)) { - mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); - goto exit; - } - ret = write_ssl_data(&ssl, buf, len); - - len = sprintf((char *) buf, "\r\n.\r\n"); - ret = write_ssl_and_get_response(&ssl, buf, len); - if (ret < 200 || ret > 299) { - mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - mbedtls_ssl_close_notify(&ssl); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&clicert); - mbedtls_x509_crt_free(&cacert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && - MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C ** - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c deleted file mode 100644 index 867926d98c..0000000000 --- a/programs/ssl/ssl_pthread_server.c +++ /dev/null @@ -1,490 +0,0 @@ -/* - * SSL server demonstration program using pthread for handling multiple - * clients. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#elif !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) -int main(void) -{ - mbedtls_printf("MBEDTLS_THREADING_PTHREAD not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#if defined(_WIN32) -#include -#endif - -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - - -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" - -#define DEBUG_LEVEL 0 - -#define MAX_NUM_THREADS 5 - -mbedtls_threading_mutex_t debug_mutex; - -static void my_mutexed_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - long int thread_id = (long int) pthread_self(); - - mbedtls_mutex_lock(&debug_mutex); - - ((void) level); - mbedtls_fprintf((FILE *) ctx, "%s:%04d: [ #%ld ] %s", - file, line, thread_id, str); - fflush((FILE *) ctx); - - mbedtls_mutex_unlock(&debug_mutex); -} - -typedef struct { - mbedtls_net_context client_fd; - int thread_complete; - const mbedtls_ssl_config *config; -} thread_info_t; - -typedef struct { - int active; - thread_info_t data; - pthread_t thread; -} pthread_info_t; - -static thread_info_t base_info; -static pthread_info_t threads[MAX_NUM_THREADS]; - -static void *handle_ssl_connection(void *data) -{ - int ret, len; - thread_info_t *thread_info = (thread_info_t *) data; - mbedtls_net_context *client_fd = &thread_info->client_fd; - long int thread_id = (long int) pthread_self(); - unsigned char buf[1024]; - mbedtls_ssl_context ssl; - - /* Make sure memory references are valid */ - mbedtls_ssl_init(&ssl); - - mbedtls_printf(" [ #%ld ] Setting up SSL/TLS data\n", thread_id); - - /* - * 4. Get the SSL context ready - */ - if ((ret = mbedtls_ssl_setup(&ssl, thread_info->config)) != 0) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n", - thread_id, (unsigned int) -ret); - goto thread_exit; - } - - mbedtls_ssl_set_bio(&ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - /* - * 5. Handshake - */ - mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n", - thread_id, (unsigned int) -ret); - goto thread_exit; - } - } - - mbedtls_printf(" [ #%ld ] ok\n", thread_id); - - /* - * 6. Read the HTTP Request - */ - mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" [ #%ld ] connection was closed gracefully\n", - thread_id); - goto thread_exit; - - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" [ #%ld ] connection was reset by peer\n", - thread_id); - goto thread_exit; - - default: - mbedtls_printf(" [ #%ld ] mbedtls_ssl_read returned -0x%04x\n", - thread_id, (unsigned int) -ret); - goto thread_exit; - } - } - - len = ret; - mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n", - thread_id, len, (char *) buf); - fflush(stdout); - - if (ret > 0) { - break; - } - } while (1); - - /* - * 7. Write the 200 Response - */ - mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id); - fflush(stdout); - - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" [ #%ld ] failed: peer closed the connection\n", - thread_id); - goto thread_exit; - } - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n", - thread_id, (unsigned int) ret); - goto thread_exit; - } - } - - len = ret; - mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n", - thread_id, len, (char *) buf); - fflush(stdout); - - mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id); - - while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n", - thread_id, (unsigned int) ret); - goto thread_exit; - } - } - - mbedtls_printf(" ok\n"); - fflush(stdout); - - ret = 0; - -thread_exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n", - thread_id, (unsigned int) -ret, error_buf); - } -#endif - - mbedtls_net_free(client_fd); - mbedtls_ssl_free(&ssl); - - thread_info->thread_complete = 1; - - return NULL; -} - -static int thread_create(mbedtls_net_context *client_fd) -{ - int ret, i; - - /* - * Find in-active or finished thread slot - */ - for (i = 0; i < MAX_NUM_THREADS; i++) { - if (threads[i].active == 0) { - break; - } - - if (threads[i].data.thread_complete == 1) { - mbedtls_printf(" [ main ] Cleaning up thread %d\n", i); - pthread_join(threads[i].thread, NULL); - memset(&threads[i], 0, sizeof(pthread_info_t)); - break; - } - } - - if (i == MAX_NUM_THREADS) { - return -1; - } - - /* - * Fill thread-info for thread - */ - memcpy(&threads[i].data, &base_info, sizeof(base_info)); - threads[i].active = 1; - memcpy(&threads[i].data.client_fd, client_fd, sizeof(mbedtls_net_context)); - - if ((ret = pthread_create(&threads[i].thread, NULL, handle_ssl_connection, - &threads[i].data)) != 0) { - return ret; - } - - return 0; -} - -int main(void) -{ - int ret; - mbedtls_net_context listen_fd, client_fd; - const char pers[] = "ssl_pthread_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_x509_crt cachain; - mbedtls_pk_context pkey; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[100000]; -#endif -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif - - mbedtls_x509_crt_init(&srvcert); - mbedtls_x509_crt_init(&cachain); - - mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(threads, 0, sizeof(threads)); - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - - mbedtls_mutex_init(&debug_mutex); - - base_info.config = &conf; - - /* - * We use only a single entropy source that is used in all the threads. - */ - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - - /* - * 1a. Seed the random number generator - */ - mbedtls_printf(" . Seeding the random number generator..."); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1b. Load the certificates and private RSA key - */ - mbedtls_printf("\n . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&cachain, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - mbedtls_pk_init(&pkey); - ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1c. Prepare SSL configuration - */ - mbedtls_printf(" . Setting up the SSL data...."); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed: mbedtls_ssl_config_defaults returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout); - - /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if - * MBEDTLS_THREADING_C is set. - */ -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - - mbedtls_ssl_conf_ca_chain(&conf, &cachain, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on https://localhost:4433/ ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - -reset: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf(" [ main ] Last error was: -0x%04x - %s\n", (unsigned int) -ret, - error_buf); - } -#endif - - /* - * 3. Wait until a client connects - */ - mbedtls_printf(" [ main ] Waiting for a remote connection\n"); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" [ main ] failed: mbedtls_net_accept returned -0x%04x\n", - (unsigned int) ret); - goto exit; - } - - mbedtls_printf(" [ main ] ok\n"); - mbedtls_printf(" [ main ] Creating a new thread\n"); - - if ((ret = thread_create(&client_fd)) != 0) { - mbedtls_printf(" [ main ] failed: thread_create returned %d\n", ret); - mbedtls_net_free(&client_fd); - goto reset; - } - - ret = 0; - goto reset; - -exit: - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_ssl_config_free(&conf); - mbedtls_net_free(&listen_fd); - mbedtls_mutex_free(&debug_mutex); -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); -#endif - mbedtls_psa_crypto_free(); - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c deleted file mode 100644 index fd9da18490..0000000000 --- a/programs/ssl/ssl_server.c +++ /dev/null @@ -1,356 +0,0 @@ -/* - * SSL server demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#if defined(_WIN32) -#include -#endif - -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/ssl.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "mbedtls/debug.h" -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" - -#define DEBUG_LEVEL 0 - - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -int main(void) -{ - int ret, len; - mbedtls_net_context listen_fd, client_fd; - unsigned char buf[1024]; - const char *pers = "ssl_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(DEBUG_LEVEL); -#endif - - /* - * 1. Seed the RNG - */ - mbedtls_printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Load the certificates and private RSA key - */ - mbedtls_printf("\n . Loading the server cert. and key..."); - fflush(stdout); - - /* - * This demonstration program uses embedded test certificates. - * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the - * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). - */ - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 3. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on https://localhost:4433/ ..."); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 4. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL data...."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - - mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - -reset: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - - mbedtls_ssl_session_reset(&ssl); - - /* - * 3. Wait until a client connects - */ - mbedtls_printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - mbedtls_printf(" ok\n"); - - /* - * 5. Handshake - */ - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret); - goto reset; - } - } - - mbedtls_printf(" ok\n"); - - /* - * 6. Read the HTTP Request - */ - mbedtls_printf(" < Read from client:"); - fflush(stdout); - - do { - len = sizeof(buf) - 1; - memset(buf, 0, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - break; - - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" connection was reset by peer\n"); - break; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - break; - } - - break; - } - - len = ret; - mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf); - - if (ret > 0) { - break; - } - } while (1); - - /* - * 7. Write the 200 Response - */ - mbedtls_printf(" > Write to client:"); - fflush(stdout); - - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" failed\n ! peer closed the connection\n\n"); - goto reset; - } - - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto exit; - } - } - - len = ret; - mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf); - - mbedtls_printf(" . Closing the connection..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE && - ret != MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret); - goto reset; - } - } - - mbedtls_printf(" ok\n"); - fflush(stdout); - - ret = 0; - goto reset; - -exit: - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(ret); -} - -#endif /* configuration allows running this program */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c deleted file mode 100644 index 64fd45952f..0000000000 --- a/programs/ssl/ssl_server2.c +++ /dev/null @@ -1,4307 +0,0 @@ -/* - * SSL client with options - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "ssl_test_lib.h" - -#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) -int main(void) -{ - mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE); - mbedtls_exit(0); -} -#elif !defined(MBEDTLS_SSL_SRV_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_SSL_SRV_C not defined.\n"); - mbedtls_exit(0); -} -#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */ - -#include - -#if !defined(_MSC_VER) -#include -#endif - -#if !defined(_WIN32) -#include -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) -#include "mbedtls/ssl_ticket.h" -#endif - -#if defined(MBEDTLS_SSL_COOKIE_C) -#include "mbedtls/ssl_cookie.h" -#endif - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_FS_IO) -#define SNI_OPTION -#endif - -#if defined(_WIN32) -#include -#endif - -#include "test/psa_crypto_helpers.h" - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -/* Size of memory to be allocated for the heap, when using the library's memory - * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 180000 - -#define DFL_SERVER_ADDR NULL -#define DFL_SERVER_PORT "4433" -#define DFL_RESPONSE_SIZE -1 -#define DFL_DEBUG_LEVEL 0 -#define DFL_NBIO 0 -#define DFL_EVENT 0 -#define DFL_READ_TIMEOUT 0 -#define DFL_EXP_LABEL NULL -#define DFL_EXP_LEN 20 -#define DFL_CA_FILE "" -#define DFL_CA_PATH "" -#define DFL_CRT_FILE "" -#define DFL_KEY_FILE "" -#define DFL_KEY_OPAQUE 0 -#define DFL_KEY_PWD "" -#define DFL_CRT_FILE2 "" -#define DFL_KEY_FILE2 "" -#define DFL_KEY_PWD2 "" -#define DFL_ASYNC_OPERATIONS "-" -#define DFL_ASYNC_PRIVATE_DELAY1 (-1) -#define DFL_ASYNC_PRIVATE_DELAY2 (-1) -#define DFL_ASYNC_PRIVATE_ERROR (0) -#define DFL_PSK "" -#define DFL_PSK_OPAQUE 0 -#define DFL_PSK_LIST_OPAQUE 0 -#define DFL_PSK_IDENTITY "Client_identity" -#define DFL_ECJPAKE_PW NULL -#define DFL_ECJPAKE_PW_OPAQUE 0 -#define DFL_PSK_LIST NULL -#define DFL_FORCE_CIPHER 0 -#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL -#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED -#define DFL_ALLOW_LEGACY -2 -#define DFL_RENEGOTIATE 0 -#define DFL_RENEGO_DELAY -2 -#define DFL_RENEGO_PERIOD ((uint64_t) -1) -#define DFL_EXCHANGES 1 -#define DFL_MIN_VERSION -1 -#define DFL_MAX_VERSION -1 -#define DFL_SHA1 -1 -#define DFL_CID_ENABLED 0 -#define DFL_CID_VALUE "" -#define DFL_CID_ENABLED_RENEGO -1 -#define DFL_CID_VALUE_RENEGO NULL -#define DFL_AUTH_MODE -1 -#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED -#define DFL_CERT_REQ_DN_HINT 0 -#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE -#define DFL_TRUNC_HMAC -1 -#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED -#define DFL_DUMMY_TICKET 0 -#define DFL_TICKET_ROTATE 0 -#define DFL_TICKET_TIMEOUT 86400 -#define DFL_TICKET_ALG PSA_ALG_GCM -#define DFL_TICKET_KEY_TYPE PSA_KEY_TYPE_AES -#define DFL_TICKET_KEY_BITS 256 -#define DFL_CACHE_MAX -1 -#define DFL_CACHE_TIMEOUT -1 -#define DFL_CACHE_REMOVE 0 -#define DFL_SNI NULL -#define DFL_ALPN_STRING NULL -#define DFL_GROUPS NULL -#define DFL_EARLY_DATA -1 -#define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1) -#define DFL_SIG_ALGS NULL -#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM -#define DFL_COOKIES 1 -#define DFL_ANTI_REPLAY -1 -#define DFL_HS_TO_MIN 0 -#define DFL_HS_TO_MAX 0 -#define DFL_DTLS_MTU -1 -#define DFL_BADMAC_LIMIT -1 -#define DFL_DGRAM_PACKING 1 -#define DFL_EXTENDED_MS -1 -#define DFL_ETM -1 -#define DFL_SERIALIZE 0 -#define DFL_CONTEXT_FILE "" -#define DFL_EXTENDED_MS_ENFORCE -1 -#define DFL_CA_CALLBACK 0 -#define DFL_EAP_TLS 0 -#define DFL_REPRODUCIBLE 0 -#define DFL_NSS_KEYLOG 0 -#define DFL_NSS_KEYLOG_FILE NULL -#define DFL_QUERY_CONFIG_MODE 0 -#define DFL_USE_SRTP 0 -#define DFL_SRTP_FORCE_PROFILE 0 -#define DFL_SRTP_SUPPORT_MKI 0 -#define DFL_KEY_OPAQUE_ALG "none" - -#define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ - "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah

\r\n" - -/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer - * packets (for fragmentation purposes) */ -#define HTTP_RESPONSE \ - "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

Mbed TLS Test Server

\r\n" \ - "

Successful connection using: %s

\r\n" // LONG_RESPONSE - -/* - * Size of the basic I/O buffer. Able to hold our default response. - */ -#define DFL_IO_BUF_LEN 200 - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_FS_IO) -#define USAGE_IO \ - " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (pre-loaded) (overrides ca_file)\n" \ - " use \"none\" to skip loading any top-level CAs.\n" \ - " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ - " default: see note after key_file2\n" \ - " key_file=%%s default: see note after key_file2\n" \ - " key_pwd=%%s Password for key specified by key_file argument\n" \ - " default: none\n" \ - " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \ - " default: see note after key_file2\n" \ - " key_file2=%%s default: see note below\n" \ - " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \ - " preloaded certificate(s) and key(s) are used if available\n" \ - " key_pwd2=%%s Password for key specified by key_file2 argument\n" \ - " default: none\n" -#else -#define USAGE_IO \ - "\n" \ - " No file operations available (MBEDTLS_FS_IO not defined)\n" \ - "\n" -#endif /* MBEDTLS_FS_IO */ -#else -#define USAGE_IO "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_KEY_OPAQUE \ - " key_opaque=%%d Handle your private keys as if they were opaque\n" \ - " default: 0 (disabled)\n" -#else -#define USAGE_KEY_OPAQUE "" -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -#define USAGE_SSL_ASYNC \ - " async_operations=%%c... s=sign (default: -=off)\n" \ - " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ - " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \ - " default: -1 (not asynchronous)\n" \ - " async_private_error=%%d Async callback error injection (default=0=none,\n" \ - " 1=start, 2=cancel, 3=resume, negative=first time only)" -#else -#define USAGE_SSL_ASYNC "" -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#define USAGE_CID \ - " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \ - " default: 0 (disabled)\n" \ - " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \ - " default: same as 'cid' parameter\n" \ - " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \ - " default: \"\"\n" \ - " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \ - " default: same as 'cid_val' parameter\n" -#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#define USAGE_CID "" -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#define USAGE_PSK_RAW \ - " psk=%%s default: \"\" (disabled)\n" \ - " The PSK values are in hex, without 0x.\n" \ - " psk_list=%%s default: \"\"\n" \ - " A list of (PSK identity, PSK value) pairs.\n" \ - " The PSK values are in hex, without 0x.\n" \ - " id1,psk1[,id2,psk2[,...]]\n" \ - " psk_identity=%%s default: \"Client_identity\"\n" -#define USAGE_PSK_SLOT \ - " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ - " Enable this to store the PSK configured through command line\n" \ - " parameter `psk` in a PSA-based key slot.\n" \ - " Note: Currently only supported in conjunction with\n" \ - " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \ - " to force a particular PSK-only ciphersuite.\n" \ - " Note: This is to test integration of PSA-based opaque PSKs with\n" \ - " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ - " with prepopulated key slots instead of importing raw key material.\n" \ - " psk_list_opaque=%%d default: 0 (don't use opaque dynamic PSKs)\n" \ - " Enable this to store the list of dynamically chosen PSKs configured\n" \ - " through the command line parameter `psk_list` in PSA-based key slots.\n" \ - " Note: Currently only supported in conjunction with\n" \ - " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \ - " to force a particular PSK-only ciphersuite.\n" \ - " Note: This is to test integration of PSA-based opaque PSKs with\n" \ - " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ - " with prepopulated key slots instead of importing raw key material.\n" -#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT -#else -#define USAGE_PSK "" -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -#define USAGE_CA_CALLBACK \ - " ca_callback=%%d default: 0 (disabled)\n" \ - " Enable this to use the trusted certificate callback function\n" -#else -#define USAGE_CA_CALLBACK "" -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) -#define USAGE_TICKETS \ - " tickets=%%d default: 1 (enabled)\n" \ - " ticket_rotate=%%d default: 0 (disabled)\n" \ - " ticket_timeout=%%d default: 86400 (one day)\n" \ - " ticket_aead=%%s default: \"AES-256-GCM\"\n" -#else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ -#define USAGE_TICKETS "" -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ - -#define USAGE_EAP_TLS \ - " eap_tls=%%d default: 0 (disabled)\n" -#define USAGE_NSS_KEYLOG \ - " nss_keylog=%%d default: 0 (disabled)\n" \ - " This cannot be used with eap_tls=1\n" -#define USAGE_NSS_KEYLOG_FILE \ - " nss_keylog_file=%%s\n" -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#define USAGE_SRTP \ - " use_srtp=%%d default: 0 (disabled)\n" \ - " srtp_force_profile=%%d default: 0 (all enabled)\n" \ - " available profiles:\n" \ - " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ - " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ - " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ - " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ - " support_mki=%%d default: 0 (not supported)\n" -#else /* MBEDTLS_SSL_DTLS_SRTP */ -#define USAGE_SRTP "" -#endif - -#if defined(MBEDTLS_SSL_CACHE_C) -#define USAGE_CACHE \ - " cache_max=%%d default: cache default (50)\n" \ - " cache_remove=%%d default: 0 (don't remove)\n" -#if defined(MBEDTLS_HAVE_TIME) -#define USAGE_CACHE_TIME \ - " cache_timeout=%%d default: cache default (1d)\n" -#else -#define USAGE_CACHE_TIME "" -#endif -#else -#define USAGE_CACHE "" -#define USAGE_CACHE_TIME "" -#endif /* MBEDTLS_SSL_CACHE_C */ - -#if defined(SNI_OPTION) -#if defined(MBEDTLS_X509_CRL_PARSE_C) -#define SNI_CRL ",crl" -#else -#define SNI_CRL "" -#endif - -#define USAGE_SNI \ - " sni=%%s name1,cert1,key1,ca1"SNI_CRL ",auth1[,...]\n" \ - " default: disabled\n" -#else -#define USAGE_SNI "" -#endif /* SNI_OPTION */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -#define USAGE_MAX_FRAG_LEN \ - " max_frag_len=%%d default: 16384 (tls default)\n" \ - " options: 512, 1024, 2048, 4096\n" -#else -#define USAGE_MAX_FRAG_LEN "" -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_ALPN) -#define USAGE_ALPN \ - " alpn=%%s default: \"\" (disabled)\n" \ - " example: spdy/1,http/1.1\n" -#else -#define USAGE_ALPN "" -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -#define USAGE_COOKIES \ - " cookies=0/1/-1 default: 1 (enabled)\n" \ - " 0: disabled, -1: library default (broken)\n" -#else -#define USAGE_COOKIES "" -#endif - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -#define USAGE_ANTI_REPLAY \ - " anti_replay=0/1 default: (library default: enabled)\n" -#else -#define USAGE_ANTI_REPLAY "" -#endif - -#define USAGE_BADMAC_LIMIT \ - " badmac_limit=%%d default: (library default: disabled)\n" - -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#define USAGE_DTLS \ - " dtls=%%d default: 0 (TLS)\n" \ - " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \ - " range of DTLS handshake timeouts in millisecs\n" \ - " mtu=%%d default: (library default: unlimited)\n" \ - " dgram_packing=%%d default: 1 (allowed)\n" \ - " allow or forbid packing of multiple\n" \ - " records within a single datgram.\n" -#else -#define USAGE_DTLS "" -#endif - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -#define USAGE_EMS \ - " extended_ms=0/1 default: (library default: on)\n" -#else -#define USAGE_EMS "" -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -#define USAGE_ETM \ - " etm=0/1 default: (library default: on)\n" -#else -#define USAGE_ETM "" -#endif - -#define USAGE_REPRODUCIBLE \ - " reproducible=0/1 default: 0 (disabled)\n" - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -#define USAGE_RENEGO \ - " renegotiation=%%d default: 0 (disabled)\n" \ - " renegotiate=%%d default: 0 (disabled)\n" \ - " renego_delay=%%d default: -2 (library default)\n" \ - " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n" -#else -#define USAGE_RENEGO "" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" \ - " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#define USAGE_ECJPAKE "" -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) -#define USAGE_EARLY_DATA \ - " early_data=%%d default: library default\n" \ - " options: 0 (disabled), 1 (enabled)\n" \ - " max_early_data_size=%%d default: library default\n" \ - " options: max amount of early data\n" -#else -#define USAGE_EARLY_DATA "" -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) -#define USAGE_GROUPS \ - " groups=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"secp521r1,brainpoolP512r1\"\n" \ - " - use \"none\" for empty list\n" \ - " - see mbedtls_ecp_curve_list()\n" \ - " for acceptable EC group names\n" \ - " - the following ffdh groups are supported:\n" \ - " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \ - " ffdhe8192\n" -#else -#define USAGE_GROUPS "" -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#define USAGE_SIG_ALGS \ - " sig_algs=a,b,c,d default: \"default\" (library default)\n" \ - " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n" -#else -#define USAGE_SIG_ALGS "" -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -#define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" \ - " context_file=%%s The file path to write a serialized connection\n" \ - " in the form of base64 code (serialize option\n" \ - " must be set)\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" -#else -#define USAGE_SERIALIZATION "" -#endif - -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) -#define USAGE_EXPORT \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" -#else -#define USAGE_EXPORT "" -#endif - -#define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" \ - " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ - " comma-separated pair of values among the following:\n" \ - " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ - " ecdsa-sign, ecdh, none (only acceptable for\n" \ - " the second value).\n" -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " tls13_kex_modes=%%s default: all\n" \ - " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \ - " ephemeral_all, all, psk_or_ephemeral\n" -#else -#define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - -/* USAGE is arbitrarily split to stay under the portable string literal - * length limit: 4095 bytes in C99. */ -#define USAGE1 \ - "\n usage: ssl_server2 param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_addr=%%s default: (all interfaces)\n" \ - " server_port=%%d default: 4433\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " build_version=%%d default: none (disabled)\n" \ - " option: 1 (print build version only and stop)\n" \ - " buffer_size=%%d default: 200 \n" \ - " (minimum: 1)\n" \ - " response_size=%%d default: about 152 (basic response)\n" \ - " (minimum: 0, max: 16384)\n" \ - " increases buffer_size if bigger\n" \ - " nbio=%%d default: 0 (blocking I/O)\n" \ - " options: 1 (non-blocking), 2 (added delays)\n" \ - " event=%%d default: 0 (loop)\n" \ - " options: 1 (level-triggered, implies nbio=1),\n" \ - " read_timeout=%%d default: 0 ms (no timeout)\n" \ - "\n" \ - USAGE_DTLS \ - USAGE_SRTP \ - USAGE_COOKIES \ - USAGE_ANTI_REPLAY \ - USAGE_BADMAC_LIMIT \ - "\n" -#define USAGE2 \ - " auth_mode=%%s default: (library default: none)\n" \ - " options: none, optional, required\n" \ - " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ - " options: 1 (send ca list), 0 (don't send)\n" \ - " 2 (send conf dn hint), 3 (send hs dn hint)\n" \ - USAGE_IO \ - USAGE_KEY_OPAQUE \ - "\n" \ - USAGE_PSK \ - USAGE_CA_CALLBACK \ - USAGE_ECJPAKE \ - "\n" -#define USAGE3 \ - " allow_legacy=%%d default: (library default: no)\n" \ - USAGE_RENEGO \ - " exchanges=%%d default: 1\n" \ - "\n" \ - USAGE_TICKETS \ - USAGE_EAP_TLS \ - USAGE_REPRODUCIBLE \ - USAGE_NSS_KEYLOG \ - USAGE_NSS_KEYLOG_FILE \ - USAGE_CACHE \ - USAGE_CACHE_TIME \ - USAGE_MAX_FRAG_LEN \ - USAGE_ALPN \ - USAGE_EMS \ - USAGE_ETM \ - USAGE_GROUPS \ - USAGE_SIG_ALGS \ - USAGE_KEY_OPAQUE_ALGS \ - USAGE_EARLY_DATA \ - "\n" - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define TLS1_3_VERSION_OPTIONS ", tls13" -#else /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#define TLS1_3_VERSION_OPTIONS "" -#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */ - -#define USAGE4 \ - USAGE_SSL_ASYNC \ - USAGE_SNI \ - " allow_sha1=%%d default: 0\n" \ - " min_version=%%s default: (library default: tls12)\n" \ - " max_version=%%s default: (library default: tls12)\n" \ - " force_version=%%s default: \"\" (none)\n" \ - " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \ - "\n\n" \ - " force_ciphersuite= default: all enabled\n" \ - USAGE_TLS1_3_KEY_EXCHANGE_MODES \ - " query_config= return 0 if the specified\n" \ - " configuration macro is defined and 1\n" \ - " otherwise. The expansion of the macro\n" \ - " is printed if it is defined\n" \ - USAGE_SERIALIZATION \ - USAGE_EXPORT \ - "\n" - -#define PUT_UINT64_BE(out_be, in_le, i) \ - { \ - (out_be)[(i) + 0] = (unsigned char) (((in_le) >> 56) & 0xFF); \ - (out_be)[(i) + 1] = (unsigned char) (((in_le) >> 48) & 0xFF); \ - (out_be)[(i) + 2] = (unsigned char) (((in_le) >> 40) & 0xFF); \ - (out_be)[(i) + 3] = (unsigned char) (((in_le) >> 32) & 0xFF); \ - (out_be)[(i) + 4] = (unsigned char) (((in_le) >> 24) & 0xFF); \ - (out_be)[(i) + 5] = (unsigned char) (((in_le) >> 16) & 0xFF); \ - (out_be)[(i) + 6] = (unsigned char) (((in_le) >> 8) & 0xFF); \ - (out_be)[(i) + 7] = (unsigned char) (((in_le) >> 0) & 0xFF); \ - } - -/* This is global so it can be easily accessed by callback functions */ -rng_context_t rng; - -/* - * global options - */ -struct options { - const char *server_addr; /* address on which the ssl service runs */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int nbio; /* should I/O be blocking? */ - int event; /* loop or event-driven IO? level or edge triggered? */ - uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ - const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ - int exp_len; /* Length of key to export using mbedtls_ssl_export_keying_material() */ - int response_size; /* pad response with header to requested size */ - uint16_t buffer_size; /* IO buffer size */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *ca_path; /* the path with the CA certificate(s) reside */ - const char *crt_file; /* the file with the server certificate */ - const char *key_file; /* the file with the server key */ - int key_opaque; /* handle private key as if it were opaque */ - const char *key_pwd; /* the password for the server key */ - const char *crt_file2; /* the file with the 2nd server certificate */ - const char *key_file2; /* the file with the 2nd server key */ - const char *key_pwd2; /* the password for the 2nd server key */ - const char *async_operations; /* supported SSL asynchronous operations */ - int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ - int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ - int async_private_error; /* inject error in async private callback */ - int psk_opaque; - int psk_list_opaque; -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - int ca_callback; /* Use callback for trusted certificate list */ -#endif - const char *psk; /* the pre-shared key */ - const char *psk_identity; /* the pre-shared key identity */ - char *psk_list; /* list of PSK id/key pairs for callback */ - const char *ecjpake_pw; /* the EC J-PAKE password */ - int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ - int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - int renegotiation; /* enable / disable renegotiation */ - int allow_legacy; /* allow legacy renegotiation */ - int renegotiate; /* attempt renegotiation? */ - int renego_delay; /* delay before enforcing renegotiation */ - uint64_t renego_period; /* period for automatic renegotiation */ - int exchanges; /* number of data exchanges */ - int min_version; /* minimum protocol version accepted */ - int max_version; /* maximum protocol version accepted */ - int allow_sha1; /* flag for SHA-1 support */ - int auth_mode; /* verify mode for connection */ - int cert_req_ca_list; /* should we send the CA list? */ - int cert_req_dn_hint; /* mode to set DN hints for CA list to send */ - unsigned char mfl_code; /* code for maximum fragment length */ - int trunc_hmac; /* accept truncated hmac? */ - int tickets; /* enable / disable session tickets */ - int dummy_ticket; /* enable / disable dummy ticket generator */ - int ticket_rotate; /* session ticket rotate (code coverage) */ - int ticket_timeout; /* session ticket lifetime */ - int ticket_alg; /* session ticket algorithm */ - int ticket_key_type; /* session ticket key type */ - int ticket_key_bits; /* session ticket key size in bits */ - int cache_max; /* max number of session cache entries */ -#if defined(MBEDTLS_HAVE_TIME) - int cache_timeout; /* expiration delay of session cache entries*/ -#endif - int cache_remove; /* enable / disable cache entry removal */ - char *sni; /* string describing sni information */ - const char *groups; /* list of supported groups */ - const char *sig_algs; /* supported TLS 1.3 signature algorithms */ - const char *alpn_string; /* ALPN supported protocols */ - int extended_ms; /* allow negotiation of extended MS? */ - int etm; /* allow negotiation of encrypt-then-MAC? */ - int transport; /* TLS or DTLS? */ - int cookies; /* Use cookies for DTLS? -1 to break them */ - int anti_replay; /* Use anti-replay for DTLS? -1 for default */ - uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ - uint32_t hs_to_max; /* Max value of DTLS handshake timer */ - int dtls_mtu; /* UDP Maximum transport unit for DTLS */ - int dgram_packing; /* allow/forbid datagram packing */ - int badmac_limit; /* Limit of records with bad MAC */ - int eap_tls; /* derive EAP-TLS keying material? */ - int nss_keylog; /* export NSS key log material */ - const char *nss_keylog_file; /* NSS key log file */ - int cid_enabled; /* whether to use the CID extension or not */ - int cid_enabled_renego; /* whether to use the CID extension or not - * during renegotiation */ - const char *cid_val; /* the CID to use for incoming messages */ - int serialize; /* serialize/deserialize connection */ - const char *context_file; /* the file to write a serialized connection - * in the form of base64 code (serialize - * option must be set) */ - const char *cid_val_renego; /* the CID to use for incoming messages - * after renegotiation */ - int reproducible; /* make communication reproducible */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data; /* early data enablement flag */ - uint32_t max_early_data_size; /* max amount of early data */ -#endif - int query_config_mode; /* whether to read config */ - int use_srtp; /* Support SRTP */ - int force_srtp_profile; /* SRTP protection profile to use or all */ - int support_mki; /* The dtls mki mki support */ - const char *key1_opaque_alg1; /* Allowed opaque key 1 alg 1 */ - const char *key1_opaque_alg2; /* Allowed opaque key 1 alg 2 */ - const char *key2_opaque_alg1; /* Allowed opaque key 2 alg 1 */ - const char *key2_opaque_alg2; /* Allowed opaque key 2 alg 2 */ -} opt; - -#include "ssl_test_common_source.c" - -/* - * Return authmode from string, or -1 on error - */ -static int get_auth_mode(const char *s) -{ - if (strcmp(s, "none") == 0) { - return MBEDTLS_SSL_VERIFY_NONE; - } - if (strcmp(s, "optional") == 0) { - return MBEDTLS_SSL_VERIFY_OPTIONAL; - } - if (strcmp(s, "required") == 0) { - return MBEDTLS_SSL_VERIFY_REQUIRED; - } - - return -1; -} - -/* - * Used by sni_parse and psk_parse to handle comma-separated lists - */ -#define GET_ITEM(dst) \ - do \ - { \ - (dst) = p; \ - while (*p != ',') \ - if (++p > end) \ - goto error; \ - *p++ = '\0'; \ - } while (0) - -#if defined(SNI_OPTION) -typedef struct _sni_entry sni_entry; - -struct _sni_entry { - const char *name; - mbedtls_x509_crt *cert; - mbedtls_pk_context *key; - mbedtls_x509_crt *ca; - mbedtls_x509_crl *crl; - int authmode; - sni_entry *next; -}; - -static void sni_free(sni_entry *head) -{ - sni_entry *cur = head, *next; - - while (cur != NULL) { - mbedtls_x509_crt_free(cur->cert); - mbedtls_free(cur->cert); - - mbedtls_pk_free(cur->key); - mbedtls_free(cur->key); - - mbedtls_x509_crt_free(cur->ca); - mbedtls_free(cur->ca); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - mbedtls_x509_crl_free(cur->crl); - mbedtls_free(cur->crl); -#endif - next = cur->next; - mbedtls_free(cur); - cur = next; - } -} - -/* - * Parse a string of sextuples name1,crt1,key1,ca1,crl1,auth1[,...] - * into a usable sni_entry list. For ca1, crl1, auth1, the special value - * '-' means unset. If ca1 is unset, then crl1 is ignored too. - * - * Modifies the input string! This is not production quality! - */ -static sni_entry *sni_parse(char *sni_string) -{ - sni_entry *cur = NULL, *new = NULL; - char *p = sni_string; - char *end = p; - char *crt_file, *key_file, *ca_file, *auth_str; -#if defined(MBEDTLS_X509_CRL_PARSE_C) - char *crl_file; -#endif - - while (*end != '\0') { - ++end; - } - *end = ','; - - while (p <= end) { - if ((new = mbedtls_calloc(1, sizeof(sni_entry))) == NULL) { - sni_free(cur); - return NULL; - } - - GET_ITEM(new->name); - GET_ITEM(crt_file); - GET_ITEM(key_file); - GET_ITEM(ca_file); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - GET_ITEM(crl_file); -#endif - GET_ITEM(auth_str); - - if ((new->cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL || - (new->key = mbedtls_calloc(1, sizeof(mbedtls_pk_context))) == NULL) { - goto error; - } - - mbedtls_x509_crt_init(new->cert); - mbedtls_pk_init(new->key); - - if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 || - mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) { - goto error; - } - - if (strcmp(ca_file, "-") != 0) { - if ((new->ca = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL) { - goto error; - } - - mbedtls_x509_crt_init(new->ca); - - if (mbedtls_x509_crt_parse_file(new->ca, ca_file) != 0) { - goto error; - } - } - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - if (strcmp(crl_file, "-") != 0) { - if ((new->crl = mbedtls_calloc(1, sizeof(mbedtls_x509_crl))) == NULL) { - goto error; - } - - mbedtls_x509_crl_init(new->crl); - - if (mbedtls_x509_crl_parse_file(new->crl, crl_file) != 0) { - goto error; - } - } -#endif - - if (strcmp(auth_str, "-") != 0) { - if ((new->authmode = get_auth_mode(auth_str)) < 0) { - goto error; - } - } else { - new->authmode = DFL_AUTH_MODE; - } - - new->next = cur; - cur = new; - } - - return cur; - -error: - sni_free(new); - sni_free(cur); - return NULL; -} - -/* - * SNI callback. - */ -static int sni_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - const sni_entry *cur = (const sni_entry *) p_info; - - /* preserve behavior which checks for SNI match in sni_callback() for - * the benefits of tests using sni_callback(), even though the actual - * certificate assignment has moved to certificate selection callback - * in this application. This exercises sni_callback and cert_callback - * even though real applications might choose to do this differently. - * Application might choose to save name and name_len in user_data for - * later use in certificate selection callback. - */ - while (cur != NULL) { - if (name_len == strlen(cur->name) && - memcmp(name, cur->name, name_len) == 0) { - void *p; - *(const void **)&p = cur; - mbedtls_ssl_set_user_data_p(ssl, p); - return 0; - } - - cur = cur->next; - } - - return -1; -} - -/* - * server certificate selection callback. - */ -static int cert_callback(mbedtls_ssl_context *ssl) -{ - const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p(ssl); - if (cur != NULL) { - /*(exercise mbedtls_ssl_get_hs_sni(); not otherwise used here)*/ - size_t name_len; - const unsigned char *name = mbedtls_ssl_get_hs_sni(ssl, &name_len); - if (strlen(cur->name) != name_len || - memcmp(cur->name, name, name_len) != 0) { - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (cur->ca != NULL) { - mbedtls_ssl_set_hs_ca_chain(ssl, cur->ca, cur->crl); - } - - if (cur->authmode != DFL_AUTH_MODE) { - mbedtls_ssl_set_hs_authmode(ssl, cur->authmode); - } - - return mbedtls_ssl_set_hs_own_cert(ssl, cur->cert, cur->key); - } - - return 0; -} - -#endif /* SNI_OPTION */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - -typedef struct _psk_entry psk_entry; - -struct _psk_entry { - const char *name; - size_t key_len; - unsigned char key[MBEDTLS_PSK_MAX_LEN]; - mbedtls_svc_key_id_t slot; - psk_entry *next; -}; - -/* - * Free a list of psk_entry's - */ -static int psk_free(psk_entry *head) -{ - psk_entry *next; - - while (head != NULL) { - psa_status_t status; - mbedtls_svc_key_id_t const slot = head->slot; - - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot) != 0) { - status = psa_destroy_key(slot); - if (status != PSA_SUCCESS) { - return status; - } - } - - next = head->next; - mbedtls_free(head); - head = next; - } - - return 0; -} - -/* - * Parse a string of pairs name1,key1[,name2,key2[,...]] - * into a usable psk_entry list. - * - * Modifies the input string! This is not production quality! - */ -static psk_entry *psk_parse(char *psk_string) -{ - psk_entry *cur = NULL, *new = NULL; - char *p = psk_string; - char *end = p; - char *key_hex; - - while (*end != '\0') { - ++end; - } - *end = ','; - - while (p <= end) { - if ((new = mbedtls_calloc(1, sizeof(psk_entry))) == NULL) { - goto error; - } - - memset(new, 0, sizeof(psk_entry)); - - GET_ITEM(new->name); - GET_ITEM(key_hex); - - if (mbedtls_test_unhexify(new->key, MBEDTLS_PSK_MAX_LEN, - key_hex, &new->key_len) != 0) { - goto error; - } - - new->next = cur; - cur = new; - } - - return cur; - -error: - psk_free(new); - psk_free(cur); - return 0; -} - -/* - * PSK callback - */ -static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - psk_entry *cur = (psk_entry *) p_info; - - while (cur != NULL) { - if (name_len == strlen(cur->name) && - memcmp(name, cur->name, name_len) == 0) { - if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { - return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); - } else { - return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); - } - } - - cur = cur->next; - } - - return -1; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -static mbedtls_net_context listen_fd, client_fd; - -/* Interruption handler to ensure clean exit (for valgrind testing) */ -#if !defined(_WIN32) -static int received_sigterm = 0; -static void term_handler(int sig) -{ - ((void) sig); - received_sigterm = 1; - mbedtls_net_free(&listen_fd); /* causes mbedtls_net_accept() to abort */ - mbedtls_net_free(&client_fd); /* causes net_read() to abort */ -} -#endif - -/** Return true if \p ret is a status code indicating that there is an - * operation in progress on an SSL connection, and false if it indicates - * success or a fatal error. - * - * The possible operations in progress are: - * - * - A read, when the SSL input buffer does not contain a full message. - * - A write, when the SSL output buffer contains some data that has not - * been sent over the network yet. - * - An asynchronous callback that has not completed yet. */ -static int mbedtls_status_is_ssl_in_progress(int ret) -{ - return ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE || - ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; -} - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -typedef struct { - mbedtls_x509_crt *cert; /*!< Certificate corresponding to the key */ - mbedtls_pk_context *pk; /*!< Private key */ - unsigned delay; /*!< Number of resume steps to go through */ - unsigned pk_owned : 1; /*!< Whether to free the pk object on exit */ -} ssl_async_key_slot_t; - -typedef enum { - SSL_ASYNC_INJECT_ERROR_NONE = 0, /*!< Let the callbacks succeed */ - SSL_ASYNC_INJECT_ERROR_START, /*!< Inject error during start */ - SSL_ASYNC_INJECT_ERROR_CANCEL, /*!< Close the connection after async start */ - SSL_ASYNC_INJECT_ERROR_RESUME, /*!< Inject error during resume */ -#define SSL_ASYNC_INJECT_ERROR_MAX SSL_ASYNC_INJECT_ERROR_RESUME -} ssl_async_inject_error_t; - -typedef struct { - ssl_async_key_slot_t slots[4]; /* key, key2, sni1, sni2 */ - size_t slots_used; - ssl_async_inject_error_t inject_error; - int (*f_rng)(void *, unsigned char *, size_t); - void *p_rng; -} ssl_async_key_context_t; - -static int ssl_async_set_key(ssl_async_key_context_t *ctx, - mbedtls_x509_crt *cert, - mbedtls_pk_context *pk, - int pk_take_ownership, - unsigned delay) -{ - if (ctx->slots_used >= sizeof(ctx->slots) / sizeof(*ctx->slots)) { - return -1; - } - ctx->slots[ctx->slots_used].cert = cert; - ctx->slots[ctx->slots_used].pk = pk; - ctx->slots[ctx->slots_used].delay = delay; - ctx->slots[ctx->slots_used].pk_owned = pk_take_ownership; - ++ctx->slots_used; - return 0; -} - -#define SSL_ASYNC_INPUT_MAX_SIZE 512 - -typedef enum { - ASYNC_OP_SIGN, -} ssl_async_operation_type_t; - -typedef struct { - unsigned slot; - ssl_async_operation_type_t operation_type; - mbedtls_md_type_t md_alg; - unsigned char input[SSL_ASYNC_INPUT_MAX_SIZE]; - size_t input_len; - unsigned remaining_delay; -} ssl_async_operation_context_t; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* Note that ssl_async_operation_type_t and the array below need to be kept in sync! - * `ssl_async_operation_names[op]` is the name of op for each value `op` - * of type `ssl_async_operation_type_t`. */ -static const char *const ssl_async_operation_names[] = -{ - "sign", -}; - -static int ssl_async_start(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - ssl_async_operation_type_t op_type, - mbedtls_md_type_t md_alg, - const unsigned char *input, - size_t input_len) -{ - ssl_async_key_context_t *config_data = - mbedtls_ssl_conf_get_async_config_data(ssl->conf); - unsigned slot; - ssl_async_operation_context_t *ctx = NULL; - const char *op_name = ssl_async_operation_names[op_type]; - - { - char dn[100]; - if (mbedtls_x509_dn_gets(dn, sizeof(dn), &cert->subject) > 0) { - mbedtls_printf("Async %s callback: looking for DN=%s\n", - op_name, dn); - } - } - - /* Look for a private key that matches the public key in cert. - * Since this test code has the private key inside Mbed TLS, - * we call mbedtls_pk_check_pair to match a private key with the - * public key. */ - for (slot = 0; slot < config_data->slots_used; slot++) { - if (mbedtls_pk_check_pair(&cert->pk, - config_data->slots[slot].pk) == 0) { - break; - } - } - if (slot == config_data->slots_used) { - mbedtls_printf("Async %s callback: no key matches this certificate.\n", - op_name); - return MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH; - } - mbedtls_printf("Async %s callback: using key slot %u, delay=%u.\n", - op_name, slot, config_data->slots[slot].delay); - - if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START) { - mbedtls_printf("Async %s callback: injected error\n", op_name); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - if (input_len > SSL_ASYNC_INPUT_MAX_SIZE) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - ctx = mbedtls_calloc(1, sizeof(*ctx)); - if (ctx == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - ctx->slot = slot; - ctx->operation_type = op_type; - ctx->md_alg = md_alg; - memcpy(ctx->input, input, input_len); - ctx->input_len = input_len; - ctx->remaining_delay = config_data->slots[slot].delay; - mbedtls_ssl_set_async_operation_data(ssl, ctx); - - if (ctx->remaining_delay == 0) { - return 0; - } else { - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - } -} - -static int ssl_async_sign(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - mbedtls_md_type_t md_alg, - const unsigned char *hash, - size_t hash_len) -{ - return ssl_async_start(ssl, cert, - ASYNC_OP_SIGN, md_alg, - hash, hash_len); -} - -static int ssl_async_resume(mbedtls_ssl_context *ssl, - unsigned char *output, - size_t *output_len, - size_t output_size) -{ - ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl); - ssl_async_key_context_t *config_data = - mbedtls_ssl_conf_get_async_config_data(ssl->conf); - ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot]; - int ret; - const char *op_name; - - if (ctx->remaining_delay > 0) { - --ctx->remaining_delay; - mbedtls_printf("Async resume (slot %u): call %u more times.\n", - ctx->slot, ctx->remaining_delay); - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - } - - switch (ctx->operation_type) { - case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len); - break; - default: - mbedtls_printf( - "Async resume (slot %u): unknown operation type %ld. This shouldn't happen.\n", - ctx->slot, - (long) ctx->operation_type); - mbedtls_free(ctx); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - break; - } - - op_name = ssl_async_operation_names[ctx->operation_type]; - - if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME) { - mbedtls_printf("Async resume callback: %s done but injected error\n", - op_name); - mbedtls_free(ctx); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - mbedtls_printf("Async resume (slot %u): %s done, status=%d.\n", - ctx->slot, op_name, ret); - mbedtls_free(ctx); - return ret; -} - -static void ssl_async_cancel(mbedtls_ssl_context *ssl) -{ - ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl); - mbedtls_printf("Async cancel callback.\n"); - mbedtls_free(ctx); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, - psa_algorithm_t alg, - unsigned char *psk, - size_t psk_len) -{ - psa_status_t status; - psa_key_attributes_t key_attributes; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, alg); - psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&key_attributes, psk, psk_len, slot); - if (status != PSA_SUCCESS) { - fprintf(stderr, "IMPORT\n"); - return status; - } - - return PSA_SUCCESS; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static int report_cid_usage(mbedtls_ssl_context *ssl, - const char *additional_description) -{ - int ret; - unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; - size_t peer_cid_len; - int cid_negotiated; - - if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - return 0; - } - - /* Check if the use of a CID has been negotiated */ - ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated, - peer_cid, &peer_cid_len); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", - (unsigned int) -ret); - return ret; - } - - if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) { - if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) { - mbedtls_printf("(%s) Use of Connection ID was not offered by client.\n", - additional_description); - } - } else { - size_t idx = 0; - mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n", - additional_description); - mbedtls_printf("(%s) Peer CID (length %u Bytes): ", - additional_description, - (unsigned) peer_cid_len); - while (idx < peer_cid_len) { - mbedtls_printf("%02x ", peer_cid[idx]); - idx++; - } - mbedtls_printf("\n"); - } - - return 0; -} -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) && \ - defined(MBEDTLS_HAVE_TIME) -static inline void put_unaligned_uint32(void *p, uint32_t x) -{ - memcpy(p, &x, sizeof(x)); -} - -/* Functions for session ticket tests */ -static int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *ticket_lifetime) -{ - int ret; - unsigned char *p = start; - size_t clear_len; - ((void) p_ticket); - - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - put_unaligned_uint32(p, 7 * 24 * 3600); - *ticket_lifetime = 7 * 24 * 3600; - p += 4; - - /* Dump session state */ - if ((ret = mbedtls_ssl_session_save(session, p, end - p, - &clear_len)) != 0) { - return ret; - } - - *tlen = 4 + clear_len; - - return 0; -} - -static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len) -{ - int ret; - ((void) p_ticket); - - if ((ret = mbedtls_ssl_session_load(session, buf + 4, len - 4)) != 0) { - return ret; - } - - switch (opt.dummy_ticket % 11) { - case 1: - return MBEDTLS_ERR_SSL_INVALID_MAC; - case 2: - return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - case 3: - /* Creation time in the future. */ - session->ticket_creation_time = mbedtls_ms_time() + 1000; - break; - case 4: - /* Ticket has reached the end of lifetime. */ - session->ticket_creation_time = mbedtls_ms_time() - - (7 * 24 * 3600 * 1000 + 1000); - break; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case 5: - /* Ticket is valid, but client age is below the lower bound of the tolerance window. */ - session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; - /* Make sure the execution time does not affect the result */ - session->ticket_creation_time = mbedtls_ms_time(); - break; - - case 6: - /* Ticket is valid, but client age is beyond the upper bound of the tolerance window. */ - session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; - /* Make sure the execution time does not affect the result */ - session->ticket_creation_time = mbedtls_ms_time(); - break; - case 7: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; - break; - case 8: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - break; - case 9: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - break; - case 10: - session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - break; -#endif - default: - break; - } - - return ret; -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C && MBEDTLS_HAVE_TIME */ - -static int parse_cipher(char *buf) -{ - int ret = 0; - if (strcmp(buf, "AES-128-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_AES; - opt.ticket_key_bits = 128; - } else if (strcmp(buf, "AES-128-GCM")) { - opt.ticket_alg = PSA_ALG_GCM; - opt.ticket_key_type = PSA_KEY_TYPE_AES; - opt.ticket_key_bits = 128; - } else if (strcmp(buf, "AES-192-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_AES; - opt.ticket_key_bits = 192; - } else if (strcmp(buf, "AES-192-GCM")) { - opt.ticket_alg = PSA_ALG_GCM; - opt.ticket_key_type = PSA_KEY_TYPE_AES; - opt.ticket_key_bits = 192; - } else if (strcmp(buf, "AES-256-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_AES; - opt.ticket_key_bits = 256; - } else if (strcmp(buf, "ARIA-128-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_ARIA; - opt.ticket_key_bits = 128; - } else if (strcmp(buf, "ARIA-128-GCM")) { - opt.ticket_alg = PSA_ALG_GCM; - opt.ticket_key_type = PSA_KEY_TYPE_ARIA; - opt.ticket_key_bits = 128; - } else if (strcmp(buf, "ARIA-192-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_ARIA; - opt.ticket_key_bits = 192; - } else if (strcmp(buf, "ARIA-192-GCM")) { - opt.ticket_alg = PSA_ALG_GCM; - opt.ticket_key_type = PSA_KEY_TYPE_ARIA; - opt.ticket_key_bits = 192; - } else if (strcmp(buf, "ARIA-256-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_ARIA; - opt.ticket_key_bits = 256; - } else if (strcmp(buf, "ARIA-256-GCM")) { - opt.ticket_alg = PSA_ALG_GCM; - opt.ticket_key_type = PSA_KEY_TYPE_ARIA; - opt.ticket_key_bits = 256; - } else if (strcmp(buf, "CAMELLIA-128-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; - opt.ticket_key_bits = 128; - } else if (strcmp(buf, "CAMELLIA-192-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; - opt.ticket_key_bits = 192; - } else if (strcmp(buf, "CAMELLIA-256-CCM")) { - opt.ticket_alg = PSA_ALG_CCM; - opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; - opt.ticket_key_bits = 256; - } else if (strcmp(buf, "CHACHA20-POLY1305")) { - opt.ticket_alg = PSA_ALG_CHACHA20_POLY1305; - opt.ticket_key_type = PSA_KEY_TYPE_CHACHA20; - opt.ticket_key_bits = 256; - } else { - ret = -1; - } - return ret; -} - -int main(int argc, char *argv[]) -{ - int ret = 0, len, written, frags, exchanges_left; - int query_config_ret = 0; - io_ctx_t io_ctx; - unsigned char *buf = 0; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - psa_algorithm_t alg = 0; - mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; - unsigned char psk[MBEDTLS_PSK_MAX_LEN]; - size_t psk_len = 0; - psk_entry *psk_info = NULL; -#endif - const char *pers = "ssl_server2"; - unsigned char client_ip[16] = { 0 }; - size_t cliip_len; -#if defined(MBEDTLS_SSL_COOKIE_C) - mbedtls_ssl_cookie_ctx cookie_ctx; -#endif - - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - unsigned char renego_period[8] = { 0 }; -#endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint32_t flags; - mbedtls_x509_crt cacert; - mbedtls_x509_crt srvcert; - mbedtls_pk_context pkey; - mbedtls_x509_crt srvcert2; - mbedtls_pk_context pkey2; - mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ - mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ - int key_cert_init = 0, key_cert_init2 = 0; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - ssl_async_key_context_t ssl_async_keys; -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context cache; -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_context ticket_ctx; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ -#if defined(SNI_OPTION) - sni_entry *sni_info = NULL; -#endif - uint16_t group_list[GROUP_LIST_SIZE]; -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn_list[ALPN_LIST_SIZE]; -#endif -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[MEMORY_HEAP_SIZE]; -#endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; - size_t cid_len = 0; - size_t cid_renego_len = 0; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len = 0; -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; -#endif - - int i; - char *p, *q; - const int *list; - psa_status_t status; - unsigned char eap_tls_keymaterial[16]; - unsigned char eap_tls_iv[8]; - const char *eap_tls_label = "client EAP encryption"; - eap_tls_keys eap_tls_keying; -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; - const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp"; - dtls_srtp_keys dtls_srtp_keying; - const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, - MBEDTLS_TLS_SRTP_UNSET - }; -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#if defined(MBEDTLS_MEMORY_DEBUG) - size_t current_heap_memory, peak_heap_memory, heap_blocks; -#endif /* MBEDTLS_MEMORY_DEBUG */ -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ - -#if defined(MBEDTLS_TEST_HOOKS) - test_hooks_init(); -#endif /* MBEDTLS_TEST_HOOKS */ - - /* - * Make sure memory references are valid in case we exit early. - */ - mbedtls_net_init(&client_fd); - mbedtls_net_init(&listen_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - rng_init(&rng); -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_init(&cacert); - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); - mbedtls_x509_crt_init(&srvcert2); - mbedtls_pk_init(&pkey2); -#endif -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - memset(&ssl_async_keys, 0, sizeof(ssl_async_keys)); -#endif -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_init(&cache); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_init(&ticket_ctx); -#endif -#if defined(MBEDTLS_SSL_ALPN) - memset((void *) alpn_list, 0, sizeof(alpn_list)); -#endif -#if defined(MBEDTLS_SSL_COOKIE_C) - mbedtls_ssl_cookie_init(&cookie_ctx); -#endif - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - mbedtls_test_enable_insecure_external_rng(); -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - -#if !defined(_WIN32) - /* Abort cleanly on SIGTERM and SIGINT */ - signal(SIGTERM, term_handler); - signal(SIGINT, term_handler); -#endif - - opt.buffer_size = DFL_IO_BUF_LEN; - opt.server_addr = DFL_SERVER_ADDR; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.event = DFL_EVENT; - opt.response_size = DFL_RESPONSE_SIZE; - opt.nbio = DFL_NBIO; - opt.cid_enabled = DFL_CID_ENABLED; - opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO; - opt.cid_val = DFL_CID_VALUE; - opt.cid_val_renego = DFL_CID_VALUE_RENEGO; - opt.read_timeout = DFL_READ_TIMEOUT; - opt.exp_label = DFL_EXP_LABEL; - opt.exp_len = DFL_EXP_LEN; - opt.ca_file = DFL_CA_FILE; - opt.ca_path = DFL_CA_PATH; - opt.crt_file = DFL_CRT_FILE; - opt.key_file = DFL_KEY_FILE; - opt.key_opaque = DFL_KEY_OPAQUE; - opt.key_pwd = DFL_KEY_PWD; - opt.crt_file2 = DFL_CRT_FILE2; - opt.key_file2 = DFL_KEY_FILE2; - opt.key_pwd2 = DFL_KEY_PWD2; - opt.async_operations = DFL_ASYNC_OPERATIONS; - opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1; - opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; - opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; - opt.psk = DFL_PSK; - opt.psk_opaque = DFL_PSK_OPAQUE; - opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - opt.ca_callback = DFL_CA_CALLBACK; -#endif - opt.psk_identity = DFL_PSK_IDENTITY; - opt.psk_list = DFL_PSK_LIST; - opt.ecjpake_pw = DFL_ECJPAKE_PW; - opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; - opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - opt.renegotiation = DFL_RENEGOTIATION; - opt.allow_legacy = DFL_ALLOW_LEGACY; - opt.renegotiate = DFL_RENEGOTIATE; - opt.renego_delay = DFL_RENEGO_DELAY; - opt.renego_period = DFL_RENEGO_PERIOD; - opt.exchanges = DFL_EXCHANGES; - opt.min_version = DFL_MIN_VERSION; - opt.max_version = DFL_MAX_VERSION; - opt.allow_sha1 = DFL_SHA1; - opt.auth_mode = DFL_AUTH_MODE; - opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST; - opt.cert_req_dn_hint = DFL_CERT_REQ_DN_HINT; - opt.mfl_code = DFL_MFL_CODE; - opt.trunc_hmac = DFL_TRUNC_HMAC; - opt.tickets = DFL_TICKETS; - opt.dummy_ticket = DFL_DUMMY_TICKET; - opt.ticket_rotate = DFL_TICKET_ROTATE; - opt.ticket_timeout = DFL_TICKET_TIMEOUT; - opt.ticket_alg = DFL_TICKET_ALG; - opt.ticket_key_type = DFL_TICKET_KEY_TYPE; - opt.ticket_key_bits = DFL_TICKET_KEY_BITS; - opt.cache_max = DFL_CACHE_MAX; -#if defined(MBEDTLS_HAVE_TIME) - opt.cache_timeout = DFL_CACHE_TIMEOUT; -#endif - opt.cache_remove = DFL_CACHE_REMOVE; - opt.sni = DFL_SNI; - opt.alpn_string = DFL_ALPN_STRING; - opt.groups = DFL_GROUPS; -#if defined(MBEDTLS_SSL_EARLY_DATA) - opt.early_data = DFL_EARLY_DATA; - opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE; -#endif - opt.sig_algs = DFL_SIG_ALGS; - opt.transport = DFL_TRANSPORT; - opt.cookies = DFL_COOKIES; - opt.anti_replay = DFL_ANTI_REPLAY; - opt.hs_to_min = DFL_HS_TO_MIN; - opt.hs_to_max = DFL_HS_TO_MAX; - opt.dtls_mtu = DFL_DTLS_MTU; - opt.dgram_packing = DFL_DGRAM_PACKING; - opt.badmac_limit = DFL_BADMAC_LIMIT; - opt.extended_ms = DFL_EXTENDED_MS; - opt.etm = DFL_ETM; - opt.serialize = DFL_SERIALIZE; - opt.context_file = DFL_CONTEXT_FILE; - opt.eap_tls = DFL_EAP_TLS; - opt.reproducible = DFL_REPRODUCIBLE; - opt.nss_keylog = DFL_NSS_KEYLOG; - opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; - opt.query_config_mode = DFL_QUERY_CONFIG_MODE; - opt.use_srtp = DFL_USE_SRTP; - opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; - opt.support_mki = DFL_SRTP_SUPPORT_MKI; - opt.key1_opaque_alg1 = DFL_KEY_OPAQUE_ALG; - opt.key1_opaque_alg2 = DFL_KEY_OPAQUE_ALG; - opt.key2_opaque_alg1 = DFL_KEY_OPAQUE_ALG; - opt.key2_opaque_alg2 = DFL_KEY_OPAQUE_ALG; - - p = q = NULL; - if (argc < 1) { -usage: - if (p != NULL && q != NULL) { - printf("unrecognized value for '%s': '%s'\n", p, q); - } else if (p != NULL && q == NULL) { - printf("unrecognized param: '%s'\n", p); - } - - mbedtls_printf("usage: ssl_client2 [param=value] [...]\n"); - mbedtls_printf(" ssl_client2 help[_theme]\n"); - mbedtls_printf("'help' lists acceptable 'param' and 'value'\n"); - mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n"); - mbedtls_printf("\n"); - - if (ret == 0) { - ret = 1; - } - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - - if (strcmp(p, "help") == 0) { - mbedtls_printf(USAGE1); - mbedtls_printf(USAGE2); - mbedtls_printf(USAGE3); - mbedtls_printf(USAGE4); - - ret = 0; - goto exit; - } - if (strcmp(p, "help_ciphersuites") == 0) { - mbedtls_printf(" acceptable ciphersuite names:\n"); - for (list = mbedtls_ssl_list_ciphersuites(); - *list != 0; - list++) { - mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); - } - - ret = 0; - goto exit; - } - - if ((q = strchr(p, '=')) == NULL) { - mbedtls_printf("param requires a value: '%s'\n", p); - p = NULL; // avoid "unrecnognized param" message - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "server_addr") == 0) { - opt.server_addr = q; - } else if (strcmp(p, "dtls") == 0) { - int t = atoi(q); - if (t == 0) { - opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM; - } else if (t == 1) { - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } else { - goto usage; - } - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "build_version") == 0) { - if (strcmp(q, "1") == 0) { - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, - MBEDTLS_VERSION_NUMBER); - goto exit; - } - } else if (strcmp(p, "nbio") == 0) { - opt.nbio = atoi(q); - if (opt.nbio < 0 || opt.nbio > 2) { - goto usage; - } - } else if (strcmp(p, "event") == 0) { - opt.event = atoi(q); - if (opt.event < 0 || opt.event > 2) { - goto usage; - } - } else if (strcmp(p, "read_timeout") == 0) { - opt.read_timeout = atoi(q); - } else if (strcmp(p, "exp_label") == 0) { - opt.exp_label = q; - } else if (strcmp(p, "exp_len") == 0) { - opt.exp_len = atoi(q); - } else if (strcmp(p, "buffer_size") == 0) { - opt.buffer_size = atoi(q); - if (opt.buffer_size < 1) { - goto usage; - } - } else if (strcmp(p, "response_size") == 0) { - opt.response_size = atoi(q); - if (opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_OUT_CONTENT_LEN) { - goto usage; - } - if (opt.buffer_size < opt.response_size) { - opt.buffer_size = opt.response_size; - } - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "ca_path") == 0) { - opt.ca_path = q; - } else if (strcmp(p, "crt_file") == 0) { - opt.crt_file = q; - } else if (strcmp(p, "key_file") == 0) { - opt.key_file = q; - } else if (strcmp(p, "key_pwd") == 0) { - opt.key_pwd = q; - } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "key_opaque") == 0) { - opt.key_opaque = atoi(q); - } -#endif - else if (strcmp(p, "crt_file2") == 0) { - opt.crt_file2 = q; - } else if (strcmp(p, "key_file2") == 0) { - opt.key_file2 = q; - } else if (strcmp(p, "key_pwd2") == 0) { - opt.key_pwd2 = q; - } -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - else if (strcmp(p, "async_operations") == 0) { - opt.async_operations = q; - } else if (strcmp(p, "async_private_delay1") == 0) { - opt.async_private_delay1 = atoi(q); - } else if (strcmp(p, "async_private_delay2") == 0) { - opt.async_private_delay2 = atoi(q); - } else if (strcmp(p, "async_private_error") == 0) { - int n = atoi(q); - if (n < -SSL_ASYNC_INJECT_ERROR_MAX || - n > SSL_ASYNC_INJECT_ERROR_MAX) { - ret = 2; - goto usage; - } - opt.async_private_error = n; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - else if (strcmp(p, "cid") == 0) { - opt.cid_enabled = atoi(q); - if (opt.cid_enabled != 0 && opt.cid_enabled != 1) { - goto usage; - } - } else if (strcmp(p, "cid_renego") == 0) { - opt.cid_enabled_renego = atoi(q); - if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) { - goto usage; - } - } else if (strcmp(p, "cid_val") == 0) { - opt.cid_val = q; - } else if (strcmp(p, "cid_val_renego") == 0) { - opt.cid_val_renego = q; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - else if (strcmp(p, "psk") == 0) { - opt.psk = q; - } else if (strcmp(p, "psk_opaque") == 0) { - opt.psk_opaque = atoi(q); - } else if (strcmp(p, "psk_list_opaque") == 0) { - opt.psk_list_opaque = atoi(q); - } -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - else if (strcmp(p, "ca_callback") == 0) { - opt.ca_callback = atoi(q); - } -#endif - else if (strcmp(p, "psk_identity") == 0) { - opt.psk_identity = q; - } else if (strcmp(p, "psk_list") == 0) { - opt.psk_list = q; - } else if (strcmp(p, "ecjpake_pw") == 0) { - opt.ecjpake_pw = q; - } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { - opt.ecjpake_pw_opaque = atoi(q); - } else if (strcmp(p, "force_ciphersuite") == 0) { - opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); - - if (opt.force_ciphersuite[0] == 0) { - ret = 2; - goto usage; - } - opt.force_ciphersuite[1] = 0; - } else if (strcmp(p, "groups") == 0) { - opt.groups = q; - } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - else if (strcmp(p, "sig_algs") == 0) { - opt.sig_algs = q; - } -#endif -#if defined(MBEDTLS_SSL_EARLY_DATA) - else if (strcmp(p, "early_data") == 0) { - switch (atoi(q)) { - case 0: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - case 1: - opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "max_early_data_size") == 0) { - opt.max_early_data_size = (uint32_t) atoll(q); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - else if (strcmp(p, "renegotiation") == 0) { - opt.renegotiation = (atoi(q)) ? - MBEDTLS_SSL_RENEGOTIATION_ENABLED : - MBEDTLS_SSL_RENEGOTIATION_DISABLED; - } else if (strcmp(p, "allow_legacy") == 0) { - switch (atoi(q)) { - case -1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; - break; - case 0: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - break; - case 1: - opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; - break; - default: goto usage; - } - } else if (strcmp(p, "renegotiate") == 0) { - opt.renegotiate = atoi(q); - if (opt.renegotiate < 0 || opt.renegotiate > 1) { - goto usage; - } - } else if (strcmp(p, "renego_delay") == 0) { - opt.renego_delay = atoi(q); - } else if (strcmp(p, "renego_period") == 0) { -#if defined(_MSC_VER) - opt.renego_period = _strtoui64(q, NULL, 10); -#else - if (sscanf(q, "%" SCNu64, &opt.renego_period) != 1) { - goto usage; - } -#endif /* _MSC_VER */ - if (opt.renego_period < 2) { - goto usage; - } - } else if (strcmp(p, "exchanges") == 0) { - opt.exchanges = atoi(q); - if (opt.exchanges < 0) { - goto usage; - } - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(p, "tls13_kex_modes") == 0) { - if (strcmp(q, "psk") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } else if (strcmp(q, "psk_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } else if (strcmp(q, "ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else if (strcmp(q, "ephemeral_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL; - } else if (strcmp(q, "psk_all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; - } else if (strcmp(q, "all") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; - } - /* The purpose of `psk_or_ephemeral` is to improve test coverage. That - * is not recommended in practice. - * `psk_or_ephemeral` exists in theory, we need this mode to test if - * this setting work correctly. With this key exchange setting, server - * should always perform `ephemeral` handshake. `psk` or `psk_ephemeral` - * is not expected. - */ - else if (strcmp(q, "psk_or_ephemeral") == 0) { - opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - } else { - goto usage; - } - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - else if (strcmp(p, "min_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "max_version") == 0) { - if (strcmp(q, "tls12") == 0 || - strcmp(q, "dtls12") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "allow_sha1") == 0) { - switch (atoi(q)) { - case 0: opt.allow_sha1 = 0; break; - case 1: opt.allow_sha1 = 1; break; - default: goto usage; - } - } else if (strcmp(p, "force_version") == 0) { - if (strcmp(q, "tls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } else if (strcmp(q, "dtls12") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2; - opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - else if (strcmp(q, "tls13") == 0) { - opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3; - opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3; - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - else { - goto usage; - } - } else if (strcmp(p, "auth_mode") == 0) { - if ((opt.auth_mode = get_auth_mode(q)) < 0) { - goto usage; - } - } else if (strcmp(p, "cert_req_ca_list") == 0) { - opt.cert_req_ca_list = atoi(q); - if (opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 3) { - goto usage; - } - if (opt.cert_req_ca_list > 1) { - opt.cert_req_dn_hint = opt.cert_req_ca_list; - opt.cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; - } - } else if (strcmp(p, "max_frag_len") == 0) { - if (strcmp(q, "512") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; - } else if (strcmp(q, "1024") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024; - } else if (strcmp(q, "2048") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048; - } else if (strcmp(q, "4096") == 0) { - opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096; - } else { - goto usage; - } - } else if (strcmp(p, "alpn") == 0) { - opt.alpn_string = q; - } else if (strcmp(p, "trunc_hmac") == 0) { - switch (atoi(q)) { - case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break; - case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break; - default: goto usage; - } - } else if (strcmp(p, "extended_ms") == 0) { - switch (atoi(q)) { - case 0: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; - break; - case 1: - opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - break; - default: goto usage; - } - } else if (strcmp(p, "etm") == 0) { - switch (atoi(q)) { - case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break; - case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break; - default: goto usage; - } - } else if (strcmp(p, "tickets") == 0) { - opt.tickets = atoi(q); - if (opt.tickets < 0) { - goto usage; - } - } else if (strcmp(p, "dummy_ticket") == 0) { - opt.dummy_ticket = atoi(q); - if (opt.dummy_ticket < 0) { - goto usage; - } - } else if (strcmp(p, "ticket_rotate") == 0) { - opt.ticket_rotate = atoi(q); - if (opt.ticket_rotate < 0 || opt.ticket_rotate > 1) { - goto usage; - } - } else if (strcmp(p, "ticket_timeout") == 0) { - opt.ticket_timeout = atoi(q); - if (opt.ticket_timeout < 0) { - goto usage; - } - } else if (strcmp(p, "ticket_aead") == 0) { - if (parse_cipher(q) != 0) { - goto usage; - } - } else if (strcmp(p, "cache_max") == 0) { - opt.cache_max = atoi(q); - if (opt.cache_max < 0) { - goto usage; - } - } -#if defined(MBEDTLS_HAVE_TIME) - else if (strcmp(p, "cache_timeout") == 0) { - opt.cache_timeout = atoi(q); - if (opt.cache_timeout < 0) { - goto usage; - } - } -#endif - else if (strcmp(p, "cache_remove") == 0) { - opt.cache_remove = atoi(q); - if (opt.cache_remove < 0 || opt.cache_remove > 1) { - goto usage; - } - } else if (strcmp(p, "cookies") == 0) { - opt.cookies = atoi(q); - if (opt.cookies < -1 || opt.cookies > 1) { - goto usage; - } - } else if (strcmp(p, "anti_replay") == 0) { - opt.anti_replay = atoi(q); - if (opt.anti_replay < 0 || opt.anti_replay > 1) { - goto usage; - } - } else if (strcmp(p, "badmac_limit") == 0) { - opt.badmac_limit = atoi(q); - if (opt.badmac_limit < 0) { - goto usage; - } - } else if (strcmp(p, "hs_timeout") == 0) { - if ((p = strchr(q, '-')) == NULL) { - goto usage; - } - *p++ = '\0'; - opt.hs_to_min = atoi(q); - opt.hs_to_max = atoi(p); - if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) { - goto usage; - } - } else if (strcmp(p, "mtu") == 0) { - opt.dtls_mtu = atoi(q); - if (opt.dtls_mtu < 0) { - goto usage; - } - } else if (strcmp(p, "dgram_packing") == 0) { - opt.dgram_packing = atoi(q); - if (opt.dgram_packing != 0 && - opt.dgram_packing != 1) { - goto usage; - } - } else if (strcmp(p, "sni") == 0) { - opt.sni = q; - } else if (strcmp(p, "query_config") == 0) { - opt.query_config_mode = 1; - query_config_ret = query_config(q); - goto exit; - } else if (strcmp(p, "serialize") == 0) { - opt.serialize = atoi(q); - if (opt.serialize < 0 || opt.serialize > 2) { - goto usage; - } - } else if (strcmp(p, "context_file") == 0) { - opt.context_file = q; - } else if (strcmp(p, "eap_tls") == 0) { - opt.eap_tls = atoi(q); - if (opt.eap_tls < 0 || opt.eap_tls > 1) { - goto usage; - } - } else if (strcmp(p, "reproducible") == 0) { - opt.reproducible = 1; - } else if (strcmp(p, "nss_keylog") == 0) { - opt.nss_keylog = atoi(q); - if (opt.nss_keylog < 0 || opt.nss_keylog > 1) { - goto usage; - } - } else if (strcmp(p, "nss_keylog_file") == 0) { - opt.nss_keylog_file = q; - } else if (strcmp(p, "use_srtp") == 0) { - opt.use_srtp = atoi(q); - } else if (strcmp(p, "srtp_force_profile") == 0) { - opt.force_srtp_profile = atoi(q); - } else if (strcmp(p, "support_mki") == 0) { - opt.support_mki = atoi(q); - } else if (strcmp(p, "key_opaque_algs") == 0) { - if (key_opaque_alg_parse(q, &opt.key1_opaque_alg1, - &opt.key1_opaque_alg2) != 0) { - goto usage; - } - } else if (strcmp(p, "key_opaque_algs2") == 0) { - if (key_opaque_alg_parse(q, &opt.key2_opaque_alg1, - &opt.key2_opaque_alg2) != 0) { - goto usage; - } - } else { - /* This signals that the problem is with p not q */ - q = NULL; - goto usage; - } - } - /* This signals that any further erorrs are not with a single option */ - p = q = NULL; - - if (opt.nss_keylog != 0 && opt.eap_tls != 0) { - mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n"); - goto usage; - } - - /* Event-driven IO is incompatible with the above custom - * receive and send functions, as the polling builds on - * refers to the underlying net_context. */ - if (opt.event == 1 && opt.nbio != 1) { - mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n"); - opt.nbio = 1; - } - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(opt.debug_level); -#endif - - /* buf will alternatively contain the input read from the client and the - * response that's about to be sent, plus a null byte in each case. */ - size_t buf_content_size = opt.buffer_size; - /* The default response contains the ciphersuite name. Leave enough - * room for that plus some margin. */ - if (buf_content_size < strlen(HTTP_RESPONSE) + 80) { - buf_content_size = strlen(HTTP_RESPONSE) + 80; - } - if (opt.response_size != DFL_RESPONSE_SIZE && - buf_content_size < (size_t) opt.response_size) { - buf_content_size = opt.response_size; - } - buf = mbedtls_calloc(1, buf_content_size + 1); - if (buf == NULL) { - mbedtls_printf("Could not allocate %lu bytes\n", - (unsigned long) buf_content_size + 1); - ret = 3; - goto exit; - } - - if (opt.psk_opaque != 0) { - if (strlen(opt.psk) == 0) { - mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); - ret = 2; - goto usage; - } - - if (opt.force_ciphersuite[0] <= 0) { - mbedtls_printf( - "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n"); - ret = 2; - goto usage; - } - } - - if (opt.psk_list_opaque != 0) { - if (opt.psk_list == NULL) { - mbedtls_printf("psk_slot set but no psk to be imported specified.\n"); - ret = 2; - goto usage; - } - - if (opt.force_ciphersuite[0] <= 0) { - mbedtls_printf( - "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n"); - ret = 2; - goto usage; - } - } - - if (opt.force_ciphersuite[0] > 0) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]); - - if (opt.max_version != -1 && - ciphersuite_info->min_tls_version > opt.max_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - if (opt.min_version != -1 && - ciphersuite_info->max_tls_version < opt.min_version) { - mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); - ret = 2; - goto usage; - } - - /* If we select a version that's not supported by - * this suite, then there will be no common ciphersuite... */ - if (opt.max_version == -1 || - opt.max_version > ciphersuite_info->max_tls_version) { - opt.max_version = ciphersuite_info->max_tls_version; - } - if (opt.min_version < ciphersuite_info->min_tls_version) { - opt.min_version = ciphersuite_info->min_tls_version; - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { - /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(PSA_WANT_ALG_SHA_384) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); - } else -#endif /* PSA_WANT_ALG_SHA_384 */ - alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (mbedtls_test_unhexify(cid, sizeof(cid), - opt.cid_val, &cid_len) != 0) { - mbedtls_printf("CID not valid hex\n"); - goto exit; - } - - /* Keep CID settings for renegotiation unless - * specified otherwise. */ - if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) { - opt.cid_enabled_renego = opt.cid_enabled; - } - if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) { - opt.cid_val_renego = opt.cid_val; - } - - if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego), - opt.cid_val_renego, &cid_renego_len) != 0) { - mbedtls_printf("CID not valid hex\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - /* - * Unhexify the pre-shared key and parse the list if any given - */ - if (mbedtls_test_unhexify(psk, sizeof(psk), - opt.psk, &psk_len) != 0) { - mbedtls_printf("pre-shared key not valid hex\n"); - goto exit; - } - - if (opt.psk_list != NULL) { - if ((psk_info = psk_parse(opt.psk_list)) == NULL) { - mbedtls_printf("psk_list invalid"); - goto exit; - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - - if (opt.groups != NULL) { - if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) { - goto exit; - } - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - p = (char *) opt.sig_algs; - i = 0; - - /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */ - while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') { - q = p; - - /* Terminate the current string */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - - if (strcmp(q, "rsa_pkcs1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; - } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; - } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; - } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - } else if (strcmp(q, "ed25519") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; - } else if (strcmp(q, "ed448") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; - } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; - } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; - } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; - } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; - } else if (strcmp(q, "ecdsa_sha1") == 0) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; - } else { - ret = -1; - mbedtls_printf("unknown signature algorithm \"%s\"\n", q); - mbedtls_print_supported_sig_algs(); - goto exit; - } - } - - if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') { - mbedtls_printf("signature algorithm list too long, maximum %d", - SIG_ALG_LIST_SIZE - 1); - goto exit; - } - - sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE; - } -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - p = (char *) opt.alpn_string; - i = 0; - - /* Leave room for a final NULL in alpn_list */ - while (i < ALPN_LIST_SIZE - 1 && *p != '\0') { - alpn_list[i++] = p; - - /* Terminate the current string and move on to next one */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - } - } -#endif /* MBEDTLS_SSL_ALPN */ - - mbedtls_printf("build version: %s (build %d)\n", - MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER); - - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - ret = rng_seed(&rng, opt.reproducible, pers); - if (ret != 0) { - goto exit; - } - mbedtls_printf(" ok\n"); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - if (strcmp(opt.ca_path, "none") == 0 || - strcmp(opt.ca_file, "none") == 0) { - ret = 0; - } else -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.ca_path)) { - ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path); - } else if (strlen(opt.ca_file)) { - ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); - } else -#endif - { -#if defined(MBEDTLS_PEM_PARSE_C) - for (i = 0; mbedtls_test_cas[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse(&cacert, - (const unsigned char *) mbedtls_test_cas[i], - mbedtls_test_cas_len[i]); - if (ret != 0) { - break; - } - } -#endif /* MBEDTLS_PEM_PARSE_C */ - if (ret == 0) { - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der(&cacert, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - if (ret != 0) { - break; - } - } - } - } - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - - /* - * 1.2. Load own certificate and private key - */ - mbedtls_printf(" . Loading the server cert. and key..."); - fflush(stdout); - -#if defined(MBEDTLS_FS_IO) - if (strlen(opt.crt_file) && strcmp(opt.crt_file, "none") != 0) { - key_cert_init++; - if ((ret = mbedtls_x509_crt_parse_file(&srvcert, opt.crt_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) { - key_cert_init++; - if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, - opt.key_pwd)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (key_cert_init == 1) { - mbedtls_printf(" failed\n ! crt_file without key_file or vice-versa\n\n"); - goto exit; - } - - if (strlen(opt.crt_file2) && strcmp(opt.crt_file2, "none") != 0) { - key_cert_init2++; - if ((ret = mbedtls_x509_crt_parse_file(&srvcert2, opt.crt_file2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) { - key_cert_init2++; - if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2, - opt.key_pwd2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - if (key_cert_init2 == 1) { - mbedtls_printf(" failed\n ! crt_file2 without key_file2 or vice-versa\n\n"); - goto exit; - } -#endif - if (key_cert_init == 0 && - strcmp(opt.crt_file, "none") != 0 && - strcmp(opt.key_file, "none") != 0 && - key_cert_init2 == 0 && - strcmp(opt.crt_file2, "none") != 0 && - strcmp(opt.key_file2, "none") != 0) { -#if defined(MBEDTLS_RSA_C) - if ((ret = mbedtls_x509_crt_parse(&srvcert, - (const unsigned char *) mbedtls_test_srv_crt_rsa, - mbedtls_test_srv_crt_rsa_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - if ((ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa, - mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - key_cert_init = 2; -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) - if ((ret = mbedtls_x509_crt_parse(&srvcert2, - (const unsigned char *) mbedtls_test_srv_crt_ec, - mbedtls_test_srv_crt_ec_len)) != 0) { - mbedtls_printf(" failed\n ! x509_crt_parse2 returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - if ((ret = mbedtls_pk_parse_key(&pkey2, - (const unsigned char *) mbedtls_test_srv_key_ec, - mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) { - mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - key_cert_init2 = 2; -#endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ - } - - if (opt.key_opaque != 0) { - psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; - psa_key_usage_t psa_usage = 0; - - if (key_opaque_set_alg_usage(opt.key1_opaque_alg1, - opt.key1_opaque_alg2, - &psa_alg, &psa_alg2, - &psa_usage, - mbedtls_pk_get_type(&pkey)) == 0) { - ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, psa_usage, &key_slot); - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "pk_wrap_as_opaque returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - - psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE; - psa_usage = 0; - - if (key_opaque_set_alg_usage(opt.key2_opaque_alg1, - opt.key2_opaque_alg2, - &psa_alg, &psa_alg2, - &psa_usage, - mbedtls_pk_get_type(&pkey2)) == 0) { - ret = pk_wrap_as_opaque(&pkey2, psa_alg, psa_alg2, psa_usage, &key_slot2); - if (ret != 0) { - mbedtls_printf(" failed\n ! " - "mbedtls_pk_get_psa_attributes returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } - } - - mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", - key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none"); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(SNI_OPTION) - if (opt.sni != NULL) { - mbedtls_printf(" . Setting up SNI information..."); - fflush(stdout); - - if ((sni_info = sni_parse(opt.sni)) == NULL) { - mbedtls_printf(" failed\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif /* SNI_OPTION */ - - /* - * 2. Setup stuff - */ - mbedtls_printf(" . Setting up the SSL/TLS structure..."); - fflush(stdout); - - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_SERVER, - opt.transport, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* The default algorithms profile disables SHA-1, but our tests still - rely on it heavily. Hence we allow it here. A real-world server - should use the default profile unless there is a good reason not to. */ - if (opt.allow_sha1 > 0) { - crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1); - mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test); - mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test); - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if (opt.auth_mode != DFL_AUTH_MODE) { - mbedtls_ssl_conf_authmode(&conf, opt.auth_mode); - } - - if (opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST) { - mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list); - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (opt.early_data != DFL_EARLY_DATA) { - mbedtls_ssl_conf_early_data(&conf, opt.early_data); - } - if (opt.max_early_data_size != DFL_MAX_EARLY_DATA_SIZE) { - mbedtls_ssl_conf_max_early_data_size( - &conf, opt.max_early_data_size); - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - /* exercise setting DN hints for server certificate request - * (Intended for use where the client cert expected has been signed by - * a specific CA which is an intermediate in a CA chain, not the root) */ - if (opt.cert_req_dn_hint == 2 && key_cert_init2) { - mbedtls_ssl_conf_dn_hints(&conf, &srvcert2); - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) { - mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min, opt.hs_to_max); - } - - if (opt.dgram_packing != DFL_DGRAM_PACKING) { - mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret); - goto exit; - } -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) { - if (opt.cid_enabled == 1 && - opt.cid_enabled_renego == 1 && - cid_len != cid_renego_len) { - mbedtls_printf("CID length must not change during renegotiation\n"); - goto usage; - } - - if (opt.cid_enabled == 1) { - ret = mbedtls_ssl_conf_cid(&conf, cid_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } else { - ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", - (unsigned int) -ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - const mbedtls_ssl_srtp_profile forced_profile[] = - { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; - if (opt.use_srtp == 1) { - if (opt.force_srtp_profile != 0) { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile); - } else { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles); - } - - if (ret != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", - ret); - goto exit; - } - - mbedtls_ssl_conf_srtp_mki_value_supported(&conf, - opt.support_mki ? - MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED : - MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED); - - } else if (opt.force_srtp_profile != 0) { - mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n"); - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if (opt.extended_ms != DFL_EXTENDED_MS) { - mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms); - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (opt.etm != DFL_ETM) { - mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm); - } -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret); - goto exit; - } - } -#endif - - if (opt.reproducible) { -#if defined(MBEDTLS_HAVE_TIME) -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: reproducible option used without constant time\n"); -#endif -#endif /* MBEDTLS_HAVE_TIME */ - } - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - -#if defined(MBEDTLS_SSL_CACHE_C) - if (opt.cache_max != -1) { - mbedtls_ssl_cache_set_max_entries(&cache, opt.cache_max); - } - -#if defined(MBEDTLS_HAVE_TIME) - if (opt.cache_timeout != -1) { - mbedtls_ssl_cache_set_timeout(&cache, opt.cache_timeout); - } -#endif - - mbedtls_ssl_conf_session_cache(&conf, &cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); -#endif - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - if (opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED) { -#if defined(MBEDTLS_HAVE_TIME) - if (opt.dummy_ticket) { - mbedtls_ssl_conf_session_tickets_cb(&conf, - dummy_ticket_write, - dummy_ticket_parse, - NULL); - } else -#endif /* MBEDTLS_HAVE_TIME */ - { - if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx, - opt.ticket_alg, - opt.ticket_key_type, - opt.ticket_key_bits, - opt.ticket_timeout)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", - ret); - goto exit; - } - - mbedtls_ssl_conf_session_tickets_cb(&conf, - mbedtls_ssl_ticket_write, - mbedtls_ssl_ticket_parse, - &ticket_ctx); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_new_session_tickets(&conf, opt.tickets); -#endif - /* exercise manual ticket rotation (not required for typical use) - * (used for external synchronization of session ticket encryption keys) - */ - if (opt.ticket_rotate) { - unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES]; - unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; - if ((ret = rng_get(&rng, name, sizeof(name))) != 0 || - (ret = rng_get(&rng, kbuf, sizeof(kbuf))) != 0 || - (ret = mbedtls_ssl_ticket_rotate(&ticket_ctx, - name, sizeof(name), kbuf, sizeof(kbuf), - opt.ticket_timeout)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_ticket_rotate returned %d\n\n", ret); - goto exit; - } - } - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { -#if defined(MBEDTLS_SSL_COOKIE_C) - if (opt.cookies > 0) { - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); - goto exit; - } - - mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, - &cookie_ctx); - } else -#endif /* MBEDTLS_SSL_COOKIE_C */ -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (opt.cookies == 0) { - mbedtls_ssl_conf_dtls_cookies(&conf, NULL, NULL, NULL); - } else -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - { - ; /* Nothing to do */ - } - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if (opt.anti_replay != DFL_ANTI_REPLAY) { - mbedtls_ssl_conf_dtls_anti_replay(&conf, opt.anti_replay); - } -#endif - - if (opt.badmac_limit != DFL_BADMAC_LIMIT) { - mbedtls_ssl_conf_dtls_badmac_limit(&conf, opt.badmac_limit); - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - - if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { - mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); - } - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - if (opt.allow_legacy != DFL_ALLOW_LEGACY) { - mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy); - } -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation); - - if (opt.renego_delay != DFL_RENEGO_DELAY) { - mbedtls_ssl_conf_renegotiation_enforced(&conf, opt.renego_delay); - } - - if (opt.renego_period != DFL_RENEGO_PERIOD) { - PUT_UINT64_BE(renego_period, opt.renego_period, 0); - mbedtls_ssl_conf_renegotiation_period(&conf, renego_period); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (strcmp(opt.ca_path, "none") != 0 && - strcmp(opt.ca_file, "none") != 0) { -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if (opt.ca_callback != 0) { - mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert); - } else -#endif - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - } - if (key_cert_init) { - mbedtls_pk_context *pk = &pkey; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_delay1 >= 0) { - ret = ssl_async_set_key(&ssl_async_keys, &srvcert, pk, 0, - opt.async_private_delay1); - if (ret < 0) { - mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n", - ret); - goto exit; - } - pk = NULL; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, pk)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - } - if (key_cert_init2) { - mbedtls_pk_context *pk = &pkey2; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_delay2 >= 0) { - ret = ssl_async_set_key(&ssl_async_keys, &srvcert2, pk, 0, - opt.async_private_delay2); - if (ret < 0) { - mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n", - ret); - goto exit; - } - pk = NULL; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert2, pk)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); - goto exit; - } - } - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_operations[0] != '-') { - mbedtls_ssl_async_sign_t *sign = NULL; - const char *r; - for (r = opt.async_operations; *r; r++) { - switch (*r) { - case 's': - sign = ssl_async_sign; - break; - } - } - ssl_async_keys.inject_error = (opt.async_private_error < 0 ? - -opt.async_private_error : - opt.async_private_error); - ssl_async_keys.f_rng = rng_get; - ssl_async_keys.p_rng = &rng; - mbedtls_ssl_conf_async_private_cb(&conf, - sign, - ssl_async_resume, - ssl_async_cancel, - &ssl_async_keys); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(SNI_OPTION) - if (opt.sni != NULL) { - mbedtls_ssl_conf_sni(&conf, sni_callback, sni_info); - mbedtls_ssl_conf_cert_cb(&conf, cert_callback); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_delay2 >= 0) { - sni_entry *cur; - for (cur = sni_info; cur != NULL; cur = cur->next) { - ret = ssl_async_set_key(&ssl_async_keys, - cur->cert, cur->key, 1, - opt.async_private_delay2); - if (ret < 0) { - mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n", - ret); - goto exit; - } - cur->key = NULL; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - } -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ - (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH)) - if (opt.groups != NULL && - strcmp(opt.groups, "default") != 0) { - mbedtls_ssl_conf_groups(&conf, group_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (opt.sig_algs != NULL) { - mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - - if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { - if (opt.psk_opaque != 0) { - /* The algorithm has already been determined earlier. */ - status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); - if (status != PSA_SUCCESS) { - fprintf(stderr, "SETUP FAIL\n"); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, psk_slot, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n", - ret); - goto exit; - } - } else - if (psk_len > 0) { - ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, - (const unsigned char *) opt.psk_identity, - strlen(opt.psk_identity)); - if (ret != 0) { - mbedtls_printf(" failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } - } - } - - if (opt.psk_list != NULL) { - if (opt.psk_list_opaque != 0) { - psk_entry *cur_psk; - for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { - - status = psa_setup_psk_key_slot(&cur_psk->slot, alg, - cur_psk->key, - cur_psk->key_len); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } - } - } - - mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); - } -#endif - - if (opt.min_version != DFL_MIN_VERSION) { - mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version); - } - - if (opt.max_version != DFL_MIN_VERSION) { - mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version); - } - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - if (opt.eap_tls != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation, - &eap_tls_keying); - } else if (opt.nss_keylog != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, - nss_keylog_export, - NULL); - } -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation, - &dtls_srtp_keying); - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - - io_ctx.ssl = &ssl; - io_ctx.net = &client_fd; - mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb, - opt.nbio == 0 ? recv_timeout_cb : NULL); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled, - cid, cid_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (opt.dtls_mtu != DFL_DTLS_MTU) { - mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu); - } -#endif - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - - mbedtls_printf(" ok\n"); - - /* - * 3. Setup the listening TCP socket - */ - mbedtls_printf(" . Bind on %s://%s:%s/ ...", - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp", - opt.server_addr ? opt.server_addr : "*", - opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, opt.server_addr, opt.server_port, - opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? - MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - mbedtls_printf(" ok\n"); - -reset: -#if !defined(_WIN32) - if (received_sigterm) { - mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n"); - if (ret == MBEDTLS_ERR_NET_INVALID_CONTEXT) { - ret = 0; - } - - goto exit; - } -#endif - - if (ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT) { - mbedtls_printf(" ! Client initiated reconnection from same port\n"); - goto handshake; - } - -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf); - } -#endif - - mbedtls_net_free(&client_fd); - - mbedtls_ssl_session_reset(&ssl); - - /* - * 3. Wait until a client connects - */ - mbedtls_printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - client_ip, sizeof(client_ip), &cliip_len)) != 0) { -#if !defined(_WIN32) - if (received_sigterm) { - mbedtls_printf(" interrupted by SIGTERM (in net_accept())\n"); - if (ret == MBEDTLS_ERR_NET_ACCEPT_FAILED) { - ret = 0; - } - - goto exit; - } -#endif - - mbedtls_printf(" failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - if (opt.nbio > 0) { - ret = mbedtls_net_set_nonblock(&client_fd); - } else { - ret = mbedtls_net_set_block(&client_fd); - } - if (ret != 0) { - mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_client_transport_id(&ssl, - client_ip, cliip_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { - if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - status = psa_import_key(&attributes, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw), - &ecjpake_pw_slot); - if (status != PSA_SUCCESS) { - mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n", - status); - goto exit; - } - if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, - ecjpake_pw_slot)) != 0) { - mbedtls_printf( - " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n", - ret); - goto exit; - } - mbedtls_printf("using opaque password\n"); - } else { - if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, - (const unsigned char *) opt.ecjpake_pw, - strlen(opt.ecjpake_pw))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", - ret); - goto exit; - } - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) - /* exercise setting DN hints for server certificate request - * (Intended for use where the client cert expected has been signed by - * a specific CA which is an intermediate in a CA chain, not the root) - * (Additionally, the CA choice would typically be influenced by SNI - * if being set per-handshake using mbedtls_ssl_set_hs_dn_hints()) */ - if (opt.cert_req_dn_hint == 3 && key_cert_init2) { - mbedtls_ssl_set_hs_dn_hints(&ssl, &srvcert2); - } -#endif -#endif - - mbedtls_printf(" ok\n"); - - /* - * 4. Handshake - */ -handshake: - mbedtls_printf(" . Performing the SSL/TLS handshake..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { - memset(buf, 0, opt.buffer_size); - ret = mbedtls_ssl_read_early_data(&ssl, buf, opt.buffer_size); - if (ret > 0) { - buf[ret] = '\0'; - mbedtls_printf(" %d early data bytes read\n\n%s\n", - ret, (char *) buf); - } - continue; - } -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS && - ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL) { - mbedtls_printf(" cancelling on injected error\n"); - break; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (!mbedtls_status_is_ssl_in_progress(ret)) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - ret = idle(&client_fd, &timer, ret); -#else - ret = idle(&client_fd, ret); -#endif - if (ret != 0) { - goto reset; - } - } - } - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - mbedtls_printf(" hello verification requested\n"); - ret = 0; - goto reset; - } else if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", - (unsigned int) -ret); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) { - char vrfy_buf[512]; - flags = mbedtls_ssl_get_verify_result(&ssl); - - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); - } -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (opt.async_private_error < 0) { - /* Injected error only the first time round, to test reset */ - ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE; - } -#endif - goto reset; - } else { /* ret == 0 */ - int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl); - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); - - mbedtls_printf(" ok\n [ Protocol is %s ]\n" - " [ Ciphersuite is %s ]\n" - " [ Key size is %u ]\n", - mbedtls_ssl_get_version(&ssl), - mbedtls_ssl_ciphersuite_get_name(ciphersuite_info), - (unsigned int) - mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info)); - } - - if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) { - mbedtls_printf(" [ Record expansion is %d ]\n", ret); - } else { - mbedtls_printf(" [ Record expansion is unknown ]\n"); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl)); - mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n", - (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl)); -#endif - -#if defined(MBEDTLS_SSL_ALPN) - if (opt.alpn_string != NULL) { - const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl); - mbedtls_printf(" [ Application Layer Protocol is %s ]\n", - alp ? alp : "(none)"); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - /* - * 5. Verify the client certificate - */ - mbedtls_printf(" . Verifying peer X.509 certificate..."); - - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { - char vrfy_buf[512]; - - mbedtls_printf(" failed\n"); - - x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - mbedtls_printf("%s\n", vrfy_buf); - } else { - mbedtls_printf(" ok\n"); - } - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if (mbedtls_ssl_get_peer_cert(&ssl) != NULL) { - char crt_buf[512]; - - mbedtls_printf(" . Peer certificate information ...\n"); - mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ", - mbedtls_ssl_get_peer_cert(&ssl)); - mbedtls_printf("%s\n", crt_buf); - } -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - - if (opt.eap_tls != 0) { - size_t j = 0; - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, - eap_tls_keying.master_secret, - sizeof(eap_tls_keying.master_secret), - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_keymaterial, - sizeof(eap_tls_keymaterial))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto reset; - } - - mbedtls_printf(" EAP-TLS key material is:"); - for (j = 0; j < sizeof(eap_tls_keymaterial); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_keymaterial[j]); - } - mbedtls_printf("\n"); - - if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0, - eap_tls_label, - eap_tls_keying.randbytes, - sizeof(eap_tls_keying.randbytes), - eap_tls_iv, - sizeof(eap_tls_iv))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto reset; - } - - mbedtls_printf(" EAP-TLS IV is:"); - for (j = 0; j < sizeof(eap_tls_iv); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", eap_tls_iv[j]); - } - mbedtls_printf("\n"); - } - -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) - if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = mbedtls_calloc((size_t) opt.exp_len, sizeof(unsigned char)); - if (exported_key == NULL) { - mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); - ret = 3; - goto exit; - } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, - opt.exp_label, strlen(opt.exp_label), - NULL, 0, 0); - if (ret != 0) { - mbedtls_free(exported_key); - goto exit; - } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", - opt.exp_len, - opt.exp_label); - for (i = 0; i < opt.exp_len; i++) { - mbedtls_printf("%02X", exported_key[i]); - } - mbedtls_printf("\n\n"); - fflush(stdout); - mbedtls_free(exported_key); - } -#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - else if (opt.use_srtp != 0) { - size_t j = 0; - mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; - mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result); - - if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile - == MBEDTLS_TLS_SRTP_UNSET) { - mbedtls_printf(" Unable to negotiate " - "the use of DTLS-SRTP\n"); - } else { - if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof(dtls_srtp_keying.master_secret), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof(dtls_srtp_keying.randbytes), - dtls_srtp_key_material, - sizeof(dtls_srtp_key_material))) - != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" DTLS-SRTP key material is:"); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - /* produce a less readable output used to perform automatic checks - * - compare client and server output - * - interop test with openssl which client produces this kind of output - */ - mbedtls_printf(" Keying material: "); - for (j = 0; j < sizeof(dtls_srtp_key_material); j++) { - mbedtls_printf("%02X", dtls_srtp_key_material[j]); - } - mbedtls_printf("\n"); - - if (dtls_srtp_negotiation_result.mki_len > 0) { - mbedtls_printf(" DTLS-SRTP mki value: "); - for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) { - mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]); - } - } else { - mbedtls_printf(" DTLS-SRTP no mki value negotiated"); - } - mbedtls_printf("\n"); - - } - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "initial handshake"); - if (ret != 0) { - goto exit; - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego, - cid_renego, cid_renego_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n", - ret); - goto exit; - } - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_cur_get(¤t_heap_memory, &heap_blocks); - mbedtls_memory_buffer_alloc_max_get(&peak_heap_memory, &heap_blocks); - mbedtls_printf("Heap memory usage after handshake: %lu bytes. Peak memory usage was %lu\n", - (unsigned long) current_heap_memory, (unsigned long) peak_heap_memory); -#endif /* MBEDTLS_MEMORY_DEBUG */ - - if (opt.exchanges == 0) { - goto close_notify; - } - - exchanges_left = opt.exchanges; -data_exchange: - /* - * 6. Read the HTTP Request - */ - mbedtls_printf(" < Read from client:"); - fflush(stdout); - - /* - * TLS and DTLS need different reading styles (stream vs datagram) - */ - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - do { - int terminated = 0; - len = opt.buffer_size; - memset(buf, 0, opt.buffer_size); - ret = mbedtls_ssl_read(&ssl, buf, len); - - if (mbedtls_status_is_ssl_in_progress(ret)) { - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - - continue; - } - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - goto close_notify; - - case 0: - case MBEDTLS_ERR_NET_CONN_RESET: - mbedtls_printf(" connection was reset by peer\n"); - ret = MBEDTLS_ERR_NET_CONN_RESET; - goto reset; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - goto reset; - } - } - - if (mbedtls_ssl_get_bytes_avail(&ssl) == 0) { - len = ret; - buf[len] = '\0'; - mbedtls_printf(" %d bytes read\n\n%s\n", len, (char *) buf); - - /* End of message should be detected according to the syntax of the - * application protocol (eg HTTP), just use a dummy test here. */ - if (buf[len - 1] == '\n') { - terminated = 1; - } - } else { - int extra_len, ori_len; - unsigned char *larger_buf; - - ori_len = ret; - extra_len = (int) mbedtls_ssl_get_bytes_avail(&ssl); - - larger_buf = mbedtls_calloc(1, ori_len + extra_len + 1); - if (larger_buf == NULL) { - mbedtls_printf(" ! memory allocation failed\n"); - ret = 1; - goto reset; - } - - memset(larger_buf, 0, ori_len + extra_len); - memcpy(larger_buf, buf, ori_len); - - /* This read should never fail and get the whole cached data */ - ret = mbedtls_ssl_read(&ssl, larger_buf + ori_len, extra_len); - if (ret != extra_len || - mbedtls_ssl_get_bytes_avail(&ssl) != 0) { - mbedtls_printf(" ! mbedtls_ssl_read failed on cached data\n"); - ret = 1; - goto reset; - } - - larger_buf[ori_len + extra_len] = '\0'; - mbedtls_printf(" %d bytes read (%d + %d)\n\n%s\n", - ori_len + extra_len, ori_len, extra_len, - (char *) larger_buf); - - /* End of message should be detected according to the syntax of the - * application protocol (eg HTTP), just use a dummy test here. */ - if (larger_buf[ori_len + extra_len - 1] == '\n') { - terminated = 1; - } - - mbedtls_free(larger_buf); - } - - if (terminated) { - ret = 0; - break; - } - } while (1); - } else { /* Not stream, so datagram */ - len = opt.buffer_size; - memset(buf, 0, opt.buffer_size); - - do { - /* Without the call to `mbedtls_ssl_check_pending`, it might - * happen that the client sends application data in the same - * datagram as the Finished message concluding the handshake. - * In this case, the application data would be ready to be - * processed while the underlying transport wouldn't signal - * any further incoming data. - * - * See the test 'Event-driven I/O: session-id resume, UDP packing' - * in tests/ssl-opt.sh. - */ - - /* For event-driven IO, wait for socket to become available */ - if (mbedtls_ssl_check_pending(&ssl) == 0 && - opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ); -#else - idle(&client_fd, MBEDTLS_ERR_SSL_WANT_READ); -#endif - } - - ret = mbedtls_ssl_read(&ssl, buf, len); - - /* Note that even if `mbedtls_ssl_check_pending` returns true, - * it can happen that the subsequent call to `mbedtls_ssl_read` - * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages - * might be discarded (e.g. because they are retransmissions). */ - } while (mbedtls_status_is_ssl_in_progress(ret)); - - if (ret <= 0) { - switch (ret) { - case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: - mbedtls_printf(" connection was closed gracefully\n"); - goto close_notify; - - default: - mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret); - goto reset; - } - } - - len = ret; - buf[len] = '\0'; - mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf); - ret = 0; - } - - /* - * 7a. Request renegotiation while client is waiting for input from us. - * (only on the first exchange, to be able to test retransmission) - */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (opt.renegotiate && exchanges_left == opt.exchanges) { - mbedtls_printf(" . Requestion renegotiation..."); - fflush(stdout); - - while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) { - if (!mbedtls_status_is_ssl_in_progress(ret)) { - mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret); - goto reset; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - } - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ret = report_cid_usage(&ssl, "after renegotiation"); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* - * 7. Write the 200 Response - */ - mbedtls_printf(" > Write to client:"); - fflush(stdout); - - /* If the format of the response changes, make sure there is enough - * room in buf (buf_content_size calculation above). */ - len = sprintf((char *) buf, HTTP_RESPONSE, - mbedtls_ssl_get_ciphersuite(&ssl)); - - /* Add padding to the response to reach opt.response_size in length */ - if (opt.response_size != DFL_RESPONSE_SIZE && - len < opt.response_size) { - memset(buf + len, 'B', opt.response_size - len); - len += opt.response_size - len; - } - - /* Truncate if response size is smaller than the "natural" size */ - if (opt.response_size != DFL_RESPONSE_SIZE && - len > opt.response_size) { - len = opt.response_size; - - /* Still end with \r\n unless that's really not possible */ - if (len >= 2) { - buf[len - 2] = '\r'; - } - if (len >= 1) { - buf[len - 1] = '\n'; - } - } - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { - for (written = 0, frags = 0; written < len; written += ret, frags++) { - while ((ret = mbedtls_ssl_write(&ssl, buf + written, len - written)) - <= 0) { - if (ret == MBEDTLS_ERR_NET_CONN_RESET) { - mbedtls_printf(" failed\n ! peer closed the connection\n\n"); - goto reset; - } - - if (!mbedtls_status_is_ssl_in_progress(ret)) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto reset; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - } - } - } else { /* Not stream, so datagram */ - while (1) { - ret = mbedtls_ssl_write(&ssl, buf, len); - - if (!mbedtls_status_is_ssl_in_progress(ret)) { - break; - } - - /* For event-driven IO, wait for socket to become available */ - if (opt.event == 1 /* level triggered IO */) { -#if defined(MBEDTLS_TIMING_C) - idle(&client_fd, &timer, ret); -#else - idle(&client_fd, ret); -#endif - } - } - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); - goto reset; - } - - frags = 1; - written = ret; - } - - buf[written] = '\0'; - mbedtls_printf(" %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf); - ret = 0; - - /* - * 7b. Simulate serialize/deserialize and go back to data exchange - */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (opt.serialize != 0) { - size_t buf_len; - - mbedtls_printf(" . Serializing live connection..."); - - ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len); - if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) { - mbedtls_printf(" failed\n ! Couldn't allocate buffer for " - "serialized context"); - - goto exit; - } - context_buf_len = buf_len; - - if ((ret = mbedtls_ssl_context_save(&ssl, context_buf, - buf_len, &buf_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* Save serialized context to the 'opt.context_file' as a base64 code */ - if (0 < strlen(opt.context_file)) { - FILE *b64_file; - uint8_t *b64_buf; - size_t b64_len; - - mbedtls_printf(" . Save serialized context to a file... "); - - mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len); - - if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) { - mbedtls_printf("failed\n ! Couldn't allocate buffer for " - "the base64 code\n"); - goto exit; - } - - if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len, - context_buf, buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_base64_encode returned " - "-0x%x\n", (unsigned int) -ret); - mbedtls_free(b64_buf); - goto exit; - } - - if ((b64_file = fopen(opt.context_file, "w")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n", - opt.context_file); - mbedtls_free(b64_buf); - goto exit; - } - - if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) { - mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n", - (long) b64_len); - mbedtls_free(b64_buf); - fclose(b64_file); - goto exit; - } - - mbedtls_free(b64_buf); - fclose(b64_file); - - mbedtls_printf("ok\n"); - } - - /* - * This simulates a workflow where you have a long-lived server - * instance, potentially with a pool of ssl_context objects, and you - * just want to re-use one while the connection is inactive: in that - * case you can just reset() it, and then it's ready to receive - * serialized data from another connection (or the same here). - */ - if (opt.serialize == 1) { - /* nothing to do here, done by context_save() already */ - mbedtls_printf(" . Context has been reset... ok\n"); - } - - /* - * This simulates a workflow where you have one server instance per - * connection, and want to release it entire when the connection is - * inactive, and spawn it again when needed again - this would happen - * between ssl_free() and ssl_init() below, together with any other - * teardown/startup code needed - for example, preparing the - * ssl_config again (see section 3 "setup stuff" in this file). - */ - if (opt.serialize == 2) { - mbedtls_printf(" . Freeing and reinitializing context..."); - - mbedtls_ssl_free(&ssl); - - mbedtls_ssl_init(&ssl); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned " - "-0x%x\n\n", (unsigned int) -ret); - goto exit; - } - - /* - * This illustrates the minimum amount of things you need to set - * up, however you could set up much more if desired, for example - * if you want to share your set up code between the case of - * establishing a new connection and this case. - */ - if (opt.nbio == 2) { - mbedtls_ssl_set_bio(&ssl, &client_fd, delayed_send, - delayed_recv, NULL); - } else { - mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, - mbedtls_net_recv, - opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL); - } - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ssl, &timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif /* MBEDTLS_TIMING_C */ - - mbedtls_printf(" ok\n"); - } - - mbedtls_printf(" . Deserializing connection..."); - - if ((ret = mbedtls_ssl_context_load(&ssl, context_buf, - buf_len)) != 0) { - mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned " - "-0x%x\n\n", (unsigned int) -ret); - - goto exit; - } - - mbedtls_free(context_buf); - context_buf = NULL; - context_buf_len = 0; - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - - /* - * 7c. Continue doing data exchanges? - */ - if (--exchanges_left > 0) { - goto data_exchange; - } - - /* - * 8. Done, cleanly close the connection - */ -close_notify: - mbedtls_printf(" . Closing the connection..."); - - /* No error checking, the connection might be closed already */ - do { - ret = mbedtls_ssl_close_notify(&ssl); - } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); - ret = 0; - - mbedtls_printf(" done\n"); - -#if defined(MBEDTLS_SSL_CACHE_C) - if (opt.cache_remove > 0) { - mbedtls_ssl_cache_remove(&cache, ssl.session->id, ssl.session->id_len); - } -#endif - - goto reset; - - /* - * Cleanup and exit - */ -exit: -#ifdef MBEDTLS_ERROR_C - if (ret != 0) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf); - } -#endif - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_printf(" . Cleaning up..."); - fflush(stdout); - } - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(&cache); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_free(&ticket_ctx); -#endif -#if defined(MBEDTLS_SSL_COOKIE_C) - mbedtls_ssl_cookie_free(&cookie_ctx); -#endif - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_platform_zeroize(context_buf, context_buf_len); - } - mbedtls_free(context_buf); -#endif - -#if defined(SNI_OPTION) - sni_free(sni_info); -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - ret = psk_free(psk_info); - if ((ret != 0) && (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) { - mbedtls_printf("Failed to list of opaque PSKs - error was %d\n", ret); - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - mbedtls_x509_crt_free(&cacert); - mbedtls_x509_crt_free(&srvcert); - mbedtls_pk_free(&pkey); - mbedtls_x509_crt_free(&srvcert2); - mbedtls_pk_free(&pkey2); - psa_destroy_key(key_slot); - psa_destroy_key(key_slot2); -#endif - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { - if (ssl_async_keys.slots[i].pk_owned) { - mbedtls_pk_free(ssl_async_keys.slots[i].pk); - mbedtls_free(ssl_async_keys.slots[i].pk); - ssl_async_keys.slots[i].pk = NULL; - } - } -#endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (opt.psk_opaque != 0) { - /* This is ok even if the slot hasn't been - * initialized (we might have jumed here - * immediately because of bad cmd line params, - * for example). */ - status = psa_destroy_key(psk_slot); - if ((status != PSA_SUCCESS) && - (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) { - mbedtls_printf("Failed to destroy key slot %u - error was %d", - (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psk_slot), - (int) status); - } - } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - /* - * In case opaque keys it's the user responsibility to keep the key valid - * for the duration of the handshake and destroy it at the end - */ - if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) { - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - - /* Verify that the key is still valid before destroying it */ - if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) != - PSA_SUCCESS) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n"); - } else { - psa_destroy_key(ecjpake_pw_slot); - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - - const char *message = mbedtls_test_helper_is_psa_leaking(); - if (message) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("PSA memory leak detected: %s\n", message); - } - - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); - - mbedtls_free(buf); - -#if defined(MBEDTLS_TEST_HOOKS) - /* Let test hooks detect errors such as resource leaks. - * Don't do it in query_config mode, because some test code prints - * information to stdout and this gets mixed with the regular output. */ - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - if (test_hooks_failure_detected()) { - if (ret == 0) { - ret = 1; - } - mbedtls_printf("Test hooks detected errors.\n"); - } - } - test_hooks_free(); -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - mbedtls_memory_buffer_alloc_free(); -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_printf(" done.\n"); - } - - // Shell can not handle large exit numbers -> 1 for errors - if (ret < 0) { - ret = 1; - } - - if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) { - mbedtls_exit(ret); - } else { - mbedtls_exit(query_config_ret); - } -} -#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c deleted file mode 100644 index e194b58dff..0000000000 --- a/programs/ssl/ssl_test_common_source.c +++ /dev/null @@ -1,375 +0,0 @@ -/* - * Common source code for SSL test programs. This file is included by - * both ssl_client2.c and ssl_server2.c and is intended for source - * code that is textually identical in both programs, but that cannot be - * compiled separately because it refers to types or macros that are - * different in the two programs, or because it would have an incomplete - * type. - * - * This file is meant to be #include'd and cannot be compiled separately. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -static void eap_tls_key_derivation(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) -{ - eap_tls_keys *keys = (eap_tls_keys *) p_expkey; - - /* We're only interested in the TLS 1.2 master secret */ - if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { - return; - } - if (secret_len != sizeof(keys->master_secret)) { - return; - } - - memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); - memcpy(keys->randbytes, client_random, 32); - memcpy(keys->randbytes + 32, server_random, 32); - keys->tls_prf_type = tls_prf_type; -} - -static void nss_keylog_export(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) -{ - char nss_keylog_line[200]; - size_t const client_random_len = 32; - size_t len = 0; - size_t j; - - /* We're only interested in the TLS 1.2 master secret */ - if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { - return; - } - - ((void) p_expkey); - ((void) server_random); - ((void) tls_prf_type); - - len += sprintf(nss_keylog_line + len, - "%s", "CLIENT_RANDOM "); - - for (j = 0; j < client_random_len; j++) { - len += sprintf(nss_keylog_line + len, - "%02x", client_random[j]); - } - - len += sprintf(nss_keylog_line + len, " "); - - for (j = 0; j < secret_len; j++) { - len += sprintf(nss_keylog_line + len, - "%02x", secret[j]); - } - - len += sprintf(nss_keylog_line + len, "\n"); - nss_keylog_line[len] = '\0'; - - mbedtls_printf("\n"); - mbedtls_printf("---------------- NSS KEYLOG -----------------\n"); - mbedtls_printf("%s", nss_keylog_line); - mbedtls_printf("---------------------------------------------\n"); - - if (opt.nss_keylog_file != NULL) { - FILE *f; - - if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) { - goto exit; - } - - /* Ensure no stdio buffering of secrets, as such buffers cannot be - * wiped. */ - mbedtls_setbuf(f, NULL); - - if (fwrite(nss_keylog_line, 1, len, f) != len) { - fclose(f); - goto exit; - } - - fclose(f); - } - -exit: - mbedtls_platform_zeroize(nss_keylog_line, - sizeof(nss_keylog_line)); -} - -#if defined(MBEDTLS_SSL_DTLS_SRTP) -static void dtls_srtp_key_derivation(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) -{ - dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; - - /* We're only interested in the TLS 1.2 master secret */ - if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { - return; - } - if (secret_len != sizeof(keys->master_secret)) { - return; - } - - memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); - memcpy(keys->randbytes, client_random, 32); - memcpy(keys->randbytes + 32, server_random, 32); - keys->tls_prf_type = tls_prf_type; -} -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -static int ssl_check_record(mbedtls_ssl_context const *ssl, - unsigned char const *buf, size_t len) -{ - int my_ret = 0, ret_cr1, ret_cr2; - unsigned char *tmp_buf; - - /* Record checking may modify the input buffer, - * so make a copy. */ - tmp_buf = mbedtls_calloc(1, len); - if (tmp_buf == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(tmp_buf, buf, len); - - ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len); - if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) { - /* Test-only: Make sure that mbedtls_ssl_check_record() - * doesn't alter state. */ - memcpy(tmp_buf, buf, len); /* Restore buffer */ - ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len); - if (ret_cr2 != ret_cr1) { - mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n"); - my_ret = -1; - goto cleanup; - } - - switch (ret_cr1) { - case 0: - break; - - case MBEDTLS_ERR_SSL_INVALID_RECORD: - if (opt.debug_level > 1) { - mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n"); - } - break; - - case MBEDTLS_ERR_SSL_INVALID_MAC: - if (opt.debug_level > 1) { - mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n"); - } - break; - - case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: - if (opt.debug_level > 1) { - mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n"); - } - break; - - default: - mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n", - (unsigned int) -ret_cr1); - my_ret = -1; - goto cleanup; - } - - /* Regardless of the outcome, forward the record to the stack. */ - } - -cleanup: - mbedtls_free(tmp_buf); - - return my_ret; -} - -static int recv_cb(void *ctx, unsigned char *buf, size_t len) -{ - io_ctx_t *io_ctx = (io_ctx_t *) ctx; - size_t recv_len; - int ret; - - if (opt.nbio == 2) { - ret = delayed_recv(io_ctx->net, buf, len); - } else { - ret = mbedtls_net_recv(io_ctx->net, buf, len); - } - if (ret < 0) { - return ret; - } - recv_len = (size_t) ret; - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Here's the place to do any datagram/record checking - * in between receiving the packet from the underlying - * transport and passing it on to the TLS stack. */ - if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { - return -1; - } - } - - return (int) recv_len; -} - -static int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - io_ctx_t *io_ctx = (io_ctx_t *) ctx; - int ret; - size_t recv_len; - - ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout); - if (ret < 0) { - return ret; - } - recv_len = (size_t) ret; - - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* Here's the place to do any datagram/record checking - * in between receiving the packet from the underlying - * transport and passing it on to the TLS stack. */ - if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { - return -1; - } - } - - return (int) recv_len; -} - -static int send_cb(void *ctx, unsigned char const *buf, size_t len) -{ - io_ctx_t *io_ctx = (io_ctx_t *) ctx; - - if (opt.nbio == 2) { - return delayed_send(io_ctx->net, buf, len); - } - - return mbedtls_net_send(io_ctx->net, buf, len); -} - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(PSA_HAVE_ALG_SOME_ECDSA) && defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* - * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate - * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if - * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - * for its signature in the key exchange message. As Mbed TLS 1.2 does not - * support them, the handshake fails. - */ -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ - ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ - (0x800 | hash), -#else -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ - ((hash << 8) | MBEDTLS_SSL_SIG_RSA), -#endif -#elif defined(PSA_HAVE_ALG_SOME_ECDSA) -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), -#elif defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* See above */ -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ - (0x800 | hash), -#else -#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), -#endif -#else -#define MBEDTLS_SSL_SIG_ALG(hash) -#endif - -uint16_t ssl_sig_algs_for_test[] = { -#if defined(PSA_WANT_ALG_SHA_512) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512) -#endif -#if defined(PSA_WANT_ALG_SHA_384) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384) -#endif -#if defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256) -#endif -#if defined(PSA_WANT_ALG_SHA_224) - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224) -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - /* Allow SHA-1 as we use it extensively in tests. */ - MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) -#endif - MBEDTLS_TLS1_3_SIG_NONE -}; -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function - * for more info. - */ -static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, - uint32_t flags) -{ -#if !defined(MBEDTLS_X509_REMOVE_INFO) - return mbedtls_x509_crt_verify_info(buf, size, prefix, flags); - -#else /* !MBEDTLS_X509_REMOVE_INFO */ - int ret; - char *p = buf; - size_t n = size; - -#define X509_CRT_ERROR_INFO(err, err_str, info) \ - if ((flags & err) != 0) \ - { \ - ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, info); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - flags ^= err; \ - } - - MBEDTLS_X509_CRT_ERROR_INFO_LIST -#undef X509_CRT_ERROR_INFO - - if (flags != 0) { - ret = mbedtls_snprintf(p, n, "%sUnknown reason " - "(this should not happen)\n", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return (int) (size - n); -#endif /* MBEDTLS_X509_REMOVE_INFO */ -} - -static void mbedtls_print_supported_sig_algs(void) -{ - mbedtls_printf("supported signature algorithms:\n"); - mbedtls_printf("\trsa_pkcs1_sha256 "); - mbedtls_printf("rsa_pkcs1_sha384 "); - mbedtls_printf("rsa_pkcs1_sha512\n"); - mbedtls_printf("\tecdsa_secp256r1_sha256 "); - mbedtls_printf("ecdsa_secp384r1_sha384 "); - mbedtls_printf("ecdsa_secp521r1_sha512\n"); - mbedtls_printf("\trsa_pss_rsae_sha256 "); - mbedtls_printf("rsa_pss_rsae_sha384 "); - mbedtls_printf("rsa_pss_rsae_sha512\n"); - mbedtls_printf("\trsa_pss_pss_sha256 "); - mbedtls_printf("rsa_pss_pss_sha384 "); - mbedtls_printf("rsa_pss_pss_sha512\n"); - mbedtls_printf("\ted25519 "); - mbedtls_printf("ed448 "); - mbedtls_printf("rsa_pkcs1_sha1 "); - mbedtls_printf("ecdsa_sha1\n"); - mbedtls_printf("\n"); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c deleted file mode 100644 index 9d47e5249a..0000000000 --- a/programs/ssl/ssl_test_lib.c +++ /dev/null @@ -1,620 +0,0 @@ -/* - * Common code library for SSL test programs. - * - * In addition to the functions in this file, there is shared source code - * that cannot be compiled separately in "ssl_test_common_source.c". - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "ssl_test_lib.h" - -#if defined(MBEDTLS_TEST_HOOKS) -#include "test/threading_helpers.h" -#endif - -#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) - -#define ARRAY_LENGTH(x) (sizeof(x)/sizeof(x[0])) - -void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - const char *p, *basename; - - /* Extract basename from file */ - for (p = basename = file; *p != '\0'; p++) { - if (*p == '/' || *p == '\\') { - basename = p + 1; - } - } - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s", - basename, line, level, str); - fflush((FILE *) ctx); -} - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -static int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - int ret; - (void) data; - - ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} -#endif - -void rng_init(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - psa_crypto_init(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_init(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_init(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_init(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - -int rng_seed(rng_context_t *rng, int reproducible, const char *pers) -{ - if (reproducible) { - mbedtls_fprintf(stderr, - "reproducible mode is not supported.\n"); - return -1; - } -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - /* The PSA crypto RNG does its own seeding. */ - (void) rng; - (void) pers; - if (reproducible) { - mbedtls_fprintf(stderr, - "The PSA RNG does not support reproducible mode.\n"); - return -1; - } - return 0; -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - int (*f_entropy)(void *, unsigned char *, size_t) = - (reproducible ? dummy_entropy : mbedtls_entropy_func); - - if (reproducible) { - srand(1); - } - -#if defined(MBEDTLS_CTR_DRBG_C) - int ret = mbedtls_ctr_drbg_seed(&rng->drbg, - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#elif defined(MBEDTLS_HMAC_DRBG_C) -#if defined(PSA_WANT_ALG_SHA_256) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256; -#elif defined(PSA_WANT_ALG_SHA_512) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512; -#else -#error "No message digest available for HMAC_DRBG" -#endif - int ret = mbedtls_hmac_drbg_seed(&rng->drbg, - mbedtls_md_info_from_type(md_type), - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ -#error "No DRBG available" -#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret); - return ret; - } -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - - return 0; -} - -void rng_free(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs. - * This is ok because none of our applications try to do any crypto after - * deinitializing the RNG. */ - mbedtls_psa_crypto_free(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_free(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_free(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_free(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - -int rng_get(void *p_rng, unsigned char *output, size_t output_len) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) p_rng; - return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, - output, output_len); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - rng_context_t *rng = p_rng; - -#if defined(MBEDTLS_CTR_DRBG_C) - return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len); -#elif defined(MBEDTLS_HMAC_DRBG_C) - return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len); -#else -#error "No DRBG available" -#endif - -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - -int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) -{ - char *separator; - if ((separator = strchr(arg, ',')) == NULL) { - return 1; - } - *separator = '\0'; - - *alg1 = arg; - *alg2 = separator + 1; - - if (strcmp(*alg1, "rsa-sign-pkcs1") != 0 && - strcmp(*alg1, "rsa-sign-pss") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg1, "ecdsa-sign") != 0 && - strcmp(*alg1, "ecdh") != 0) { - return 1; - } - - if (strcmp(*alg2, "rsa-sign-pkcs1") != 0 && - strcmp(*alg2, "rsa-sign-pss") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && - strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg2, "ecdsa-sign") != 0 && - strcmp(*alg2, "ecdh") != 0 && - strcmp(*alg2, "none") != 0) { - return 1; - } - - return 0; -} - -int key_opaque_set_alg_usage(const char *alg1, const char *alg2, - psa_algorithm_t *psa_alg1, - psa_algorithm_t *psa_alg2, - psa_key_usage_t *usage, - mbedtls_pk_type_t key_type) -{ - if (strcmp(alg1, "none") != 0) { - const char *algs[] = { alg1, alg2 }; - psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 }; - - for (int i = 0; i < 2; i++) { - if (strcmp(algs[i], "rsa-sign-pkcs1") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss-sha256") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_256); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss-sha384") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_384); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "ecdsa-sign") == 0) { - *psa_algs[i] = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "ecdh") == 0) { - *psa_algs[i] = PSA_ALG_ECDH; - *usage |= PSA_KEY_USAGE_DERIVE; - } else if (strcmp(algs[i], "none") == 0) { - *psa_algs[i] = PSA_ALG_NONE; - } - } - } else { - if (key_type == MBEDTLS_PK_ECKEY) { - *psa_alg1 = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); - *psa_alg2 = PSA_ALG_ECDH; - *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; - } else if (key_type == MBEDTLS_PK_RSA) { - *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH); - *psa_alg2 = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH); - *usage = PSA_KEY_USAGE_SIGN_HASH; - } else { - return 1; - } - } - - return 0; -} - -#if defined(MBEDTLS_PK_C) -int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, - psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id) -{ - int ret; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - - ret = mbedtls_pk_get_psa_attributes(pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr); - if (ret != 0) { - return ret; - } - psa_set_key_usage_flags(&key_attr, psa_usage); - psa_set_key_algorithm(&key_attr, psa_alg); - if (psa_alg2 != PSA_ALG_NONE) { - psa_set_key_enrollment_algorithm(&key_attr, psa_alg2); - } - ret = mbedtls_pk_import_into_psa(pk, &key_attr, key_id); - if (ret != 0) { - return ret; - } - mbedtls_pk_free(pk); - mbedtls_pk_init(pk); - ret = mbedtls_pk_wrap_psa(pk, *key_id); - if (ret != 0) { - return ret; - } - - return 0; -} -#endif /* MBEDTLS_PK_C */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) -{ - int ret = 0; - mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; - mbedtls_x509_crt *first; - - /* This is a test-only implementation of the CA callback - * which always returns the entire list of trusted certificates. - * Production implementations managing a large number of CAs - * should use an efficient presentation and lookup for the - * set of trusted certificates (such as a hashtable) and only - * return those trusted certificates which satisfy basic - * parental checks, such as the matching of child `Issuer` - * and parent `Subject` field or matching key identifiers. */ - ((void) child); - - first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (first == NULL) { - ret = -1; - goto exit; - } - mbedtls_x509_crt_init(first); - - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - - while (ca->next != NULL) { - ca = ca->next; - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - } - -exit: - - if (ret != 0) { - mbedtls_x509_crt_free(first); - mbedtls_free(first); - first = NULL; - } - - *candidates = first; - return ret; -} -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -int delayed_recv(void *ctx, unsigned char *buf, size_t len) -{ - static int first_try = 1; - int ret; - - if (first_try) { - first_try = 0; - return MBEDTLS_ERR_SSL_WANT_READ; - } - - ret = mbedtls_net_recv(ctx, buf, len); - if (ret != MBEDTLS_ERR_SSL_WANT_READ) { - first_try = 1; /* Next call will be a new operation */ - } - return ret; -} - -int delayed_send(void *ctx, const unsigned char *buf, size_t len) -{ - static int first_try = 1; - int ret; - - if (first_try) { - first_try = 0; - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - ret = mbedtls_net_send(ctx, buf, len); - if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - first_try = 1; /* Next call will be a new operation */ - } - return ret; -} - -#if !defined(MBEDTLS_TIMING_C) -int idle(mbedtls_net_context *fd, - int idle_reason) -#else -int idle(mbedtls_net_context *fd, - mbedtls_timing_delay_context *timer, - int idle_reason) -#endif -{ - int ret; - int poll_type = 0; - - if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) { - poll_type = MBEDTLS_NET_POLL_WRITE; - } else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) { - poll_type = MBEDTLS_NET_POLL_READ; - } -#if !defined(MBEDTLS_TIMING_C) - else { - return 0; - } -#endif - - while (1) { - /* Check if timer has expired */ -#if defined(MBEDTLS_TIMING_C) - if (timer != NULL && - mbedtls_timing_get_delay(timer) == 2) { - break; - } -#endif /* MBEDTLS_TIMING_C */ - - /* Check if underlying transport became available */ - if (poll_type != 0) { - ret = mbedtls_net_poll(fd, poll_type, 0); - if (ret < 0) { - return ret; - } - if (ret == poll_type) { - break; - } - } - } - - return 0; -} - -#if defined(MBEDTLS_TEST_HOOKS) - -void test_hooks_init(void) -{ - mbedtls_test_info_reset(); - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_init(); -#endif -} - -int test_hooks_failure_detected(void) -{ -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - /* Errors are reported via mbedtls_test_info. */ - mbedtls_test_mutex_usage_check(); -#endif - - if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) { - return 1; - } - return 0; -} - -void test_hooks_free(void) -{ -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_end(); -#endif -} - -#endif /* MBEDTLS_TEST_HOOKS */ - -static const struct { - uint16_t tls_id; - const char *name; - uint8_t is_supported; -} tls_id_group_name_table[] = -{ -#if defined(PSA_WANT_ECC_SECP_R1_521) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 }, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 }, -#endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 }, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 }, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 }, -#endif -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_FFDH) -#if defined(PSA_WANT_DH_RFC7919_2048) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 }, -#else /* PSA_WANT_DH_RFC7919_2048 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 }, -#endif /* PSA_WANT_DH_RFC7919_2048 */ -#if defined(PSA_WANT_DH_RFC7919_3072) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 }, -#else /* PSA_WANT_DH_RFC7919_3072 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 }, -#endif /* PSA_WANT_DH_RFC7919_3072 */ -#if defined(PSA_WANT_DH_RFC7919_4096) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 }, -#else /* PSA_WANT_DH_RFC7919_4096 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 }, -#endif /* PSA_WANT_DH_RFC7919_4096 */ -#if defined(PSA_WANT_DH_RFC7919_6144) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 }, -#else /* PSA_WANT_DH_RFC7919_6144 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 }, -#endif /* PSA_WANT_DH_RFC7919_6144 */ -#if defined(PSA_WANT_DH_RFC7919_8192) - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 }, -#else /* PSA_WANT_DH_RFC7919_8192 */ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 }, -#endif /* PSA_WANT_DH_RFC7919_8192 */ -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ - { 0, NULL, 0 }, -}; - -static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name) -{ - if (name == NULL) { - return 0; - } - - for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) { - if (strcmp(tls_id_group_name_table[i].name, name) == 0) { - return tls_id_group_name_table[i].tls_id; - } - } - - return 0; -} - -static void mbedtls_ssl_print_supported_groups_list(void) -{ - for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) { - if (tls_id_group_name_table[i].is_supported == 1) { - mbedtls_printf("%s ", tls_id_group_name_table[i].name); - } - } -} - -int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len) -{ - char *p = (char *) groups; - char *q = NULL; - size_t i = 0; - - if (strcmp(p, "none") == 0) { - group_list[0] = 0; - } else if (strcmp(p, "default") != 0) { - /* Leave room for a final NULL in group list */ - while (i < group_list_len - 1 && *p != '\0') { - uint16_t curve_tls_id; - q = p; - - /* Terminate the current string */ - while (*p != ',' && *p != '\0') { - p++; - } - if (*p == ',') { - *p++ = '\0'; - } - - if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) { - group_list[i++] = curve_tls_id; - } else { - mbedtls_printf("unknown group %s\n", q); - mbedtls_printf("supported groups: "); - mbedtls_ssl_print_supported_groups_list(); - mbedtls_printf("\n"); - return -1; - } - } - - mbedtls_printf("Number of groups: %u\n", (unsigned int) i); - - if (i == group_list_len - 1 && *p != '\0') { - mbedtls_printf("groups list too long, maximum %u", - (unsigned int) (group_list_len - 1)); - return -1; - } - - group_list[i] = 0; - } - - return 0; -} - -#endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h deleted file mode 100644 index 6602b1ae21..0000000000 --- a/programs/ssl/ssl_test_lib.h +++ /dev/null @@ -1,303 +0,0 @@ -/* - * Common code for SSL test programs - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H -#define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H - -#include "mbedtls/private/pk_private.h" - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -#include "mbedtls/md.h" - -#undef HAVE_RNG -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#define HAVE_RNG -#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#define HAVE_RNG -#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \ - (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512)) -#define HAVE_RNG -#endif - -#if !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_SSL_TLS_C) -#define MBEDTLS_SSL_TEST_IMPOSSIBLE \ - "MBEDTLS_NET_C and/or " \ - "MBEDTLS_SSL_TLS_C not defined." -#elif !defined(HAVE_RNG) -#define MBEDTLS_SSL_TEST_IMPOSSIBLE \ - "No random generator is available.\n" -#else -#undef MBEDTLS_SSL_TEST_IMPOSSIBLE - -#undef HAVE_RNG - -#include -#include -#include - -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/private/hmac_drbg.h" -#include "mbedtls/x509.h" -#include "mbedtls/error.h" -#include "mbedtls/debug.h" -#include "mbedtls/timing.h" -#include "mbedtls/base64.h" -#include "test/certs.h" - -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#include - -#include "query_config.h" - -#define ALPN_LIST_SIZE 10 -#define GROUP_LIST_SIZE 25 -#define SIG_ALG_LIST_SIZE 5 - -typedef struct eap_tls_keys { - unsigned char master_secret[48]; - unsigned char randbytes[64]; - mbedtls_tls_prf_types tls_prf_type; -} eap_tls_keys; - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - -/* Supported SRTP mode needs a maximum of : - * - 16 bytes for key (AES-128) - * - 14 bytes SALT - * One for sender, one for receiver context - */ -#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 - -typedef struct dtls_srtp_keys { - unsigned char master_secret[48]; - unsigned char randbytes[64]; - mbedtls_tls_prf_types tls_prf_type; -} dtls_srtp_keys; - -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -typedef struct { - mbedtls_ssl_context *ssl; - mbedtls_net_context *net; -} io_ctx_t; - -void my_debug(void *ctx, int level, - const char *file, int line, - const char *str); - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif - -#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG - -/** A context for random number generation (RNG). - */ -typedef struct { -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - unsigned char dummy; -#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - mbedtls_entropy_context entropy; -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_context drbg; -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_context drbg; -#else -#error "No DRBG available" -#endif -#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} rng_context_t; - -/** Initialize the RNG. - * - * This function only initializes the memory used by the RNG context. - * Before using the RNG, it must be seeded with rng_seed(). - */ -void rng_init(rng_context_t *rng); - -/* Seed the random number generator. - * - * \param rng The RNG context to use. It must have been initialized - * with rng_init(). - * \param reproducible If zero, seed the RNG from entropy. - * If nonzero, use a fixed seed, so that the program - * will produce the same sequence of random numbers - * each time it is invoked. - * \param pers A null-terminated string. Different values for this - * string cause the RNG to emit different output for - * the same seed. - * - * return 0 on success, a negative value on error. - */ -int rng_seed(rng_context_t *rng, int reproducible, const char *pers); - -/** Deinitialize the RNG. Free any embedded resource. - * - * \param rng The RNG context to deinitialize. It must have been - * initialized with rng_init(). - */ -void rng_free(rng_context_t *rng); - -/** Generate random data. - * - * This function is suitable for use as the \c f_rng argument to Mbed TLS - * library functions. - * - * \param p_rng The random generator context. This must be a pointer to - * a #rng_context_t structure. - * \param output The buffer to fill. - * \param output_len The length of the buffer in bytes. - * - * \return \c 0 on success. - * \return An Mbed TLS error code on error. - */ -int rng_get(void *p_rng, unsigned char *output, size_t output_len); - -/** Parse command-line option: key_opaque_algs - * - * - * \param arg String value of key_opaque_algs - * Coma-separated pair of values among the following: - * - "rsa-sign-pkcs1" - * - "rsa-sign-pss" - * - "ecdsa-sign" - * - "ecdh" - * - "none" (only acceptable for the second value). - * \param alg1 Address of pointer to alg #1 - * \param alg2 Address of pointer to alg #2 - * - * \return \c 0 on success. - * \return \c 1 on parse failure. - */ -int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2); - -/** Parse given opaque key algorithms to obtain psa algs and usage - * that will be passed to mbedtls_pk_wrap_as_opaque(). - * - * - * \param alg1 input string opaque key algorithm #1 - * \param alg2 input string opaque key algorithm #2 - * \param psa_alg1 output PSA algorithm #1 - * \param psa_alg2 output PSA algorithm #2 - * \param usage output key usage - * \param key_type key type used to set default psa algorithm/usage - * when alg1 in "none" - * - * \return \c 0 on success. - * \return \c 1 on parse failure. - */ -int key_opaque_set_alg_usage(const char *alg1, const char *alg2, - psa_algorithm_t *psa_alg1, - psa_algorithm_t *psa_alg2, - psa_key_usage_t *usage, - mbedtls_pk_type_t key_type); - -#if defined(MBEDTLS_PK_C) -/** Turn a non-opaque PK context into an opaque one with folowing steps: - * - extract the key data and attributes from the PK context. - * - import the key material into PSA. - * - free the provided PK context and re-initilize it as an opaque PK context - * wrapping the PSA key imported in the above step. - * - * \param[in,out] pk On input, the non-opaque PK context which contains the - * key to be wrapped. On output, the re-initialized PK - * context which represents the opaque version of the one - * provided as input. - * \param[in] psa_alg The primary algorithm that will be associated to the - * PSA key. - * \param[in] psa_alg2 The enrollment algorithm that will be associated to the - * PSA key. - * \param[in] psa_usage The PSA key usage policy. - * \param[out] key_id The PSA key identifier of the imported key. - * - * \return \c 0 on sucess. - * \return \c -1 on failure. - */ -int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, - psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id); -#endif /* MBEDTLS_PK_C */ - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -/* The test implementation of the PSA external RNG is insecure. When - * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto - * function that makes use of an RNG, you must call - * mbedtls_test_enable_insecure_external_rng(). */ -#include -#endif - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates); -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -/* - * Test recv/send functions that make sure each try returns - * WANT_READ/WANT_WRITE at least once before succeeding - */ -int delayed_recv(void *ctx, unsigned char *buf, size_t len); -int delayed_send(void *ctx, const unsigned char *buf, size_t len); - -/* - * Wait for an event from the underlying transport or the timer - * (Used in event-driven IO mode). - */ -int idle(mbedtls_net_context *fd, -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context *timer, -#endif - int idle_reason); - -#if defined(MBEDTLS_TEST_HOOKS) -/** Initialize whatever test hooks are enabled by the compile-time - * configuration and make sense for the TLS test programs. */ -void test_hooks_init(void); - -/** Check if any test hooks detected a problem. - * - * If a problem was detected, it's ok for the calling program to keep going, - * but it should ultimately exit with an error status. - * - * \note When implementing a test hook that detects errors on its own - * (as opposed to e.g. leaving the error for a memory sanitizer to - * report), make sure to print a message to standard error either at - * the time the problem is detected or during the execution of this - * function. This function does not indicate what problem was detected, - * so printing a message is the only way to provide feedback in the - * logs of the calling program. - * - * \return Nonzero if a problem was detected. - * \c 0 if no problem was detected. - */ -int test_hooks_failure_detected(void); - -/** Free any resources allocated for the sake of test hooks. - * - * Call this at the end of the program so that resource leak analyzers - * don't complain. - */ -void test_hooks_free(void); - -#endif /* !MBEDTLS_TEST_HOOKS */ - -/* Helper functions for FFDH groups. */ -int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len); - -#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */ -#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */ diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt deleted file mode 100644 index 8a5d6ba822..0000000000 --- a/programs/test/CMakeLists.txt +++ /dev/null @@ -1,111 +0,0 @@ -set(libs - ${mbedtls_target} -) - -set(executables - metatest - query_compile_time_config - query_included_headers - selftest - udp_proxy - zeroize -) -add_dependencies(${programs_target} ${executables}) -add_dependencies(${ssl_opt_target} udp_proxy) -add_dependencies(${ssl_opt_target} query_compile_time_config) - -if(TEST_CPP) - set(cpp_dummy_build_cpp "${CMAKE_CURRENT_BINARY_DIR}/cpp_dummy_build.cpp") - set(generate_cpp_dummy_build "${CMAKE_CURRENT_SOURCE_DIR}/generate_cpp_dummy_build.sh") - add_custom_command( - OUTPUT "${cpp_dummy_build_cpp}" - COMMAND "${generate_cpp_dummy_build}" "${cpp_dummy_build_cpp}" - DEPENDS "${generate_cpp_dummy_build}" - WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" - ) - add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") - set_base_compile_options(cpp_dummy_build) - target_include_directories(cpp_dummy_build - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include) - target_link_libraries(cpp_dummy_build ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) -endif() - -if(USE_SHARED_MBEDTLS_LIBRARY AND - NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]") - add_executable(dlopen "dlopen.c") - set_base_compile_options(dlopen) - target_include_directories(dlopen - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include) - target_link_libraries(dlopen ${CMAKE_DL_LIBS}) -endif() - -if(GEN_FILES) - find_package(Perl REQUIRED) - - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/query_config.c - COMMAND - ${PERL} - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt - ${CMAKE_CURRENT_BINARY_DIR}/query_config.c - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../.. - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt - ) - # this file will also be used in another directory, so create a target, see - # https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory - add_custom_target(generate_query_config_c - DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) -else() - link_to_source(query_config.c) -endif() - -foreach(exe IN LISTS executables) - set(source ${exe}.c) - set(extra_sources "") - if(NOT EXISTS ${source} AND - EXISTS ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) - set(source ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) - endif() - - if(exe STREQUAL "query_compile_time_config") - list(APPEND extra_sources - ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h - ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) - endif() - add_executable(${exe} ${source} $ - ${extra_sources}) - set_base_compile_options(${exe}) - target_include_directories(${exe} - PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include - ${MBEDTLS_FRAMEWORK_DIR}/tests/programs) - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core) - if(exe STREQUAL "query_compile_time_config") - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}) - endif() - - # Request C11, required for memory poisoning - set_target_properties(${exe} PROPERTIES C_STANDARD 11) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) -endforeach() - -target_include_directories(metatest - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src) - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/test/cmake_package/.gitignore b/programs/test/cmake_package/.gitignore deleted file mode 100644 index 89d8c2bf69..0000000000 --- a/programs/test/cmake_package/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -build -Makefile -cmake_package -mbedtls diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt deleted file mode 100644 index 287a0c38c2..0000000000 --- a/programs/test/cmake_package/CMakeLists.txt +++ /dev/null @@ -1,38 +0,0 @@ -cmake_minimum_required(VERSION 3.5.1) - -# -# Simulate configuring and building Mbed TLS as the user might do it. We'll -# skip installing it, and use the build directory directly instead. -# - -set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..") -set(MbedTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - "-H${MbedTLS_SOURCE_DIR}" - "-B${MbedTLS_BINARY_DIR}" - "-DENABLE_PROGRAMS=NO" - "-DENABLE_TESTING=NO" - # Turn on generated files explicitly in case this is a release - "-DGEN_FILES=ON") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - --build "${MbedTLS_BINARY_DIR}") - -# -# Locate the package. -# - -set(MbedTLS_DIR "${MbedTLS_BINARY_DIR}/cmake") -find_package(MbedTLS REQUIRED) - -# -# At this point, the Mbed TLS targets should have been imported, and we can now -# link to them from our own program. -# - -add_executable(cmake_package cmake_package.c) -target_link_libraries(cmake_package - MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c deleted file mode 100644 index cd050e97bc..0000000000 --- a/programs/test/cmake_package/cmake_package.c +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Simple program to test that Mbed TLS builds correctly as a CMake package. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#include "mbedtls/version.h" - -/* The main reason to build this is for testing the CMake build, so the program - * doesn't need to do very much. It calls a single library function to ensure - * linkage works, but that is all. */ -int main() -{ - const char *version = mbedtls_version_get_string_full(); - - mbedtls_printf("Built against %s\n", version); - - return 0; -} diff --git a/programs/test/cmake_package_install/.gitignore b/programs/test/cmake_package_install/.gitignore deleted file mode 100644 index aaa5942090..0000000000 --- a/programs/test/cmake_package_install/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -build -Makefile -cmake_package_install -mbedtls diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt deleted file mode 100644 index 723538f7f7..0000000000 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ /dev/null @@ -1,48 +0,0 @@ -cmake_minimum_required(VERSION 3.5.1) - -# -# Simulate configuring and building Mbed TLS as the user might do it. We'll -# install into a directory inside our own build directory. -# - -set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..") -set(MbedTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") -set(MbedTLS_BINARY_DIR "${MbedTLS_INSTALL_DIR}${CMAKE_FILES_DIRECTORY}") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - "-H${MbedTLS_SOURCE_DIR}" - "-B${MbedTLS_BINARY_DIR}" - "-DENABLE_PROGRAMS=NO" - "-DENABLE_TESTING=NO" - # Turn on generated files explicitly in case this is a release - "-DGEN_FILES=ON" - "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" - "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}") - -execute_process( - COMMAND "${CMAKE_COMMAND}" - --build "${MbedTLS_BINARY_DIR}" - --target install) - -# -# Locate the package. -# - -list(INSERT CMAKE_PREFIX_PATH 0 "${MbedTLS_INSTALL_DIR}") -find_package(MbedTLS REQUIRED) - -# -# At this point, the Mbed TLS targets should have been imported, and we can now -# link to them from our own program. -# - -add_executable(cmake_package_install cmake_package_install.c) - -string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}") -if(CMAKE_COMPILER_IS_GNU) - target_compile_options(cmake_package_install PRIVATE -Wall -Werror) -endif() - -target_link_libraries(cmake_package_install - MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c deleted file mode 100644 index a63f7dbb0f..0000000000 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Simple program to test that Mbed TLS builds correctly as an installable CMake - * package. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#include "mbedtls/version.h" - -/* The main reason to build this is for testing the CMake build, so the program - * doesn't need to do very much. It calls a single library function to ensure - * linkage works, but that is all. */ -int main() -{ - const char *version = mbedtls_version_get_string_full(); - - mbedtls_printf("Built against %s\n", version); - - return 0; -} diff --git a/programs/test/cmake_subproject/.gitignore b/programs/test/cmake_subproject/.gitignore deleted file mode 100644 index 464833b932..0000000000 --- a/programs/test/cmake_subproject/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -build -Makefile -cmake_subproject diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt deleted file mode 100644 index 5bd0c8742b..0000000000 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ /dev/null @@ -1,23 +0,0 @@ -cmake_minimum_required(VERSION 3.5.1) - -# Test the target renaming support by adding a prefix to the targets built -set(MBEDTLS_TARGET_PREFIX subproject_test_) - -# We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other -# projects that use Mbed TLS as a subproject are likely to add by their own -# relative paths. -set(MBEDTLS_DIR ../../../) - -# Add Mbed TLS as a subdirectory. -add_subdirectory(${MBEDTLS_DIR} build) - -# Link against all the Mbed TLS libraries. Verifies that the targets have been -# created using the specified prefix -set(libs - subproject_test_mbedtls - subproject_test_mbedx509 - subproject_test_tfpsacrypto -) - -add_executable(cmake_subproject cmake_subproject.c) -target_link_libraries(cmake_subproject ${libs} ${CMAKE_THREAD_LIBS_INIT}) diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c deleted file mode 100644 index 69b5d0b819..0000000000 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Simple program to test that CMake builds with Mbed TLS as a subdirectory - * work correctly. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#include "mbedtls/version.h" - -/* The main reason to build this is for testing the CMake build, so the program - * doesn't need to do very much. It calls a single library function to ensure - * linkage works, but that is all. */ -int main() -{ - const char *version = mbedtls_version_get_string_full(); - - mbedtls_printf("Built against %s\n", version); - - return 0; -} diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c deleted file mode 100644 index 2a67635f0d..0000000000 --- a/programs/test/dlopen.c +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Test dynamic loading of libmbed* - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/x509_crt.h" -#endif - -#if defined(__APPLE__) -#define SO_SUFFIX ".dylib" -#else -#define SO_SUFFIX ".so" -#endif - -#define MBEDCRYPTO_SO_FILENAME "libmbedcrypto" SO_SUFFIX -#define TFPSACRYPTO_SO_FILENAME "libtfpsacrypto" SO_SUFFIX -#define X509_SO_FILENAME "libmbedx509" SO_SUFFIX -#define TLS_SO_FILENAME "libmbedtls" SO_SUFFIX - -#include - -#define CHECK_DLERROR(function, argument) \ - do \ - { \ - char *CHECK_DLERROR_error = dlerror(); \ - if (CHECK_DLERROR_error != NULL) \ - { \ - fprintf(stderr, "Dynamic loading error for %s(%s): %s\n", \ - function, argument, CHECK_DLERROR_error); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } \ - while (0) - -int main(void) -{ -#if defined(MBEDTLS_MD_C) || defined(MBEDTLS_SSL_TLS_C) - unsigned n; -#endif - -#if defined(MBEDTLS_SSL_TLS_C) - void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", TLS_SO_FILENAME); -#pragma GCC diagnostic push - /* dlsym() returns an object pointer which is meant to be used as a - * function pointer. This has undefined behavior in standard C, so - * "gcc -std=c99 -pedantic" complains about it, but it is perfectly - * fine on platforms that have dlsym(). */ -#pragma GCC diagnostic ignored "-Wpedantic" - const int *(*ssl_list_ciphersuites)(void) = - dlsym(tls_so, "mbedtls_ssl_list_ciphersuites"); -#pragma GCC diagnostic pop - CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites"); - const int *ciphersuites = ssl_list_ciphersuites(); - for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */ - ; - } - mbedtls_printf("dlopen(%s): %u ciphersuites\n", - TLS_SO_FILENAME, n); - dlclose(tls_so); - CHECK_DLERROR("dlclose", TLS_SO_FILENAME); -#endif /* MBEDTLS_SSL_TLS_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - void *x509_so = dlopen(X509_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", X509_SO_FILENAME); - const mbedtls_x509_crt_profile *profile = - dlsym(x509_so, "mbedtls_x509_crt_profile_default"); - CHECK_DLERROR("dlsym", "mbedtls_x509_crt_profile_default"); - mbedtls_printf("dlopen(%s): Allowed md mask: %08x\n", - X509_SO_FILENAME, (unsigned) profile->allowed_mds); - dlclose(x509_so); - CHECK_DLERROR("dlclose", X509_SO_FILENAME); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_MD_C) - const char *crypto_so_filename = NULL; - void *crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); - if (dlerror() == NULL) { - crypto_so_filename = TFPSACRYPTO_SO_FILENAME; - } else { - crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", MBEDCRYPTO_SO_FILENAME); - crypto_so_filename = MBEDCRYPTO_SO_FILENAME; - } -#pragma GCC diagnostic push - /* dlsym() returns an object pointer which is meant to be used as a - * function pointer. This has undefined behavior in standard C, so - * "gcc -std=c99 -pedantic" complains about it, but it is perfectly - * fine on platforms that have dlsym(). */ -#pragma GCC diagnostic ignored "-Wpedantic" - psa_status_t (*dyn_psa_crypto_init)(void) = - dlsym(crypto_so, "psa_crypto_init"); - psa_status_t (*dyn_psa_hash_compute)(psa_algorithm_t, const uint8_t *, size_t, uint8_t *, - size_t, size_t *) = - dlsym(crypto_so, "psa_hash_compute"); - -#pragma GCC diagnostic pop - /* Demonstrate hashing a message with PSA Crypto */ - - CHECK_DLERROR("dlsym", "psa_crypto_init"); - CHECK_DLERROR("dlsym", "psa_hash_compute"); - - psa_status_t status = dyn_psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "psa_crypto_init failed: %d\n", (int) status); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - const uint8_t input[] = "hello world"; - uint8_t hash[32]; // Buffer to hold the output hash - size_t hash_len = 0; - - status = dyn_psa_hash_compute(PSA_ALG_SHA_256, - input, sizeof(input) - 1, - hash, sizeof(hash), - &hash_len); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "psa_hash_compute failed: %d\n", (int) status); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - mbedtls_printf("dlopen(%s): psa_hash_compute succeeded. SHA-256 output length: %zu\n", - crypto_so_filename, hash_len); - - - dlclose(crypto_so); - CHECK_DLERROR("dlclose", crypto_so_filename); -#endif /* MBEDTLS_MD_C */ - - return 0; -} diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh deleted file mode 100755 index ecf0149a17..0000000000 --- a/programs/test/generate_cpp_dummy_build.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh - -DEFAULT_OUTPUT_FILE=programs/test/cpp_dummy_build.cpp - -if [ "$1" = "--help" ]; then - cat < - -int main() -{ - std::cout << "CPP dummy build\n"; - - mbedtls_platform_context *ctx = NULL; - mbedtls_platform_setup(ctx); - mbedtls_printf("CPP Build test passed\n"); - mbedtls_platform_teardown(ctx); -} -EOF -} - -if [ -d include/mbedtls ]; then - : -elif [ -d ../include/mbedtls ]; then - cd .. -elif [ -d ../../include/mbedtls ]; then - cd ../.. -else - echo >&2 "This script must be run from an Mbed TLS source tree." - exit 3 -fi - -print_cpp >"${1:-$DEFAULT_OUTPUT_FILE}" diff --git a/programs/test/selftest.c b/programs/test/selftest.c deleted file mode 100644 index 0e906ab4a3..0000000000 --- a/programs/test/selftest.c +++ /dev/null @@ -1,575 +0,0 @@ -/* - * Self-test demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/hmac_drbg.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/private/gcm.h" -#include "mbedtls/private/ccm.h" -#include "mbedtls/private/cmac.h" -#include "mbedtls/private/md5.h" -#include "mbedtls/private/ripemd160.h" -#include "mbedtls/private/sha1.h" -#include "mbedtls/private/sha256.h" -#include "mbedtls/private/sha512.h" -#include "mbedtls/private/sha3.h" -#include "mbedtls/private/aes.h" -#include "mbedtls/private/camellia.h" -#include "mbedtls/private/aria.h" -#include "mbedtls/private/chacha20.h" -#include "mbedtls/private/poly1305.h" -#include "mbedtls/private/chachapoly.h" -#include "mbedtls/base64.h" -#include "mbedtls/private/bignum.h" -#include "mbedtls/private/rsa.h" -#include "mbedtls/x509.h" -#include "mbedtls/private/pkcs5.h" -#include "mbedtls/private/ecp.h" -#include "mbedtls/private/ecjpake.h" -#include "mbedtls/timing.h" -#include "mbedtls/nist_kw.h" -#include "mbedtls/debug.h" - -#include -#include - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - - -#if defined MBEDTLS_SELF_TEST -/* Sanity check for malloc. This is not expected to fail, and is rather - * intended to display potentially useful information about the platform, - * in particular the behavior of malloc(0). */ -static int calloc_self_test(int verbose) -{ - int failures = 0; - void *empty1 = mbedtls_calloc(0, 1); - void *empty2 = mbedtls_calloc(0, 1); - void *buffer1 = mbedtls_calloc(1, 1); - void *buffer2 = mbedtls_calloc(1, 1); - unsigned int buffer_3_size = 256; - unsigned int buffer_4_size = 4097; /* Allocate more than the usual page size */ - unsigned char *buffer3 = mbedtls_calloc(buffer_3_size, 1); - unsigned char *buffer4 = mbedtls_calloc(buffer_4_size, 1); - - if (empty1 == NULL && empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): passed (NULL)\n"); - } - } else if (empty1 == NULL || empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): failed (mix of NULL and non-NULL)\n"); - } - ++failures; - } else if (empty1 == empty2) { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): passed (same non-null)\n"); - } - empty2 = NULL; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(0,1): passed (distinct non-null)\n"); - } - } - - mbedtls_free(empty1); - mbedtls_free(empty2); - - empty1 = mbedtls_calloc(1, 0); - empty2 = mbedtls_calloc(1, 0); - if (empty1 == NULL && empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): passed (NULL)\n"); - } - } else if (empty1 == NULL || empty2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): failed (mix of NULL and non-NULL)\n"); - } - ++failures; - } else if (empty1 == empty2) { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): passed (same non-null)\n"); - } - empty2 = NULL; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(1,0): passed (distinct non-null)\n"); - } - } - - if (buffer1 == NULL || buffer2 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1): failed (NULL)\n"); - } - ++failures; - } else if (buffer1 == buffer2) { - if (verbose) { - mbedtls_printf(" CALLOC(1): failed (same buffer twice)\n"); - } - ++failures; - buffer2 = NULL; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(1): passed\n"); - } - } - - mbedtls_free(buffer1); - buffer1 = mbedtls_calloc(1, 1); - if (buffer1 == NULL) { - if (verbose) { - mbedtls_printf(" CALLOC(1 again): failed (NULL)\n"); - } - ++failures; - } else { - if (verbose) { - mbedtls_printf(" CALLOC(1 again): passed\n"); - } - } - - for (unsigned int i = 0; i < buffer_3_size; i++) { - if (buffer3[i] != 0) { - ++failures; - if (verbose) { - mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n", - buffer_3_size); - } - break; - } - } - - for (unsigned int i = 0; i < buffer_4_size; i++) { - if (buffer4[i] != 0) { - ++failures; - if (verbose) { - mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n", - buffer_4_size); - } - break; - } - } - - if (verbose) { - mbedtls_printf("\n"); - } - mbedtls_free(empty1); - mbedtls_free(empty2); - mbedtls_free(buffer1); - mbedtls_free(buffer2); - mbedtls_free(buffer3); - mbedtls_free(buffer4); - return failures; -} -#endif /* MBEDTLS_SELF_TEST */ - -static int test_snprintf(size_t n, const char *ref_buf, int ref_ret) -{ - int ret; - char buf[10] = "xxxxxxxxx"; - const char ref[10] = "xxxxxxxxx"; - - ret = mbedtls_snprintf(buf, n, "%s", "123"); - if (ret < 0 || (size_t) ret >= n) { - ret = -1; - } - - if (strncmp(ref_buf, buf, sizeof(buf)) != 0 || - ref_ret != ret || - memcmp(buf + n, ref + n, sizeof(buf) - n) != 0) { - return 1; - } - - return 0; -} - -static int run_test_snprintf(void) -{ - return test_snprintf(0, "xxxxxxxxx", -1) != 0 || - test_snprintf(1, "", -1) != 0 || - test_snprintf(2, "1", -1) != 0 || - test_snprintf(3, "12", -1) != 0 || - test_snprintf(4, "123", 3) != 0 || - test_snprintf(5, "123", 3) != 0; -} - -/* - * Check if a seed file is present, and if not create one for the entropy - * self-test. If this fails, we attempt the test anyway, so no error is passed - * back. - */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) -static void dummy_entropy(unsigned char *output, size_t output_size) -{ - srand(1); - for (size_t i = 0; i < output_size; i++) { - output[i] = rand(); - } -} - -static void create_entropy_seed_file(void) -{ - int result; - unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - /* Attempt to read the entropy seed file. If this fails - attempt to write - * to the file to ensure one is present. */ - result = mbedtls_platform_std_nv_seed_read(seed_value, - MBEDTLS_ENTROPY_BLOCK_SIZE); - if (0 == result) { - return; - } - - dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); - mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); -} -#endif - -static int mbedtls_entropy_self_test_wrapper(int verbose) -{ -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) - create_entropy_seed_file(); -#endif - return mbedtls_entropy_self_test(verbose); -} -#endif - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) -{ - if (verbose != 0) { -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - } - mbedtls_memory_buffer_alloc_free(); - return mbedtls_memory_buffer_alloc_self_test(verbose); -} -#endif - -typedef struct { - const char *name; - int (*function)(int); -} selftest_t; - -const selftest_t selftests[] = -{ - { "calloc", calloc_self_test }, -#if defined(MBEDTLS_MD5_C) - { "md5", mbedtls_md5_self_test }, -#endif -#if defined(MBEDTLS_RIPEMD160_C) - { "ripemd160", mbedtls_ripemd160_self_test }, -#endif -#if defined(MBEDTLS_SHA1_C) - { "sha1", mbedtls_sha1_self_test }, -#endif -#if defined(MBEDTLS_SHA224_C) - { "sha224", mbedtls_sha224_self_test }, -#endif -#if defined(MBEDTLS_SHA256_C) - { "sha256", mbedtls_sha256_self_test }, -#endif -#if defined(MBEDTLS_SHA384_C) - { "sha384", mbedtls_sha384_self_test }, -#endif -#if defined(MBEDTLS_SHA512_C) - { "sha512", mbedtls_sha512_self_test }, -#endif -#if defined(PSA_WANT_ALG_SHA3_224) || \ - defined(PSA_WANT_ALG_SHA3_256) || \ - defined(PSA_WANT_ALG_SHA3_384) || \ - defined(PSA_WANT_ALG_SHA3_512) - { "sha3", mbedtls_sha3_self_test }, -#endif -#if defined(MBEDTLS_AES_C) - { "aes", mbedtls_aes_self_test }, -#endif -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) - { "gcm", mbedtls_gcm_self_test }, -#endif -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) - { "ccm", mbedtls_ccm_self_test }, -#endif -#if defined(MBEDTLS_CMAC_C) - { "cmac", mbedtls_cmac_self_test }, -#endif -#if defined(MBEDTLS_CHACHA20_C) - { "chacha20", mbedtls_chacha20_self_test }, -#endif -#if defined(MBEDTLS_POLY1305_C) - { "poly1305", mbedtls_poly1305_self_test }, -#endif -#if defined(MBEDTLS_CHACHAPOLY_C) - { "chacha20-poly1305", mbedtls_chachapoly_self_test }, -#endif -#if defined(MBEDTLS_BASE64_C) - { "base64", mbedtls_base64_self_test }, -#endif -#if defined(MBEDTLS_BIGNUM_C) - { "mpi", mbedtls_mpi_self_test }, -#endif -#if defined(MBEDTLS_RSA_C) - { "rsa", mbedtls_rsa_self_test }, -#endif -#if defined(MBEDTLS_CAMELLIA_C) - { "camellia", mbedtls_camellia_self_test }, -#endif -#if defined(MBEDTLS_ARIA_C) - { "aria", mbedtls_aria_self_test }, -#endif -#if defined(MBEDTLS_CTR_DRBG_C) - { "ctr_drbg", mbedtls_ctr_drbg_self_test }, -#endif -#if defined(MBEDTLS_HMAC_DRBG_C) - { "hmac_drbg", mbedtls_hmac_drbg_self_test }, -#endif -#if defined(MBEDTLS_ECP_C) - { "ecp", mbedtls_ecp_self_test }, -#endif -#if defined(MBEDTLS_ECJPAKE_C) - { "ecjpake", mbedtls_ecjpake_self_test }, -#endif -#if defined(MBEDTLS_ENTROPY_C) - { "entropy", mbedtls_entropy_self_test_wrapper }, -#endif -#if defined(MBEDTLS_PKCS5_C) - { "pkcs5", mbedtls_pkcs5_self_test }, -#endif -/* Heap test comes last */ -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - { "memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test }, -#endif - { NULL, NULL } -}; -#endif /* MBEDTLS_SELF_TEST */ - -int main(int argc, char *argv[]) -{ -#if defined(MBEDTLS_SELF_TEST) - const selftest_t *test; -#endif /* MBEDTLS_SELF_TEST */ - char **argp; - int v = 1; /* v=1 for verbose mode */ - int exclude_mode = 0; - int suites_tested = 0, suites_failed = 0; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) - unsigned char buf[1000000]; -#endif - void *pointer; - - /* - * Check some basic platform requirements as specified in README.md - */ - if (SIZE_MAX < INT_MAX || SIZE_MAX < UINT_MAX) { - mbedtls_printf("SIZE_MAX must be at least as big as INT_MAX and UINT_MAX\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - if (sizeof(int) < 4) { - mbedtls_printf("int must be at least 32 bits\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - if (sizeof(size_t) < 4) { - mbedtls_printf("size_t must be at least 32 bits\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - uint32_t endian_test = 0x12345678; - char *p = (char *) &endian_test; - if (!(p[0] == 0x12 && p[1] == 0x34 && p[2] == 0x56 && p[3] == 0x78) && - !(p[3] == 0x12 && p[2] == 0x34 && p[1] == 0x56 && p[0] == 0x78)) { - mbedtls_printf("Mixed-endian platforms are not supported\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* - * The C standard doesn't guarantee that all-bits-0 is the representation - * of a NULL pointer. We do however use that in our code for initializing - * structures, which should work on every modern platform. Let's be sure. - */ - memset(&pointer, 0, sizeof(void *)); - if (pointer != NULL) { - mbedtls_printf("all-bits-zero is not a NULL pointer\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* - * The C standard allows padding bits in the representation - * of standard integer types, but our code does currently not - * support them. - * - * Here we check that the underlying C implementation doesn't - * use padding bits, and fail cleanly if it does. - * - * The check works by casting the maximum value representable - * by a given integer type into the unpadded integer type of the - * same bit-width and checking that it agrees with the maximum value - * of that unpadded type. For example, for a 4-byte int, - * MAX_INT should be 0x7fffffff in int32_t. This assumes that - * CHAR_BIT == 8, which is checked in check_config.h. - * - * We assume that [u]intxx_t exist and that they don't - * have padding bits, as the standard requires. - */ - -#define CHECK_PADDING_SIGNED(TYPE, NAME) \ - do \ - { \ - if (sizeof(TYPE) == 2 || sizeof(TYPE) == 4 || \ - sizeof(TYPE) == 8) { \ - if ((sizeof(TYPE) == 2 && \ - (int16_t) NAME ## _MAX != 0x7FFF) || \ - (sizeof(TYPE) == 4 && \ - (int32_t) NAME ## _MAX != 0x7FFFFFFF) || \ - (sizeof(TYPE) == 8 && \ - (int64_t) NAME ## _MAX != 0x7FFFFFFFFFFFFFFF)) \ - { \ - mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } else { \ - mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \ - "\n", \ - sizeof(TYPE)); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } while (0) - -#define CHECK_PADDING_UNSIGNED(TYPE, NAME) \ - do \ - { \ - if ((sizeof(TYPE) == 2 && \ - (uint16_t) NAME ## _MAX != 0xFFFF) || \ - (sizeof(TYPE) == 4 && \ - (uint32_t) NAME ## _MAX != 0xFFFFFFFF) || \ - (sizeof(TYPE) == 8 && \ - (uint64_t) NAME ## _MAX != 0xFFFFFFFFFFFFFFFF)) \ - { \ - mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \ - mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ - } \ - } while (0) - - CHECK_PADDING_SIGNED(short, SHRT); - CHECK_PADDING_SIGNED(int, INT); - CHECK_PADDING_SIGNED(long, LONG); - CHECK_PADDING_SIGNED(long long, LLONG); - CHECK_PADDING_SIGNED(ptrdiff_t, PTRDIFF); - - CHECK_PADDING_UNSIGNED(unsigned short, USHRT); - CHECK_PADDING_UNSIGNED(unsigned, UINT); - CHECK_PADDING_UNSIGNED(unsigned long, ULONG); - CHECK_PADDING_UNSIGNED(unsigned long long, ULLONG); - CHECK_PADDING_UNSIGNED(size_t, SIZE); - -#undef CHECK_PADDING_SIGNED -#undef CHECK_PADDING_UNSIGNED - - /* - * Make sure we have a snprintf that correctly zero-terminates - */ - if (run_test_snprintf() != 0) { - mbedtls_printf("the snprintf implementation is broken\n"); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - for (argp = argv + (argc >= 1 ? 1 : argc); *argp != NULL; ++argp) { - if (strcmp(*argp, "--quiet") == 0 || - strcmp(*argp, "-q") == 0) { - v = 0; - } else if (strcmp(*argp, "--exclude") == 0 || - strcmp(*argp, "-x") == 0) { - exclude_mode = 1; - } else { - break; - } - } - - if (v != 0) { - mbedtls_printf("\n"); - } - -#if defined(MBEDTLS_SELF_TEST) - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(buf, sizeof(buf)); -#endif - - if (*argp != NULL && exclude_mode == 0) { - /* Run the specified tests */ - for (; *argp != NULL; argp++) { - for (test = selftests; test->name != NULL; test++) { - if (!strcmp(*argp, test->name)) { - if (test->function(v) != 0) { - suites_failed++; - } - suites_tested++; - break; - } - } - if (test->name == NULL) { - mbedtls_printf(" Test suite %s not available -> failed\n\n", *argp); - suites_failed++; - } - } - } else { - /* Run all the tests except excluded ones */ - for (test = selftests; test->name != NULL; test++) { - if (exclude_mode) { - char **excluded; - for (excluded = argp; *excluded != NULL; ++excluded) { - if (!strcmp(*excluded, test->name)) { - break; - } - } - if (*excluded) { - if (v) { - mbedtls_printf(" Skip: %s\n", test->name); - } - continue; - } - } - if (test->function(v) != 0) { - suites_failed++; - } - suites_tested++; - } - } - -#else - (void) exclude_mode; - mbedtls_printf(" MBEDTLS_SELF_TEST not defined.\n"); -#endif - - if (v != 0) { - mbedtls_printf(" Executed %d test suites\n\n", suites_tested); - - if (suites_failed > 0) { - mbedtls_printf(" [ %d tests FAIL ]\n\n", suites_failed); - } else { - mbedtls_printf(" [ All tests PASS ]\n\n"); - } - } - - if (suites_failed > 0) { - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); -} diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c deleted file mode 100644 index efa003da0d..0000000000 --- a/programs/test/udp_proxy.c +++ /dev/null @@ -1,966 +0,0 @@ -/* - * UDP proxy: emulate an unreliable UDP connection for DTLS testing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* - * Warning: this is an internal utility program we use for tests. - * It does break some abstractions from the NET layer, and is thus NOT an - * example of good general usage. - */ - - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include -#include -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#if defined(MBEDTLS_HAVE_TIME) -#include -#define mbedtls_time time -#endif -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif /* MBEDTLS_PLATFORM_C */ - -#if !defined(MBEDTLS_NET_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_NET_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/net_sockets.h" -#include "mbedtls/error.h" -#include "mbedtls/ssl.h" -#include "mbedtls/timing.h" - -#include - -/* For select() */ -#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ - !defined(EFI32) -#include -#include -#if defined(_MSC_VER) -#if defined(_WIN32_WCE) -#pragma comment( lib, "ws2.lib" ) -#else -#pragma comment( lib, "ws2_32.lib" ) -#endif -#endif /* _MSC_VER */ -#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ -#if defined(MBEDTLS_HAVE_TIME) || (defined(MBEDTLS_TIMING_C) && !defined(MBEDTLS_TIMING_ALT)) -#include -#endif -#include -#include -#include -#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ - -#define MAX_MSG_SIZE 16384 + 2048 /* max record/datagram size */ - -#define DFL_SERVER_ADDR "localhost" -#define DFL_SERVER_PORT "4433" -#define DFL_LISTEN_ADDR "localhost" -#define DFL_LISTEN_PORT "5556" -#define DFL_PACK 0 - -#if defined(MBEDTLS_TIMING_C) -#define USAGE_PACK \ - " pack=%%d default: 0 (don't pack)\n" \ - " options: t > 0 (pack for t milliseconds)\n" -#else -#define USAGE_PACK -#endif - -#define USAGE \ - "\n usage: udp_proxy param=<>...\n" \ - "\n acceptable parameters:\n" \ - " server_addr=%%s default: localhost\n" \ - " server_port=%%d default: 4433\n" \ - " listen_addr=%%s default: localhost\n" \ - " listen_port=%%d default: 4433\n" \ - "\n" \ - " duplicate=%%d default: 0 (no duplication)\n" \ - " duplicate about 1:N packets randomly\n" \ - " delay=%%d default: 0 (no delayed packets)\n" \ - " delay about 1:N packets randomly\n" \ - " delay_ccs=0/1 default: 0 (don't delay ChangeCipherSpec)\n" \ - " delay_cli=%%s Handshake message from client that should be\n" \ - " delayed. Possible values are 'ClientHello',\n" \ - " 'Certificate', 'CertificateVerify', and\n" \ - " 'ClientKeyExchange'.\n" \ - " May be used multiple times, even for the same\n" \ - " message, in which case the respective message\n" \ - " gets delayed multiple times.\n" \ - " delay_srv=%%s Handshake message from server that should be\n" \ - " delayed. Possible values are 'HelloRequest',\n" \ - " 'ServerHello', 'ServerHelloDone', 'Certificate'\n" \ - " 'ServerKeyExchange', 'NewSessionTicket',\n" \ - " 'HelloVerifyRequest' and ''CertificateRequest'.\n" \ - " May be used multiple times, even for the same\n" \ - " message, in which case the respective message\n" \ - " gets delayed multiple times.\n" \ - " drop=%%d default: 0 (no dropped packets)\n" \ - " drop about 1:N packets randomly\n" \ - " mtu=%%d default: 0 (unlimited)\n" \ - " drop packets larger than N bytes\n" \ - " bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \ - " bad_cid=%%d default: 0 (don't corrupt Connection IDs)\n" \ - " duplicate 1:N packets containing a CID,\n" \ - " modifying CID in first instance of the packet.\n" \ - " protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \ - " protect_len=%%d default: (don't protect packets of this size)\n" \ - " inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \ - "\n" \ - " seed=%%d default: (use current time)\n" \ - USAGE_PACK \ - "\n" - -/* - * global options - */ - -#define MAX_DELAYED_HS 10 - -static struct options { - const char *server_addr; /* address to forward packets to */ - const char *server_port; /* port to forward packets to */ - const char *listen_addr; /* address for accepting client connections */ - const char *listen_port; /* port for accepting client connections */ - - int duplicate; /* duplicate 1 in N packets (none if 0) */ - int delay; /* delay 1 packet in N (none if 0) */ - int delay_ccs; /* delay ChangeCipherSpec */ - char *delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from - * client that should be delayed. */ - uint8_t delay_cli_cnt; /* Number of entries in delay_cli. */ - char *delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from - * server that should be delayed. */ - uint8_t delay_srv_cnt; /* Number of entries in delay_srv. */ - int drop; /* drop 1 packet in N (none if 0) */ - int mtu; /* drop packets larger than this */ - int bad_ad; /* inject corrupted ApplicationData record */ - unsigned bad_cid; /* inject corrupted CID record */ - int protect_hvr; /* never drop or delay HelloVerifyRequest */ - int protect_len; /* never drop/delay packet of the given size*/ - int inject_clihlo; /* inject fake ClientHello after handshake */ - unsigned pack; /* merge packets into single datagram for - * at most \c merge milliseconds if > 0 */ - unsigned int seed; /* seed for "random" events */ -} opt; - -static void exit_usage(const char *name, const char *value) -{ - if (value == NULL) { - mbedtls_printf(" unknown option or missing value: %s\n", name); - } else { - mbedtls_printf(" option %s: illegal value: %s\n", name, value); - } - - mbedtls_printf(USAGE); - mbedtls_exit(1); -} - -static void get_options(int argc, char *argv[]) -{ - int i; - char *p, *q; - - opt.server_addr = DFL_SERVER_ADDR; - opt.server_port = DFL_SERVER_PORT; - opt.listen_addr = DFL_LISTEN_ADDR; - opt.listen_port = DFL_LISTEN_PORT; - opt.pack = DFL_PACK; - /* Other members default to 0 */ - - opt.delay_cli_cnt = 0; - opt.delay_srv_cnt = 0; - memset(opt.delay_cli, 0, sizeof(opt.delay_cli)); - memset(opt.delay_srv, 0, sizeof(opt.delay_srv)); - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - exit_usage(p, NULL); - } - *q++ = '\0'; - - if (strcmp(p, "server_addr") == 0) { - opt.server_addr = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "listen_addr") == 0) { - opt.listen_addr = q; - } else if (strcmp(p, "listen_port") == 0) { - opt.listen_port = q; - } else if (strcmp(p, "duplicate") == 0) { - opt.duplicate = atoi(q); - if (opt.duplicate < 0 || opt.duplicate > 20) { - exit_usage(p, q); - } - } else if (strcmp(p, "delay") == 0) { - opt.delay = atoi(q); - if (opt.delay < 0 || opt.delay > 20 || opt.delay == 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "delay_ccs") == 0) { - opt.delay_ccs = atoi(q); - if (opt.delay_ccs < 0 || opt.delay_ccs > 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "delay_cli") == 0 || - strcmp(p, "delay_srv") == 0) { - uint8_t *delay_cnt; - char **delay_list; - size_t len; - char *buf; - - if (strcmp(p, "delay_cli") == 0) { - delay_cnt = &opt.delay_cli_cnt; - delay_list = opt.delay_cli; - } else { - delay_cnt = &opt.delay_srv_cnt; - delay_list = opt.delay_srv; - } - - if (*delay_cnt == MAX_DELAYED_HS) { - mbedtls_printf(" too many uses of %s: only %d allowed\n", - p, MAX_DELAYED_HS); - exit_usage(p, NULL); - } - - len = strlen(q); - buf = mbedtls_calloc(1, len + 1); - if (buf == NULL) { - mbedtls_printf(" Allocation failure\n"); - exit(1); - } - memcpy(buf, q, len + 1); - - delay_list[(*delay_cnt)++] = buf; - } else if (strcmp(p, "drop") == 0) { - opt.drop = atoi(q); - if (opt.drop < 0 || opt.drop > 20 || opt.drop == 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "pack") == 0) { -#if defined(MBEDTLS_TIMING_C) - opt.pack = (unsigned) atoi(q); -#else - mbedtls_printf(" option pack only defined if MBEDTLS_TIMING_C is enabled\n"); - exit(1); -#endif - } else if (strcmp(p, "mtu") == 0) { - opt.mtu = atoi(q); - if (opt.mtu < 0 || opt.mtu > MAX_MSG_SIZE) { - exit_usage(p, q); - } - } else if (strcmp(p, "bad_ad") == 0) { - opt.bad_ad = atoi(q); - if (opt.bad_ad < 0 || opt.bad_ad > 1) { - exit_usage(p, q); - } - } -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - else if (strcmp(p, "bad_cid") == 0) { - opt.bad_cid = (unsigned) atoi(q); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - else if (strcmp(p, "protect_hvr") == 0) { - opt.protect_hvr = atoi(q); - if (opt.protect_hvr < 0 || opt.protect_hvr > 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "protect_len") == 0) { - opt.protect_len = atoi(q); - if (opt.protect_len < 0) { - exit_usage(p, q); - } - } else if (strcmp(p, "inject_clihlo") == 0) { - opt.inject_clihlo = atoi(q); - if (opt.inject_clihlo < 0 || opt.inject_clihlo > 1) { - exit_usage(p, q); - } - } else if (strcmp(p, "seed") == 0) { - opt.seed = atoi(q); - if (opt.seed == 0) { - exit_usage(p, q); - } - } else { - exit_usage(p, NULL); - } - } -} - -static const char *msg_type(unsigned char *msg, size_t len) -{ - if (len < 1) { - return "Invalid"; - } - switch (msg[0]) { - case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return "ChangeCipherSpec"; - case MBEDTLS_SSL_MSG_ALERT: return "Alert"; - case MBEDTLS_SSL_MSG_APPLICATION_DATA: return "ApplicationData"; - case MBEDTLS_SSL_MSG_CID: return "CID"; - case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */ - default: return "Unknown"; - } - - if (len < 13 + 12) { - return "Invalid handshake"; - } - - /* - * Our handshake message are less than 2^16 bytes long, so they should - * have 0 as the first byte of length, frag_offset and frag_length. - * Otherwise, assume they are encrypted. - */ - if (msg[14] || msg[19] || msg[22]) { - return "Encrypted handshake"; - } - - switch (msg[13]) { - case MBEDTLS_SSL_HS_HELLO_REQUEST: return "HelloRequest"; - case MBEDTLS_SSL_HS_CLIENT_HELLO: return "ClientHello"; - case MBEDTLS_SSL_HS_SERVER_HELLO: return "ServerHello"; - case MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: return "HelloVerifyRequest"; - case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: return "NewSessionTicket"; - case MBEDTLS_SSL_HS_CERTIFICATE: return "Certificate"; - case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: return "ServerKeyExchange"; - case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return "CertificateRequest"; - case MBEDTLS_SSL_HS_SERVER_HELLO_DONE: return "ServerHelloDone"; - case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: return "CertificateVerify"; - case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: return "ClientKeyExchange"; - case MBEDTLS_SSL_HS_FINISHED: return "Finished"; - default: return "Unknown handshake"; - } -} - -#if defined(MBEDTLS_TIMING_C) -/* Return elapsed time in milliseconds since the first call */ -static unsigned elapsed_time(void) -{ - static int initialized = 0; - static struct mbedtls_timing_hr_time hires; - - if (initialized == 0) { - (void) mbedtls_timing_get_timer(&hires, 1); - initialized = 1; - return 0; - } - - return mbedtls_timing_get_timer(&hires, 0); -} - -typedef struct { - mbedtls_net_context *ctx; - - const char *description; - - unsigned packet_lifetime; - unsigned num_datagrams; - - unsigned char data[MAX_MSG_SIZE]; - size_t len; - -} ctx_buffer; - -static ctx_buffer outbuf[2]; - -static int ctx_buffer_flush(ctx_buffer *buf) -{ - int ret; - - mbedtls_printf(" %05u flush %s: %u bytes, %u datagrams, last %u ms\n", - elapsed_time(), buf->description, - (unsigned) buf->len, buf->num_datagrams, - elapsed_time() - buf->packet_lifetime); - - ret = mbedtls_net_send(buf->ctx, buf->data, buf->len); - - buf->len = 0; - buf->num_datagrams = 0; - - return ret; -} - -static unsigned ctx_buffer_time_remaining(ctx_buffer *buf) -{ - unsigned const cur_time = elapsed_time(); - - if (buf->num_datagrams == 0) { - return (unsigned) -1; - } - - if (cur_time - buf->packet_lifetime >= opt.pack) { - return 0; - } - - return opt.pack - (cur_time - buf->packet_lifetime); -} - -static int ctx_buffer_append(ctx_buffer *buf, - const unsigned char *data, - size_t len) -{ - int ret; - - if (len > (size_t) INT_MAX) { - return -1; - } - - if (len > sizeof(buf->data)) { - mbedtls_printf(" ! buffer size %u too large (max %u)\n", - (unsigned) len, (unsigned) sizeof(buf->data)); - return -1; - } - - if (sizeof(buf->data) - buf->len < len) { - if ((ret = ctx_buffer_flush(buf)) <= 0) { - mbedtls_printf("ctx_buffer_flush failed with -%#04x", (unsigned int) -ret); - return ret; - } - } - - memcpy(buf->data + buf->len, data, len); - - buf->len += len; - if (++buf->num_datagrams == 1) { - buf->packet_lifetime = elapsed_time(); - } - - return (int) len; -} -#endif /* MBEDTLS_TIMING_C */ - -static int dispatch_data(mbedtls_net_context *ctx, - const unsigned char *data, - size_t len) -{ - int ret; -#if defined(MBEDTLS_TIMING_C) - ctx_buffer *buf = NULL; - if (opt.pack > 0) { - if (outbuf[0].ctx == ctx) { - buf = &outbuf[0]; - } else if (outbuf[1].ctx == ctx) { - buf = &outbuf[1]; - } - - if (buf == NULL) { - return -1; - } - - return ctx_buffer_append(buf, data, len); - } -#endif /* MBEDTLS_TIMING_C */ - - ret = mbedtls_net_send(ctx, data, len); - if (ret < 0) { - mbedtls_printf("net_send returned -%#04x\n", (unsigned int) -ret); - } - return ret; -} - -typedef struct { - mbedtls_net_context *dst; - const char *way; - const char *type; - unsigned len; - unsigned char buf[MAX_MSG_SIZE]; -} packet; - -/* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */ -static void print_packet(const packet *p, const char *why) -{ -#if defined(MBEDTLS_TIMING_C) - if (why == NULL) { - mbedtls_printf(" %05u dispatch %s %s (%u bytes)\n", - elapsed_time(), p->way, p->type, p->len); - } else { - mbedtls_printf(" %05u dispatch %s %s (%u bytes): %s\n", - elapsed_time(), p->way, p->type, p->len, why); - } -#else - if (why == NULL) { - mbedtls_printf(" dispatch %s %s (%u bytes)\n", - p->way, p->type, p->len); - } else { - mbedtls_printf(" dispatch %s %s (%u bytes): %s\n", - p->way, p->type, p->len, why); - } -#endif - - fflush(stdout); -} - -/* - * In order to test the server's behaviour when receiving a ClientHello after - * the connection is established (this could be a hard reset from the client, - * but the server must not drop the existing connection before establishing - * client reachability, see RFC 6347 Section 4.2.8), we memorize the first - * ClientHello we see (which can't have a cookie), then replay it after the - * first ApplicationData record - then we're done. - * - * This is controlled by the inject_clihlo option. - * - * We want an explicit state and a place to store the packet. - */ -typedef enum { - ICH_INIT, /* haven't seen the first ClientHello yet */ - ICH_CACHED, /* cached the initial ClientHello */ - ICH_INJECTED, /* ClientHello already injected, done */ -} inject_clihlo_state_t; - -static inject_clihlo_state_t inject_clihlo_state; -static packet initial_clihlo; - -static int send_packet(const packet *p, const char *why) -{ - int ret; - mbedtls_net_context *dst = p->dst; - - /* save initial ClientHello? */ - if (opt.inject_clihlo != 0 && - inject_clihlo_state == ICH_INIT && - strcmp(p->type, "ClientHello") == 0) { - memcpy(&initial_clihlo, p, sizeof(packet)); - inject_clihlo_state = ICH_CACHED; - } - - /* insert corrupted CID record? */ - if (opt.bad_cid != 0 && - strcmp(p->type, "CID") == 0 && - (rand() % opt.bad_cid) == 0) { - unsigned char buf[MAX_MSG_SIZE]; - memcpy(buf, p->buf, p->len); - - /* The CID resides at offset 11 in the DTLS record header. */ - buf[11] ^= 1; - print_packet(p, "modified CID"); - - if ((ret = dispatch_data(dst, buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - } - - /* insert corrupted ApplicationData record? */ - if (opt.bad_ad && - strcmp(p->type, "ApplicationData") == 0) { - unsigned char buf[MAX_MSG_SIZE]; - memcpy(buf, p->buf, p->len); - - if (p->len <= 13) { - mbedtls_printf(" ! can't corrupt empty AD record"); - } else { - ++buf[13]; - print_packet(p, "corrupted"); - } - - if ((ret = dispatch_data(dst, buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - } - - print_packet(p, why); - if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - - /* Don't duplicate Application Data, only handshake covered */ - if (opt.duplicate != 0 && - strcmp(p->type, "ApplicationData") != 0 && - rand() % opt.duplicate == 0) { - print_packet(p, "duplicated"); - - if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - } - - /* Inject ClientHello after first ApplicationData */ - if (opt.inject_clihlo != 0 && - inject_clihlo_state == ICH_CACHED && - strcmp(p->type, "ApplicationData") == 0) { - print_packet(&initial_clihlo, "injected"); - - if ((ret = dispatch_data(dst, initial_clihlo.buf, - initial_clihlo.len)) <= 0) { - mbedtls_printf(" ! dispatch returned %d\n", ret); - return ret; - } - - inject_clihlo_state = ICH_INJECTED; - } - - return 0; -} - -#define MAX_DELAYED_MSG 5 -static size_t prev_len; -static packet prev[MAX_DELAYED_MSG]; - -static void clear_pending(void) -{ - memset(&prev, 0, sizeof(prev)); - prev_len = 0; -} - -static void delay_packet(packet *delay) -{ - if (prev_len == MAX_DELAYED_MSG) { - return; - } - - memcpy(&prev[prev_len++], delay, sizeof(packet)); -} - -static int send_delayed(void) -{ - uint8_t offset; - int ret; - for (offset = 0; offset < prev_len; offset++) { - ret = send_packet(&prev[offset], "delayed"); - if (ret != 0) { - return ret; - } - } - - clear_pending(); - return 0; -} - -/* - * Avoid dropping or delaying a packet that was already dropped or delayed - * ("held") twice: this only results in uninteresting timeouts. We can't rely - * on type to identify packets, since during renegotiation they're all - * encrypted. So, rely on size mod 2048 (which is usually just size). - * - * We only hold packets at the level of entire datagrams, not at the level - * of records. In particular, if the peer changes the way it packs multiple - * records into a single datagram, we don't necessarily count the number of - * times a record has been held correctly. However, the only known reason - * why a peer would change datagram packing is disabling the latter on - * retransmission, in which case we'd hold involved records at most - * HOLD_MAX + 1 times. - */ -static unsigned char held[2048] = { 0 }; -#define HOLD_MAX 2 - -static int handle_message(const char *way, - mbedtls_net_context *dst, - mbedtls_net_context *src) -{ - int ret; - packet cur; - size_t id; - - uint8_t delay_idx; - char **delay_list; - uint8_t delay_list_len; - - /* receive packet */ - if ((ret = mbedtls_net_recv(src, cur.buf, sizeof(cur.buf))) <= 0) { - mbedtls_printf(" ! mbedtls_net_recv returned %d\n", ret); - return ret; - } - - cur.len = ret; - cur.type = msg_type(cur.buf, cur.len); - cur.way = way; - cur.dst = dst; - print_packet(&cur, NULL); - - id = cur.len % sizeof(held); - - if (strcmp(way, "S <- C") == 0) { - delay_list = opt.delay_cli; - delay_list_len = opt.delay_cli_cnt; - } else { - delay_list = opt.delay_srv; - delay_list_len = opt.delay_srv_cnt; - } - - /* Check if message type is in the list of messages - * that should be delayed */ - for (delay_idx = 0; delay_idx < delay_list_len; delay_idx++) { - if (delay_list[delay_idx] == NULL) { - continue; - } - - if (strcmp(delay_list[delay_idx], cur.type) == 0) { - /* Delay message */ - delay_packet(&cur); - - /* Remove entry from list */ - mbedtls_free(delay_list[delay_idx]); - delay_list[delay_idx] = NULL; - - return 0; - } - } - - /* do we want to drop, delay, or forward it? */ - if ((opt.mtu != 0 && - cur.len > (unsigned) opt.mtu) || - (opt.drop != 0 && - strcmp(cur.type, "CID") != 0 && - strcmp(cur.type, "ApplicationData") != 0 && - !(opt.protect_hvr && - strcmp(cur.type, "HelloVerifyRequest") == 0) && - cur.len != (size_t) opt.protect_len && - held[id] < HOLD_MAX && - rand() % opt.drop == 0)) { - ++held[id]; - } else if ((opt.delay_ccs == 1 && - strcmp(cur.type, "ChangeCipherSpec") == 0) || - (opt.delay != 0 && - strcmp(cur.type, "CID") != 0 && - strcmp(cur.type, "ApplicationData") != 0 && - !(opt.protect_hvr && - strcmp(cur.type, "HelloVerifyRequest") == 0) && - cur.len != (size_t) opt.protect_len && - held[id] < HOLD_MAX && - rand() % opt.delay == 0)) { - ++held[id]; - delay_packet(&cur); - } else { - /* forward and possibly duplicate */ - if ((ret = send_packet(&cur, "forwarded")) != 0) { - return ret; - } - - /* send previously delayed messages if any */ - ret = send_delayed(); - if (ret != 0) { - return ret; - } - } - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - uint8_t delay_idx; - - mbedtls_net_context listen_fd, client_fd, server_fd; - -#if defined(MBEDTLS_TIMING_C) - struct timeval tm; -#endif - - struct timeval *tm_ptr = NULL; - - int nb_fds; - fd_set read_fds; - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_net_init(&server_fd); - - get_options(argc, argv); - - /* - * Decisions to drop/delay/duplicate packets are pseudo-random: dropping - * exactly 1 in N packets would lead to problems when a flight has exactly - * N packets: the same packet would be dropped on every resend. - * - * In order to be able to reproduce problems reliably, the seed may be - * specified explicitly. - */ - if (opt.seed == 0) { -#if defined(MBEDTLS_HAVE_TIME) - opt.seed = (unsigned int) mbedtls_time(NULL); -#else - opt.seed = 1; -#endif /* MBEDTLS_HAVE_TIME */ - mbedtls_printf(" . Pseudo-random seed: %u\n", opt.seed); - } - - srand(opt.seed); - - /* - * 0. "Connect" to the server - */ - mbedtls_printf(" . Connect to server on UDP/%s/%s ...", - opt.server_addr, opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, opt.server_addr, opt.server_port, - MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1. Setup the "listening" UDP socket - */ - mbedtls_printf(" . Bind on UDP/%s/%s ...", - opt.listen_addr, opt.listen_port); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, opt.listen_addr, opt.listen_port, - MBEDTLS_NET_PROTO_UDP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 2. Wait until a client connects - */ -accept: - mbedtls_net_free(&client_fd); - - mbedtls_printf(" . Waiting for a remote connection ..."); - fflush(stdout); - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 3. Forward packets forever (kill the process to terminate it) - */ - clear_pending(); - memset(held, 0, sizeof(held)); - - nb_fds = client_fd.fd; - if (nb_fds < server_fd.fd) { - nb_fds = server_fd.fd; - } - if (nb_fds < listen_fd.fd) { - nb_fds = listen_fd.fd; - } - ++nb_fds; - -#if defined(MBEDTLS_TIMING_C) - if (opt.pack > 0) { - outbuf[0].ctx = &server_fd; - outbuf[0].description = "S <- C"; - outbuf[0].num_datagrams = 0; - outbuf[0].len = 0; - - outbuf[1].ctx = &client_fd; - outbuf[1].description = "S -> C"; - outbuf[1].num_datagrams = 0; - outbuf[1].len = 0; - } -#endif /* MBEDTLS_TIMING_C */ - - while (1) { -#if defined(MBEDTLS_TIMING_C) - if (opt.pack > 0) { - unsigned max_wait_server, max_wait_client, max_wait; - max_wait_server = ctx_buffer_time_remaining(&outbuf[0]); - max_wait_client = ctx_buffer_time_remaining(&outbuf[1]); - - max_wait = (unsigned) -1; - - if (max_wait_server == 0) { - ctx_buffer_flush(&outbuf[0]); - } else { - max_wait = max_wait_server; - } - - if (max_wait_client == 0) { - ctx_buffer_flush(&outbuf[1]); - } else { - if (max_wait_client < max_wait) { - max_wait = max_wait_client; - } - } - - if (max_wait != (unsigned) -1) { - tm.tv_sec = max_wait / 1000; - tm.tv_usec = (max_wait % 1000) * 1000; - - tm_ptr = &tm; - } else { - tm_ptr = NULL; - } - } -#endif /* MBEDTLS_TIMING_C */ - - FD_ZERO(&read_fds); - FD_SET(server_fd.fd, &read_fds); - FD_SET(client_fd.fd, &read_fds); - FD_SET(listen_fd.fd, &read_fds); - - if ((ret = select(nb_fds, &read_fds, NULL, NULL, tm_ptr)) < 0) { - perror("select"); - goto exit; - } - - if (FD_ISSET(listen_fd.fd, &read_fds)) { - goto accept; - } - - if (FD_ISSET(client_fd.fd, &read_fds)) { - if ((ret = handle_message("S <- C", - &server_fd, &client_fd)) != 0) { - goto accept; - } - } - - if (FD_ISSET(server_fd.fd, &read_fds)) { - if ((ret = handle_message("S -> C", - &client_fd, &server_fd)) != 0) { - goto accept; - } - } - - } - -exit: - -#ifdef MBEDTLS_ERROR_C - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - char error_buf[100]; - mbedtls_strerror(ret, error_buf, 100); - mbedtls_printf("Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf); - fflush(stdout); - } -#endif - - for (delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++) { - mbedtls_free(opt.delay_cli[delay_idx]); - mbedtls_free(opt.delay_srv[delay_idx]); - } - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&server_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_exit(exit_code); -} - -#endif /* MBEDTLS_NET_C */ diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh deleted file mode 100755 index aa6a6d10f6..0000000000 --- a/programs/test/udp_proxy_wrapper.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh -# -*-sh-basic-offset: 4-*- -# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -u - -MBEDTLS_BASE="$(dirname -- "$0")/../.." -TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy" -SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2" - -: ${VERBOSE:=0} - -stop_proxy() { - if [ -n "${tpxy_pid:-}" ]; then - echo - echo " * Killing proxy (pid $tpxy_pid) ..." - kill $tpxy_pid - fi -} - -stop_server() { - if [ -n "${srv_pid:-}" ]; then - echo - echo " * Killing server (pid $srv_pid) ..." - kill $srv_pid >/dev/null 2>/dev/null - fi -} - -cleanup() { - stop_server - stop_proxy - exit 129 -} - -trap cleanup INT TERM HUP - -# Extract the proxy parameters -tpxy_cmd_snippet='"$TPXY_BIN"' -while [ $# -ne 0 ] && [ "$1" != "--" ]; do - tail="$1" quoted="" - while [ -n "$tail" ]; do - case "$tail" in - *\'*) quoted="${quoted}${tail%%\'*}'\\''" tail="${tail#*\'}";; - *) quoted="${quoted}${tail}"; tail=; false;; - esac - done - tpxy_cmd_snippet="$tpxy_cmd_snippet '$quoted'" - shift -done -unset tail quoted -if [ $# -eq 0 ]; then - echo " * No server arguments (must be preceded by \" -- \") - exit" - exit 3 -fi -shift - -dtls_enabled= -ipv6_in_use= -server_port_orig= -server_addr_orig= -for param; do - case "$param" in - server_port=*) server_port_orig="${param#*=}";; - server_addr=*:*) server_addr_orig="${param#*=}"; ipv6_in_use=1;; - server_addr=*) server_addr_orig="${param#*=}";; - dtls=[!0]*) dtls_enabled=1;; - esac -done - -if [ -z "$dtls_enabled" ] || [ -n "$ipv6_in_use" ]; then - echo >&2 "$0: Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..." - if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_BIN $* ]" - fi - exec "$SRV_BIN" "$@" -fi - -if [ -z "$server_port_orig" ]; then - server_port_orig=4433 -fi -echo " * Server port: $server_port_orig" -tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_port=\$server_port_orig\"" -tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_port=\$server_port\"" - -if [ -n "$server_addr_orig" ]; then - echo " * Server address: $server_addr_orig" - tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_addr=\$server_addr_orig\"" - tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_addr=\$server_addr_orig\"" -fi - -server_port=$(( server_port_orig + 1 )) -set -- "$@" "server_port=$server_port" -echo " * Intermediate port: $server_port" - -echo " * Start proxy in background ..." -if [ $VERBOSE -gt 0 ]; then - echo "[ $tpxy_cmd_snippet ]" -fi -eval exec "$tpxy_cmd_snippet" >/dev/null 2>&1 & -tpxy_pid=$! - -if [ $VERBOSE -gt 0 ]; then - echo " * Proxy ID: $TPXY_PID" -fi - -echo " * Starting server ..." -if [ $VERBOSE -gt 0 ]; then - echo "[ $SRV_BIN $* ]" -fi - -exec "$SRV_BIN" "$@" >&2 & -srv_pid=$! - -wait $srv_pid - -stop_proxy -return 0 diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt deleted file mode 100644 index fb3ba188a6..0000000000 --- a/programs/util/CMakeLists.txt +++ /dev/null @@ -1,21 +0,0 @@ -set(libs - ${mbedx509_target} - ${tfpsacrypto_target} -) - -set(executables - pem2der - strerror -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c deleted file mode 100644 index 9515ed43d2..0000000000 --- a/programs/util/pem2der.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Convert PEM to DER - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/error.h" -#include "mbedtls/base64.h" - -#include -#include -#include -#endif - -#define DFL_FILENAME "file.pem" -#define DFL_OUTPUT_FILENAME "file.der" - -#define USAGE \ - "\n usage: pem2der param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: file.pem\n" \ - " output_file=%%s default: file.der\n" \ - "\n" - -#if !defined(MBEDTLS_BASE64_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the input file */ - const char *output_file; /* where to store the output */ -} opt; - -static int convert_pem_to_der(const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen) -{ - int ret; - const unsigned char *s1, *s2, *end = input + ilen; - size_t len = 0; - - s1 = (unsigned char *) strstr((const char *) input, "-----BEGIN"); - if (s1 == NULL) { - return -1; - } - - s2 = (unsigned char *) strstr((const char *) input, "-----END"); - if (s2 == NULL) { - return -1; - } - - s1 += 10; - while (s1 < end && *s1 != '-') { - s1++; - } - while (s1 < end && *s1 == '-') { - s1++; - } - if (*s1 == '\r') { - s1++; - } - if (*s1 == '\n') { - s1++; - } - - if (s2 <= s1 || s2 > end) { - return -1; - } - - ret = mbedtls_base64_decode(NULL, 0, &len, (const unsigned char *) s1, s2 - s1); - if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { - return ret; - } - - if (len > *olen) { - return -1; - } - - if ((ret = mbedtls_base64_decode(output, len, &len, (const unsigned char *) s1, - s2 - s1)) != 0) { - return ret; - } - - *olen = len; - - return 0; -} - -/* - * Load all data from a file into a given buffer. - */ -static int load_file(const char *path, unsigned char **buf, size_t *n) -{ - FILE *f; - long size; - - if ((f = fopen(path, "rb")) == NULL) { - return -1; - } - - fseek(f, 0, SEEK_END); - if ((size = ftell(f)) == -1) { - fclose(f); - return -1; - } - fseek(f, 0, SEEK_SET); - - *n = (size_t) size; - - if (*n + 1 == 0 || - (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { - fclose(f); - return -1; - } - - if (fread(*buf, 1, *n, f) != *n) { - fclose(f); - free(*buf); - *buf = NULL; - return -1; - } - - fclose(f); - - (*buf)[*n] = '\0'; - - return 0; -} - -/* - * Write buffer to a file - */ -static int write_file(const char *path, unsigned char *buf, size_t n) -{ - FILE *f; - - if ((f = fopen(path, "wb")) == NULL) { - return -1; - } - - if (fwrite(buf, 1, n, f) != n) { - fclose(f); - return -1; - } - - fclose(f); - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned char *pem_buffer = NULL; - unsigned char der_buffer[4096]; - char buf[1024]; - size_t pem_size, der_size = sizeof(der_buffer); - int i; - char *p, *q; - - /* - * Set to sane values - */ - memset(buf, 0, sizeof(buf)); - memset(der_buffer, 0, sizeof(der_buffer)); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - opt.output_file = DFL_OUTPUT_FILENAME; - - for (i = 1; i < argc; i++) { - - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else { - goto usage; - } - } - - /* - * 1.1. Load the PEM file - */ - mbedtls_printf("\n . Loading the PEM file ..."); - fflush(stdout); - - ret = load_file(opt.filename, &pem_buffer, &pem_size); - - if (ret != 0) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, 1024); -#endif - mbedtls_printf(" failed\n ! load_file returned %d - %s\n\n", ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2. Convert from PEM to DER - */ - mbedtls_printf(" . Converting from PEM to DER ..."); - fflush(stdout); - - if ((ret = convert_pem_to_der(pem_buffer, pem_size, der_buffer, &der_size)) != 0) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, 1024); -#endif - mbedtls_printf(" failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.3. Write the DER file - */ - mbedtls_printf(" . Writing the DER file ..."); - fflush(stdout); - - ret = write_file(opt.output_file, der_buffer, der_size); - - if (ret != 0) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, 1024); -#endif - mbedtls_printf(" failed\n ! write_file returned %d - %s\n\n", ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - free(pem_buffer); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */ diff --git a/programs/util/strerror.c b/programs/util/strerror.c deleted file mode 100644 index e20bed6e8f..0000000000 --- a/programs/util/strerror.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Translate error code to error string - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) -#include "mbedtls/error.h" - -#include -#include -#include -#endif - -#define USAGE \ - "\n usage: strerror \n" \ - "\n where can be a decimal or hexadecimal (starts with 0x or -0x)\n" - -#if !defined(MBEDTLS_ERROR_C) && !defined(MBEDTLS_ERROR_STRERROR_DUMMY) -int main(void) -{ - mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n"); - mbedtls_exit(0); -} -#else -int main(int argc, char *argv[]) -{ - long int val; - char *end = argv[1]; - - if (argc != 2) { - mbedtls_printf(USAGE); - mbedtls_exit(0); - } - - val = strtol(argv[1], &end, 10); - if (*end != '\0') { - val = strtol(argv[1], &end, 16); - if (*end != '\0') { - mbedtls_printf(USAGE); - return 0; - } - } - if (val > 0) { - val = -val; - } - - if (val != 0) { - char error_buf[200]; - mbedtls_strerror(val, error_buf, 200); - mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf); - } - - mbedtls_exit(val); -} -#endif /* MBEDTLS_ERROR_C */ diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt deleted file mode 100644 index 9e63bf1530..0000000000 --- a/programs/x509/CMakeLists.txt +++ /dev/null @@ -1,28 +0,0 @@ -set(libs - ${mbedx509_target} -) - -set(executables - cert_app - cert_req - cert_write - crl_app - load_roots - req_app -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -target_link_libraries(cert_app ${mbedtls_target}) -# For mbedtls_timing_get_timer() -target_link_libraries(load_roots ${mbedtls_target}) - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c deleted file mode 100644 index 2f31a8e3ae..0000000000 --- a/programs/x509/cert_app.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * Certificate reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/ssl.h" -#include "mbedtls/x509.h" -#include "mbedtls/debug.h" - -#include -#include -#include - -#define MODE_NONE 0 -#define MODE_FILE 1 -#define MODE_SSL 2 - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "cert.crt" -#define DFL_CA_FILE "" -#define DFL_CRL_FILE "" -#define DFL_CA_PATH "" -#define DFL_SERVER_NAME "localhost" -#define DFL_SERVER_PORT "4433" -#define DFL_DEBUG_LEVEL 0 -#define DFL_PERMISSIVE 0 - -#define USAGE_IO \ - " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (none)\n" \ - " crl_file=%%s The single CRL file you want to use\n" \ - " default: \"\" (none)\n" \ - " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ - " default: \"\" (none) (overrides ca_file)\n" - -#define USAGE \ - "\n usage: cert_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=file|ssl default: none\n" \ - " filename=%%s default: cert.crt\n" \ - USAGE_IO \ - " server_name=%%s default: localhost\n" \ - " server_port=%%d default: 4433\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " permissive=%%d default: 0 (disabled)\n" \ - "\n" - - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the certificate file */ - const char *ca_file; /* the file with the CA certificate(s) */ - const char *crl_file; /* the file with the CRL to use */ - const char *ca_path; /* the path with the CA certificate(s) reside */ - const char *server_name; /* hostname of the server (client only) */ - const char *server_port; /* port on which the ssl service runs */ - int debug_level; /* level of debugging */ - int permissive; /* permissive parsing */ -} opt; - -static void my_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - ((void) level); - - mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); - fflush((FILE *) ctx); -} - -static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) -{ - char buf[1024]; - ((void) data); - - mbedtls_printf("\nVerify requested for (Depth %d):\n", depth); - mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); - mbedtls_printf("%s", buf); - - if ((*flags) == 0) { - mbedtls_printf(" This certificate has no flags\n"); - } else { - mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags); - mbedtls_printf("%s\n", buf); - } - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_net_context server_fd; - unsigned char buf[1024]; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_x509_crt cacert; - mbedtls_x509_crl cacrl; - int i, j; - uint32_t flags; - int verify = 0; - char *p, *q; - const char *pers = "cert_app"; - - /* - * Set to sane values - */ - mbedtls_net_init(&server_fd); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - mbedtls_x509_crl_init(&cacrl); -#else - /* Zeroize structure as CRL parsing is not supported and we have to pass - it to the verify function */ - memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); -#endif - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.ca_file = DFL_CA_FILE; - opt.crl_file = DFL_CRL_FILE; - opt.ca_path = DFL_CA_PATH; - opt.server_name = DFL_SERVER_NAME; - opt.server_port = DFL_SERVER_PORT; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.permissive = DFL_PERMISSIVE; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - for (j = 0; p + j < q; j++) { - if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') { - argv[i][j] |= 0x20; - } - } - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "file") == 0) { - opt.mode = MODE_FILE; - } else if (strcmp(q, "ssl") == 0) { - opt.mode = MODE_SSL; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "ca_file") == 0) { - opt.ca_file = q; - } else if (strcmp(p, "crl_file") == 0) { - opt.crl_file = q; - } else if (strcmp(p, "ca_path") == 0) { - opt.ca_path = q; - } else if (strcmp(p, "server_name") == 0) { - opt.server_name = q; - } else if (strcmp(p, "server_port") == 0) { - opt.server_port = q; - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "permissive") == 0) { - opt.permissive = atoi(q); - if (opt.permissive < 0 || opt.permissive > 1) { - goto usage; - } - } else { - goto usage; - } - } - - /* - * 1.1. Load the trusted CA - */ - mbedtls_printf(" . Loading the CA root certificate ..."); - fflush(stdout); - - if (strlen(opt.ca_path)) { - if ((ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path)) < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - verify = 1; - } else if (strlen(opt.ca_file)) { - if ((ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file)) < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - verify = 1; - } - - mbedtls_printf(" ok (%d skipped)\n", ret); - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - if (strlen(opt.crl_file)) { - if ((ret = mbedtls_x509_crl_parse_file(&cacrl, opt.crl_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", - (unsigned int) -ret); - goto exit; - } - - verify = 1; - } -#endif - - if (opt.mode == MODE_FILE) { - mbedtls_x509_crt crt; - mbedtls_x509_crt *cur = &crt; - mbedtls_x509_crt_init(&crt); - - /* - * 1.1. Load the certificate(s) - */ - mbedtls_printf("\n . Loading the certificate(s) ..."); - fflush(stdout); - - ret = mbedtls_x509_crt_parse_file(&crt, opt.filename); - - if (ret < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret); - mbedtls_x509_crt_free(&crt); - goto exit; - } - - if (opt.permissive == 0 && ret > 0) { - mbedtls_printf( - " failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n", - ret); - mbedtls_x509_crt_free(&crt); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the certificate(s) - */ - while (cur != NULL) { - mbedtls_printf(" . Peer certificate information ...\n"); - ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", - cur); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret); - mbedtls_x509_crt_free(&crt); - goto exit; - } - - mbedtls_printf("%s\n", buf); - - cur = cur->next; - } - - /* - * 1.3 Verify the certificate - */ - if (verify) { - mbedtls_printf(" . Verifying X.509 certificate..."); - - if ((ret = mbedtls_x509_crt_verify(&crt, &cacert, &cacrl, NULL, &flags, - my_verify, NULL)) != 0) { - char vrfy_buf[512]; - - mbedtls_printf(" failed\n"); - - mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); - - mbedtls_printf("%s\n", vrfy_buf); - } else { - mbedtls_printf(" ok\n"); - } - } - - mbedtls_x509_crt_free(&crt); - } else if (opt.mode == MODE_SSL) { - /* - * 1. Initialize the RNG and the session data - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto ssl_exit; - } - - mbedtls_printf(" ok\n"); - -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(opt.debug_level); -#endif - - /* - * 2. Start the connection - */ - mbedtls_printf(" . SSL connection to tcp/%s/%s...", opt.server_name, - opt.server_port); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, opt.server_name, - opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto ssl_exit; - } - - /* - * 3. Setup stuff - */ - if ((ret = mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); - goto exit; - } - - if (verify) { - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); - mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_verify(&conf, my_verify, NULL); - } else { - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - } - - mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); - - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); - goto ssl_exit; - } - - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); - goto ssl_exit; - } - - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - /* - * 4. Handshake - */ - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret); - goto ssl_exit; - } - } - - mbedtls_printf(" ok\n"); - - /* - * 5. Print the certificate - */ -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_printf(" . Peer certificate information ... skipped\n"); -#else - mbedtls_printf(" . Peer certificate information ...\n"); - ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", - mbedtls_ssl_get_peer_cert(&ssl)); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret); - goto ssl_exit; - } - - mbedtls_printf("%s\n", buf); -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - mbedtls_ssl_close_notify(&ssl); - -ssl_exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - } else { - goto usage; - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); -#if defined(MBEDTLS_X509_CRL_PARSE_C) - mbedtls_x509_crl_free(&cacrl); -#endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && - MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && - MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c deleted file mode 100644 index c20f08d569..0000000000 --- a/programs/x509/cert_req.c +++ /dev/null @@ -1,525 +0,0 @@ -/* - * Certificate request generation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_MD_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_csr.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/error.h" - -#include -#include -#include - -#define DFL_FILENAME "keyfile.key" -#define DFL_PASSWORD NULL -#define DFL_DEBUG_LEVEL 0 -#define DFL_OUTPUT_FILENAME "cert.req" -#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK" -#define DFL_KEY_USAGE 0 -#define DFL_FORCE_KEY_USAGE 0 -#define DFL_NS_CERT_TYPE 0 -#define DFL_FORCE_NS_CERT_TYPE 0 -#define DFL_MD_ALG MBEDTLS_MD_SHA256 - -#define USAGE \ - "\n usage: cert_req param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: keyfile.key\n" \ - " password=%%s default: NULL\n" \ - " debug_level=%%d default: 0 (disabled)\n" \ - " output_file=%%s default: cert.req\n" \ - " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ - " san=%%s default: (none)\n" \ - " Semicolon-separated-list of values:\n" \ - " DNS:value\n" \ - " URI:value\n" \ - " RFC822:value\n" \ - " IP:value (Only IPv4 is supported)\n" \ - " DN:list of comma separated key=value pairs\n" \ - " key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " digital_signature\n" \ - " non_repudiation\n" \ - " key_encipherment\n" \ - " data_encipherment\n" \ - " key_agreement\n" \ - " key_cert_sign\n" \ - " crl_sign\n" \ - " force_key_usage=0/1 default: off\n" \ - " Add KeyUsage even if it is empty\n" \ - " ns_cert_type=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " ssl_client\n" \ - " ssl_server\n" \ - " email\n" \ - " object_signing\n" \ - " ssl_ca\n" \ - " email_ca\n" \ - " object_signing_ca\n" \ - " force_ns_cert_type=0/1 default: off\n" \ - " Add NsCertType even if it is empty\n" \ - " md=%%s default: SHA256\n" \ - " possible values:\n" \ - " MD5, RIPEMD160, SHA1,\n" \ - " SHA224, SHA256, SHA384, SHA512\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the key file */ - const char *password; /* password for the key file */ - int debug_level; /* level of debugging */ - const char *output_file; /* where to store the constructed key file */ - const char *subject_name; /* subject name for certificate request */ - mbedtls_x509_san_list *san_list; /* subjectAltName for certificate request */ - unsigned char key_usage; /* key usage flags */ - int force_key_usage; /* Force adding the KeyUsage extension */ - unsigned char ns_cert_type; /* NS cert type */ - int force_ns_cert_type; /* Force adding NsCertType extension */ - mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ -} opt; - -static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[4096]; - size_t len = 0; - - memset(output_buf, 0, 4096); - if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) { - return ret; - } - - len = strlen((char *) output_buf); - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(output_buf, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context key; - char buf[1024]; - int i; - char *p, *q, *r; - mbedtls_x509write_csr req; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "csr example app"; - mbedtls_x509_san_list *cur, *prev; -#if defined(MBEDTLS_X509_CRT_PARSE_C) - uint8_t ip[4] = { 0 }; -#endif - /* - * Set to sane values - */ - mbedtls_x509write_csr_init(&req); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - mbedtls_entropy_init(&entropy); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - opt.password = DFL_PASSWORD; - opt.debug_level = DFL_DEBUG_LEVEL; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.subject_name = DFL_SUBJECT_NAME; - opt.key_usage = DFL_KEY_USAGE; - opt.force_key_usage = DFL_FORCE_KEY_USAGE; - opt.ns_cert_type = DFL_NS_CERT_TYPE; - opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE; - opt.md_alg = DFL_MD_ALG; - opt.san_list = NULL; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "password") == 0) { - opt.password = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else if (strcmp(p, "debug_level") == 0) { - opt.debug_level = atoi(q); - if (opt.debug_level < 0 || opt.debug_level > 65535) { - goto usage; - } - } else if (strcmp(p, "subject_name") == 0) { - opt.subject_name = q; - } else if (strcmp(p, "san") == 0) { - char *subtype_value; - prev = NULL; - - while (q != NULL) { - char *semicolon; - r = q; - - /* Find the first non-escaped ; occurrence and remove escaped ones */ - do { - if ((semicolon = strchr(r, ';')) != NULL) { - if (*(semicolon-1) != '\\') { - r = semicolon; - break; - } - /* Remove the escape character */ - size_t size_left = strlen(semicolon); - memmove(semicolon-1, semicolon, size_left); - *(semicolon + size_left - 1) = '\0'; - /* r will now point at the character after the semicolon */ - r = semicolon; - } - - } while (semicolon != NULL); - - if (semicolon != NULL) { - *r++ = '\0'; - } else { - r = NULL; - } - - cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); - if (cur == NULL) { - mbedtls_printf("Not enough memory for subjectAltName list\n"); - goto usage; - } - - cur->next = NULL; - - if ((subtype_value = strchr(q, ':')) != NULL) { - *subtype_value++ = '\0'; - } else { - mbedtls_printf( - "Invalid argument for option SAN: Entry must be of the form TYPE:value\n"); - goto usage; - } - if (strcmp(q, "RFC822") == 0) { - cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; - } else if (strcmp(q, "URI") == 0) { - cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - } else if (strcmp(q, "DNS") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; - } else if (strcmp(q, "IP") == 0) { - size_t ip_addr_len = 0; - cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); - if (ip_addr_len == 0) { - mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", - subtype_value); - goto exit; - } - cur->node.san.unstructured_name.p = (unsigned char *) ip; - cur->node.san.unstructured_name.len = sizeof(ip); - } else if (strcmp(q, "DN") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - /* Work around an API mismatch between string_to_names() and - * mbedtls_x509_subject_alternative_name, which holds an - * actual mbedtls_x509_name while a pointer to one would be - * more convenient here. (Note mbedtls_x509_name and - * mbedtls_asn1_named_data are synonymous, again - * string_to_names() uses one while - * cur->node.san.directory_name is nominally the other.) */ - mbedtls_asn1_named_data *tmp_san_dirname = NULL; - if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, - subtype_value)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf( - " failed\n ! mbedtls_x509_string_to_names " - "returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - cur->node.san.directory_name = *tmp_san_dirname; - mbedtls_free(tmp_san_dirname); - tmp_san_dirname = NULL; - } else { - mbedtls_free(cur); - goto usage; - } - - if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || - cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || - cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { - q = subtype_value; - cur->node.san.unstructured_name.p = (unsigned char *) q; - cur->node.san.unstructured_name.len = strlen(q); - } - - if (prev == NULL) { - opt.san_list = cur; - } else { - prev->next = cur; - } - - prev = cur; - q = r; - } - } else if (strcmp(p, "md") == 0) { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_string(q); - if (md_info == NULL) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - opt.md_alg = mbedtls_md_get_type(md_info); - } else if (strcmp(p, "key_usage") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "digital_signature") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - } else if (strcmp(q, "non_repudiation") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; - } else if (strcmp(q, "key_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - } else if (strcmp(q, "data_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT; - } else if (strcmp(q, "key_agreement") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT; - } else if (strcmp(q, "key_cert_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; - } else if (strcmp(q, "crl_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN; - } else { - goto usage; - } - - q = r; - } - } else if (strcmp(p, "force_key_usage") == 0) { - switch (atoi(q)) { - case 0: opt.force_key_usage = 0; break; - case 1: opt.force_key_usage = 1; break; - default: goto usage; - } - } else if (strcmp(p, "ns_cert_type") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "ssl_client") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; - } else if (strcmp(q, "ssl_server") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER; - } else if (strcmp(q, "email") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; - } else if (strcmp(q, "object_signing") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; - } else if (strcmp(q, "ssl_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA; - } else if (strcmp(q, "email_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA; - } else if (strcmp(q, "object_signing_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; - } else { - goto usage; - } - - q = r; - } - } else if (strcmp(p, "force_ns_cert_type") == 0) { - switch (atoi(q)) { - case 0: opt.force_ns_cert_type = 0; break; - case 1: opt.force_ns_cert_type = 1; break; - default: goto usage; - } - } else { - goto usage; - } - } - - /* Set the MD algorithm to use for the signature in the CSR */ - mbedtls_x509write_csr_set_md_alg(&req, opt.md_alg); - - /* Set the Key Usage Extension flags in the CSR */ - if (opt.key_usage || opt.force_key_usage == 1) { - ret = mbedtls_x509write_csr_set_key_usage(&req, opt.key_usage); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_key_usage returned %d", ret); - goto exit; - } - } - - /* Set the Cert Type flags in the CSR */ - if (opt.ns_cert_type || opt.force_ns_cert_type == 1) { - ret = mbedtls_x509write_csr_set_ns_cert_type(&req, opt.ns_cert_type); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_ns_cert_type returned %d", ret); - goto exit; - } - } - - /* Set the SubjectAltName in the CSR */ - if (opt.san_list != NULL) { - ret = mbedtls_x509write_csr_set_subject_alternative_name(&req, opt.san_list); - - if (ret != 0) { - mbedtls_printf( - " failed\n ! mbedtls_x509write_csr_set_subject_alternative_name returned %d", - ret); - goto exit; - } - } - - /* - * 0. Seed the PRNG - */ - mbedtls_printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.0. Check the subject name for validity - */ - mbedtls_printf(" . Checking subject name..."); - fflush(stdout); - - if ((ret = mbedtls_x509write_csr_set_subject_name(&req, opt.subject_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.1. Load the key - */ - mbedtls_printf(" . Loading the private key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret); - goto exit; - } - - mbedtls_x509write_csr_set_key(&req, &key); - - mbedtls_printf(" ok\n"); - - /* - * 1.2. Writing the request - */ - mbedtls_printf(" . Writing the certificate request ..."); - fflush(stdout); - - if ((ret = write_certificate_request(&req, opt.output_file)) != 0) { - mbedtls_printf(" failed\n ! write_certificate_request %d", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); -#else - mbedtls_printf("\n"); -#endif - } - - mbedtls_x509write_csr_free(&req); - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - cur = opt.san_list; - while (cur != NULL) { - mbedtls_x509_san_list *next = cur->next; - /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here. - * It's the right thing for entries that were parsed from a certificate, - * where pointers are to the raw certificate, but here all the - * pointers were allocated while parsing from a user-provided string. */ - if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_x509_name *dn = &cur->node.san.directory_name; - mbedtls_free(dn->oid.p); - mbedtls_free(dn->val.p); - mbedtls_asn1_free_named_data_list(&dn->next); - } - mbedtls_free(cur); - cur = next; - } - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c deleted file mode 100644 index 2ed63f08de..0000000000 --- a/programs/x509/cert_write.c +++ /dev/null @@ -1,1033 +0,0 @@ -/* - * Certificate generation and signing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_ERROR_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " - "MBEDTLS_FS_IO and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_ERROR_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" -#include "mbedtls/oid.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/error.h" -#include "test/helpers.h" - -#include -#include -#include -#include - -#define SET_OID(x, oid) \ - do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char *) oid; } while (0) - -#if defined(MBEDTLS_X509_CSR_PARSE_C) -#define USAGE_CSR \ - " request_file=%%s default: (empty)\n" \ - " If request_file is specified, subject_key,\n" \ - " subject_pwd and subject_name are ignored!\n" -#else -#define USAGE_CSR "" -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - -#define FORMAT_PEM 0 -#define FORMAT_DER 1 - -#define DFL_ISSUER_CRT "" -#define DFL_REQUEST_FILE "" -#define DFL_SUBJECT_KEY "subject.key" -#define DFL_ISSUER_KEY "ca.key" -#define DFL_SUBJECT_PWD "" -#define DFL_ISSUER_PWD "" -#define DFL_OUTPUT_FILENAME "cert.crt" -#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK" -#define DFL_ISSUER_NAME "CN=CA,O=mbed TLS,C=UK" -#define DFL_NOT_BEFORE "20010101000000" -#define DFL_NOT_AFTER "20301231235959" -#define DFL_SERIAL "1" -#define DFL_SERIAL_HEX "1" -#define DFL_EXT_SUBJECTALTNAME "" -#define DFL_SELFSIGN 0 -#define DFL_IS_CA 0 -#define DFL_MAX_PATHLEN -1 -#define DFL_SIG_ALG MBEDTLS_MD_SHA256 -#define DFL_KEY_USAGE 0 -#define DFL_EXT_KEY_USAGE NULL -#define DFL_NS_CERT_TYPE 0 -#define DFL_VERSION 3 -#define DFL_AUTH_IDENT 1 -#define DFL_SUBJ_IDENT 1 -#define DFL_CONSTRAINTS 1 -#define DFL_DIGEST MBEDTLS_MD_SHA256 -#define DFL_FORMAT FORMAT_PEM - -#define USAGE \ - "\n usage: cert_write param=<>...\n" \ - "\n acceptable parameters:\n" \ - USAGE_CSR \ - " subject_key=%%s default: subject.key\n" \ - " subject_pwd=%%s default: (empty)\n" \ - " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ - "\n" \ - " issuer_crt=%%s default: (empty)\n" \ - " If issuer_crt is specified, issuer_name is\n" \ - " ignored!\n" \ - " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \ - "\n" \ - " selfsign=%%d default: 0 (false)\n" \ - " If selfsign is enabled, issuer_name and\n" \ - " issuer_key are required (issuer_crt and\n" \ - " subject_* are ignored\n" \ - " issuer_key=%%s default: ca.key\n" \ - " issuer_pwd=%%s default: (empty)\n" \ - " output_file=%%s default: cert.crt\n" \ - " serial=%%s default: 1\n" \ - " In decimal format; it can be used as\n" \ - " alternative to serial_hex, but it's\n" \ - " limited in max length to\n" \ - " unsigned long long int\n" \ - " serial_hex=%%s default: 1\n" \ - " In hex format; it can be used as\n" \ - " alternative to serial\n" \ - " not_before=%%s default: 20010101000000\n" \ - " not_after=%%s default: 20301231235959\n" \ - " is_ca=%%d default: 0 (disabled)\n" \ - " max_pathlen=%%d default: -1 (none)\n" \ - " md=%%s default: SHA256\n" \ - " Supported values (if enabled):\n" \ - " MD5, RIPEMD160, SHA1,\n" \ - " SHA224, SHA256, SHA384, SHA512\n" \ - " version=%%d default: 3\n" \ - " Possible values: 1, 2, 3\n" \ - " subject_identifier=%%s default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n" \ - " san=%%s default: (none)\n" \ - " Semicolon-separated-list of values:\n" \ - " DNS:value\n" \ - " URI:value\n" \ - " RFC822:value\n" \ - " IP:value (Only IPv4 is supported)\n" \ - " DN:list of comma separated key=value pairs\n" \ - " authority_identifier=%%s default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n" \ - " basic_constraints=%%d default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n" \ - " key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " digital_signature\n" \ - " non_repudiation\n" \ - " key_encipherment\n" \ - " data_encipherment\n" \ - " key_agreement\n" \ - " key_cert_sign\n" \ - " crl_sign\n" \ - " (Considered for v3 only)\n" \ - " ext_key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " serverAuth\n" \ - " clientAuth\n" \ - " codeSigning\n" \ - " emailProtection\n" \ - " timeStamping\n" \ - " OCSPSigning\n" \ - " ns_cert_type=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " ssl_client\n" \ - " ssl_server\n" \ - " email\n" \ - " object_signing\n" \ - " ssl_ca\n" \ - " email_ca\n" \ - " object_signing_ca\n" \ - " format=pem|der default: pem\n" \ - "\n" - -typedef enum { - SERIAL_FRMT_UNSPEC, - SERIAL_FRMT_DEC, - SERIAL_FRMT_HEX -} serial_format_t; - -/* - * global options - */ -struct options { - const char *issuer_crt; /* filename of the issuer certificate */ - const char *request_file; /* filename of the certificate request */ - const char *subject_key; /* filename of the subject key file */ - const char *issuer_key; /* filename of the issuer key file */ - const char *subject_pwd; /* password for the subject key file */ - const char *issuer_pwd; /* password for the issuer key file */ - const char *output_file; /* where to store the constructed CRT */ - const char *subject_name; /* subject name for certificate */ - mbedtls_x509_san_list *san_list; /* subjectAltName for certificate */ - const char *issuer_name; /* issuer name for certificate */ - const char *not_before; /* validity period not before */ - const char *not_after; /* validity period not after */ - const char *serial; /* serial number string (decimal) */ - const char *serial_hex; /* serial number string (hex) */ - int selfsign; /* selfsign the certificate */ - int is_ca; /* is a CA certificate */ - int max_pathlen; /* maximum CA path length */ - int authority_identifier; /* add authority identifier to CRT */ - int subject_identifier; /* add subject identifier to CRT */ - int basic_constraints; /* add basic constraints ext to CRT */ - int version; /* CRT version */ - mbedtls_md_type_t md; /* Hash used for signing */ - unsigned char key_usage; /* key usage flags */ - mbedtls_asn1_sequence *ext_key_usage; /* extended key usages */ - unsigned char ns_cert_type; /* NS cert type */ - int format; /* format */ -} opt; - -static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[4096]; - unsigned char *output_start; - size_t len = 0; - - memset(output_buf, 0, 4096); - if (opt.format == FORMAT_DER) { - ret = mbedtls_x509write_crt_der(crt, output_buf, 4096); - if (ret < 0) { - return ret; - } - - len = ret; - output_start = output_buf + 4096 - len; - } else { - ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096); - if (ret < 0) { - return ret; - } - - len = strlen((char *) output_buf); - output_start = output_buf; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(output_start, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -static int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax, - const char *ibuf, size_t *len) -{ - unsigned long long int dec; - unsigned int remaining_bytes = sizeof(dec); - unsigned char *p = obuf; - unsigned char val; - char *end_ptr = NULL; - - errno = 0; - dec = strtoull(ibuf, &end_ptr, 10); - - if ((errno != 0) || (end_ptr == ibuf)) { - return -1; - } - - *len = 0; - - while (remaining_bytes > 0) { - if (obufmax < (*len + 1)) { - return -1; - } - - val = (dec >> ((remaining_bytes - 1) * 8)) & 0xFF; - - /* Skip leading zeros */ - if ((val != 0) || (*len != 0)) { - *p = val; - (*len)++; - p++; - } - - remaining_bytes--; - } - - return 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_x509_crt issuer_crt; - mbedtls_pk_context loaded_issuer_key, loaded_subject_key; - mbedtls_pk_context *issuer_key = &loaded_issuer_key, - *subject_key = &loaded_subject_key; - char buf[1024]; - char issuer_name[256]; - int i; - char *p, *q, *r; -#if defined(MBEDTLS_X509_CSR_PARSE_C) - char subject_name[256]; - mbedtls_x509_csr csr; -#endif - mbedtls_x509write_cert crt; - serial_format_t serial_frmt = SERIAL_FRMT_UNSPEC; - unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN]; - size_t serial_len; - mbedtls_asn1_sequence *ext_key_usage; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "crt example app"; - mbedtls_x509_san_list *cur, *prev; - uint8_t ip[4] = { 0 }; - /* - * Set to sane values - */ - mbedtls_x509write_crt_init(&crt); - mbedtls_pk_init(&loaded_issuer_key); - mbedtls_pk_init(&loaded_subject_key); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_X509_CSR_PARSE_C) - mbedtls_x509_csr_init(&csr); -#endif - mbedtls_x509_crt_init(&issuer_crt); - memset(buf, 0, sizeof(buf)); - memset(serial, 0, sizeof(serial)); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.issuer_crt = DFL_ISSUER_CRT; - opt.request_file = DFL_REQUEST_FILE; - opt.subject_key = DFL_SUBJECT_KEY; - opt.issuer_key = DFL_ISSUER_KEY; - opt.subject_pwd = DFL_SUBJECT_PWD; - opt.issuer_pwd = DFL_ISSUER_PWD; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.subject_name = DFL_SUBJECT_NAME; - opt.issuer_name = DFL_ISSUER_NAME; - opt.not_before = DFL_NOT_BEFORE; - opt.not_after = DFL_NOT_AFTER; - opt.serial = DFL_SERIAL; - opt.serial_hex = DFL_SERIAL_HEX; - opt.selfsign = DFL_SELFSIGN; - opt.is_ca = DFL_IS_CA; - opt.max_pathlen = DFL_MAX_PATHLEN; - opt.key_usage = DFL_KEY_USAGE; - opt.ext_key_usage = DFL_EXT_KEY_USAGE; - opt.ns_cert_type = DFL_NS_CERT_TYPE; - opt.version = DFL_VERSION - 1; - opt.md = DFL_DIGEST; - opt.subject_identifier = DFL_SUBJ_IDENT; - opt.authority_identifier = DFL_AUTH_IDENT; - opt.basic_constraints = DFL_CONSTRAINTS; - opt.format = DFL_FORMAT; - opt.san_list = NULL; - - for (i = 1; i < argc; i++) { - - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "request_file") == 0) { - opt.request_file = q; - } else if (strcmp(p, "subject_key") == 0) { - opt.subject_key = q; - } else if (strcmp(p, "issuer_key") == 0) { - opt.issuer_key = q; - } else if (strcmp(p, "subject_pwd") == 0) { - opt.subject_pwd = q; - } else if (strcmp(p, "issuer_pwd") == 0) { - opt.issuer_pwd = q; - } else if (strcmp(p, "issuer_crt") == 0) { - opt.issuer_crt = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else if (strcmp(p, "subject_name") == 0) { - opt.subject_name = q; - } else if (strcmp(p, "issuer_name") == 0) { - opt.issuer_name = q; - } else if (strcmp(p, "not_before") == 0) { - opt.not_before = q; - } else if (strcmp(p, "not_after") == 0) { - opt.not_after = q; - } else if (strcmp(p, "serial") == 0) { - if (serial_frmt != SERIAL_FRMT_UNSPEC) { - mbedtls_printf("Invalid attempt to set the serial more than once\n"); - goto usage; - } - serial_frmt = SERIAL_FRMT_DEC; - opt.serial = q; - } else if (strcmp(p, "serial_hex") == 0) { - if (serial_frmt != SERIAL_FRMT_UNSPEC) { - mbedtls_printf("Invalid attempt to set the serial more than once\n"); - goto usage; - } - serial_frmt = SERIAL_FRMT_HEX; - opt.serial_hex = q; - } else if (strcmp(p, "authority_identifier") == 0) { - opt.authority_identifier = atoi(q); - if (opt.authority_identifier != 0 && - opt.authority_identifier != 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "subject_identifier") == 0) { - opt.subject_identifier = atoi(q); - if (opt.subject_identifier != 0 && - opt.subject_identifier != 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "basic_constraints") == 0) { - opt.basic_constraints = atoi(q); - if (opt.basic_constraints != 0 && - opt.basic_constraints != 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "md") == 0) { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_string(q); - if (md_info == NULL) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - opt.md = mbedtls_md_get_type(md_info); - } else if (strcmp(p, "version") == 0) { - opt.version = atoi(q); - if (opt.version < 1 || opt.version > 3) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - opt.version--; - } else if (strcmp(p, "selfsign") == 0) { - opt.selfsign = atoi(q); - if (opt.selfsign < 0 || opt.selfsign > 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "is_ca") == 0) { - opt.is_ca = atoi(q); - if (opt.is_ca < 0 || opt.is_ca > 1) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "max_pathlen") == 0) { - opt.max_pathlen = atoi(q); - if (opt.max_pathlen < -1 || opt.max_pathlen > 127) { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else if (strcmp(p, "key_usage") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "digital_signature") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE; - } else if (strcmp(q, "non_repudiation") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; - } else if (strcmp(q, "key_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - } else if (strcmp(q, "data_encipherment") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT; - } else if (strcmp(q, "key_agreement") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT; - } else if (strcmp(q, "key_cert_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; - } else if (strcmp(q, "crl_sign") == 0) { - opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN; - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - - q = r; - } - } else if (strcmp(p, "ext_key_usage") == 0) { - mbedtls_asn1_sequence **tail = &opt.ext_key_usage; - - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - ext_key_usage = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - ext_key_usage->buf.tag = MBEDTLS_ASN1_OID; - if (strcmp(q, "serverAuth") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_SERVER_AUTH); - } else if (strcmp(q, "clientAuth") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_CLIENT_AUTH); - } else if (strcmp(q, "codeSigning") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_CODE_SIGNING); - } else if (strcmp(q, "emailProtection") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_EMAIL_PROTECTION); - } else if (strcmp(q, "timeStamping") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_TIME_STAMPING); - } else if (strcmp(q, "OCSPSigning") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_OCSP_SIGNING); - } else if (strcmp(q, "any") == 0) { - SET_OID(ext_key_usage->buf, MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE); - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - - *tail = ext_key_usage; - tail = &ext_key_usage->next; - - q = r; - } - } else if (strcmp(p, "san") == 0) { - char *subtype_value; - prev = NULL; - - while (q != NULL) { - char *semicolon; - r = q; - - /* Find the first non-escaped ; occurrence and remove escaped ones */ - do { - if ((semicolon = strchr(r, ';')) != NULL) { - if (*(semicolon-1) != '\\') { - r = semicolon; - break; - } - /* Remove the escape character */ - size_t size_left = strlen(semicolon); - memmove(semicolon-1, semicolon, size_left); - *(semicolon + size_left - 1) = '\0'; - /* r will now point at the character after the semicolon */ - r = semicolon; - } - - } while (semicolon != NULL); - - if (semicolon != NULL) { - *r++ = '\0'; - } else { - r = NULL; - } - - cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); - if (cur == NULL) { - mbedtls_printf("Not enough memory for subjectAltName list\n"); - goto usage; - } - - cur->next = NULL; - - if ((subtype_value = strchr(q, ':')) != NULL) { - *subtype_value++ = '\0'; - } else { - mbedtls_printf( - "Invalid argument for option SAN: Entry must be of the form TYPE:value\n"); - goto usage; - } - if (strcmp(q, "RFC822") == 0) { - cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; - } else if (strcmp(q, "URI") == 0) { - cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - } else if (strcmp(q, "DNS") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; - } else if (strcmp(q, "IP") == 0) { - size_t ip_addr_len = 0; - cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip); - if (ip_addr_len == 0) { - mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n", - subtype_value); - goto exit; - } - cur->node.san.unstructured_name.p = (unsigned char *) ip; - cur->node.san.unstructured_name.len = sizeof(ip); - } else if (strcmp(q, "DN") == 0) { - cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - /* Work around an API mismatch between string_to_names() and - * mbedtls_x509_subject_alternative_name, which holds an - * actual mbedtls_x509_name while a pointer to one would be - * more convenient here. (Note mbedtls_x509_name and - * mbedtls_asn1_named_data are synonymous, again - * string_to_names() uses one while - * cur->node.san.directory_name is nominally the other.) */ - mbedtls_asn1_named_data *tmp_san_dirname = NULL; - if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, - subtype_value)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf( - " failed\n ! mbedtls_x509_string_to_names " - "returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - cur->node.san.directory_name = *tmp_san_dirname; - mbedtls_free(tmp_san_dirname); - tmp_san_dirname = NULL; - } else { - mbedtls_free(cur); - goto usage; - } - - if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || - cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || - cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { - q = subtype_value; - cur->node.san.unstructured_name.p = (unsigned char *) q; - cur->node.san.unstructured_name.len = strlen(q); - } - - if (prev == NULL) { - opt.san_list = cur; - } else { - prev->next = cur; - } - - prev = cur; - q = r; - } - } else if (strcmp(p, "ns_cert_type") == 0) { - while (q != NULL) { - if ((r = strchr(q, ',')) != NULL) { - *r++ = '\0'; - } - - if (strcmp(q, "ssl_client") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; - } else if (strcmp(q, "ssl_server") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER; - } else if (strcmp(q, "email") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; - } else if (strcmp(q, "object_signing") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; - } else if (strcmp(q, "ssl_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA; - } else if (strcmp(q, "email_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA; - } else if (strcmp(q, "object_signing_ca") == 0) { - opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - - q = r; - } - } else if (strcmp(p, "format") == 0) { - if (strcmp(q, "der") == 0) { - opt.format = FORMAT_DER; - } else if (strcmp(q, "pem") == 0) { - opt.format = FORMAT_PEM; - } else { - mbedtls_printf("Invalid argument for option %s\n", p); - goto usage; - } - } else { - goto usage; - } - } - - mbedtls_printf("\n"); - - /* - * 0. Seed the PRNG - */ - mbedtls_printf(" . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", - ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - // Parse serial to MPI - // - mbedtls_printf(" . Reading serial number..."); - fflush(stdout); - - if (serial_frmt == SERIAL_FRMT_HEX) { - ret = mbedtls_test_unhexify(serial, sizeof(serial), - opt.serial_hex, &serial_len); - } else { // SERIAL_FRMT_DEC || SERIAL_FRMT_UNSPEC - ret = parse_serial_decimal_format(serial, sizeof(serial), - opt.serial, &serial_len); - } - - if (ret != 0) { - mbedtls_printf(" failed\n ! Unable to parse serial\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - // Parse issuer certificate if present - // - if (!opt.selfsign && strlen(opt.issuer_crt)) { - /* - * 1.0.a. Load the certificates - */ - mbedtls_printf(" . Loading the issuer certificate ..."); - fflush(stdout); - - if ((ret = mbedtls_x509_crt_parse_file(&issuer_crt, opt.issuer_crt)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - ret = mbedtls_x509_dn_gets(issuer_name, sizeof(issuer_name), - &issuer_crt.subject); - if (ret < 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - opt.issuer_name = issuer_name; - - mbedtls_printf(" ok\n"); - } - -#if defined(MBEDTLS_X509_CSR_PARSE_C) - // Parse certificate request if present - // - if (!opt.selfsign && strlen(opt.request_file)) { - /* - * 1.0.b. Load the CSR - */ - mbedtls_printf(" . Loading the certificate request ..."); - fflush(stdout); - - if ((ret = mbedtls_x509_csr_parse_file(&csr, opt.request_file)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - ret = mbedtls_x509_dn_gets(subject_name, sizeof(subject_name), - &csr.subject); - if (ret < 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - opt.subject_name = subject_name; - subject_key = &csr.pk; - - mbedtls_printf(" ok\n"); - } -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - - /* - * 1.1. Load the keys - */ - if (!opt.selfsign && !strlen(opt.request_file)) { - mbedtls_printf(" . Loading the subject key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key, - opt.subject_pwd); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - mbedtls_printf(" . Loading the issuer key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key, - opt.issuer_pwd); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " - "returned -x%02x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - // Check if key and issuer certificate match - // - if (strlen(opt.issuer_crt)) { - if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) { - mbedtls_printf(" failed\n ! issuer_key does not match " - "issuer certificate\n\n"); - goto exit; - } - } - - mbedtls_printf(" ok\n"); - - if (opt.selfsign) { - opt.subject_name = opt.issuer_name; - subject_key = issuer_key; - } - - mbedtls_x509write_crt_set_subject_key(&crt, subject_key); - mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key); - - /* - * 1.0. Check the names for validity - */ - if ((ret = mbedtls_x509write_crt_set_subject_name(&crt, opt.subject_name)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject_name " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - if ((ret = mbedtls_x509write_crt_set_issuer_name(&crt, opt.issuer_name)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_issuer_name " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" . Setting certificate values ..."); - fflush(stdout); - - mbedtls_x509write_crt_set_version(&crt, opt.version); - mbedtls_x509write_crt_set_md_alg(&crt, opt.md); - - ret = mbedtls_x509write_crt_set_serial_raw(&crt, serial, serial_len); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_serial_raw " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - ret = mbedtls_x509write_crt_set_validity(&crt, opt.not_before, opt.not_after); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_validity " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.basic_constraints != 0) { - mbedtls_printf(" . Adding the Basic Constraints extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_basic_constraints(&crt, opt.is_ca, - opt.max_pathlen); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! x509write_crt_set_basic_constraints " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - -#if defined(PSA_WANT_ALG_SHA_1) - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.subject_identifier != 0) { - mbedtls_printf(" . Adding the Subject Key Identifier ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_subject_key_identifier(&crt); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject" - "_key_identifier returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.authority_identifier != 0) { - mbedtls_printf(" . Adding the Authority Key Identifier ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_authority_key_identifier(&crt); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_authority_" - "key_identifier returned -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif /* PSA_WANT_ALG_SHA_1 */ - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.key_usage != 0) { - mbedtls_printf(" . Adding the Key Usage extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_key_usage(&crt, opt.key_usage); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_key_usage " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - if (opt.san_list != NULL) { - ret = mbedtls_x509write_crt_set_subject_alternative_name(&crt, opt.san_list); - - if (ret != 0) { - mbedtls_printf( - " failed\n ! mbedtls_x509write_crt_set_subject_alternative_name returned %d", - ret); - goto exit; - } - } - - if (opt.ext_key_usage) { - mbedtls_printf(" . Adding the Extended Key Usage extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_ext_key_usage(&crt, opt.ext_key_usage); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf( - " failed\n ! mbedtls_x509write_crt_set_ext_key_usage returned -0x%02x - %s\n\n", - (unsigned int) -ret, - buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && - opt.ns_cert_type != 0) { - mbedtls_printf(" . Adding the NS Cert Type extension ..."); - fflush(stdout); - - ret = mbedtls_x509write_crt_set_ns_cert_type(&crt, opt.ns_cert_type); - if (ret != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_ns_cert_type " - "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - } - - /* - * 1.2. Writing the certificate - */ - mbedtls_printf(" . Writing the certificate..."); - fflush(stdout); - - if ((ret = write_certificate(&crt, opt.output_file)) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n", - (unsigned int) -ret, buf); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - cur = opt.san_list; - while (cur != NULL) { - mbedtls_x509_san_list *next = cur->next; - /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here. - * It's the right thing for entries that were parsed from a certificate, - * where pointers are to the raw certificate, but here all the - * pointers were allocated while parsing from a user-provided string. */ - if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_x509_name *dn = &cur->node.san.directory_name; - mbedtls_free(dn->oid.p); - mbedtls_free(dn->val.p); - mbedtls_asn1_free_named_data_list(&dn->next); - } - mbedtls_free(cur); - cur = next; - } - -#if defined(MBEDTLS_X509_CSR_PARSE_C) - mbedtls_x509_csr_free(&csr); -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - mbedtls_x509_crt_free(&issuer_crt); - mbedtls_x509write_crt_free(&crt); - mbedtls_pk_free(&loaded_subject_key); - mbedtls_pk_free(&loaded_issuer_key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && - MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c deleted file mode 100644 index bb518adeef..0000000000 --- a/programs/x509/crl_app.c +++ /dev/null @@ -1,130 +0,0 @@ -/* - * CRL reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_X509_REMOVE_INFO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined and/or " - "MBEDTLS_X509_REMOVE_INFO defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_crl.h" - -#include -#include -#include - -#define DFL_FILENAME "crl.pem" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: crl_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: crl.pem\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the certificate file */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned char buf[100000]; - mbedtls_x509_crl crl; - int i; - char *p, *q; - - /* - * Set to sane values - */ - mbedtls_x509_crl_init(&crl); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else { - goto usage; - } - } - - /* - * 1.1. Load the CRL - */ - mbedtls_printf("\n . Loading the CRL ..."); - fflush(stdout); - - ret = mbedtls_x509_crl_parse_file(&crl, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret); - mbedtls_x509_crl_free(&crl); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the CRL - */ - mbedtls_printf(" . CRL information ...\n"); - ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret); - mbedtls_x509_crl_free(&crl); - goto exit; - } - - mbedtls_printf("%s\n", buf); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_x509_crl_free(&crl); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C && - MBEDTLS_FS_IO */ diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c deleted file mode 100644 index 34d3508459..0000000000 --- a/programs/x509/load_roots.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Root CA reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_TIMING_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_TIMING_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/error.h" -#include "mbedtls/timing.h" -#include "mbedtls/x509_crt.h" - -#include -#include -#include - -#define DFL_ITERATIONS 1 -#define DFL_PRIME_CACHE 1 - -#define USAGE \ - "\n usage: load_roots param=<>... [--] FILE...\n" \ - "\n acceptable parameters:\n" \ - " iterations=%%d Iteration count (not including cache priming); default: 1\n" \ - " prime=%%d Prime the disk read cache? Default: 1 (yes)\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char **filenames; /* NULL-terminated list of file names */ - unsigned iterations; /* Number of iterations to time */ - int prime_cache; /* Prime the disk read cache? */ -} opt; - - -static int read_certificates(const char *const *filenames) -{ - mbedtls_x509_crt cas; - int ret = 0; - const char *const *cur; - - mbedtls_x509_crt_init(&cas); - - for (cur = filenames; *cur != NULL; cur++) { - ret = mbedtls_x509_crt_parse_file(&cas, *cur); - if (ret != 0) { -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) - char error_message[200]; - mbedtls_strerror(ret, error_message, sizeof(error_message)); - printf("\n%s: -0x%04x (%s)\n", - *cur, (unsigned) -ret, error_message); -#else - printf("\n%s: -0x%04x\n", - *cur, (unsigned) -ret); -#endif - goto exit; - } - } - -exit: - mbedtls_x509_crt_free(&cas); - return ret == 0; -} - -int main(int argc, char *argv[]) -{ - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned i, j; - struct mbedtls_timing_hr_time timer; - unsigned long ms; - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc <= 1) { - mbedtls_printf(USAGE); - goto exit; - } - - opt.filenames = NULL; - opt.iterations = DFL_ITERATIONS; - opt.prime_cache = DFL_PRIME_CACHE; - - for (i = 1; i < (unsigned) argc; i++) { - char *p = argv[i]; - char *q = NULL; - - if (strcmp(p, "--") == 0) { - break; - } - if ((q = strchr(p, '=')) == NULL) { - break; - } - *q++ = '\0'; - - for (j = 0; p + j < q; j++) { - if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') { - argv[i][j] |= 0x20; - } - } - - if (strcmp(p, "iterations") == 0) { - opt.iterations = atoi(q); - } else if (strcmp(p, "prime") == 0) { - opt.iterations = atoi(q) != 0; - } else { - mbedtls_printf("Unknown option: %s\n", p); - mbedtls_printf(USAGE); - goto exit; - } - } - - opt.filenames = (const char **) argv + i; - if (*opt.filenames == 0) { - mbedtls_printf("Missing list of certificate files to parse\n"); - goto exit; - } - - mbedtls_printf("Parsing %u certificates", argc - i); - if (opt.prime_cache) { - if (!read_certificates(opt.filenames)) { - goto exit; - } - mbedtls_printf(" "); - } - - (void) mbedtls_timing_get_timer(&timer, 1); - for (i = 1; i <= opt.iterations; i++) { - if (!read_certificates(opt.filenames)) { - goto exit; - } - mbedtls_printf("."); - } - ms = mbedtls_timing_get_timer(&timer, 0); - mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms); - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_psa_crypto_free(); - mbedtls_exit(exit_code); -} -#endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c deleted file mode 100644 index b960818a09..0000000000 --- a/programs/x509/req_app.c +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Certificate request reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_X509_REMOVE_INFO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined and/or " - "MBEDTLS_X509_REMOVE_INFO defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/x509_csr.h" - -#include -#include -#include - -#define DFL_FILENAME "cert.req" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: req_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " filename=%%s default: cert.req\n" \ - "\n" - - -/* - * global options - */ -struct options { - const char *filename; /* filename of the certificate request */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned char buf[100000]; - mbedtls_x509_csr csr; - int i; - char *p, *q; - - /* - * Set to sane values - */ - mbedtls_x509_csr_init(&csr); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.filename = DFL_FILENAME; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else { - goto usage; - } - } - - /* - * 1.1. Load the CSR - */ - mbedtls_printf("\n . Loading the CSR ..."); - fflush(stdout); - - ret = mbedtls_x509_csr_parse_file(&csr, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret); - mbedtls_x509_csr_free(&csr); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the CSR - */ - mbedtls_printf(" . CSR information ...\n"); - ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); - if (ret == -1) { - mbedtls_printf(" failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret); - mbedtls_x509_csr_free(&csr); - goto exit; - } - - mbedtls_printf("%s\n", buf); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_x509_csr_free(&csr); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C && - MBEDTLS_FS_IO */ diff --git a/scripts/basic.requirements.txt b/scripts/basic.requirements.txt deleted file mode 100644 index 1be3d0c235..0000000000 --- a/scripts/basic.requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -# Python modules required to build Mbed TLS in ordinary conditions. - -# Required to (re-)generate source files. Not needed if the generated source -# files are already present and up-to-date. --r driver.requirements.txt diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh deleted file mode 100755 index 9966dea63b..0000000000 --- a/scripts/bump_version.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Sets the version numbers in the source code to those given. -# -# Usage: bump_version.sh [ --version ] [ --so-crypto ] -# [ --so-x509 ] [ --so-tls ] -# [ -v | --verbose ] [ -h | --help ] -# - -set -e - -VERSION="" -SOVERSION="" - -# Parse arguments -# -until [ -z "$1" ] -do - case "$1" in - --version) - # Version to use - shift - VERSION=$1 - ;; - --so-crypto) - shift - SO_CRYPTO=$1 - ;; - --so-x509) - shift - SO_X509=$1 - ;; - --so-tls) - shift - SO_TLS=$1 - ;; - -v|--verbose) - # Be verbose - VERBOSE="1" - ;; - -h|--help) - # print help - echo "Usage: $0" - echo -e " -h|--help\t\tPrint this help." - echo -e " --version \tVersion to bump to." - echo -e " --so-crypto \tSO version to bump libmbedcrypto to." - echo -e " --so-x509 \tSO version to bump libmbedx509 to." - echo -e " --so-tls \tSO version to bump libmbedtls to." - echo -e " -v|--verbose\t\tVerbose." - exit 1 - ;; - *) - # print error - echo "Unknown argument: '$1'" - exit 1 - ;; - esac - shift -done - -if [ "X" = "X$VERSION" ]; -then - echo "No version specified. Unable to continue." - exit 1 -fi - -[ $VERBOSE ] && echo "Bumping VERSION in CMakeLists.txt" -sed -e "s/(MBEDTLS_VERSION [0-9.]\{1,\})/(MBEDTLS_VERSION $VERSION)/g" < CMakeLists.txt > tmp -mv tmp CMakeLists.txt - -if [ "X" != "X$SO_CRYPTO" ]; -then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in CMakeLists.txt" - sed -e "s/(MBEDTLS_CRYPTO_SOVERSION [0-9]\{1,\})/(MBEDTLS_CRYPTO_SOVERSION $SO_CRYPTO)/g" < CMakeLists.txt > tmp - mv tmp CMakeLists.txt - - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/Makefile" - sed -e "s/SOEXT_CRYPTO?=so.[0-9]\{1,\}/SOEXT_CRYPTO?=so.$SO_CRYPTO/g" < library/Makefile > tmp - mv tmp library/Makefile -fi - -if [ "X" != "X$SO_X509" ]; -then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in CMakeLists.txt" - sed -e "s/(MBEDTLS_X509_SOVERSION [0-9]\{1,\})/(MBEDTLS_X509_SOVERSION $SO_X509)/g" < CMakeLists.txt > tmp - mv tmp CMakeLists.txt - - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/Makefile" - sed -e "s/SOEXT_X509?=so.[0-9]\{1,\}/SOEXT_X509?=so.$SO_X509/g" < library/Makefile > tmp - mv tmp library/Makefile -fi - -if [ "X" != "X$SO_TLS" ]; -then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in CMakeLists.txt" - sed -e "s/(MBEDTLS_TLS_SOVERSION [0-9]\{1,\})/(MBEDTLS_TLS_SOVERSION $SO_TLS)/g" < CMakeLists.txt > tmp - mv tmp CMakeLists.txt - - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/Makefile" - sed -e "s/SOEXT_TLS?=so.[0-9]\{1,\}/SOEXT_TLS?=so.$SO_TLS/g" < library/Makefile > tmp - mv tmp library/Makefile -fi - -[ $VERBOSE ] && echo "Bumping VERSION in include/mbedtls/build_info.h" -read MAJOR MINOR PATCH <<<$(IFS="."; echo $VERSION) -VERSION_NR="$( printf "0x%02X%02X%02X00" $MAJOR $MINOR $PATCH )" -cat include/mbedtls/build_info.h | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_MAJOR .\{1,\}/\1_MAJOR $MAJOR/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_MINOR .\{1,\}/\1_MINOR $MINOR/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"Mbed TLS $VERSION\"/" \ - > tmp -mv tmp include/mbedtls/build_info.h - -[ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data" -sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp -mv tmp tests/suites/test_suite_version.data - -[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h" -for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h; -do - sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp - mv tmp $i -done - -[ $VERBOSE ] && echo "Re-generating library/error.c" -scripts/generate_errors.pl - -[ $VERBOSE ] && echo "Re-generating programs/test/query_config.c" -scripts/generate_query_config.pl - -[ $VERBOSE ] && echo "Re-generating library/version_features.c" -scripts/generate_features.pl - diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt deleted file mode 100644 index 2ab7ba98da..0000000000 --- a/scripts/ci.requirements.txt +++ /dev/null @@ -1,28 +0,0 @@ -# Python package requirements for Mbed TLS testing. - --r driver.requirements.txt - -# The dependencies below are only used in scripts that we run on the Linux CI. - -# Use a known version of Pylint, because new versions tend to add warnings -# that could start rejecting our code. -# 2.4.4 is the version in Ubuntu 20.04. It supports Python >=3.5. -pylint == 2.4.4; platform_system == 'Linux' - -# Use a version of mypy that is compatible with our code base. -# mypy <0.940 is known not to work: see commit -# :/Upgrade mypy to the last version supporting Python 3.6 -# mypy >=0.960 is known not to work: -# https://github.com/Mbed-TLS/mbedtls-framework/issues/50 -# mypy 0.942 is the version in Ubuntu 22.04. -mypy == 0.942; platform_system == 'Linux' - -# At the time of writing, only needed for tests/scripts/audit-validity-dates.py. -# It needs >=35.0.0 for correct operation, and that requires Python >=3.6. -# >=35.0.0 also requires Rust to build from source, which we are forced to do on -# FreeBSD, since PyPI doesn't carry binary wheels for the BSDs. -cryptography >= 35.0.0; platform_system == 'Linux' - -# For building `framework/data_files/server9-bad-saltlen.crt` and check python -# files. -asn1crypto; platform_system == 'Linux' diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py deleted file mode 100755 index 171aafeec3..0000000000 --- a/scripts/code_size_compare.py +++ /dev/null @@ -1,957 +0,0 @@ -#!/usr/bin/env python3 - -""" -This script is for comparing the size of the library files from two -different Git revisions within an Mbed TLS repository. -The results of the comparison is formatted as csv and stored at a -configurable location. -Note: must be run from Mbed TLS root. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import logging -import os -import re -import shutil -import subprocess -import sys -import typing -from enum import Enum - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree -from mbedtls_framework import logging_util -from mbedtls_framework import typing_util - -class SupportedArch(Enum): - """Supported architecture for code size measurement.""" - AARCH64 = 'aarch64' - AARCH32 = 'aarch32' - ARMV8_M = 'armv8-m' - X86_64 = 'x86_64' - X86 = 'x86' - - -class SupportedConfig(Enum): - """Supported configuration for code size measurement.""" - DEFAULT = 'default' - TFM_MEDIUM = 'tfm-medium' - - -# Static library -MBEDTLS_STATIC_LIB = { - 'CRYPTO': 'library/libmbedcrypto.a', - 'X509': 'library/libmbedx509.a', - 'TLS': 'library/libmbedtls.a', -} - -class CodeSizeDistinctInfo: # pylint: disable=too-few-public-methods - """Data structure to store possibly distinct information for code size - comparison.""" - def __init__( #pylint: disable=too-many-arguments - self, - version: str, - git_rev: str, - arch: str, - config: str, - compiler: str, - opt_level: str, - ) -> None: - """ - :param: version: which version to compare with for code size. - :param: git_rev: Git revision to calculate code size. - :param: arch: architecture to measure code size on. - :param: config: Configuration type to calculate code size. - (See SupportedConfig) - :param: compiler: compiler used to build library/*.o. - :param: opt_level: Options that control optimization. (E.g. -Os) - """ - self.version = version - self.git_rev = git_rev - self.arch = arch - self.config = config - self.compiler = compiler - self.opt_level = opt_level - # Note: Variables below are not initialized by class instantiation. - self.pre_make_cmd = [] #type: typing.List[str] - self.make_cmd = '' - - def get_info_indication(self): - """Return a unique string to indicate Code Size Distinct Information.""" - return '{git_rev}-{arch}-{config}-{compiler}'.format(**self.__dict__) - - -class CodeSizeCommonInfo: # pylint: disable=too-few-public-methods - """Data structure to store common information for code size comparison.""" - def __init__( - self, - host_arch: str, - measure_cmd: str, - ) -> None: - """ - :param host_arch: host architecture. - :param measure_cmd: command to measure code size for library/*.o. - """ - self.host_arch = host_arch - self.measure_cmd = measure_cmd - - def get_info_indication(self): - """Return a unique string to indicate Code Size Common Information.""" - return '{measure_tool}'\ - .format(measure_tool=self.measure_cmd.strip().split(' ')[0]) - -class CodeSizeResultInfo: # pylint: disable=too-few-public-methods - """Data structure to store result options for code size comparison.""" - def __init__( #pylint: disable=too-many-arguments - self, - record_dir: str, - comp_dir: str, - with_markdown=False, - stdout=False, - show_all=False, - ) -> None: - """ - :param record_dir: directory to store code size record. - :param comp_dir: directory to store results of code size comparision. - :param with_markdown: write comparision result into a markdown table. - (Default: False) - :param stdout: direct comparison result into sys.stdout. - (Default False) - :param show_all: show all objects in comparison result. (Default False) - """ - self.record_dir = record_dir - self.comp_dir = comp_dir - self.with_markdown = with_markdown - self.stdout = stdout - self.show_all = show_all - - -DETECT_ARCH_CMD = "cc -dM -E - < /dev/null" -def detect_arch() -> str: - """Auto-detect host architecture.""" - cc_output = subprocess.check_output(DETECT_ARCH_CMD, shell=True).decode() - if '__aarch64__' in cc_output: - return SupportedArch.AARCH64.value - if '__arm__' in cc_output: - return SupportedArch.AARCH32.value - if '__x86_64__' in cc_output: - return SupportedArch.X86_64.value - if '__i386__' in cc_output: - return SupportedArch.X86.value - else: - print("Unknown host architecture, cannot auto-detect arch.") - sys.exit(1) - -TFM_MEDIUM_CONFIG_H = 'configs/ext/tfm_mbedcrypto_config_profile_medium.h' -TFM_MEDIUM_CRYPTO_CONFIG_H = 'tf-psa-crypto/configs/ext/crypto_config_profile_medium.h' - -CONFIG_H = 'include/mbedtls/mbedtls_config.h' -CRYPTO_CONFIG_H = 'tf-psa-crypto/include/psa/crypto_config.h' -BACKUP_SUFFIX = '.code_size.bak' - -class CodeSizeBuildInfo: # pylint: disable=too-few-public-methods - """Gather information used to measure code size. - - It collects information about architecture, configuration in order to - infer build command for code size measurement. - """ - - SupportedArchConfig = [ - '-a ' + SupportedArch.AARCH64.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.AARCH32.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.X86_64.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.X86.value + ' -c ' + SupportedConfig.DEFAULT.value, - '-a ' + SupportedArch.ARMV8_M.value + ' -c ' + SupportedConfig.TFM_MEDIUM.value, - ] - - def __init__( - self, - size_dist_info: CodeSizeDistinctInfo, - host_arch: str, - logger: logging.Logger, - ) -> None: - """ - :param size_dist_info: - CodeSizeDistinctInfo containing info for code size measurement. - - size_dist_info.arch: architecture to measure code size on. - - size_dist_info.config: configuration type to measure - code size with. - - size_dist_info.compiler: compiler used to build library/*.o. - - size_dist_info.opt_level: Options that control optimization. - (E.g. -Os) - :param host_arch: host architecture. - :param logger: logging module - """ - self.arch = size_dist_info.arch - self.config = size_dist_info.config - self.compiler = size_dist_info.compiler - self.opt_level = size_dist_info.opt_level - - self.make_cmd = ['make', '-f', './scripts/legacy.make', '-j', 'lib'] - - self.host_arch = host_arch - self.logger = logger - - def check_correctness(self) -> bool: - """Check whether we are using proper / supported combination - of information to build library/*.o.""" - - # default config - if self.config == SupportedConfig.DEFAULT.value and \ - self.arch == self.host_arch: - return True - # TF-M - elif self.arch == SupportedArch.ARMV8_M.value and \ - self.config == SupportedConfig.TFM_MEDIUM.value: - return True - - return False - - def infer_pre_make_command(self) -> typing.List[str]: - """Infer command to set up proper configuration before running make.""" - pre_make_cmd = [] #type: typing.List[str] - if self.config == SupportedConfig.TFM_MEDIUM.value: - pre_make_cmd.append('cp {src} {dest}' - .format(src=TFM_MEDIUM_CONFIG_H, dest=CONFIG_H)) - pre_make_cmd.append('cp {src} {dest}' - .format(src=TFM_MEDIUM_CRYPTO_CONFIG_H, - dest=CRYPTO_CONFIG_H)) - - return pre_make_cmd - - def infer_make_cflags(self) -> str: - """Infer CFLAGS by instance attributes in CodeSizeDistinctInfo.""" - cflags = [] #type: typing.List[str] - - # set optimization level - cflags.append(self.opt_level) - # set compiler by config - if self.config == SupportedConfig.TFM_MEDIUM.value: - self.compiler = 'armclang' - cflags.append('-mcpu=cortex-m33') - # set target - if self.compiler == 'armclang': - cflags.append('--target=arm-arm-none-eabi') - - return ' '.join(cflags) - - def infer_make_command(self) -> str: - """Infer make command by CFLAGS and CC.""" - - if self.check_correctness(): - # set CFLAGS= - self.make_cmd.append('CFLAGS=\'{}\''.format(self.infer_make_cflags())) - # set CC= - self.make_cmd.append('CC={}'.format(self.compiler)) - return ' '.join(self.make_cmd) - else: - self.logger.error("Unsupported combination of architecture: {} " \ - "and configuration: {}.\n" - .format(self.arch, - self.config)) - self.logger.error("Please use supported combination of " \ - "architecture and configuration:") - for comb in CodeSizeBuildInfo.SupportedArchConfig: - self.logger.error(comb) - self.logger.error("") - self.logger.error("For your system, please use:") - for comb in CodeSizeBuildInfo.SupportedArchConfig: - if "default" in comb and self.host_arch not in comb: - continue - self.logger.error(comb) - sys.exit(1) - - -class CodeSizeCalculator: - """ A calculator to calculate code size of library/*.o based on - Git revision and code size measurement tool. - """ - - def __init__( #pylint: disable=too-many-arguments - self, - git_rev: str, - pre_make_cmd: typing.List[str], - make_cmd: str, - measure_cmd: str, - logger: logging.Logger, - ) -> None: - """ - :param git_rev: Git revision. (E.g: commit) - :param pre_make_cmd: command to set up proper config before running make. - :param make_cmd: command to build library/*.o. - :param measure_cmd: command to measure code size for library/*.o. - :param logger: logging module - """ - self.repo_path = "." - self.git_command = "git" - self.make_clean = 'make -f ./scripts/legacy.make clean' - - self.git_rev = git_rev - self.pre_make_cmd = pre_make_cmd - self.make_cmd = make_cmd - self.measure_cmd = measure_cmd - self.logger = logger - - @staticmethod - def validate_git_revision(git_rev: str) -> str: - result = subprocess.check_output(["git", "rev-parse", "--verify", - git_rev + "^{commit}"], - shell=False, universal_newlines=True) - return result[:7] - - def _create_git_worktree(self) -> str: - """Create a separate worktree for Git revision. - If Git revision is current, use current worktree instead.""" - - if self.git_rev == 'current': - self.logger.debug("Using current work directory.") - git_worktree_path = self.repo_path - else: - self.logger.debug("Creating git worktree for {}." - .format(self.git_rev)) - git_worktree_path = os.path.join(self.repo_path, - "temp-" + self.git_rev) - subprocess.check_output( - [self.git_command, "worktree", "add", "--detach", - git_worktree_path, self.git_rev], cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - subprocess.check_output( - [self.git_command, "submodule", "update", "--init", "--recursive"], - cwd=git_worktree_path, stderr=subprocess.STDOUT - ) - - return git_worktree_path - - @staticmethod - def backup_config_files(restore: bool) -> None: - """Backup / Restore config files.""" - if restore: - shutil.move(CONFIG_H + BACKUP_SUFFIX, CONFIG_H) - shutil.move(CRYPTO_CONFIG_H + BACKUP_SUFFIX, CRYPTO_CONFIG_H) - else: - shutil.copy(CONFIG_H, CONFIG_H + BACKUP_SUFFIX) - shutil.copy(CRYPTO_CONFIG_H, CRYPTO_CONFIG_H + BACKUP_SUFFIX) - - def _build_libraries(self, git_worktree_path: str) -> None: - """Build library/*.o in the specified worktree.""" - - self.logger.debug("Building library/*.o for {}." - .format(self.git_rev)) - my_environment = os.environ.copy() - try: - if self.git_rev == 'current': - self.backup_config_files(restore=False) - for pre_cmd in self.pre_make_cmd: - subprocess.check_output( - pre_cmd, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - universal_newlines=True - ) - subprocess.check_output( - self.make_clean, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - universal_newlines=True - ) - subprocess.check_output( - self.make_cmd, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - universal_newlines=True - ) - if self.git_rev == 'current': - self.backup_config_files(restore=True) - except subprocess.CalledProcessError as e: - self._handle_called_process_error(e, git_worktree_path) - - def _gen_raw_code_size(self, git_worktree_path: str) -> typing.Dict[str, str]: - """Measure code size by a tool and return in UTF-8 encoding.""" - - self.logger.debug("Measuring code size for {} by `{}`." - .format(self.git_rev, - self.measure_cmd.strip().split(' ')[0])) - - res = {} - for mod, st_lib in MBEDTLS_STATIC_LIB.items(): - try: - result = subprocess.check_output( - [self.measure_cmd + ' ' + st_lib], cwd=git_worktree_path, - shell=True, universal_newlines=True - ) - res[mod] = result - except subprocess.CalledProcessError as e: - self._handle_called_process_error(e, git_worktree_path) - - return res - - def _remove_worktree(self, git_worktree_path: str) -> None: - """Remove temporary worktree.""" - if git_worktree_path != self.repo_path: - self.logger.debug("Removing temporary worktree {}." - .format(git_worktree_path)) - subprocess.check_output( - [self.git_command, "worktree", "remove", "--force", - git_worktree_path], cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - - def _handle_called_process_error(self, e: subprocess.CalledProcessError, - git_worktree_path: str) -> None: - """Handle a CalledProcessError and quit the program gracefully. - Remove any extra worktrees so that the script may be called again.""" - - # Tell the user what went wrong - self.logger.error(e, exc_info=True) - self.logger.error("Process output:\n {}".format(e.output)) - - # Quit gracefully by removing the existing worktree - self._remove_worktree(git_worktree_path) - sys.exit(-1) - - def cal_libraries_code_size(self) -> typing.Dict[str, str]: - """Do a complete round to calculate code size of library/*.o - by measurement tool. - - :return A dictionary of measured code size - - typing.Dict[mod: str] - """ - - git_worktree_path = self._create_git_worktree() - try: - self._build_libraries(git_worktree_path) - res = self._gen_raw_code_size(git_worktree_path) - finally: - self._remove_worktree(git_worktree_path) - - return res - - -class CodeSizeGenerator: - """ A generator based on size measurement tool for library/*.o. - - This is an abstract class. To use it, derive a class that implements - write_record and write_comparison methods, then call both of them with - proper arguments. - """ - def __init__(self, logger: logging.Logger) -> None: - """ - :param logger: logging module - """ - self.logger = logger - - def write_record( - self, - git_rev: str, - code_size_text: typing.Dict[str, str], - output: typing_util.Writable - ) -> None: - """Write size record into a file. - - :param git_rev: Git revision. (E.g: commit) - :param code_size_text: - string output (utf-8) from measurement tool of code size. - - typing.Dict[mod: str] - :param output: output stream which the code size record is written to. - (Note: Normally write code size record into File) - """ - raise NotImplementedError - - def write_comparison( #pylint: disable=too-many-arguments - self, - old_rev: str, - new_rev: str, - output: typing_util.Writable, - with_markdown=False, - show_all=False - ) -> None: - """Write a comparision result into a stream between two Git revisions. - - :param old_rev: old Git revision to compared with. - :param new_rev: new Git revision to compared with. - :param output: output stream which the code size record is written to. - (File / sys.stdout) - :param with_markdown: write comparision result in a markdown table. - (Default: False) - :param show_all: show all objects in comparison result. (Default False) - """ - raise NotImplementedError - - -class CodeSizeGeneratorWithSize(CodeSizeGenerator): - """Code Size Base Class for size record saving and writing.""" - - class SizeEntry: # pylint: disable=too-few-public-methods - """Data Structure to only store information of code size.""" - def __init__(self, text: int, data: int, bss: int, dec: int): - self.text = text - self.data = data - self.bss = bss - self.total = dec # total <=> dec - - def __init__(self, logger: logging.Logger) -> None: - """ Variable code_size is used to store size info for any Git revisions. - :param code_size: - Data Format as following: - code_size = { - git_rev: { - module: { - file_name: SizeEntry, - ... - }, - ... - }, - ... - } - """ - super().__init__(logger) - self.code_size = {} #type: typing.Dict[str, typing.Dict] - self.mod_total_suffix = '-' + 'TOTALS' - - def _set_size_record(self, git_rev: str, mod: str, size_text: str) -> None: - """Store size information for target Git revision and high-level module. - - size_text Format: text data bss dec hex filename - """ - size_record = {} - for line in size_text.splitlines()[1:]: - data = line.split() - if re.match(r'\s*\(TOTALS\)', data[5]): - data[5] = mod + self.mod_total_suffix - # file_name: SizeEntry(text, data, bss, dec) - size_record[data[5]] = CodeSizeGeneratorWithSize.SizeEntry( - int(data[0]), int(data[1]), int(data[2]), int(data[3])) - self.code_size.setdefault(git_rev, {}).update({mod: size_record}) - - def read_size_record(self, git_rev: str, fname: str) -> None: - """Read size information from csv file and write it into code_size. - - fname Format: filename text data bss dec - """ - mod = "" - size_record = {} - with open(fname, 'r') as csv_file: - for line in csv_file: - data = line.strip().split() - # check if we find the beginning of a module - if data and data[0] in MBEDTLS_STATIC_LIB: - mod = data[0] - continue - - if mod: - # file_name: SizeEntry(text, data, bss, dec) - size_record[data[0]] = CodeSizeGeneratorWithSize.SizeEntry( - int(data[1]), int(data[2]), int(data[3]), int(data[4])) - - # check if we hit record for the end of a module - m = re.match(r'\w+' + self.mod_total_suffix, line) - if m: - if git_rev in self.code_size: - self.code_size[git_rev].update({mod: size_record}) - else: - self.code_size[git_rev] = {mod: size_record} - mod = "" - size_record = {} - - def write_record( - self, - git_rev: str, - code_size_text: typing.Dict[str, str], - output: typing_util.Writable - ) -> None: - """Write size information to a file. - - Writing Format: filename text data bss total(dec) - """ - for mod, size_text in code_size_text.items(): - self._set_size_record(git_rev, mod, size_text) - - format_string = "{:<30} {:>7} {:>7} {:>7} {:>7}\n" - output.write(format_string.format("filename", - "text", "data", "bss", "total")) - - for mod, f_size in self.code_size[git_rev].items(): - output.write("\n" + mod + "\n") - for fname, size_entry in f_size.items(): - output.write(format_string - .format(fname, - size_entry.text, size_entry.data, - size_entry.bss, size_entry.total)) - - def write_comparison( #pylint: disable=too-many-arguments - self, - old_rev: str, - new_rev: str, - output: typing_util.Writable, - with_markdown=False, - show_all=False - ) -> None: - # pylint: disable=too-many-locals - """Write comparison result into a file. - - Writing Format: - Markdown Output: - filename new(text) new(data) change(text) change(data) - CSV Output: - filename new(text) new(data) old(text) old(data) change(text) change(data) - """ - header_line = ["filename", "new(text)", "old(text)", "change(text)", - "new(data)", "old(data)", "change(data)"] - if with_markdown: - dash_line = [":----", "----:", "----:", "----:", - "----:", "----:", "----:"] - # | filename | new(text) | new(data) | change(text) | change(data) | - line_format = "| {0:<30} | {1:>9} | {4:>9} | {3:>12} | {6:>12} |\n" - bold_text = lambda x: '**' + str(x) + '**' - else: - # filename new(text) new(data) old(text) old(data) change(text) change(data) - line_format = "{0:<30} {1:>9} {4:>9} {2:>10} {5:>10} {3:>12} {6:>12}\n" - - def cal_sect_change( - old_size: typing.Optional[CodeSizeGeneratorWithSize.SizeEntry], - new_size: typing.Optional[CodeSizeGeneratorWithSize.SizeEntry], - sect: str - ) -> typing.List: - """Inner helper function to calculate size change for a section. - - Convention for special cases: - - If the object has been removed in new Git revision, - the size is minus code size of old Git revision; - the size change is marked as `Removed`, - - If the object only exists in new Git revision, - the size is code size of new Git revision; - the size change is marked as `None`, - - :param: old_size: code size for objects in old Git revision. - :param: new_size: code size for objects in new Git revision. - :param: sect: section to calculate from `size` tool. This could be - any instance variable in SizeEntry. - :return: List of [section size of objects for new Git revision, - section size of objects for old Git revision, - section size change of objects between two Git revisions] - """ - if old_size and new_size: - new_attr = new_size.__dict__[sect] - old_attr = old_size.__dict__[sect] - delta = new_attr - old_attr - change_attr = '{0:{1}}'.format(delta, '+' if delta else '') - elif old_size: - new_attr = 'Removed' - old_attr = old_size.__dict__[sect] - delta = - old_attr - change_attr = '{0:{1}}'.format(delta, '+' if delta else '') - elif new_size: - new_attr = new_size.__dict__[sect] - old_attr = 'NotCreated' - delta = new_attr - change_attr = '{0:{1}}'.format(delta, '+' if delta else '') - else: - # Should never happen - new_attr = 'Error' - old_attr = 'Error' - change_attr = 'Error' - return [new_attr, old_attr, change_attr] - - # sort dictionary by key - sort_by_k = lambda item: item[0].lower() - def get_results( - f_rev_size: - typing.Dict[str, - typing.Dict[str, - CodeSizeGeneratorWithSize.SizeEntry]] - ) -> typing.List: - """Return List of results in the format of: - [filename, new(text), old(text), change(text), - new(data), old(data), change(data)] - """ - res = [] - for fname, revs_size in sorted(f_rev_size.items(), key=sort_by_k): - old_size = revs_size.get(old_rev) - new_size = revs_size.get(new_rev) - - text_sect = cal_sect_change(old_size, new_size, 'text') - data_sect = cal_sect_change(old_size, new_size, 'data') - # skip the files that haven't changed in code size - if not show_all and text_sect[-1] == '0' and data_sect[-1] == '0': - continue - - res.append([fname, *text_sect, *data_sect]) - return res - - # write header - output.write(line_format.format(*header_line)) - if with_markdown: - output.write(line_format.format(*dash_line)) - for mod in MBEDTLS_STATIC_LIB: - # convert self.code_size to: - # { - # file_name: { - # old_rev: SizeEntry, - # new_rev: SizeEntry - # }, - # ... - # } - f_rev_size = {} #type: typing.Dict[str, typing.Dict] - for fname, size_entry in self.code_size[old_rev][mod].items(): - f_rev_size.setdefault(fname, {}).update({old_rev: size_entry}) - for fname, size_entry in self.code_size[new_rev][mod].items(): - f_rev_size.setdefault(fname, {}).update({new_rev: size_entry}) - - mod_total_sz = f_rev_size.pop(mod + self.mod_total_suffix) - res = get_results(f_rev_size) - total_clm = get_results({mod + self.mod_total_suffix: mod_total_sz}) - if with_markdown: - # bold row of mod-TOTALS in markdown table - total_clm = [[bold_text(j) for j in i] for i in total_clm] - res += total_clm - - # write comparison result - for line in res: - output.write(line_format.format(*line)) - - -class CodeSizeComparison: - """Compare code size between two Git revisions.""" - - def __init__( #pylint: disable=too-many-arguments - self, - old_size_dist_info: CodeSizeDistinctInfo, - new_size_dist_info: CodeSizeDistinctInfo, - size_common_info: CodeSizeCommonInfo, - result_options: CodeSizeResultInfo, - logger: logging.Logger, - ) -> None: - """ - :param old_size_dist_info: CodeSizeDistinctInfo containing old distinct - info to compare code size with. - :param new_size_dist_info: CodeSizeDistinctInfo containing new distinct - info to take as comparision base. - :param size_common_info: CodeSizeCommonInfo containing common info for - both old and new size distinct info and - measurement tool. - :param result_options: CodeSizeResultInfo containing results options for - code size record and comparision. - :param logger: logging module - """ - - self.logger = logger - - self.old_size_dist_info = old_size_dist_info - self.new_size_dist_info = new_size_dist_info - self.size_common_info = size_common_info - # infer pre make command - self.old_size_dist_info.pre_make_cmd = CodeSizeBuildInfo( - self.old_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_pre_make_command() - self.new_size_dist_info.pre_make_cmd = CodeSizeBuildInfo( - self.new_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_pre_make_command() - # infer make command - self.old_size_dist_info.make_cmd = CodeSizeBuildInfo( - self.old_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_make_command() - self.new_size_dist_info.make_cmd = CodeSizeBuildInfo( - self.new_size_dist_info, self.size_common_info.host_arch, - self.logger).infer_make_command() - # initialize size parser with corresponding measurement tool - self.code_size_generator = self.__generate_size_parser() - - self.result_options = result_options - self.csv_dir = os.path.abspath(self.result_options.record_dir) - os.makedirs(self.csv_dir, exist_ok=True) - self.comp_dir = os.path.abspath(self.result_options.comp_dir) - os.makedirs(self.comp_dir, exist_ok=True) - - def __generate_size_parser(self): - """Generate a parser for the corresponding measurement tool.""" - if re.match(r'size', self.size_common_info.measure_cmd.strip()): - return CodeSizeGeneratorWithSize(self.logger) - else: - self.logger.error("Unsupported measurement tool: `{}`." - .format(self.size_common_info.measure_cmd - .strip().split(' ')[0])) - sys.exit(1) - - def cal_code_size( - self, - size_dist_info: CodeSizeDistinctInfo - ) -> typing.Dict[str, str]: - """Calculate code size of library/*.o in a UTF-8 encoding""" - - return CodeSizeCalculator(size_dist_info.git_rev, - size_dist_info.pre_make_cmd, - size_dist_info.make_cmd, - self.size_common_info.measure_cmd, - self.logger).cal_libraries_code_size() - - def gen_code_size_report(self, size_dist_info: CodeSizeDistinctInfo) -> None: - """Generate code size record and write it into a file.""" - - self.logger.info("Start to generate code size record for {}." - .format(size_dist_info.git_rev)) - output_file = os.path.join( - self.csv_dir, - '{}-{}.csv' - .format(size_dist_info.get_info_indication(), - self.size_common_info.get_info_indication())) - # Check if the corresponding record exists - if size_dist_info.git_rev != "current" and \ - os.path.exists(output_file): - self.logger.debug("Code size csv file for {} already exists." - .format(size_dist_info.git_rev)) - self.code_size_generator.read_size_record( - size_dist_info.git_rev, output_file) - else: - # measure code size - code_size_text = self.cal_code_size(size_dist_info) - - self.logger.debug("Generating code size csv for {}." - .format(size_dist_info.git_rev)) - output = open(output_file, "w") - self.code_size_generator.write_record( - size_dist_info.git_rev, code_size_text, output) - - def gen_code_size_comparison(self) -> None: - """Generate results of code size changes between two Git revisions, - old and new. - - - Measured code size result of these two Git revisions must be available. - - The result is directed into either file / stdout depending on - the option, size_common_info.result_options.stdout. (Default: file) - """ - - self.logger.info("Start to generate comparision result between "\ - "{} and {}." - .format(self.old_size_dist_info.git_rev, - self.new_size_dist_info.git_rev)) - if self.result_options.stdout: - output = sys.stdout - else: - output_file = os.path.join( - self.comp_dir, - '{}-{}-{}.{}' - .format(self.old_size_dist_info.get_info_indication(), - self.new_size_dist_info.get_info_indication(), - self.size_common_info.get_info_indication(), - 'md' if self.result_options.with_markdown else 'csv')) - output = open(output_file, "w") - - self.logger.debug("Generating comparison results between {} and {}." - .format(self.old_size_dist_info.git_rev, - self.new_size_dist_info.git_rev)) - if self.result_options.with_markdown or self.result_options.stdout: - print("Measure code size between {} and {} by `{}`." - .format(self.old_size_dist_info.get_info_indication(), - self.new_size_dist_info.get_info_indication(), - self.size_common_info.get_info_indication()), - file=output) - self.code_size_generator.write_comparison( - self.old_size_dist_info.git_rev, - self.new_size_dist_info.git_rev, - output, self.result_options.with_markdown, - self.result_options.show_all) - - def get_comparision_results(self) -> None: - """Compare size of library/*.o between self.old_size_dist_info and - self.old_size_dist_info and generate the result file.""" - build_tree.check_repo_path() - self.gen_code_size_report(self.old_size_dist_info) - self.gen_code_size_report(self.new_size_dist_info) - self.gen_code_size_comparison() - -def main(): - parser = argparse.ArgumentParser(description=(__doc__)) - group_required = parser.add_argument_group( - 'required arguments', - 'required arguments to parse for running ' + os.path.basename(__file__)) - group_required.add_argument( - '-o', '--old-rev', type=str, required=True, - help='old Git revision for comparison.') - - group_optional = parser.add_argument_group( - 'optional arguments', - 'optional arguments to parse for running ' + os.path.basename(__file__)) - group_optional.add_argument( - '--record-dir', type=str, default='code_size_records', - help='directory where code size record is stored. ' - '(Default: code_size_records)') - group_optional.add_argument( - '--comp-dir', type=str, default='comparison', - help='directory where comparison result is stored. ' - '(Default: comparison)') - group_optional.add_argument( - '-n', '--new-rev', type=str, default='current', - help='new Git revision as comparison base. ' - '(Default is the current work directory, including uncommitted ' - 'changes.)') - group_optional.add_argument( - '-a', '--arch', type=str, default=detect_arch(), - choices=list(map(lambda s: s.value, SupportedArch)), - help='Specify architecture for code size comparison. ' - '(Default is the host architecture.)') - group_optional.add_argument( - '-c', '--config', type=str, default=SupportedConfig.DEFAULT.value, - choices=list(map(lambda s: s.value, SupportedConfig)), - help='Specify configuration type for code size comparison. ' - '(Default is the current Mbed TLS configuration.)') - group_optional.add_argument( - '--markdown', action='store_true', dest='markdown', - help='Show comparision of code size in a markdown table. ' - '(Only show the files that have changed).') - group_optional.add_argument( - '--stdout', action='store_true', dest='stdout', - help='Set this option to direct comparison result into sys.stdout. ' - '(Default: file)') - group_optional.add_argument( - '--show-all', action='store_true', dest='show_all', - help='Show all the objects in comparison result, including the ones ' - 'that haven\'t changed in code size. (Default: False)') - group_optional.add_argument( - '--verbose', action='store_true', dest='verbose', - help='Show logs in detail for code size measurement. ' - '(Default: False)') - comp_args = parser.parse_args() - - logger = logging.getLogger() - logging_util.configure_logger(logger, split_level=logging.NOTSET) - logger.setLevel(logging.DEBUG if comp_args.verbose else logging.INFO) - - if os.path.isfile(comp_args.record_dir): - logger.error("record directory: {} is not a directory" - .format(comp_args.record_dir)) - sys.exit(1) - if os.path.isfile(comp_args.comp_dir): - logger.error("comparison directory: {} is not a directory" - .format(comp_args.comp_dir)) - sys.exit(1) - - comp_args.old_rev = CodeSizeCalculator.validate_git_revision( - comp_args.old_rev) - if comp_args.new_rev != 'current': - comp_args.new_rev = CodeSizeCalculator.validate_git_revision( - comp_args.new_rev) - - # version, git_rev, arch, config, compiler, opt_level - old_size_dist_info = CodeSizeDistinctInfo( - 'old', comp_args.old_rev, comp_args.arch, comp_args.config, 'cc', '-Os') - new_size_dist_info = CodeSizeDistinctInfo( - 'new', comp_args.new_rev, comp_args.arch, comp_args.config, 'cc', '-Os') - # host_arch, measure_cmd - size_common_info = CodeSizeCommonInfo( - detect_arch(), 'size -t') - # record_dir, comp_dir, with_markdown, stdout, show_all - result_options = CodeSizeResultInfo( - comp_args.record_dir, comp_args.comp_dir, - comp_args.markdown, comp_args.stdout, comp_args.show_all) - - logger.info("Measure code size between {} and {} by `{}`." - .format(old_size_dist_info.get_info_indication(), - new_size_dist_info.get_info_indication(), - size_common_info.get_info_indication())) - CodeSizeComparison(old_size_dist_info, new_size_dist_info, - size_common_info, result_options, - logger).get_comparision_results() - -if __name__ == "__main__": - main() diff --git a/scripts/common.make b/scripts/common.make deleted file mode 100644 index b3d028ff62..0000000000 --- a/scripts/common.make +++ /dev/null @@ -1,170 +0,0 @@ -# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS - -ifndef MBEDTLS_PATH -MBEDTLS_PATH := .. -endif - -PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim - -ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - define error_message -$(MBEDTLS_PATH)/framework/exported.make not found. -Run `git submodule update --init` to fetch the submodule contents. -This is a fatal error - endef - $(error $(error_message)) -endif -include $(MBEDTLS_PATH)/framework/exported.make - -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic -LDFLAGS ?= - -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ - -I$(MBEDTLS_PATH)/framework/tests/include \ - -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ - -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ - -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS) - -ifdef PSASIM -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L$(PSASIM_PATH)/client_libs \ - -lpsaclient \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) -else -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L$(MBEDTLS_PATH)/library \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) -endif - -THIRDPARTY_DIR = $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(THIRDPARTY_DIR)/everest/Makefile.inc -include $(THIRDPARTY_DIR)/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) - -ifdef PSASIM -MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \ - $(PSASIM_PATH)/client_libs/libmbedx509.a \ - $(PSASIM_PATH)/client_libs/libmbedtls.a \ - $(PSASIM_PATH)/client_libs/libpsaclient.a -else ifndef SHARED -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \ - $(MBEDTLS_PATH)/library/libmbedx509.a \ - $(MBEDTLS_PATH)/library/libmbedtls.a -else -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \ - $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \ - $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) -endif - -ifdef DEBUG -LOCAL_CFLAGS += -g3 -endif - -# if we're running on Windows, build for Windows -ifdef WINDOWS -WINDOWS_BUILD=1 -endif - -## Usage: $(call remove_enabled_options,PREPROCESSOR_INPUT) -## Remove the preprocessor symbols that are set in the current configuration -## from PREPROCESSOR_INPUT. Also normalize whitespace. -## Example: -## $(call remove_enabled_options,MBEDTLS_FOO MBEDTLS_BAR) -## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both -## enabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is -## disabled, etc. -## -## This only works with a Unix-like shell environment (Bourne/POSIX-style shell -## and standard commands) and a Unix-like compiler (supporting -E). In -## other environments, the output is likely to be empty. -define remove_enabled_options -$(strip $(shell - exec 2>/dev/null; - { echo '#include '; echo $(1); } | - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -E - | - tail -n 1 -)) -endef - -ifdef WINDOWS_BUILD - DLEXT=dll - EXEXT=.exe - LOCAL_LDFLAGS += -lws2_32 -lbcrypt - ifdef SHARED - SHARED_SUFFIX=.$(DLEXT) - endif - -else # Not building for Windows - DLEXT ?= so - EXEXT= - SHARED_SUFFIX= - ifndef THREADING - # Auto-detect configurations with pthread. - # If the call to remove_enabled_options returns "control", the symbols - # are confirmed set and we link with pthread. - # If the auto-detection fails, the result of the call is empty and - # we keep THREADING undefined. - ifeq (control,$(call remove_enabled_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) - THREADING := pthread - endif - endif - - ifeq ($(THREADING),pthread) - LOCAL_LDFLAGS += -lpthread - endif -endif - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - -default: all - -$(MBEDLIBS): - $(MAKE) -C $(MBEDTLS_PATH)/library - -neat: clean -ifndef WINDOWS - rm -f $(GENERATED_FILES) -else - for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f -endif - -# Auxiliary modules used by tests and some sample programs -MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \ - ${MBEDTLS_PATH}/framework/tests/src/*.c \ - ${MBEDTLS_PATH}/framework/tests/src/drivers/*.c \ - )) -# Ignore PSA stubs when building for the client side of PSASIM (i.e. -# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates. -ifdef PSASIM -MBEDTLS_CORE_TEST_OBJS := $(filter-out \ - ${MBEDTLS_PATH}/framework/tests/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\ - ) -endif -# Additional auxiliary modules for TLS testing -MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ - ${MBEDTLS_TEST_PATH}/src/*.c \ - ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \ - )) - -MBEDTLS_TEST_OBJS = $(MBEDTLS_CORE_TEST_OBJS) $(MBEDTLS_TLS_TEST_OBJS) diff --git a/scripts/config.py b/scripts/config.py deleted file mode 100755 index 45561df78c..0000000000 --- a/scripts/config.py +++ /dev/null @@ -1,498 +0,0 @@ -#!/usr/bin/env python3 - -"""Mbed TLS and PSA configuration file manipulation library and tool - -Basic usage, to read the Mbed TLS configuration: - config = CombinedConfigFile() - if 'MBEDTLS_SSL_TLS_C' in config: print('TLS is enabled') -""" - -## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -## - -import os -import re -import sys - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import config_common - - -def is_boolean_setting(name, value): - """Is this a boolean setting? - - Mbed TLS boolean settings are enabled if the preprocessor macro is - defined, and disabled if the preprocessor macro is not defined. The - macro definition line in the configuration file has an empty expansion. - - PSA_WANT_xxx settings are also boolean, but when they are enabled, - they expand to a nonzero value. We leave them undefined when they - are disabled. (Setting them to 0 currently means to enable them, but - this might change to mean disabling them. Currently we just never set - them to 0.) - """ - if name.startswith('PSA_WANT_'): - return True - if not value: - return True - return False - -def realfull_adapter(_name, _value, _active): - """Activate all symbols. - - This is intended for building the documentation, including the - documentation of settings that are activated by defining an optional - preprocessor macro. There is no expectation that the resulting - configuration can be built. - """ - return True - -PSA_UNSUPPORTED_FEATURE = frozenset([ - 'PSA_WANT_ALG_CBC_MAC', - 'PSA_WANT_ALG_XTS', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE', - 'PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE' -]) - -PSA_DEPRECATED_FEATURE = frozenset([ - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR' -]) - -EXCLUDE_FROM_CRYPTO = PSA_UNSUPPORTED_FEATURE | \ - PSA_DEPRECATED_FEATURE - -# The goal of the full configuration is to have everything that can be tested -# together. This includes deprecated or insecure options. It excludes: -# * Options that require additional build dependencies or unusual hardware. -# * Options that make testing less effective. -# * Options that are incompatible with other options, or more generally that -# interact with other parts of the code in such a way that a bulk enabling -# is not a good way to test them. -# * Options that remove features. -EXCLUDE_FROM_FULL = frozenset([ - #pylint: disable=line-too-long - 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY - 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency - 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW - 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options - 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options - 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS - 'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental - 'MBEDTLS_HAVE_SSE2', # hardware dependency - 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C - 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective - 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C - 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum - 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum - 'MBEDTLS_PSA_DRIVER_GET_ENTROPY', # incompatible with MBEDTLS_PSA_BUILTIN_GET_ENTROPY - 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA - 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature - 'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', # removes a feature - 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency - 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change - 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) - 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT - 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) - 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) - 'MBEDTLS_X509_REMOVE_INFO', # removes a feature - 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices - 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices - *PSA_UNSUPPORTED_FEATURE, - *PSA_DEPRECATED_FEATURE, -]) - -def is_seamless_alt(name): - """Whether the xxx_ALT symbol should be included in the full configuration. - - Include alternative implementations of platform functions, which are - configurable function pointers that default to the built-in function. - This way we test that the function pointers exist and build correctly - without changing the behavior, and tests can verify that the function - pointers are used by modifying those pointers. - - Exclude alternative implementations of library functions since they require - an implementation of the relevant functions and an xxx_alt.h header. - """ - if name in ( - 'MBEDTLS_PLATFORM_GMTIME_R_ALT', - 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', - 'MBEDTLS_PLATFORM_MS_TIME_ALT', - 'MBEDTLS_PLATFORM_ZEROIZE_ALT', - ): - # Similar to non-platform xxx_ALT, requires platform_alt.h - return False - return name.startswith('MBEDTLS_PLATFORM_') - -def include_in_full(name): - """Rules for symbols in the "full" configuration.""" - if name in EXCLUDE_FROM_FULL: - return False - if name.endswith('_ALT'): - return is_seamless_alt(name) - return True - -def full_adapter(name, value, active): - """Config adapter for "full".""" - if not is_boolean_setting(name, value): - return active - return include_in_full(name) - -# The baremetal configuration excludes options that require a library or -# operating system feature that is typically not present on bare metal -# systems. Features that are excluded from "full" won't be in "baremetal" -# either (unless explicitly turned on in baremetal_adapter) so they don't -# need to be repeated here. -EXCLUDE_FROM_BAREMETAL = frozenset([ - #pylint: disable=line-too-long - 'MBEDTLS_ENTROPY_NV_SEED', # requires a filesystem and FS_IO or alternate NV seed hooks - 'MBEDTLS_FS_IO', # requires a filesystem - 'MBEDTLS_HAVE_TIME', # requires a clock - 'MBEDTLS_HAVE_TIME_DATE', # requires a clock - 'MBEDTLS_NET_C', # requires POSIX-like networking - 'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h - 'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED - 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME - 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem - 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem - 'MBEDTLS_THREADING_C', # requires a threading interface - 'MBEDTLS_THREADING_PTHREAD', # requires pthread - 'MBEDTLS_TIMING_C', # requires a clock - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection - 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection -]) - -def keep_in_baremetal(name): - """Rules for symbols in the "baremetal" configuration.""" - if name in EXCLUDE_FROM_BAREMETAL: - return False - return True - -def baremetal_adapter(name, value, active): - """Config adapter for "baremetal".""" - if not is_boolean_setting(name, value): - return active - if name == 'MBEDTLS_PSA_BUILTIN_GET_ENTROPY': - # No OS-provided entropy source - return False - if name == 'MBEDTLS_PSA_DRIVER_GET_ENTROPY': - return True - return include_in_full(name) and keep_in_baremetal(name) - -# This set contains options that are mostly for debugging or test purposes, -# and therefore should be excluded when doing code size measurements. -# Options that are their own module (such as MBEDTLS_ERROR_C) are not listed -# and therefore will be included when doing code size measurements. -EXCLUDE_FOR_SIZE = frozenset([ - 'MBEDTLS_DEBUG_C', # large code size increase in TLS - 'MBEDTLS_SELF_TEST', # increases the size of many modules - 'MBEDTLS_TEST_HOOKS', # only useful with the hosted test framework, increases code size -]) - -def baremetal_size_adapter(name, value, active): - if name in EXCLUDE_FOR_SIZE: - return False - return baremetal_adapter(name, value, active) - -def include_in_crypto(name): - """Rules for symbols in a crypto configuration.""" - if name.startswith('MBEDTLS_X509_') or \ - name.startswith('MBEDTLS_VERSION_') or \ - name.startswith('MBEDTLS_SSL_') or \ - name.startswith('MBEDTLS_KEY_EXCHANGE_'): - return False - if name in [ - 'MBEDTLS_DEBUG_C', # part of libmbedtls - 'MBEDTLS_NET_C', # part of libmbedtls - 'MBEDTLS_PKCS7_C', # part of libmbedx509 - 'MBEDTLS_TIMING_C', # part of libmbedtls - 'MBEDTLS_ERROR_C', # part of libmbedx509 - 'MBEDTLS_ERROR_STRERROR_DUMMY', # part of libmbedx509 - ]: - return False - if name in EXCLUDE_FROM_CRYPTO: - return False - return True - -def crypto_adapter(adapter): - """Modify an adapter to disable non-crypto symbols. - - ``crypto_adapter(adapter)(name, value, active)`` is like - ``adapter(name, value, active)``, but unsets all X.509 and TLS symbols. - """ - def continuation(name, value, active): - if not include_in_crypto(name): - return False - if adapter is None: - return active - return adapter(name, value, active) - return continuation - -DEPRECATED = frozenset([ - *PSA_DEPRECATED_FEATURE -]) -def no_deprecated_adapter(adapter): - """Modify an adapter to disable deprecated symbols. - - ``no_deprecated_adapter(adapter)(name, value, active)`` is like - ``adapter(name, value, active)``, but unsets all deprecated symbols - and sets ``MBEDTLS_DEPRECATED_REMOVED``. - """ - def continuation(name, value, active): - if name == 'MBEDTLS_DEPRECATED_REMOVED': - return True - if name in DEPRECATED: - return False - if adapter is None: - return active - return adapter(name, value, active) - return continuation - -def no_platform_adapter(adapter): - """Modify an adapter to disable platform symbols. - - ``no_platform_adapter(adapter)(name, value, active)`` is like - ``adapter(name, value, active)``, but unsets all platform symbols other - ``than MBEDTLS_PLATFORM_C. - """ - def continuation(name, value, active): - # Allow MBEDTLS_PLATFORM_C but remove all other platform symbols. - if name.startswith('MBEDTLS_PLATFORM_') and name != 'MBEDTLS_PLATFORM_C': - return False - if adapter is None: - return active - return adapter(name, value, active) - return continuation - - -class MbedTLSConfigFile(config_common.ConfigFile): - """Representation of an MbedTLS configuration file.""" - - _path_in_tree = 'include/mbedtls/mbedtls_config.h' - default_path = [_path_in_tree, - os.path.join(os.path.dirname(__file__), - os.pardir, - _path_in_tree), - os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))), - _path_in_tree)] - - def __init__(self, filename=None): - super().__init__(self.default_path, 'Mbed TLS', filename) - self.current_section = 'header' - - -class CryptoConfigFile(config_common.ConfigFile): - """Representation of a Crypto configuration file.""" - - # Temporary, while Mbed TLS does not just rely on the TF-PSA-Crypto - # build system to build its crypto library. When it does, the - # condition can just be removed. - _path_in_tree = ('include/psa/crypto_config.h' - if not os.path.isdir(os.path.join(os.path.dirname(__file__), - os.pardir, - 'tf-psa-crypto')) else - 'tf-psa-crypto/include/psa/crypto_config.h') - default_path = [_path_in_tree, - os.path.join(os.path.dirname(__file__), - os.pardir, - _path_in_tree), - os.path.join(os.path.dirname(os.path.abspath(os.path.dirname(__file__))), - _path_in_tree)] - - def __init__(self, filename=None): - super().__init__(self.default_path, 'Crypto', filename) - - -class MbedTLSConfig(config_common.Config): - """Representation of the Mbed TLS configuration. - - See the documentation of the `Config` class for methods to query - and modify the configuration. - """ - - def __init__(self, filename=None): - """Read the Mbed TLS configuration file.""" - - super().__init__() - configfile = MbedTLSConfigFile(filename) - self.configfiles.append(configfile) - self.settings.update({name: config_common.Setting(configfile, active, name, value, section) - for (active, name, value, section) - in configfile.parse_file()}) - - def set(self, name, value=None): - """Set name to the given value and make it active.""" - - if name not in self.settings: - self._get_configfile().templates.append((name, '', '#define ' + name + ' ')) - - super().set(name, value) - - -class CryptoConfig(config_common.Config): - """Representation of the PSA crypto configuration. - - See the documentation of the `Config` class for methods to query - and modify the configuration. - """ - - def __init__(self, filename=None): - """Read the PSA crypto configuration file.""" - - super().__init__() - configfile = CryptoConfigFile(filename) - self.configfiles.append(configfile) - self.settings.update({name: config_common.Setting(configfile, active, name, value, section) - for (active, name, value, section) - in configfile.parse_file()}) - - def set(self, name, value='1'): - """Set name to the given value and make it active.""" - - if name in PSA_UNSUPPORTED_FEATURE: - raise ValueError(f'Feature is unsupported: \'{name}\'') - - if name not in self.settings: - self._get_configfile().templates.append((name, '', '#define ' + name + ' ')) - - super().set(name, value) - - -class CombinedConfig(config_common.Config): - """Representation of MbedTLS and PSA crypto configuration - - See the documentation of the `Config` class for methods to query - and modify the configuration. - """ - - def __init__(self, *configs): - super().__init__() - for config in configs: - if isinstance(config, MbedTLSConfigFile): - self.mbedtls_configfile = config - elif isinstance(config, CryptoConfigFile): - self.crypto_configfile = config - else: - raise ValueError(f'Invalid configfile: {config}') - self.configfiles.append(config) - - self.settings.update({name: config_common.Setting(configfile, active, name, value, section) - for configfile in [self.mbedtls_configfile, self.crypto_configfile] - for (active, name, value, section) in configfile.parse_file()}) - - _crypto_regexp = re.compile(r'^PSA_.*') - def _get_configfile(self, name=None): - """Find a config type for a setting name""" - - if name in self.settings: - return self.settings[name].configfile - elif re.match(self._crypto_regexp, name): - return self.crypto_configfile - else: - return self.mbedtls_configfile - - def set(self, name, value=None): - """Set name to the given value and make it active.""" - - configfile = self._get_configfile(name) - - if configfile == self.crypto_configfile: - if name in PSA_UNSUPPORTED_FEATURE: - raise ValueError(f'Feature is unsupported: \'{name}\'') - - # The default value in the crypto config is '1' - if not value and re.match(self._crypto_regexp, name): - value = '1' - - if name not in self.settings: - configfile.templates.append((name, '', '#define ' + name + ' ')) - - super().set(name, value) - - #pylint: disable=arguments-differ - def write(self, mbedtls_file=None, crypto_file=None): - """Write the whole configuration to the file it was read from. - - If mbedtls_file or crypto_file is specified, write the specific configuration - to the corresponding file instead. - - Two file name parameters and not only one as in the super class as we handle - two configuration files in this class. - """ - - self.mbedtls_configfile.write(self.settings, mbedtls_file) - self.crypto_configfile.write(self.settings, crypto_file) - - def filename(self, name=None): - """Get the name of the config files. - - If 'name' is specified return the name of the config file where it is defined. - """ - - if not name: - return [config.filename for config in [self.mbedtls_configfile, self.crypto_configfile]] - - return self._get_configfile(name).filename - - -class MbedTLSConfigTool(config_common.ConfigTool): - """Command line mbedtls_config.h and crypto_config.h manipulation tool.""" - - def __init__(self): - super().__init__(MbedTLSConfigFile.default_path) - self.config = CombinedConfig(MbedTLSConfigFile(self.args.file), - CryptoConfigFile(self.args.cryptofile)) - - def custom_parser_options(self): - """Adds MbedTLS specific options for the parser.""" - - self.parser.add_argument( - '--cryptofile', '-c', - help="""Crypto file to read (and modify if requested). Default: {}.""" - .format(CryptoConfigFile.default_path)) - - self.add_adapter( - 'baremetal', baremetal_adapter, - """Like full, but exclude features that require platform features - such as file input-output. - """) - self.add_adapter( - 'baremetal_size', baremetal_size_adapter, - """Like baremetal, but exclude debugging features. Useful for code size measurements. - """) - self.add_adapter( - 'full', full_adapter, - """Uncomment most features. - Exclude alternative implementations and platform support options, as well as - some options that are awkward to test. - """) - self.add_adapter( - 'full_no_deprecated', no_deprecated_adapter(full_adapter), - """Uncomment most non-deprecated features. - Like "full", but without deprecated features. - """) - self.add_adapter( - 'full_no_platform', no_platform_adapter(full_adapter), - """Uncomment most non-platform features. Like "full", but without platform features. - """) - self.add_adapter( - 'realfull', realfull_adapter, - """Uncomment all boolean #defines. - Suitable for generating documentation, but not for building. - """) - self.add_adapter( - 'crypto', crypto_adapter(None), - """Only include crypto features. Exclude X.509 and TLS.""") - self.add_adapter( - 'crypto_baremetal', crypto_adapter(baremetal_adapter), - """Like baremetal, but with only crypto features, excluding X.509 and TLS.""") - self.add_adapter( - 'crypto_full', crypto_adapter(full_adapter), - """Like full, but with only crypto features, excluding X.509 and TLS.""") - - -if __name__ == '__main__': - sys.exit(MbedTLSConfigTool().main()) diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt deleted file mode 100644 index 69bec9fe40..0000000000 --- a/scripts/data_files/error.fmt +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Error message information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "tf_psa_crypto_common.h" - -#include "mbedtls/error.h" - -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) - -#if defined(MBEDTLS_ERROR_C) - -#include "mbedtls/platform.h" - -#include -#include - -HEADER_INCLUDED - -static const char *mbedtls_high_level_strerr(int error_code) -{ - int high_level_error_code; - - if (error_code < 0) { - error_code = -error_code; - } - - /* Extract the high-level part from the error code. */ - high_level_error_code = error_code & 0xFF80; - - switch (high_level_error_code) { - /* Begin Auto-Generated Code. */ - HIGH_LEVEL_CODE_CHECKS - /* End Auto-Generated Code. */ - - default: - break; - } - - return NULL; -} - -static const char *mbedtls_low_level_strerr(int error_code) -{ - int low_level_error_code; - - if (error_code < 0) { - error_code = -error_code; - } - - /* Extract the low-level part from the error code. */ - low_level_error_code = error_code & ~0xFF80; - - switch (low_level_error_code) { - /* Begin Auto-Generated Code. */ - LOW_LEVEL_CODE_CHECKS - /* End Auto-Generated Code. */ - - default: - break; - } - - return NULL; -} - -void mbedtls_strerror(int ret, char *buf, size_t buflen) -{ - size_t len; - int use_ret; - const char *high_level_error_description = NULL; - const char *low_level_error_description = NULL; - - if (buflen == 0) { - return; - } - - memset(buf, 0x00, buflen); - - if (ret < 0) { - ret = -ret; - } - - if (ret & 0xFF80) { - use_ret = ret & 0xFF80; - - // Translate high level error code. - high_level_error_description = mbedtls_high_level_strerr(ret); - - if (high_level_error_description == NULL) { - mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); - } else { - mbedtls_snprintf(buf, buflen, "%s", high_level_error_description); - } - -#if defined(MBEDTLS_SSL_TLS_C) - // Early return in case of a fatal error - do not try to translate low - // level code. - if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) { - return; - } -#endif /* MBEDTLS_SSL_TLS_C */ - } - - use_ret = ret & ~0xFF80; - - if (use_ret == 0) { - return; - } - - // If high level code is present, make a concatenation between both - // error strings. - // - len = strlen(buf); - - if (len > 0) { - if (buflen - len < 5) { - return; - } - - mbedtls_snprintf(buf + len, buflen - len, " : "); - - buf += len + 3; - buflen -= len + 3; - } - - // Translate low level error code. - low_level_error_description = mbedtls_low_level_strerr(ret); - - if (low_level_error_description == NULL) { - mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); - } else { - mbedtls_snprintf(buf, buflen, "%s", low_level_error_description); - } -} - -#else /* MBEDTLS_ERROR_C */ - -/* - * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined - */ -void mbedtls_strerror(int ret, char *buf, size_t buflen) -{ - ((void) ret); - - if (buflen > 0) { - buf[0] = '\0'; - } -} - -#endif /* MBEDTLS_ERROR_C */ - -#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt deleted file mode 100644 index 603c7dd200..0000000000 --- a/scripts/data_files/query_config.fmt +++ /dev/null @@ -1,63 +0,0 @@ -/* -*-c-*- - * Query Mbed TLS compile time configurations from mbedtls_config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "query_config.h" - -#include "mbedtls/platform.h" -#include - -/* Work around https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/393 */ -#if defined(MBEDTLS_HAVE_TIME) -#include -#endif - -/* *INDENT-OFF* */ -INCLUDE_HEADERS -/* *INDENT-ON* */ - -/* - * Helper macros to convert a macro or its expansion into a string - * WARNING: This does not work for expanding function-like macros. However, - * Mbed TLS does not currently have configuration options used in this fashion. - */ -#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro) -#define MACRO_NAME_TO_STR(macro) \ - mbedtls_printf("%s", strlen( #macro "") > 0 ? #macro "\n" : "") - -#define STRINGIFY(macro) #macro -#define OUTPUT_MACRO_NAME_VALUE(macro) mbedtls_printf( #macro "%s\n", \ - (STRINGIFY(macro) "")[0] != 0 ? "=" STRINGIFY( \ - macro) : "") - -#if defined(_MSC_VER) -/* - * Visual Studio throws the warning 4003 because many Mbed TLS feature macros - * are defined empty. This means that from the preprocessor's point of view - * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as - * some macros expand to nothing. We suppress that specific warning to get a - * clean build and to ensure that tests treating warnings as errors do not - * fail. - */ -#pragma warning(push) -#pragma warning(disable:4003) -#endif /* _MSC_VER */ - -int query_config(const char *config) -{ - CHECK_CONFIG /* If the symbol is not found, return an error */ - return 1; -} - -void list_config(void) -{ - LIST_CONFIG -} -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt deleted file mode 100644 index fc71f5d777..0000000000 --- a/scripts/data_files/version_features.fmt +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Version feature information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "ssl_misc.h" - -#if defined(MBEDTLS_VERSION_C) - -#include "mbedtls/version.h" - -#include - -static const char * const features[] = { -#if defined(MBEDTLS_VERSION_FEATURES) - FEATURE_DEFINES -#endif /* MBEDTLS_VERSION_FEATURES */ - NULL -}; - -int mbedtls_version_check_feature(const char *feature) -{ - const char * const *idx = features; - - if (*idx == NULL) { - return -2; - } - - if (feature == NULL) { - return -1; - } - - if (strncmp(feature, "MBEDTLS_", 8)) { - return -1; - } - - feature += 8; - - while (*idx != NULL) { - if (!strcmp(*idx, feature)) { - return 0; - } - idx++; - } - return -1; -} - -#endif /* MBEDTLS_VERSION_C */ diff --git a/scripts/data_files/vs2017-app-template.vcxproj b/scripts/data_files/vs2017-app-template.vcxproj deleted file mode 100644 index 36ca317052..0000000000 --- a/scripts/data_files/vs2017-app-template.vcxproj +++ /dev/null @@ -1,175 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - - Win32Proj - - - - - Application - true - Unicode - v141 - - - Application - true - Unicode - v141 - - - Application - false - true - Unicode - v141 - - - Application - false - true - Unicode - v141 - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - bcrypt.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - bcrypt.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - true - true - Release - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Console - true - true - true - Release - bcrypt.lib;%(AdditionalDependencies) - - - - - - diff --git a/scripts/data_files/vs2017-main-template.vcxproj b/scripts/data_files/vs2017-main-template.vcxproj deleted file mode 100644 index 448f9cd956..0000000000 --- a/scripts/data_files/vs2017-main-template.vcxproj +++ /dev/null @@ -1,163 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - {46CF2D25-6A36-4189-B59C-E4815388E554} - Win32Proj - mbedTLS - - - - StaticLibrary - true - Unicode - v141 - - - StaticLibrary - true - Unicode - v141 - - - StaticLibrary - false - true - Unicode - v141 - - - StaticLibrary - false - true - Unicode - v141 - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - CompileAsC - - - Windows - true - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - Disabled - _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - CompileAsC - - - Windows - true - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Windows - true - true - true - bcrypt.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -INCLUDE_DIRECTORIES - - - - Windows - true - true - true - - - -HEADER_ENTRIES - - -SOURCE_ENTRIES - - - - - diff --git a/scripts/data_files/vs2017-sln-template.sln b/scripts/data_files/vs2017-sln-template.sln deleted file mode 100644 index 80efb10832..0000000000 --- a/scripts/data_files/vs2017-sln-template.sln +++ /dev/null @@ -1,30 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio 2017 -VisualStudioVersion = 15.0.26228.4 -MinimumVisualStudioVersion = 15.0.26228.4 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" -EndProject -APP_ENTRIES -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.ActiveCfg = Debug|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.Build.0 = Debug|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.ActiveCfg = Debug|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.Build.0 = Debug|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.ActiveCfg = Release|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64 -CONF_ENTRIES - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt deleted file mode 100644 index 7b002ec78d..0000000000 --- a/scripts/driver.requirements.txt +++ /dev/null @@ -1,19 +0,0 @@ -# Python package requirements for driver implementers. - -# Jinja2 <3.0 needs an older version of markupsafe, but does not -# declare it. -# https://github.com/pallets/markupsafe/issues/282 -# https://github.com/pallets/jinja/issues/1585 -markupsafe < 2.1 - -# Use the version of Jinja that's in Ubuntu 20.04. -# See https://github.com/Mbed-TLS/mbedtls/pull/5067#discussion_r738794607 . -# Note that Jinja 3.0 drops support for Python 3.5, so we need to support -# Jinja 2.x as long as we're still using Python 3.5 anywhere. -# Jinja 2.10.1 doesn't support Python 3.10+ -Jinja2 >= 2.10.1; python_version < '3.10' -Jinja2 >= 2.10.3; python_version >= '3.10' -# Jinja2 >=2.10, <3.0 needs a separate package for type annotations -types-Jinja2 >= 2.11.9 -jsonschema >= 3.2.0 -types-jsonschema >= 3.2.0 diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py deleted file mode 100755 index 6146e881c9..0000000000 --- a/scripts/ecp_comb_table.py +++ /dev/null @@ -1,237 +0,0 @@ -#!/usr/bin/env python3 -""" -Purpose - -This script dumps comb table of ec curve. When you add a new ec curve, you -can use this script to generate codes to define `_T` in ecp_curves.c -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import os -import subprocess -import sys -import tempfile - -HOW_TO_ADD_NEW_CURVE = """ -If you are trying to add new curve, you can follow these steps: - -1. Define curve parameters (_p, _gx, etc...) in ecp_curves.c. -2. Add a macro to define _T to NULL following these parameters. -3. Build mbedcrypto -4. Run this script with an argument of new curve -5. Copy the output of this script into ecp_curves.c and replace the macro added - in Step 2 -6. Rebuild and test if everything is ok - -Replace the in the above with the name of the curve you want to add.""" - -CC = os.getenv('CC', 'cc') -MBEDTLS_LIBRARY_PATH = os.getenv('MBEDTLS_LIBRARY_PATH', "library") - -SRC_DUMP_COMB_TABLE = r''' -#include -#include -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" - -static void dump_mpi_initialize( const char *name, const mbedtls_mpi *d ) -{ - uint8_t buf[128] = {0}; - size_t olen; - uint8_t *p; - - olen = mbedtls_mpi_size( d ); - mbedtls_mpi_write_binary_le( d, buf, olen ); - printf("static const mbedtls_mpi_uint %s[] = {\n", name); - for (p = buf; p < buf + olen; p += 8) { - printf( " BYTES_TO_T_UINT_8( 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X ),\n", - p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7] ); - } - printf("};\n"); -} - -static void dump_T( const mbedtls_ecp_group *grp ) -{ - char name[128]; - - printf( "#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1\n" ); - - for (size_t i = 0; i < grp->T_size; ++i) { - snprintf( name, sizeof(name), "%s_T_%zu_X", CURVE_NAME, i ); - dump_mpi_initialize( name, &grp->T[i].X ); - - snprintf( name, sizeof(name), "%s_T_%zu_Y", CURVE_NAME, i ); - dump_mpi_initialize( name, &grp->T[i].Y ); - } - printf( "static const mbedtls_ecp_point %s_T[%zu] = {\n", CURVE_NAME, grp->T_size ); - size_t olen; - for (size_t i = 0; i < grp->T_size; ++i) { - int z; - if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 0) == 0 ) { - z = 0; - } else if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 1) == 0 ) { - z = 1; - } else { - fprintf( stderr, "Unexpected value of Z (i = %d)\n", (int)i ); - exit( 1 ); - } - printf( " ECP_POINT_INIT_XY_Z%d(%s_T_%zu_X, %s_T_%zu_Y),\n", - z, - CURVE_NAME, i, - CURVE_NAME, i - ); - } - printf("};\n#endif\n\n"); -} - -int main() -{ - int rc; - mbedtls_mpi m; - mbedtls_ecp_point R; - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init( &grp ); - rc = mbedtls_ecp_group_load( &grp, CURVE_ID ); - if (rc != 0) { - char buf[100]; - mbedtls_strerror( rc, buf, sizeof(buf) ); - fprintf( stderr, "mbedtls_ecp_group_load: %s (-0x%x)\n", buf, -rc ); - return 1; - } - grp.T = NULL; - mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &m); - mbedtls_mpi_lset( &m, 1 ); - rc = mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ); - if ( rc != 0 ) { - char buf[100]; - mbedtls_strerror( rc, buf, sizeof(buf) ); - fprintf( stderr, "mbedtls_ecp_mul: %s (-0x%x)\n", buf, -rc ); - return 1; - } - if ( grp.T == NULL ) { - fprintf( stderr, "grp.T is not generated. Please make sure" - "MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in mbedtls_config.h\n" ); - return 1; - } - dump_T( &grp ); - return 0; -} -''' - -SRC_DUMP_KNOWN_CURVE = r''' -#include -#include -#include "mbedtls/ecp.h" - -int main() { - const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list(); - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init( &grp ); - while ( info->name != NULL ) { - mbedtls_ecp_group_load( &grp, info->grp_id ); - if ( mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) { - printf( " %s", info->name ); - } - info++; - } - printf( "\n" ); - return 0; -} -''' - - -def join_src_path(*args): - return os.path.normpath(os.path.join(os.path.dirname(__file__), "..", *args)) - - -def run_c_source(src, cflags): - """ - Compile and run C source code - :param src: the c language code to run - :param cflags: additional cflags passing to compiler - :return: - """ - binname = tempfile.mktemp(prefix="mbedtls") - fd, srcname = tempfile.mkstemp(prefix="mbedtls", suffix=".c") - srcfile = os.fdopen(fd, mode="w") - srcfile.write(src) - srcfile.close() - args = [CC, - *cflags, - '-I' + join_src_path("include"), - "-o", binname, - '-L' + MBEDTLS_LIBRARY_PATH, - srcname, - '-lmbedcrypto'] - - p = subprocess.run(args=args, check=False) - if p.returncode != 0: - return False - p = subprocess.run(args=[binname], check=False, env={ - 'LD_LIBRARY_PATH': MBEDTLS_LIBRARY_PATH - }) - if p.returncode != 0: - return False - os.unlink(srcname) - os.unlink(binname) - return True - - -def compute_curve(curve): - """compute comb table for curve""" - r = run_c_source( - SRC_DUMP_COMB_TABLE, - [ - '-g', - '-DCURVE_ID=MBEDTLS_ECP_DP_%s' % curve.upper(), - '-DCURVE_NAME="%s"' % curve.lower(), - ]) - if not r: - print("""\ -Unable to compile and run utility.""", file=sys.stderr) - sys.exit(1) - - -def usage(): - print(""" -Usage: python %s ... - -Arguments: - curve Specify one or more curve names (e.g secp256r1) - -All possible curves: """ % sys.argv[0]) - run_c_source(SRC_DUMP_KNOWN_CURVE, []) - print(""" -Environment Variable: - CC Specify which c compile to use to compile utility. - MBEDTLS_LIBRARY_PATH - Specify the path to mbedcrypto library. (e.g. build/library/) - -How to add a new curve: %s""" % HOW_TO_ADD_NEW_CURVE) - - -def run_main(): - shared_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.so")) - static_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.a")) - if not os.path.exists(shared_lib_path) and not os.path.exists(static_lib_path): - print("Warning: both '%s' and '%s' are not exists. This script will use " - "the library from your system instead of the library compiled by " - "this source directory.\n" - "You can specify library path using environment variable " - "'MBEDTLS_LIBRARY_PATH'." % (shared_lib_path, static_lib_path), - file=sys.stderr) - - if len(sys.argv) <= 1: - usage() - else: - for curve in sys.argv[1:]: - compute_curve(curve) - - -if __name__ == '__main__': - run_main() diff --git a/scripts/footprint.sh b/scripts/footprint.sh deleted file mode 100755 index f41c7454d1..0000000000 --- a/scripts/footprint.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# This script determines ROM size (or code size) for the standard Mbed TLS -# configurations, when built for a Cortex M3/M4 target. -# -# Configurations included: -# default include/mbedtls/mbedtls_config.h -# thread configs/config-thread.h -# suite-b configs/config-suite-b.h -# psk configs/config-ccm-psk-tls1_2.h -# -# Usage: footprint.sh -# -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' -CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h' - -if [ ! -r $CONFIG_H ]; then - echo "$CONFIG_H not found" >&2 - echo "This script needs to be run from the root of" >&2 - echo "a git checkout or uncompressed tarball" >&2 - exit 1 -fi - -if [ ! -r $CRYPTO_CONFIG_H ]; then - echo "$CRYPTO_CONFIG_H not found" >&2 - echo "This script needs to be run from the root of" >&2 - echo "a git checkout or uncompressed tarball" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then - echo "Not compatible with CMake" >&2 - exit 1 -fi - -if which arm-none-eabi-gcc >/dev/null 2>&1; then :; else - echo "You need the ARM-GCC toolchain in your path" >&2 - echo "See https://launchpad.net/gcc-arm-embedded/" >&2 - exit 1 -fi - -ARMGCC_FLAGS='-Os -march=armv7-m -mthumb' -OUTFILE='00-footprint-summary.txt' - -log() -{ - echo "$@" - echo "$@" >> "$OUTFILE" -} - -doit() -{ - NAME="$1" - FILE="$2" - - log "" - log "$NAME ($FILE):" - - cp $CONFIG_H ${CONFIG_H}.bak - cp $CRYPTO_CONFIG_H ${CRYPTO_CONFIG_H}.bak - if [ "$FILE" != $CONFIG_H ]; then - CRYPTO_FILE="${FILE%/*}/crypto-${FILE##*/}" - cp "$FILE" $CONFIG_H - cp "$CRYPTO_FILE" $CRYPTO_CONFIG_H - fi - - { - scripts/config.py unset MBEDTLS_HAVE_TIME || true - scripts/config.py unset MBEDTLS_HAVE_TIME_DATE || true - scripts/config.py unset MBEDTLS_NET_C || true - scripts/config.py unset MBEDTLS_TIMING_C || true - scripts/config.py unset MBEDTLS_FS_IO || true - scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C || true - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C || true - scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY || true - # Force the definition of MBEDTLS_PSA_DRIVER_GET_ENTROPY as it may - # not exist in custom configurations. - scripts/config.py --force -f ${CRYPTO_CONFIG_H} set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true - } >/dev/null 2>&1 - - make -f scripts/legacy.make clean >/dev/null - CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld \ - CFLAGS="$ARMGCC_FLAGS" make -f scripts/legacy.make lib >/dev/null - - OUT="size-${NAME}.txt" - arm-none-eabi-size -t library/libmbed*.a > "$OUT" - log "$( head -n1 "$OUT" )" - log "$( tail -n1 "$OUT" )" - - mv ${CONFIG_H}.bak $CONFIG_H - mv ${CRYPTO_CONFIG_H}.bak $CRYPTO_CONFIG_H -} - -# truncate the file just this time -echo "(generated by $0)" > "$OUTFILE" -echo "" >> "$OUTFILE" - -log "Footprint of standard configurations (minus net_sockets.c, timing.c, fs_io)" -log "for bare-metal ARM Cortex-M3/M4 microcontrollers." - -VERSION_H="include/mbedtls/version.h" -MBEDTLS_VERSION=$( sed -n 's/.*VERSION_STRING *"\(.*\)"/\1/p' $VERSION_H ) -if git rev-parse HEAD >/dev/null; then - GIT_HEAD=$( git rev-parse HEAD | head -c 10 ) - GIT_VERSION=" (git head: $GIT_HEAD)" -else - GIT_VERSION="" -fi - -log "" -log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION" -log "$( arm-none-eabi-gcc --version | head -n1 )" -log "CFLAGS=$ARMGCC_FLAGS" - -doit default include/mbedtls/mbedtls_config.h -doit thread configs/config-thread.h -doit suite-b configs/config-suite-b.h -doit psk configs/config-ccm-psk-tls1_2.h - -zip mbedtls-footprint.zip "$OUTFILE" size-*.txt >/dev/null diff --git a/scripts/framework_scripts_path.py b/scripts/framework_scripts_path.py deleted file mode 100644 index 4d4a440c23..0000000000 --- a/scripts/framework_scripts_path.py +++ /dev/null @@ -1,17 +0,0 @@ -"""Add our Python library directory to the module search path. - -Usage: - - import framework_scripts_path # pylint: disable=unused-import -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import os -import sys - -sys.path.append(os.path.join(os.path.dirname(__file__), - os.path.pardir, - 'framework', 'scripts')) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py deleted file mode 100755 index bae93c3662..0000000000 --- a/scripts/generate_config_checks.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env python3 - -"""Generate C preprocessor code to check for bad configurations. -""" - -from typing import Iterator - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework.config_checks_generator import * \ - #pylint: disable=wildcard-import,unused-wildcard-import -from mbedtls_framework import config_history - -class CryptoInternal(SubprojectInternal): - SUBPROJECT = 'TF-PSA-Crypto' - -class CryptoOption(SubprojectOption): - SUBPROJECT = 'psa/crypto_config.h' - -ALWAYS_ENABLED_SINCE_4_0 = frozenset([ - 'MBEDTLS_PSA_CRYPTO_CONFIG', - 'MBEDTLS_USE_PSA_CRYPTO', -]) - -def checkers_for_removed_options() -> Iterator[Checker]: - """Discover removed options. Yield corresponding checkers.""" - history = config_history.ConfigHistory() - old_public = history.options('mbedtls', '3.6') - new_public = history.options('mbedtls', '4.0') - crypto_public = history.options('tfpsacrypto', '1.0') - crypto_internal = history.internal('tfpsacrypto', '1.0') - for option in sorted(old_public - new_public): - if option in ALWAYS_ENABLED_SINCE_4_0: - continue - if option in crypto_public: - yield CryptoOption(option) - elif option in crypto_internal: - yield CryptoInternal(option) - else: - yield Removed(option, 'Mbed TLS 4.0') - -def all_checkers() -> Iterator[Checker]: - """Yield all checkers.""" - yield from checkers_for_removed_options() - -MBEDTLS_CHECKS = BranchData( - header_directory='library', - header_prefix='mbedtls_', - project_cpp_prefix='MBEDTLS', - checkers=list(all_checkers()), -) - -if __name__ == '__main__': - main(MBEDTLS_CHECKS) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl deleted file mode 100755 index dab3a0c703..0000000000 --- a/scripts/generate_errors.pl +++ /dev/null @@ -1,267 +0,0 @@ -#!/usr/bin/env perl - -# Generate error.c -# -# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments, -# or generate_errors.pl crypto_include_dir tls_include_dir data_dir error_file -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; -use warnings; - -my ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file); - -if( @ARGV ) { - die "Invalid number of arguments" if scalar @ARGV != 4; - ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file) = @ARGV; - - -d $crypto_include_dir or die "No such directory: $crypto_include_dir\n"; - -d $tls_include_dir or die "No such directory: $tls_include_dir\n"; - -d $data_dir or die "No such directory: $data_dir\n"; -} else { - $crypto_include_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls'; - $tls_include_dir = 'include/mbedtls'; - $data_dir = 'scripts/data_files'; - $error_file = 'library/error.c'; - - unless( -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir ) { - chdir '..' or die; - -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir - or die "Without arguments, must be run from root or scripts\n" - } -} - -my $error_format_file = $data_dir.'/error.fmt'; - -my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM - CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG - ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 - NET PBKDF2 PLATFORM POLY1305 RIPEMD160 - SHA1 SHA256 SHA512 SHA3 THREADING ); -my @high_level_modules = qw( CIPHER ECP MD - PEM PK PKCS12 PKCS5 - RSA SSL X509 PKCS7 ); - -undef $/; - -open(FORMAT_FILE, '<:crlf', "$error_format_file") or die "Opening error format file '$error_format_file': $!"; -my $error_format = ; -close(FORMAT_FILE); - -my @files = glob qq("$crypto_include_dir/*.h"); -push(@files, glob qq("$tls_include_dir/*.h")); - -push(@files, glob qq("$crypto_include_dir/private/*.h")); -push(@files, glob qq("$tls_include_dir/private/*.h")); - -my @necessary_include_files; -my @matches; -foreach my $file (@files) { - open(FILE, '<:crlf', $file) or die("$0: $file: $!"); - my $content = ; - close FILE; - my $found = 0; - while ($content =~ m[ - # Both the before-comment and the after-comment are optional. - # Only the comment content is a regex capture group. The comment - # start and end parts are outside the capture group. - (?:/\*[*!](?!<) # Doxygen before-comment start - ((?:[^*]|\*+[^*/])*) # $1: Comment content (no */ inside) - \*/)? # Comment end - \s*\#\s*define\s+(MBEDTLS_ERR_\w+) # $2: name - \s+\-(0[Xx][0-9A-Fa-f]+)\s* # $3: value (without the sign) - (?:/\*[*!]< # Doxygen after-comment start - ((?:[^*]|\*+[^*/])*) # $4: Comment content (no */ inside) - \*/)? # Comment end - ]gsx) { - my ($before, $name, $value, $after) = ($1, $2, $3, $4); - # Discard Doxygen comments that are coincidentally present before - # an error definition but not attached to it. This is ad hoc, based - # on what actually matters (or mattered at some point). - undef $before if defined($before) && $before =~ /\s*\\name\s/s; - die "Description neither before nor after $name in $file\n" - if !defined($before) && !defined($after); - die "Description both before and after $name in $file\n" - if defined($before) && defined($after); - my $description = (defined($before) ? $before : $after); - $description =~ s/^\s+//; - $description =~ s/\n( *\*)? */ /g; - $description =~ s/\.?\s+$//; - push @matches, [$name, $value, $description, scalar($file =~ /^.*private\/[^\/]+$/)]; - ++$found; - } - if ($found) { - my $include_name = $file; - $include_name =~ s!.*/!!; - $include_name = "error.h" if ($include_name eq "error_common.h"); - push @necessary_include_files, $include_name; - } -} - -my @ll_old_define = ("", "", ""); -my @hl_old_define = ("", "", ""); - -my $ll_code_check = ""; -my $hl_code_check = ""; - -my $headers = ""; -my %included_headers; - -my %error_codes_seen; - -foreach my $match (@matches) -{ - my ($error_name, $error_code, $description, $is_private_header) = @$match; - - die "Duplicated error code: $error_code ($error_name)\n" - if( $error_codes_seen{$error_code}++ ); - - $description =~ s/\\/\\\\/g; - - my ($module_name) = $error_name =~ /^MBEDTLS_ERR_([^_]+)/; - - # Fix faulty ones - $module_name = "BIGNUM" if ($module_name eq "MPI"); - $module_name = "CTR_DRBG" if ($module_name eq "CTR"); - $module_name = "HMAC_DRBG" if ($module_name eq "HMAC"); - - my $define_name = $module_name; - $define_name = "X509_USE,X509_CREATE" if ($define_name eq "X509"); - $define_name = "ASN1_PARSE" if ($define_name eq "ASN1"); - $define_name = "SSL_TLS" if ($define_name eq "SSL"); - $define_name = "PEM_PARSE,PEM_WRITE" if ($define_name eq "PEM"); - $define_name = "PKCS7" if ($define_name eq "PKCS7"); - $define_name = "ALG_SHA3_224,ALG_SHA3_256,ALG_SHA3_384,ALG_SHA3_512" - if ($define_name eq "SHA3"); - - my $define_prefix = "MBEDTLS_"; - $define_prefix = "PSA_WANT_" if ($module_name eq "SHA3"); - - my $define_suffix = "_C"; - $define_suffix = "" if ($module_name eq "SHA3"); - - my $include_name = $module_name; - $include_name =~ tr/A-Z/a-z/; - - # Fix faulty ones - $include_name = "net_sockets" if ($module_name eq "NET"); - - $included_headers{"${include_name}.h"} = $module_name; - - my $found_ll = grep $_ eq $module_name, @low_level_modules; - my $found_hl = grep $_ eq $module_name, @high_level_modules; - if (!$found_ll && !$found_hl) - { - printf("Error: Do not know how to handle: $module_name\n"); - exit 1; - } - - my $code_check; - my $old_define; - my $white_space; - my $first; - - if ($found_ll) - { - $code_check = \$ll_code_check; - $old_define = \@ll_old_define; - $white_space = ' '; - } - else - { - $code_check = \$hl_code_check; - $old_define = \@hl_old_define; - $white_space = ' '; - } - - my $old_define_name = \${$old_define}[0]; - my $old_define_prefix = \${$old_define}[1]; - my $old_define_suffix = \${$old_define}[2]; - - if ($define_name ne ${$old_define_name}) - { - if (${$old_define_name} ne "") - { - ${$code_check} .= "#endif /* "; - $first = 0; - foreach my $dep (split(/,/, ${$old_define_name})) - { - ${$code_check} .= " || \n " if ($first++); - ${$code_check} .= "${$old_define_prefix}${dep}${$old_define_suffix}"; - } - ${$code_check} .= " */\n\n"; - } - - ${$code_check} .= "#if "; - $headers .= "#if " if ($include_name ne ""); - $first = 0; - foreach my $dep (split(/,/, ${define_name})) - { - ${$code_check} .= " || \\\n " if ($first); - $headers .= " || \\\n " if ($first++); - - ${$code_check} .= "defined(${define_prefix}${dep}${define_suffix})"; - $headers .= "defined(${define_prefix}${dep}${define_suffix})" - if ($include_name ne ""); - } - ${$code_check} .= "\n"; - - if ($is_private_header) { - $include_name = "private/" . $include_name; - } - - $headers .= "\n#include \"mbedtls/${include_name}.h\"\n". - "#endif\n\n" if ($include_name ne ""); - ${$old_define_name} = $define_name; - ${$old_define_prefix} = $define_prefix; - ${$old_define_suffix} = $define_suffix; - } - - ${$code_check} .= "${white_space}case -($error_name):\n". - "${white_space} return( \"$module_name - $description\" );\n" -}; - -if ($ll_old_define[0] ne "") -{ - $ll_code_check .= "#endif /* "; - my $first = 0; - foreach my $dep (split(/,/, $ll_old_define[0])) - { - $ll_code_check .= " || \n " if ($first++); - $ll_code_check .= "${ll_old_define[1]}${dep}${ll_old_define[2]}"; - } - $ll_code_check .= " */\n"; -} -if ($hl_old_define[0] ne "") -{ - $hl_code_check .= "#endif /* "; - my $first = 0; - foreach my $dep (split(/,/, $hl_old_define[0])) - { - $hl_code_check .= " || \n " if ($first++); - $hl_code_check .= "${hl_old_define[1]}${dep}${hl_old_define[2]}"; - } - $hl_code_check .= " */\n"; -} - -$error_format =~ s/HEADER_INCLUDED\n/$headers/g; -$error_format =~ s/ *LOW_LEVEL_CODE_CHECKS\n/$ll_code_check/g; -$error_format =~ s/ *HIGH_LEVEL_CODE_CHECKS\n/$hl_code_check/g; - -open(ERROR_FILE, ">$error_file") or die "Opening destination file '$error_file': $!"; -print ERROR_FILE $error_format; -close(ERROR_FILE); - -my $errors = 0; -for my $include_name (@necessary_include_files) -{ - if (not $included_headers{$include_name}) - { - print STDERR "The header file \"$include_name\" defines error codes but has not been included!\n"; - ++$errors; - } -} - -exit !!$errors; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl deleted file mode 100755 index 5e50ca6a4e..0000000000 --- a/scripts/generate_features.pl +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my ($include_dir, $data_dir, $feature_file); - -if( @ARGV ) { - die "Invalid number of arguments" if scalar @ARGV != 3; - ($include_dir, $data_dir, $feature_file) = @ARGV; - - -d $include_dir or die "No such directory: $include_dir\n"; - -d $data_dir or die "No such directory: $data_dir\n"; -} else { - $include_dir = 'include/mbedtls'; - $data_dir = 'scripts/data_files'; - $feature_file = 'library/version_features.c'; - - unless( -d $include_dir && -d $data_dir ) { - chdir '..' or die; - -d $include_dir && -d $data_dir - or die "Without arguments, must be run from root or scripts\n" - } -} - -my $feature_format_file = $data_dir.'/version_features.fmt'; - -my @sections = ( "Platform abstraction layer", "General configuration options", - "TLS feature selection", "X.509 feature selection" ); - -my $line_separator = $/; -undef $/; - -open(FORMAT_FILE, '<:crlf', "$feature_format_file") or die "Opening feature format file '$feature_format_file': $!"; -my $feature_format = ; -close(FORMAT_FILE); - -$/ = $line_separator; - -open(CONFIG_H, '<:crlf', "$include_dir/mbedtls_config.h") || die("Failure when opening mbedtls_config.h: $!"); - -my $feature_defines = ""; -my $in_section = 0; - -while (my $line = ) -{ - next if ($in_section && $line !~ /#define/ && $line !~ /SECTION/); - next if (!$in_section && $line !~ /SECTION/); - - if ($in_section) { - if ($line =~ /SECTION/) { - $in_section = 0; - next; - } - # Strip leading MBEDTLS_ to save binary size - my ($mbedtls_prefix, $define) = $line =~ /#define (MBEDTLS_)?(\w+)/; - if (!$mbedtls_prefix) { - die "Feature does not start with 'MBEDTLS_': $line\n"; - } - $feature_defines .= "#if defined(MBEDTLS_${define})\n"; - $feature_defines .= " \"${define}\", //no-check-names\n"; - $feature_defines .= "#endif /* MBEDTLS_${define} */\n"; - } - - if (!$in_section) { - my ($section_name) = $line =~ /SECTION: ([\w ]+)/; - my $found_section = grep $_ eq $section_name, @sections; - - $in_section = 1 if ($found_section); - } -}; - -$feature_format =~ s/FEATURE_DEFINES\n/$feature_defines/g; - -open(ERROR_FILE, ">$feature_file") or die "Opening destination file '$feature_file': $!"; -print ERROR_FILE $feature_format; -close(ERROR_FILE); diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl deleted file mode 100755 index 99128ca7ac..0000000000 --- a/scripts/generate_query_config.pl +++ /dev/null @@ -1,147 +0,0 @@ -#! /usr/bin/env perl - -# Generate query_config.c -# -# The file query_config.c contains a C function that can be used to check if -# a configuration macro is defined and to retrieve its expansion in string -# form (if any). This facilitates querying the compile time configuration of -# the library, for example, for testing. -# -# The query_config.c is generated from the default configuration files -# include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h. -# The idea is that mbedtls_config.h and crypto_config.h contain ALL the -# compile time configurations available in Mbed TLS (commented or uncommented). -# This script extracts the configuration macros from the two files and this -# information is used to automatically generate the body of the query_config() -# function by using the template in scripts/data_files/query_config.fmt. -# -# Usage: scripts/generate_query_config.pl without arguments, or -# generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file); - -my $default_mbedtls_config_file = "./include/mbedtls/mbedtls_config.h"; -my $default_psa_crypto_config_file = "./tf-psa-crypto/include/psa/crypto_config.h"; -my $default_query_config_format_file = "./scripts/data_files/query_config.fmt"; -my $default_query_config_file = "./programs/test/query_config.c"; - -if( @ARGV ) { - die "Invalid number of arguments - usage: $0 [MBED_TLS_CONFIG_FILE PSA_CRYPTO_CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 4; - ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file) = @ARGV; - - -f $mbedtls_config_file or die "No such file: $mbedtls_config_file"; - -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file"; - -f $query_config_format_file or die "No such file: $query_config_format_file"; -} else { - $mbedtls_config_file = $default_mbedtls_config_file; - $psa_crypto_config_file = $default_psa_crypto_config_file; - $query_config_format_file = $default_query_config_format_file; - $query_config_file = $default_query_config_file; - - unless(-f $mbedtls_config_file && -f $query_config_format_file && -f $psa_crypto_config_file) { - chdir '..' or die; - -f $mbedtls_config_file && -f $query_config_format_file && -f $psa_crypto_config_file - or die "No arguments supplied, must be run from project root or a first-level subdirectory\n"; - } -} --f 'include/mbedtls/build_info.h' - or die "$0: must be run from project root, or from a first-level subdirectory with no arguments\n"; - -# Excluded macros from the generated query_config.c. For example, macros that -# have commas or function-like macros cannot be transformed into strings easily -# using the preprocessor, so they should be excluded or the preprocessor will -# throw errors. -my @excluded = qw( -MBEDTLS_SSL_CIPHERSUITES -); -my $excluded_re = join '|', @excluded; - -# This variable will contain the string to replace in the CHECK_CONFIG of the -# format file -my $config_check = ""; -my $list_config = ""; - -for my $config_file ($mbedtls_config_file, $psa_crypto_config_file) { - - next unless defined($config_file); # we might not have been given a PSA crypto config file - - open(CONFIG_FILE, "<", $config_file) or die "Opening config file '$config_file': $!"; - - while (my $line = ) { - if ($line =~ /^(\/\/)?\s*#\s*define\s+(MBEDTLS_\w+|PSA_WANT_\w+).*/) { - my $name = $2; - - # Skip over the macro if it is in the excluded list - next if $name =~ /$excluded_re/; - - $config_check .= <\n"} @header_files); - -# Read the full format file into a string -local $/; -open(FORMAT_FILE, "<", $query_config_format_file) or die "Opening query config format file '$query_config_format_file': $!"; -my $query_config_format = ; -close(FORMAT_FILE); - -# Replace the body of the query_config() function with the code we just wrote -$query_config_format =~ s/INCLUDE_HEADERS/$include_headers/g; -$query_config_format =~ s/CHECK_CONFIG/$config_check/g; -$query_config_format =~ s/LIST_CONFIG/$list_config/g; - -# Rewrite the query_config.c file -open(QUERY_CONFIG_FILE, ">", $query_config_file) or die "Opening destination file '$query_config_file': $!"; -print QUERY_CONFIG_FILE $query_config_format; -close(QUERY_CONFIG_FILE); diff --git a/scripts/legacy.make b/scripts/legacy.make deleted file mode 100644 index b22b8ef8bf..0000000000 --- a/scripts/legacy.make +++ /dev/null @@ -1,204 +0,0 @@ -DESTDIR=/usr/local -PREFIX=mbedtls_ -PERL ?= perl - -ifneq (,$(filter-out lib library/%,$(or $(MAKECMDGOALS),all))) - ifeq (,$(wildcard framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - ifneq (,$(wildcard .git)) - define error_message -${MBEDTLS_PATH}/framework/exported.make not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents. -This is a fatal error - endef - else - define error_message -${MBEDTLS_PATH}/framework/exported.make not found (and does not appear to be a git checkout). Please ensure you have downloaded the right archive from the release page on GitHub. - endef - endif - $(error $(error_message)) - endif - include framework/exported.make -endif - -.SILENT: - -.PHONY: all no_test programs lib tests install uninstall clean test check lcov apidoc apidoc_clean - -all: programs tests - -no_test: programs - -programs: lib mbedtls_test - $(MAKE) -C programs - -ssl-opt: lib mbedtls_test - $(MAKE) -C programs ssl-opt - $(MAKE) -C tests ssl-opt - -lib: - $(MAKE) -C library - -ifndef PSASIM -tests: lib -endif -tests: mbedtls_test - $(MAKE) -C tests - -mbedtls_test: - $(MAKE) -C tests mbedtls_test - -.PHONY: FORCE -FORCE: - -library/%: FORCE - $(MAKE) -C library $* -programs/%: FORCE - $(MAKE) -C programs $* -tests/%: FORCE - $(MAKE) -C tests $* - -.PHONY: generated_files -generated_files: library/generated_files -generated_files: programs/generated_files -generated_files: tests/generated_files - -# Set GEN_FILES to the empty string to disable dependencies on generated -# source files. Then `make generated_files` will only build files that -# are missing, it will not rebuilt files that are present but out of date. -# This is useful, for example, if you have a source tree where -# `make generated_files` has already run and file timestamps reflect the -# time the files were copied or extracted, and you are now in an environment -# that lacks some of the necessary tools to re-generate the files. -# If $(GEN_FILES) is non-empty, the generated source files' dependencies -# are treated ordinarily, based on file timestamps. -GEN_FILES ?= yes - -# In dependencies where the target is a configuration-independent generated -# file, use `TARGET: $(gen_file_dep) DEPENDENCY1 DEPENDENCY2 ...` -# rather than directly `TARGET: DEPENDENCY1 DEPENDENCY2 ...`. This -# enables the re-generation to be turned off when GEN_FILES is disabled. -ifdef GEN_FILES -gen_file_dep = -else -# Order-only dependency: generate the target if it's absent, but don't -# re-generate it if it's present but older than its dependencies. -gen_file_dep = | -endif - -ifndef WINDOWS -install: no_test - mkdir -p $(DESTDIR)/include/mbedtls - cp -rp include/mbedtls $(DESTDIR)/include - cp -rp tf-psa-crypto/drivers/builtin/include/mbedtls $(DESTDIR)/include - mkdir -p $(DESTDIR)/include/psa - cp -rp tf-psa-crypto/include/psa $(DESTDIR)/include - - mkdir -p $(DESTDIR)/lib - cp -RP library/libmbedtls.* $(DESTDIR)/lib - cp -RP library/libmbedx509.* $(DESTDIR)/lib - cp -RP library/libmbedcrypto.* $(DESTDIR)/lib - - mkdir -p $(DESTDIR)/bin - for p in programs/*/* ; do \ - if [ -x $$p ] && [ ! -d $$p ] ; \ - then \ - f=$(PREFIX)`basename $$p` ; \ - cp $$p $(DESTDIR)/bin/$$f ; \ - fi \ - done - -uninstall: - rm -rf $(DESTDIR)/include/mbedtls - rm -rf $(DESTDIR)/include/psa - rm -f $(DESTDIR)/lib/libmbedtls.* - rm -f $(DESTDIR)/lib/libmbedx509.* - rm -f $(DESTDIR)/lib/libmbedcrypto.* - - for p in programs/*/* ; do \ - if [ -x $$p ] && [ ! -d $$p ] ; \ - then \ - f=$(PREFIX)`basename $$p` ; \ - rm -f $(DESTDIR)/bin/$$f ; \ - fi \ - done -endif - -clean: clean_more_on_top - $(MAKE) -C library clean - $(MAKE) -C programs clean - $(MAKE) -C tests clean - -clean_more_on_top: -ifndef WINDOWS - find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + -endif - -neat: clean_more_on_top - $(MAKE) -C library neat - $(MAKE) -C programs neat - $(MAKE) -C tests neat - -ifndef PSASIM -check: lib -endif -check: tests - $(MAKE) -C tests check - -test: check - -ifndef WINDOWS -# For coverage testing: -# 1. Build with: -# make CFLAGS='--coverage -g3 -O0' LDFLAGS='--coverage' -# 2. Run the relevant tests for the part of the code you're interested in. -# For the reference coverage measurement, see -# tests/scripts/basic-build-test.sh -# 3. Run framework/scripts/lcov.sh to generate an HTML report. -lcov: - framework/scripts/lcov.sh - -apidoc: - mkdir -p apidoc - cd doxygen && doxygen mbedtls.doxyfile - -apidoc_clean: - rm -rf apidoc -endif - -## Editor navigation files -C_SOURCE_FILES = $(wildcard \ - include/*/*.h \ - library/*.[hc] \ - tf-psa-crypto/core/*.[hc] \ - tf-psa-crypto/include/*/*.h \ - tf-psa-crypto/drivers/*/include/*/*.h \ - tf-psa-crypto/drivers/*/include/*/*/*.h \ - tf-psa-crypto/drivers/*/include/*/*/*/*.h \ - tf-psa-crypto/drivers/builtin/src/*.[hc] \ - tf-psa-crypto/drivers/*/*.c \ - tf-psa-crypto/drivers/*/*/*.c \ - tf-psa-crypto/drivers/*/*/*/*.c \ - tf-psa-crypto/drivers/*/*/*/*/*.c \ - programs/*/*.[hc] \ - framework/tests/include/*/*.h framework/tests/include/*/*/*.h \ - framework/tests/src/*.c framework/tests/src/*/*.c \ - tests/suites/*.function \ - tf-psa-crypto/tests/suites/*.function \ -) -# Exuberant-ctags invocation. Other ctags implementations may require different options. -CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o -tags: $(C_SOURCE_FILES) - $(CTAGS) $@ $(C_SOURCE_FILES) -TAGS: $(C_SOURCE_FILES) - etags --no-line-directive -o $@ $(C_SOURCE_FILES) -global: GPATH GRTAGS GSYMS GTAGS -GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) - ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc -cscope: cscope.in.out cscope.po.out cscope.out -cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) - cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/core \ - -Itf-psa-crypto/include \ - -Itf-psa-crypto/drivers/builtin/src \ - $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Iframework/tests/include $(C_SOURCE_FILES) -.PHONY: cscope global diff --git a/scripts/maintainer.requirements.txt b/scripts/maintainer.requirements.txt deleted file mode 100644 index b149921a24..0000000000 --- a/scripts/maintainer.requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -# Python packages that are only useful to Mbed TLS maintainers. - --r ci.requirements.txt - -# For source code analyses -clang - -# For building some test vectors -pycryptodomex -pycryptodome-test-vectors diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat deleted file mode 100644 index f10b23b705..0000000000 --- a/scripts/make_generated_files.bat +++ /dev/null @@ -1,15 +0,0 @@ -@rem Generate automatically-generated configuration-independent source files -@rem and build scripts. -@rem Requirements: -@rem * Perl must be on the PATH ("perl" command). -@rem * Python 3.8 or above must be on the PATH ("python" command). -@rem * Either a C compiler called "cc" must be on the PATH, or -@rem the "CC" environment variable must point to a C compiler. - -@rem @@@@ tf-psa-crypto @@@@ -cd tf-psa-crypto -python framework\scripts\make_generated_files.py || exit /b 1 -cd .. - -@rem @@@@ mbedtls @@@@ -python framework\scripts\make_generated_files.py || exit /b 1 diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl deleted file mode 100755 index 52ca606b52..0000000000 --- a/scripts/massif_max.pl +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env perl - -# Parse a massif.out.xxx file and output peak total memory usage -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - -die unless @ARGV == 1; - -my @snaps; -open my $fh, '<', $ARGV[0] or die; -{ local $/ = 'snapshot='; @snaps = <$fh>; } -close $fh or die; - -my ($max, $max_heap, $max_he, $max_stack) = (0, 0, 0, 0); -for (@snaps) -{ - my ($heap, $heap_extra, $stack) = m{ - mem_heap_B=(\d+)\n - mem_heap_extra_B=(\d+)\n - mem_stacks_B=(\d+) - }xm; - next unless defined $heap; - my $total = $heap + $heap_extra + $stack; - if( $total > $max ) { - ($max, $max_heap, $max_he, $max_stack) = ($total, $heap, $heap_extra, $stack); - } -} - -printf "$max (heap $max_heap+$max_he, stack $max_stack)\n"; diff --git a/scripts/abi_check.py b/scripts/mbedtls_framework/abi_check.py similarity index 100% rename from scripts/abi_check.py rename to scripts/mbedtls_framework/abi_check.py diff --git a/scripts/memory.sh b/scripts/memory.sh deleted file mode 100755 index ffce225f2d..0000000000 --- a/scripts/memory.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/sh - -# Measure memory usage of a minimal client using a small configuration -# Currently hardwired to ccm-psk and suite-b, may be expanded later -# -# Use different build options for measuring executable size and memory usage, -# since for memory we want debug information. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' - -CLIENT='mini_client' - -CFLAGS_EXEC='-fno-asynchronous-unwind-tables -Wl,--gc-section -ffunction-sections -fdata-sections' -CFLAGS_MEM=-g3 - -if [ -r $CONFIG_H ]; then :; else - echo "$CONFIG_H not found" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then - echo "Not compatible with CMake" >&2 - exit 1 -fi - -if [ $( uname ) != Linux ]; then - echo "Only work on Linux" >&2 - exit 1 -fi - -if git status | grep -F $CONFIG_H >/dev/null 2>&1; then - echo "mbedtls_config.h not clean" >&2 - exit 1 -fi - -# make measurements with one configuration -# usage: do_config -do_config() -{ - NAME=$1 - UNSET_LIST=$2 - SERVER_ARGS=$3 - - echo "" - echo "config-$NAME:" - cp configs/config-$NAME.h $CONFIG_H - scripts/config.py unset MBEDTLS_SSL_SRV_C - - for FLAG in $UNSET_LIST; do - scripts/config.py unset $FLAG - done - - grep -F SSL_MAX_CONTENT_LEN $CONFIG_H || echo 'SSL_MAX_CONTENT_LEN=16384' - - printf " Executable size... " - - make -f ./scripts/legacy.make clean - CFLAGS=$CFLAGS_EXEC make -f ./scripts/legacy.make OFLAGS=-Os lib >/dev/null 2>&1 - cd programs - CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null - strip ssl/$CLIENT - stat -c '%s' ssl/$CLIENT - cd .. - - printf " Peak ram usage... " - - make -f ./scripts/legacy.make clean - CFLAGS=$CFLAGS_MEM make -f ./scripts/legacy.make OFLAGS=-Os lib >/dev/null 2>&1 - cd programs - CFLAGS=$CFLAGS_MEM make OFLAGS=-Os ssl/$CLIENT >/dev/null - cd .. - - ./ssl_server2 $SERVER_ARGS >/dev/null & - SRV_PID=$! - sleep 1; - - if valgrind --tool=massif --stacks=yes programs/ssl/$CLIENT >/dev/null 2>&1 - then - FAILED=0 - else - echo "client failed" >&2 - FAILED=1 - fi - - kill $SRV_PID - wait $SRV_PID - - scripts/massif_max.pl massif.out.* - mv massif.out.* massif-$NAME.$$ -} - -# preparation - -CONFIG_BAK=${CONFIG_H}.bak -cp $CONFIG_H $CONFIG_BAK - -rm -f massif.out.* - -printf "building server... " - -make -f ./scripts/legacy.make clean -make -f ./scripts/legacy.make lib >/dev/null 2>&1 -(cd programs && make ssl/ssl_server2) >/dev/null -cp programs/ssl/ssl_server2 . - -echo "done" - -# actual measurements - -do_config "ccm-psk-tls1_2" \ - "" \ - "psk=000102030405060708090A0B0C0D0E0F" - -do_config "suite-b" \ - "MBEDTLS_BASE64_C MBEDTLS_PEM_PARSE_C" \ - "" - -# cleanup - -mv $CONFIG_BAK $CONFIG_H -make -f scripts/legacy.make clean -rm ssl_server2 - -exit $FAILED diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py deleted file mode 100755 index a67b761a32..0000000000 --- a/scripts/min_requirements.py +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env python3 -"""Install all the required Python packages, with the minimum Python version. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import os -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import min_requirements - -# The default file is located in the same folder as this script. -DEFAULT_REQUIREMENTS_FILE = 'ci.requirements.txt' - -min_requirements.main(os.path.join(os.path.dirname(__file__), - DEFAULT_REQUIREMENTS_FILE)) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh deleted file mode 100755 index 657d1380d4..0000000000 --- a/scripts/prepare_release.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# prepare_release.sh — Prepare the source tree for a release. -# -# This script switches the repo into “release” mode: -# - Updates all tracked `.gitignore` files to stop -# ignoring the automatically-generated files. -# - Sets the CMake option `GEN_FILES` to OFF to explicitely disable -# recreating the automatically-generated files. -#. - The script will recursively update the tf-psa-crypto files too. - - -set -eu - -# Portable inline sed. Helper function that will automatically pre-pend -# an empty string as the backup suffix (required by macOS sed). -psed() { - # macOS sed does not offer a version - if sed --version >/dev/null 2>&1; then - sed -i "$@" - # macOS/BSD sed - else - sed -i '' "$@" - fi -} - -#### .gitignore processing #### -for GITIGNORE in $(git ls-files --recurse-submodules -- '*.gitignore'); do - psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' "$GITIGNORE" - psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" - psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" -done - -#### Build system #### -psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1OFF/' CMakeLists.txt tf-psa-crypto/CMakeLists.txt diff --git a/scripts/project_name.txt b/scripts/project_name.txt deleted file mode 100644 index a38cf263b6..0000000000 --- a/scripts/project_name.txt +++ /dev/null @@ -1 +0,0 @@ -Mbed TLS diff --git a/scripts/sbom.cdx.json b/scripts/sbom.cdx.json deleted file mode 100644 index 59798d9a05..0000000000 --- a/scripts/sbom.cdx.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "bomFormat": "CycloneDX", - "specVersion": "1.6", - "version": 1, - "metadata": { - "authors": [ - { - "name": "@VCS_SBOM_AUTHORS@" - } - ] - }, - "components": [ - { - "type": "library", - "bom-ref": "pkg:github/Mbed-TLS/mbedtls@@VCS_TAG@", - "cpe": "cpe:2.3:a:trustedfirmware:mbed_tls:@VCS_TAG@:*:*:*:*:*:*:*", - "name": "mbedtls", - "version": "@VCS_VERSION@", - "description": "Implements cryptographic primitives, X.509 certificate manipulation and SSL/TLS and DTLS protocols", - "authors": [ - { - "name": "@VCS_AUTHORS@" - } - ], - "supplier": { - "name": "Trusted Firmware" - }, - "licenses": [ - { - "license": { - "id": "Apache-2.0" - } - }, - { - "license": { - "id": "GPL-2.0-or-later" - } - } - ], - "externalReferences": [ - { - "type": "vcs", - "url": "https://github.com/Mbed-TLS/mbedtls" - } - ] - } - ] -} diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh deleted file mode 100755 index 455f892a21..0000000000 --- a/scripts/tmp_ignore_makefiles.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# Temporarily (de)ignore Makefiles generated by CMake to allow easier -# git development -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -IGNORE="" - -# Parse arguments -# -until [ -z "$1" ] -do - case "$1" in - -u|--undo) - IGNORE="0" - ;; - -v|--verbose) - # Be verbose - VERBOSE="1" - ;; - -h|--help) - # print help - echo "Usage: $0" - echo -e " -h|--help\t\tPrint this help." - echo -e " -u|--undo\t\tRemove ignores and continue tracking." - echo -e " -v|--verbose\t\tVerbose." - exit 1 - ;; - *) - # print error - echo "Unknown argument: '$1'" - exit 1 - ;; - esac - shift -done - -if [ "X" = "X$IGNORE" ]; -then - [ $VERBOSE ] && echo "Ignoring Makefiles" - git update-index --assume-unchanged Makefile library/Makefile programs/Makefile tests/Makefile -else - [ $VERBOSE ] && echo "Tracking Makefiles" - git update-index --no-assume-unchanged Makefile library/Makefile programs/Makefile tests/Makefile -fi diff --git a/tests/.gitignore b/tests/.gitignore deleted file mode 100644 index e58c8f0554..0000000000 --- a/tests/.gitignore +++ /dev/null @@ -1,27 +0,0 @@ -*.sln -*.vcxproj - -*.log -/test_suite* -/data_files/mpi_write -/data_files/hmac_drbg_seed -/data_files/ctr_drbg_seed -/data_files/entropy_seed - -/include/alt-extra/psa/crypto_platform_alt.h -/include/alt-extra/psa/crypto_struct_alt.h -/include/test/instrument_record_status.h - -/src/libmbed* - -/libtestdriver1/* - -###START_GENERATED_FILES### -# Generated source files -/opt-testcases/handshake-generated.sh -/opt-testcases/tls13-compat.sh -/suites/*.generated.data -/suites/test_suite_config.mbedtls_boolean.data -/include/test/test_keys.h -/include/test/test_certs.h -###END_GENERATED_FILES### diff --git a/tests/.jenkins/Jenkinsfile b/tests/.jenkins/Jenkinsfile deleted file mode 100644 index ed04053d22..0000000000 --- a/tests/.jenkins/Jenkinsfile +++ /dev/null @@ -1 +0,0 @@ -mbedtls.run_job() diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt deleted file mode 100644 index d12133d300..0000000000 --- a/tests/CMakeLists.txt +++ /dev/null @@ -1,236 +0,0 @@ -set(libs - ${mbedtls_target} - ${CMAKE_THREAD_LIBS_INIT} -) - -if(NOT MBEDTLS_PYTHON_EXECUTABLE) - message(FATAL_ERROR "Cannot build test suites without Python 3") -endif() - -# generated .data files will go there -file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites) - -# Get base names for generated files -execute_process( - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py - --list-for-cmake - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - OUTPUT_VARIABLE - base_config_generated_data_files) -string(REGEX REPLACE "[^;]*/" "" - base_config_generated_data_files "${base_config_generated_data_files}") - -# Derive generated file paths in the build directory. The generated data -# files go into the suites/ subdirectory. -set(base_generated_data_files - ${base_config_generated_data_files}) -string(REGEX REPLACE "([^;]+)" "suites/\\1" - all_generated_data_files "${base_generated_data_files}") -set(config_generated_data_files "") -foreach(file ${base_config_generated_data_files}) - list(APPEND config_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file}) -endforeach() - -if(GEN_FILES) - add_custom_command( - OUTPUT - ${config_generated_data_files} - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py - --directory ${CMAKE_CURRENT_BINARY_DIR}/suites - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py - # Do not declare the configuration files as dependencies: they - # change too often in ways that don't affect the result - # ((un)commenting some options). - ) - - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py" - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py - ) - add_custom_target(handshake-generated.sh - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) - set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO) - add_dependencies(${ssl_opt_target} handshake-generated.sh) - - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR}/.. - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py" - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py - ) - add_custom_target(tls13-compat.sh - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh) - set_target_properties(tls13-compat.sh PROPERTIES EXCLUDE_FROM_ALL NO) - add_dependencies(${ssl_opt_target} tls13-compat.sh) - -else() - foreach(file ${all_generated_data_files}) - link_to_source(${file}) - endforeach() -endif() -# CMake generates sub-makefiles for each target and calls them in subprocesses. -# Without this command, cmake will generate rules in each sub-makefile. As a result, -# they can cause race conditions in parallel builds. -# With this line, only 4 sub-makefiles include the above command, that reduces -# the risk of a race. -add_custom_target(test_suite_config_generated_data DEPENDS ${config_generated_data_files}) -# If SKIP_TEST_SUITES is not defined with -D, get it from the environment. -if((NOT DEFINED SKIP_TEST_SUITES) AND (DEFINED ENV{SKIP_TEST_SUITES})) - set(SKIP_TEST_SUITES $ENV{SKIP_TEST_SUITES}) -endif() -# Test suites caught by SKIP_TEST_SUITES are built but not executed. -# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" -# but not "test_suite_foobar". -string(REGEX REPLACE "[ ,;]" "|" SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES}") -string(REPLACE "." "\\." SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES_REGEX}") -set(SKIP_TEST_SUITES_REGEX "^(${SKIP_TEST_SUITES_REGEX})(\$|\\.)") - -function(add_test_suite suite_name) - if(ARGV1) - set(data_name ${ARGV1}) - else() - set(data_name ${suite_name}) - endif() - - # Get the test names of the tests with generated .data files - # from the generated_data_files list in parent scope. - set(config_generated_data_names "") - foreach(generated_data_file ${config_generated_data_files}) - # Get the plain filename - get_filename_component(generated_data_name ${generated_data_file} NAME) - # Remove the ".data" extension - get_name_without_last_ext(generated_data_name ${generated_data_name}) - # Remove leading "test_suite_" - string(SUBSTRING ${generated_data_name} 11 -1 generated_data_name) - list(APPEND config_generated_data_names ${generated_data_name}) - endforeach() - - if(";${config_generated_data_names};" MATCHES ";${data_name};") - set(data_file - ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data) - set(dependency test_suite_config_generated_data) - else() - set(data_file - ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data) - set(dependency - test_suite_config_generated_data) - endif() - - add_custom_command( - OUTPUT - # The output filename of generate_test_code.py is derived from the -d - # input argument. - test_suite_${data_name}.c - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py - -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function - -d ${data_file} - -t ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/main_test.function - -p ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/host_test.function - -s ${CMAKE_CURRENT_SOURCE_DIR}/suites - --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/helpers.function - -o . - DEPENDS - ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_code.py - ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function - ${data_file} - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/main_test.function - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/host_test.function - ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/tests/suites/helpers.function - ${mbedtls_target} - BYPRODUCTS - test_suite_${data_name}.datax - ) - - add_executable(test_suite_${data_name} test_suite_${data_name}.c - $ - $) - set_base_compile_options(test_suite_${data_name}) - target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS}) - add_dependencies(test_suite_${data_name} ${dependency}) - target_link_libraries(test_suite_${data_name} ${libs}) - # Include test-specific header files from ./include and private header - # files (used by some invasive tests) from ../library. Public header - # files are automatically included because the library targets declare - # them as PUBLIC. - target_include_directories(test_suite_${data_name} - PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/core - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/src) - # Request C11, which is needed for memory poisoning tests - set_target_properties(test_suite_${data_name} PROPERTIES C_STANDARD 11) - - if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) - message(STATUS "The test suite ${data_name} will not be executed.") - else() - add_test(${data_name}-suite test_suite_${data_name} --verbose) - endif() -endfunction(add_test_suite) - -# Enable definition of various functions used throughout the testsuite -# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless -# on non-POSIX platforms. -add_definitions("-D_POSIX_C_SOURCE=200809L") - -if(CMAKE_COMPILER_IS_CLANG) - set(TEST_C_FLAGS -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code) -endif(CMAKE_COMPILER_IS_CLANG) - -if(MSVC) - # If a warning level has been defined, suppress all warnings for test code - set(TEST_C_FLAGS /W0 /WX-) -endif(MSVC) - -file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data) -list(APPEND test_suites ${all_generated_data_files}) -# If the generated .data files are present in the source tree, we just added -# them twice, both through GLOB and through ${all_generated_data_files}. -list(REMOVE_DUPLICATES test_suites) -list(SORT test_suites) -foreach(test_suite ${test_suites}) - get_filename_component(data_name ${test_suite} NAME) - string(REGEX REPLACE "\\.data\$" "" data_name "${data_name}") - string(REPLACE "test_suite_" "" data_name "${data_name}") - string(REGEX MATCH "[^.]*" function_name "${data_name}") - add_test_suite(${function_name} ${data_name}) -endforeach(test_suite) - -# Make scripts and data files needed for testing available in an -# out-of-source build. -if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/seedfile") - link_to_source(seedfile) - endif() - link_to_source(Descriptions.txt) - link_to_source(compat.sh) - link_to_source(context-info.sh) - link_to_source(../framework/data_files) - link_to_source(scripts) - link_to_source(ssl-opt.sh) - link_to_source(opt-testcases) -endif() diff --git a/tests/Descriptions.txt b/tests/Descriptions.txt deleted file mode 100644 index 8b13bb39f0..0000000000 --- a/tests/Descriptions.txt +++ /dev/null @@ -1,22 +0,0 @@ -test_suites - The various 'test_suite_XXX' programs from the 'tests' directory, executed - using 'make check' (Unix make) or 'make test' (Cmake), include test cases - (reference test vectors, sanity checks, malformed input for parsing - functions, etc.) for all modules except the SSL modules. - -selftests - The 'programs/test/selftest' program runs the 'XXX_self_test()' functions - of each individual module. Most of them are included in the respective - test suite, but some slower ones are only included here. - -compat - The 'tests/compat.sh' script checks interoperability with OpenSSL and - GnuTLS (and ourselves!) for every common ciphersuite, in every TLS - version, both ways (client/server), using client authentication or not. - For each ciphersuite/version/side/authmode it performs a full handshake - and a small data exchange. - -ssl_opt - The 'tests/ssl-opt.sh' script checks various options and/or operations not - covered by compat.sh: session resumption (using session cache or tickets), - renegotiation, SNI, other extensions, etc. diff --git a/tests/Makefile b/tests/Makefile deleted file mode 100644 index a52bc32f57..0000000000 --- a/tests/Makefile +++ /dev/null @@ -1,384 +0,0 @@ -MBEDTLS_TEST_PATH = . -include ../scripts/common.make - -# Set this to -v to see the details of failing test cases -TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) - -# Also include private headers, for the sake of invasive tests. -LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library -I$(MBEDTLS_PATH)/tf-psa-crypto/core -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src - -# Enable definition of various functions used throughout the testsuite -# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless -# on non-POSIX platforms. -LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L - -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG -endif - -GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) - -GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ - $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) -endif - -GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED) -$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) -endif - -GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES) -GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) - -GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_ECP_DATA_FILES) - -GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) -endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES) - -GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES) -GENERATED_FILES += include/test/test_keys.h \ - ../tf-psa-crypto/tests/include/test/test_keys.h \ - include/test/test_certs.h - -# Generated files needed to (fully) run ssl-opt.sh -.PHONY: ssl-opt - -opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py -opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@ -GENERATED_FILES += opt-testcases/handshake-generated.sh -ssl-opt: opt-testcases/handshake-generated.sh - -opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@ -GENERATED_FILES += opt-testcases/tls13-compat.sh -ssl-opt: opt-testcases/tls13-compat.sh - -.PHONY: generated_files -generated_files: $(GENERATED_FILES) - -# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing -# inputs than generating outputs. Its inputs are the same no matter which files -# are being generated. -# It's rare not to want all the outputs. So always generate all of its outputs. -# Use an intermediate phony dependency so that parallel builds don't run -# a separate instance of the recipe for each output file. -$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data -generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_bignum_test_data: - echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_bignum_test_data - -# We deliberately omit the configuration files (mbedtls_config.h, -# crypto_config.h) from the depenency list because during development -# and on the CI, we often edit those in a way that doesn't change the -# output, to comment out certain options, or even to remove certain -# lines which do affect the output negatively (it will miss the -# corresponding test cases). -$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data -generated_config_test_data: ../framework/scripts/generate_config_tests.py -generated_config_test_data: ../scripts/config.py -generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_config_test_data: - echo " Gen $(GENERATED_CONFIG_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_config_tests.py - cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py -.SECONDARY: generated_config_test_data - -$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data -generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_ecp_test_data: - echo " Gen $(GENERATED_ECP_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_ecp_test_data - -$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data -generated_psa_test_data: ../framework/scripts/generate_psa_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -## The generated file only depends on the options that are present in -## crypto_config.h, not on which options are set. To avoid regenerating this -## file all the time when switching between configurations, don't declare -## crypto_config.h as a dependency. Remove this file from your working tree -## if you've just added or removed an option in crypto_config.h. -#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h -generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -generated_psa_test_data: - echo " Gen $(GENERATED_PSA_DATA_FILES) ..." - $(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_psa_test_data - -# A test application is built for each suites/test_suite_*.data file. -# Application name is same as .data file's base name and can be -# constructed by stripping path 'suites/' and extension .data. -DATA_FILES = $(filter-out $(GENERATED_DATA_FILES), $(wildcard suites/test_suite_*.data)) -CRYPTO_DATA_FILES = $(filter-out $(GENERATED_CRYPTO_DATA_FILES), $(wildcard ../tf-psa-crypto/tests/suites/test_suite_*.data)) - -# Make sure that generated data files are included even if they don't -# exist yet when the makefile is parsed. -DATA_FILES += $(GENERATED_DATA_FILES) -CRYPTO_DATA_FILES += $(GENERATED_CRYPTO_DATA_FILES) - -APPS = $(basename $(subst suites/,,$(DATA_FILES))) -CRYPTO_APPS = $(basename $(subst suites/,,$(CRYPTO_DATA_FILES))) - -# Construct executable name by adding OS specific suffix $(EXEXT). -BINARIES := $(addsuffix $(EXEXT),$(APPS)) -CRYPTO_BINARIES := $(addsuffix $(EXEXT),$(CRYPTO_APPS)) - -.SILENT: - -.PHONY: all check test clean - -all: $(BINARIES) $(CRYPTO_BINARIES) - -mbedtls_test: $(MBEDTLS_TEST_OBJS) - -include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ - $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ - -include/test/test_keys.h: ../framework/scripts/generate_test_keys.py - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ - -../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py - echo " Gen $@" - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ - -TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -# Explicitly depend on this header because on a clean copy of the source tree, -# it doesn't exist yet and must be generated as part of the build, and -# therefore the wildcard enumeration above doesn't include it. -TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h -endif -TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h \ - ../tf-psa-crypto/tests/include/test/test_keys.h - -# Rule to compile common test C files in framework -../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS) - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -../framework/tests/src/drivers/%.o : ../framework/tests/src/drivers/%.c - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -# Rule to compile common test C files in src folder -src/%.o : src/%.c $(TEST_OBJS_DEPS) - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -src/test_helpers/%.o : src/test_helpers/%.c - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< - -C_FILES := $(addsuffix .c,$(APPS)) $(addsuffix .c,$(CRYPTO_APPS)) -c: $(C_FILES) - -# Wildcard target for test code generation: -# A .c file is generated for each .data file in the suites/ directory. Each .c -# file depends on a .data and .function file from suites/ directory. Following -# nameing convention is followed: -# -# C file | Depends on -#----------------------------------------------------------------------------- -# foo.c | suites/foo.function suites/foo.data -# foo.bar.c | suites/foo.function suites/foo.bar.data -# -# Note above that .c and .data files have same base name. -# However, corresponding .function file's base name is the word before first -# dot in .c file's base name. -# -.SECONDEXPANSION: - -# First handle the tf-psa-crypto case, which has different paths from -# the local case. In GNU Make >=3.82, the shortest match applies regardless -# of the order in the makefile. In GNU Make <=3.81, the first matching rule -# applies. -../tf-psa-crypto/tests/%.c: ../tf-psa-crypto/tests/suites/$$(firstword $$(subst ., ,$$*)).function ../tf-psa-crypto/tests/suites/%.data ../framework/scripts/generate_test_code.py ../tf-psa-crypto/tests/suites/helpers.function ../tf-psa-crypto/tests/suites/main_test.function ../tf-psa-crypto/tests/suites/host_test.function - echo " Gen $@" - cd ../tf-psa-crypto/tests && $(PYTHON) ../../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ - -d suites/$*.data \ - -t suites/main_test.function \ - -p suites/host_test.function \ - -s suites \ - --helpers-file suites/helpers.function \ - -o . - -%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data ../framework/scripts/generate_test_code.py ../tf-psa-crypto/tests/suites/helpers.function ../tf-psa-crypto/tests/suites/main_test.function ../tf-psa-crypto/tests/suites/host_test.function - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ - -d suites/$*.data \ - -t ../tf-psa-crypto/tests/suites/main_test.function \ - -p ../tf-psa-crypto/tests/suites/host_test.function \ - -s suites \ - --helpers-file ../tf-psa-crypto/tests/suites/helpers.function \ - -o . - -$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) - echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -LOCAL_CRYPTO_CFLAGS = $(patsubst -I./include, -I../../tests/include, $(patsubst -I../%,-I../../%, $(LOCAL_CFLAGS))) -LOCAL_CRYPTO_LDFLAGS = $(patsubst -L../library, -L../../library, \ - $(patsubst -L../tests/%, -L../../tests/%, \ - $(patsubst ./src/%,../../tests/src/%, \ - $(patsubst ../framework/tests/src/%,../../framework/tests/src/%, \ - $(LOCAL_LDFLAGS))))) -$(CRYPTO_BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) - echo " CC $<" - cd ../tf-psa-crypto/tests && $(CC) $(LOCAL_CRYPTO_CFLAGS) $(CFLAGS) $(subst $(EXEXT),,$(@F)).c $(LOCAL_CRYPTO_LDFLAGS) $(LDFLAGS) -o $(@F) - -clean: -ifndef WINDOWS - $(MAKE) -C psa-client-server/psasim clean - rm -rf $(BINARIES) *.c *.datax - rm -rf $(CRYPTO_BINARIES) ../tf-psa-crypto/tests/*.c ../tf-psa-crypto/tests/*.datax - rm -f src/*.o src/test_helpers/*.o src/libmbed* - rm -f ../framework/tests/src/*.o ../framework/tests/src/drivers/*.o - rm -f ../framework/tests/include/test/instrument_record_status.h - rm -f ../framework/tests/include/alt-extra/*/*_alt.h - rm -rf libtestdriver1 - rm -rf libpsaclient libpsaserver - rm -f ../library/libtestdriver1.a -else - if exist *.c del /Q /F *.c - if exist *.exe del /Q /F *.exe - if exist *.datax del /Q /F *.datax - if exist ../tf-psa-crypto/tests/*.c del /Q /F ../tf-psa-crypto/tests/*.c - if exist ../tf-psa-crypto/tests/*.exe del /Q /F ../tf-psa-crypto/tests/*.exe - if exist ../tf-psa-crypto/tests/*.datax del /Q /F ../tf-psa-crypto/tests/*.datax - if exist src/*.o del /Q /F src/*.o - if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o - if exist src/libmbed* del /Q /F src/libmbed* - if exist ../framework/tests/src/*.o del /Q /F ../framework/tests/src/*.o - if exist ../framework/tests/src/drivers/*.o del /Q /F ../framework/tests/src/drivers/*.o - if exist ../framework/tests/include/test/instrument_record_status.h del /Q /F ../framework/tests/include/test/instrument_record_status.h -endif - -# Test suites caught by SKIP_TEST_SUITES are built but not executed. -check: $(BINARIES) $(CRYPTO_BINARIES) - perl scripts/run-test-suites.pl $(TEST_FLAGS) --skip=$(SKIP_TEST_SUITES) - -test: check - -# Generate variants of some headers for testing -../framework/tests/include/alt-extra/%_alt.h: ../include/%.h - perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ -../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h - perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ -../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h - perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ - -# Generate test library -libtestdriver1.a: - rm -Rf ./libtestdriver1 - mkdir ./libtestdriver1 - mkdir ./libtestdriver1/framework - mkdir ./libtestdriver1/tf-psa-crypto - mkdir ./libtestdriver1/tf-psa-crypto/drivers - mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest - mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m - touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc - touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc - cp -Rf ../framework/scripts ./libtestdriver1/framework - cp -Rf ../library ./libtestdriver1 - cp -Rf ../include ./libtestdriver1 - cp -Rf ../scripts ./libtestdriver1 - cp -Rf ../tf-psa-crypto/core ./libtestdriver1/tf-psa-crypto - cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto - cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers - cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto - - # Set the test driver base (minimal) configuration. - cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h - cp ../tf-psa-crypto/tests/configs/crypto_config_test_driver.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - - # Set the PSA cryptography configuration for the test library. - # The configuration is created by joining the base - # ../tf-psa-crypto/tests/configs/crypto_config_test_driver.h, - # with the the library's PSA_WANT_* macros extracted from - # ./tf-psa-crypto/include/psa/crypto_config.h - # and then extended with entries of - # ../tf-psa-crypto/tests/configs/crypto_config_test_driver_extension.h - # to mirror the PSA_ACCEL_* macros. - - mv ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak - head -n -1 ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak > ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - grep '^#define PSA_WANT_*' ../tf-psa-crypto/include/psa/crypto_config.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - cat ../tf-psa-crypto/tests/configs/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h - - # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as - # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash - # when this test driver library is linked with the Mbed TLS library. - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/library/*.[ch] - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*/*.h - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*/*.h - perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] - - $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a - cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a - -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -../framework/tests/include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile - echo " Gen $@" - sed <../tf-psa-crypto/include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' -endif diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh deleted file mode 100755 index e703c5723a..0000000000 --- a/tests/compat-in-docker.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -eu - -# compat-in-docker.sh -# -# Purpose -# ------- -# This runs compat.sh in a Docker container. -# -# WARNING: the Dockerfile used by this script is no longer maintained! See -# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start -# for the set of Docker images we use on the CI. -# -# Notes for users -# --------------- -# If OPENSSL, GNUTLS_CLI, or GNUTLS_SERV are specified the path must -# correspond to an executable inside the Docker container. The special -# values "next" (OpenSSL only) and "legacy" are also allowed as shorthand -# for the installations inside the container. -# -# See also: -# - scripts/docker_env.sh for general Docker prerequisites and other information. -# - compat.sh for notes about invocation of that script. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -source tests/scripts/docker_env.sh - -case "${OPENSSL:-default}" in - "legacy") export OPENSSL="/usr/local/openssl-1.0.1j/bin/openssl";; - "next") export OPENSSL="/usr/local/openssl-1.1.1a/bin/openssl";; - *) ;; -esac - -case "${GNUTLS_CLI:-default}" in - "legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";; - "next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";; - *) ;; -esac - -case "${GNUTLS_SERV:-default}" in - "legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";; - "next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";; - *) ;; -esac - -run_in_docker \ - -e M_CLI \ - -e M_SRV \ - -e GNUTLS_CLI \ - -e GNUTLS_SERV \ - -e OPENSSL \ - -e OSSL_NO_DTLS \ - tests/compat.sh \ - $@ diff --git a/tests/compat.sh b/tests/compat.sh deleted file mode 100755 index 2b6f454127..0000000000 --- a/tests/compat.sh +++ /dev/null @@ -1,1154 +0,0 @@ -#!/bin/sh - -# compat.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Test interoperbility with OpenSSL, GnuTLS as well as itself. -# -# Check each common ciphersuite, with each version, both ways (client/server), -# with and without client authentication. - -set -u - -# Limit the size of each log to 10 GiB, in case of failures with this script -# where it may output seemingly unlimited length error logs. -ulimit -f 20971520 - -ORIGINAL_PWD=$PWD -if ! cd "$(dirname "$0")"; then - exit 125 -fi - -# initialise counters -TESTS=0 -FAILED=0 -SKIPPED=0 -SRVMEM=0 - -# default commands, can be overridden by the environment -: ${M_SRV:=../programs/ssl/ssl_server2} -: ${M_CLI:=../programs/ssl/ssl_client2} -: ${OPENSSL:=openssl} -: ${GNUTLS_CLI:=gnutls-cli} -: ${GNUTLS_SERV:=gnutls-serv} - -# The OPENSSL variable used to be OPENSSL_CMD for historical reasons. -# To help the migration, error out if the old variable is set, -# but only if it has a different value than the new one. -if [ "${OPENSSL_CMD+set}" = set ]; then - # the variable is set, we can now check its value - if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then - echo "Please use OPENSSL instead of OPENSSL_CMD." >&2 - exit 125 - fi -fi - -# do we have a recent enough GnuTLS? -if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then - G_VER="$( $GNUTLS_CLI --version | head -n1 )" - if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version - PEER_GNUTLS=" GnuTLS" - else - eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' ) - if [ $MAJOR -lt 3 -o \ - \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \ - \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ] - then - PEER_GNUTLS="" - else - PEER_GNUTLS=" GnuTLS" - if [ $MINOR -lt 4 ]; then - GNUTLS_MINOR_LT_FOUR='x' - fi - fi - fi -else - PEER_GNUTLS="" -fi - -guess_config_name() { - if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then - echo "default" - else - echo "unknown" - fi -} -: ${MBEDTLS_TEST_OUTCOME_FILE=} -: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} -: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} - -# default values for options -# /!\ keep this synchronised with: -# - basic-build-test.sh -# - all.sh (multiple components) -MODES="tls12 dtls12" -VERIFIES="NO YES" -TYPES="ECDSA RSA PSK" -FILTER="" -# By default, exclude: -# - NULL: excluded from our default config + requires OpenSSL legacy -# - ARIA: requires OpenSSL >= 1.1.1 -# - ChachaPoly: requires OpenSSL >= 1.1.0 -EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305' -VERBOSE="" -MEMCHECK=0 -MIN_TESTS=1 -PRESERVE_LOGS=0 -PEERS="OpenSSL$PEER_GNUTLS mbedTLS" - -# hidden option: skip DTLS with OpenSSL -# (travis CI has a version that doesn't work for us) -: ${OSSL_NO_DTLS:=0} - -print_usage() { - echo "Usage: $0" - printf " -h|--help\tPrint this help.\n" - printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER" - printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE" - printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES" - printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES" - printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES" - printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS" - printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" - printf " -M|--memcheck\tCheck memory leaks and errors.\n" - printf " -v|--verbose\tSet verbose output.\n" - printf " --list-test-cases\tList all potential test cases (No Execution)\n" - printf " --min \tMinimum number of non-skipped tests (default 1)\n" - printf " --outcome-file\tFile where test outcomes are written\n" - printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" - printf " --preserve-logs\tPreserve logs of successful tests as well\n" -} - -# print_test_case -print_test_case() { - for i in $3; do - uniform_title $1 $2 $i - echo "compat;$TITLE" - done -} - -# list_test_cases lists all potential test cases in compat.sh without execution -list_test_cases() { - for TYPE in $TYPES; do - reset_ciphersuites - add_common_ciphersuites - add_openssl_ciphersuites - add_gnutls_ciphersuites - add_mbedtls_ciphersuites - - # PSK cipher suites do not allow client certificate verification. - SUB_VERIFIES=$VERIFIES - if [ "$TYPE" = "PSK" ]; then - SUB_VERIFIES="NO" - fi - - for VERIFY in $SUB_VERIFIES; do - VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') - for MODE in $MODES; do - print_test_case m O "$O_CIPHERS" - print_test_case O m "$O_CIPHERS" - print_test_case m G "$G_CIPHERS" - print_test_case G m "$G_CIPHERS" - print_test_case m m "$M_CIPHERS" - done - done - done -} - -get_options() { - while [ $# -gt 0 ]; do - case "$1" in - -f|--filter) - shift; FILTER=$1 - ;; - -e|--exclude) - shift; EXCLUDE=$1 - ;; - -m|--modes) - shift; MODES=$1 - ;; - -t|--types) - shift; TYPES=$1 - ;; - -V|--verify) - shift; VERIFIES=$1 - ;; - -p|--peers) - shift; PEERS=$1 - ;; - -v|--verbose) - VERBOSE=1 - ;; - -M|--memcheck) - MEMCHECK=1 - ;; - # Please check scripts/check_test_cases.py correspondingly - # if you have to modify option, --list-test-cases - --list-test-cases) - list_test_cases - exit $? - ;; - --min) - shift; MIN_TESTS=$1 - ;; - --outcome-file) - shift; MBEDTLS_TEST_OUTCOME_FILE=$1 - ;; - --preserve-logs) - PRESERVE_LOGS=1 - ;; - -h|--help) - print_usage - exit 0 - ;; - *) - echo "Unknown argument: '$1'" - print_usage - exit 1 - ;; - esac - shift - done - - # sanitize some options (modes checked later) - VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )" - TYPES="$( echo $TYPES | tr [a-z] [A-Z] )" -} - -log() { - if [ "X" != "X$VERBOSE" ]; then - echo "" - echo "$@" - fi -} - -# is_dtls -is_dtls() -{ - test "$1" = "dtls12" -} - -# minor_ver -minor_ver() -{ - case "$1" in - tls12|dtls12) - echo 3 - ;; - *) - echo "error: invalid mode: $MODE" >&2 - # exiting is no good here, typically called in a subshell - echo -1 - esac -} - -filter() -{ - LIST="$1" - NEW_LIST="" - - EXCLMODE="$EXCLUDE" - - for i in $LIST; - do - NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )" - done - - # normalize whitespace - echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//' -} - -filter_ciphersuites() -{ - if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; - then - # Ciphersuite for Mbed TLS - M_CIPHERS=$( filter "$M_CIPHERS" ) - - # Ciphersuite for OpenSSL - O_CIPHERS=$( filter "$O_CIPHERS" ) - - # Ciphersuite for GnuTLS - G_CIPHERS=$( filter "$G_CIPHERS" ) - fi -} - -reset_ciphersuites() -{ - M_CIPHERS="" - O_CIPHERS="" - G_CIPHERS="" -} - -# translate_ciphers {g|m|o} {STANDARD_CIPHER_SUITE_NAME...} -# Set $ciphers to the cipher suite name translations for the specified -# program (gnutls, mbedtls or openssl). $ciphers is a space-separated -# list of entries of the form "STANDARD_NAME=PROGRAM_NAME". -translate_ciphers() -{ - ciphers=$(../framework/scripts/translate_ciphers.py "$@") - if [ $? -ne 0 ]; then - echo "translate_ciphers.py failed with exit code $1" >&2 - echo "$2" >&2 - exit 1 - fi -} - -# Ciphersuites that can be used with all peers. -# Since we currently have three possible peers, each ciphersuite should appear -# three times: in each peer's list (with the name that this peer uses). -add_common_ciphersuites() -{ - CIPHERS="" - case $TYPE in - - "ECDSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDHE_ECDSA_WITH_NULL_SHA \ - " - ;; - - "RSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDHE_RSA_WITH_NULL_SHA \ - " - ;; - - "PSK") - CIPHERS="$CIPHERS \ - TLS_PSK_WITH_AES_128_CBC_SHA \ - TLS_PSK_WITH_AES_256_CBC_SHA \ - " - ;; - esac - - O_CIPHERS="$O_CIPHERS $CIPHERS" - G_CIPHERS="$G_CIPHERS $CIPHERS" - M_CIPHERS="$M_CIPHERS $CIPHERS" -} - -# Ciphersuites usable only with Mbed TLS and OpenSSL -# A list of ciphersuites in the standard naming convention is appended -# to the list of Mbed TLS ciphersuites $M_CIPHERS and -# to the list of OpenSSL ciphersuites $O_CIPHERS respectively. -# Based on client's naming convention, all ciphersuite names will be -# translated into another naming format before sent to the client. -# -# ChachaPoly suites are here rather than in "common", as they were added in -# GnuTLS in 3.5.0 and the CI only has 3.4.x so far. -add_openssl_ciphersuites() -{ - CIPHERS="" - case $TYPE in - - "ECDSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ - " - ;; - - "RSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ - " - ;; - - "PSK") - CIPHERS="$CIPHERS \ - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_PSK_WITH_ARIA_128_GCM_SHA256 \ - TLS_PSK_WITH_ARIA_256_GCM_SHA384 \ - TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 \ - " - ;; - esac - - O_CIPHERS="$O_CIPHERS $CIPHERS" - M_CIPHERS="$M_CIPHERS $CIPHERS" -} - -# Ciphersuites usable only with Mbed TLS and GnuTLS -# A list of ciphersuites in the standard naming convention is appended -# to the list of Mbed TLS ciphersuites $M_CIPHERS and -# to the list of GnuTLS ciphersuites $G_CIPHERS respectively. -# Based on client's naming convention, all ciphersuite names will be -# translated into another naming format before sent to the client. -add_gnutls_ciphersuites() -{ - CIPHERS="" - case $TYPE in - - "ECDSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_ECDSA_WITH_AES_128_CCM \ - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 \ - TLS_ECDHE_ECDSA_WITH_AES_256_CCM \ - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ - " - ;; - - "RSA") - CIPHERS="$CIPHERS \ - TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ - " - ;; - - "PSK") - CIPHERS="$CIPHERS \ - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA \ - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 \ - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA \ - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 \ - TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDHE_PSK_WITH_NULL_SHA256 \ - TLS_ECDHE_PSK_WITH_NULL_SHA384 \ - TLS_PSK_WITH_AES_128_CBC_SHA256 \ - TLS_PSK_WITH_AES_128_CCM \ - TLS_PSK_WITH_AES_128_CCM_8 \ - TLS_PSK_WITH_AES_128_GCM_SHA256 \ - TLS_PSK_WITH_AES_256_CBC_SHA384 \ - TLS_PSK_WITH_AES_256_CCM \ - TLS_PSK_WITH_AES_256_CCM_8 \ - TLS_PSK_WITH_AES_256_GCM_SHA384 \ - TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_PSK_WITH_NULL_SHA256 \ - TLS_PSK_WITH_NULL_SHA384 \ - " - ;; - esac - - G_CIPHERS="$G_CIPHERS $CIPHERS" - M_CIPHERS="$M_CIPHERS $CIPHERS" -} - -# Ciphersuites usable only with Mbed TLS (not currently supported by another -# peer usable in this script). This provides only very rudimentaty testing, as -# this is not interop testing, but it's better than nothing. -add_mbedtls_ciphersuites() -{ - case $TYPE in - - "ECDSA") - M_CIPHERS="$M_CIPHERS \ - TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \ - " - ;; - - "RSA") - M_CIPHERS="$M_CIPHERS \ - TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \ - " - ;; - - "PSK") - # *PSK_NULL_SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 - M_CIPHERS="$M_CIPHERS \ - TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 \ - TLS_ECDHE_PSK_WITH_NULL_SHA \ - TLS_PSK_WITH_ARIA_128_CBC_SHA256 \ - TLS_PSK_WITH_ARIA_256_CBC_SHA384 \ - TLS_PSK_WITH_NULL_SHA \ - " - ;; - esac -} - -# o_check_ciphersuite STANDARD_CIPHER_SUITE -o_check_ciphersuite() -{ - # skip DTLS when lack of support was declared - if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then - SKIP_NEXT_="YES" - fi - - # skip DTLS 1.2 is support was not detected - if [ "$O_SUPPORT_DTLS12" = "NO" -a "$MODE" = "dtls12" ]; then - SKIP_NEXT="YES" - fi - - # skip static ECDH when OpenSSL doesn't support it - if [ "${O_SUPPORT_STATIC_ECDH}" = "NO" ]; then - case "$1" in - *ECDH_*) SKIP_NEXT="YES" - esac - fi -} - -setup_arguments() -{ - DATA_FILES_PATH="../framework/data_files" - - O_MODE="" - G_MODE="" - case "$MODE" in - "tls12") - O_MODE="tls1_2" - G_PRIO_MODE="+VERS-TLS1.2" - ;; - "dtls12") - O_MODE="dtls1_2" - G_PRIO_MODE="+VERS-DTLS1.2" - G_MODE="-u" - ;; - *) - echo "error: invalid mode: $MODE" >&2 - exit 1; - esac - - # GnuTLS < 3.4 will choke if we try to allow CCM-8 - if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then - G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:" - else - G_PRIO_CCM="" - fi - - M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" - O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE" - G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+ECDHE-PSK:+SHA256:+SHA384:-VERS-TLS-ALL:$G_PRIO_MODE" - - # The default prime for `openssl s_server` depends on the version: - # * OpenSSL <= 1.0.2a: 512-bit - # * OpenSSL 1.0.2b to 1.1.1b: 1024-bit - # * OpenSSL >= 1.1.1c: 2048-bit - # Mbed TLS wants >=1024, so force that for older versions. Don't force - # it for newer versions, which reject a 1024-bit prime. Indifferently - # force it or not for intermediate versions. - case $($OPENSSL version) in - "OpenSSL 1.0"*) - O_SERVER_ARGS="$O_SERVER_ARGS -dhparam $DATA_FILES_PATH/dhparams.pem" - ;; - esac - - # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes - if is_dtls "$MODE"; then - O_SERVER_ARGS="$O_SERVER_ARGS" - else - O_SERVER_ARGS="$O_SERVER_ARGS -www" - fi - - M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" - O_CLIENT_ARGS="-connect localhost:$PORT -$O_MODE" - G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" - - # Newer versions of OpenSSL have a syntax to enable all "ciphers", even - # low-security ones. This covers not just cipher suites but also protocol - # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on - # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in - # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find - # a way to discover it from -help, so check the openssl version. - case $($OPENSSL version) in - "OpenSSL 0"*|"OpenSSL 1.0"*) :;; - *) - O_CLIENT_ARGS="$O_CLIENT_ARGS -cipher ALL@SECLEVEL=0" - O_SERVER_ARGS="$O_SERVER_ARGS -cipher ALL@SECLEVEL=0" - ;; - esac - - case $($OPENSSL ciphers ALL) in - *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_STATIC_ECDH="YES";; - *) O_SUPPORT_STATIC_ECDH="NO";; - esac - - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL - # supports -dtls1_2 from the s_server help. (The s_client - # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 - # but doesn't list it. But the s_server help seems to be - # accurate.) - O_SUPPORT_DTLS12="NO" - if $OPENSSL s_server -help 2>&1 | grep -q "^ *-dtls1_2 "; then - O_SUPPORT_DTLS12="YES" - fi - - if [ "X$VERIFY" = "XYES" ]; - then - M_SERVER_ARGS="$M_SERVER_ARGS ca_file=$DATA_FILES_PATH/test-ca_cat12.crt auth_mode=required" - O_SERVER_ARGS="$O_SERVER_ARGS -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -Verify 10" - G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --require-client-cert" - - M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=$DATA_FILES_PATH/test-ca_cat12.crt auth_mode=required" - O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -verify 10" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" - else - # don't request a client cert at all - M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none" - G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert" - - M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none" - O_CLIENT_ARGS="$O_CLIENT_ARGS" - G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure" - fi - - case $TYPE in - "ECDSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" - - if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $DATA_FILES_PATH/server6.crt -key $DATA_FILES_PATH/server6.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $DATA_FILES_PATH/server6.crt --x509keyfile $DATA_FILES_PATH/server6.key" - else - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" - fi - ;; - - "RSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key" - - if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$DATA_FILES_PATH/cert_sha256.crt key_file=$DATA_FILES_PATH/server1.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $DATA_FILES_PATH/cert_sha256.crt -key $DATA_FILES_PATH/server1.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $DATA_FILES_PATH/cert_sha256.crt --x509keyfile $DATA_FILES_PATH/server1.key" - else - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" - fi - ;; - - "PSK") - M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none" - O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" - G_SERVER_ARGS="$G_SERVER_ARGS --pskpasswd $DATA_FILES_PATH/passwd.psk" - - M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" - O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" - G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" - ;; - esac -} - -# is_mbedtls -is_mbedtls() { - case $1 in - *ssl_client2*) true;; - *ssl_server2*) true;; - *) false;; - esac -} - -# has_mem_err -has_mem_err() { - if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && - grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null - then - return 1 # false: does not have errors - else - return 0 # true: has errors - fi -} - -# Wait for process $2 to be listening on port $1 -if type lsof >/dev/null 2>/dev/null; then - wait_server_start() { - START_TIME=$(date +%s) - if is_dtls "$MODE"; then - proto=UDP - else - proto=TCP - fi - while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do - if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "SERVERSTART TIMEOUT" - echo "SERVERSTART TIMEOUT" >> $SRV_OUT - break - fi - # Linux and *BSD support decimal arguments to sleep. On other - # OSes this may be a tight loop. - sleep 0.1 2>/dev/null || true - done - } -else - echo "Warning: lsof not available, wait_server_start = sleep" - wait_server_start() { - sleep 2 - } -fi - - -# start_server -# also saves name and command -start_server() { - case $1 in - [Oo]pen*) - SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS" - ;; - [Gg]nu*) - SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO" - ;; - mbed*) - SERVER_CMD="$M_SRV $M_SERVER_ARGS" - if [ "$MEMCHECK" -gt 0 ]; then - SERVER_CMD="valgrind --leak-check=full $SERVER_CMD" - fi - ;; - *) - echo "error: invalid server name: $1" >&2 - exit 1 - ;; - esac - SERVER_NAME=$1 - - log "$SERVER_CMD" - echo "$SERVER_CMD" > $SRV_OUT - # for servers without -www or equivalent - while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 & - SRV_PID=$! - - wait_server_start "$PORT" "$SRV_PID" -} - -# terminate the running server -stop_server() { - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to SRV_OUT - kill $SRV_PID >/dev/null 2>&1 - wait $SRV_PID >> $SRV_OUT 2>&1 - - if [ "$MEMCHECK" -gt 0 ]; then - if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then - echo " ! Server had memory errors" - SRVMEM=$(( $SRVMEM + 1 )) - return - fi - fi - - rm -f $SRV_OUT -} - -# kill the running server (used when killed by signal) -cleanup() { - rm -f $SRV_OUT $CLI_OUT - kill $SRV_PID >/dev/null 2>&1 - kill $WATCHDOG_PID >/dev/null 2>&1 - exit 1 -} - -# wait for client to terminate and set EXIT -# must be called right after starting the client -wait_client_done() { - CLI_PID=$! - - ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) & - WATCHDOG_PID=$! - - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to CLI_OUT - wait $CLI_PID >> $CLI_OUT 2>&1 - EXIT=$? - - kill $WATCHDOG_PID >/dev/null 2>&1 - wait $WATCHDOG_PID >> $CLI_OUT 2>&1 - - echo "EXIT: $EXIT" >> $CLI_OUT -} - -# uniform_title -# $TITLE is considered as test case description for both --list-test-cases and -# MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of -# each test case description. -uniform_title() { - TITLE="$1->$2 $MODE,$VERIF $3" -} - -# record_outcome [] -record_outcome() { - echo "$1" - if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then - # The test outcome file has the format (in single line): - # platform;configuration; - # test suite name;test case description; - # PASS/FAIL/SKIP;[failure cause] - printf '%s;%s;%s;%s;%s;%s\n' \ - "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ - "compat" "$TITLE" \ - "$1" "${2-}" \ - >> "$MBEDTLS_TEST_OUTCOME_FILE" - fi -} - -save_logs() { - cp $SRV_OUT c-srv-${TESTS}.log - cp $CLI_OUT c-cli-${TESTS}.log -} - -# display additional information if test case fails -report_fail() { - FAIL_PROMPT="outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" - record_outcome "FAIL" "$FAIL_PROMPT" - save_logs - echo " ! $FAIL_PROMPT" - - if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then - echo " ! server output:" - cat c-srv-${TESTS}.log - echo " ! ===================================================" - echo " ! client output:" - cat c-cli-${TESTS}.log - fi -} - -# run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE -run_client() { - # announce what we're going to do - TESTS=$(( $TESTS + 1 )) - uniform_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2 - DOTS72="........................................................................" - printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72" - - # should we skip? - if [ "X$SKIP_NEXT" = "XYES" ]; then - SKIP_NEXT="NO" - record_outcome "SKIP" - SKIPPED=$(( $SKIPPED + 1 )) - return - fi - - # run the command and interpret result - case $1 in - [Oo]pen*) - CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $3" - log "$CLIENT_CMD" - echo "$CLIENT_CMD" > $CLI_OUT - printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & - wait_client_done - - if [ $EXIT -eq 0 ]; then - RESULT=0 - else - # If it is NULL cipher ... - if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then - RESULT=1 - else - RESULT=2 - fi - fi - ;; - - [Gg]nu*) - CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$3 localhost" - log "$CLIENT_CMD" - echo "$CLIENT_CMD" > $CLI_OUT - printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & - wait_client_done - - if [ $EXIT -eq 0 ]; then - RESULT=0 - else - RESULT=2 - # interpret early failure, with a handshake_failure alert - # before the server hello, as "no ciphersuite in common" - if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then - if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then : - else - RESULT=1 - fi - fi >/dev/null - fi - ;; - - mbed*) - CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$3" - if [ "$MEMCHECK" -gt 0 ]; then - CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" - fi - log "$CLIENT_CMD" - echo "$CLIENT_CMD" > $CLI_OUT - $CLIENT_CMD >> $CLI_OUT 2>&1 & - wait_client_done - - case $EXIT in - # Success - "0") RESULT=0 ;; - - # Ciphersuite not supported - "2") RESULT=1 ;; - - # Error - *) RESULT=2 ;; - esac - - if [ "$MEMCHECK" -gt 0 ]; then - if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then - RESULT=2 - fi - fi - - ;; - - *) - echo "error: invalid client name: $1" >&2 - exit 1 - ;; - esac - - echo "EXIT: $EXIT" >> $CLI_OUT - - # report and count result - case $RESULT in - "0") - record_outcome "PASS" - if [ "$PRESERVE_LOGS" -gt 0 ]; then - save_logs - fi - ;; - "1") - record_outcome "SKIP" - SKIPPED=$(( $SKIPPED + 1 )) - ;; - "2") - report_fail - FAILED=$(( $FAILED + 1 )) - ;; - esac - - rm -f $CLI_OUT -} - -# -# MAIN -# - -get_options "$@" - -# Make the outcome file path relative to the original directory, not -# to .../tests -case "$MBEDTLS_TEST_OUTCOME_FILE" in - [!/]*) - MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" - ;; -esac - -# sanity checks, avoid an avalanche of errors -if [ ! -x "$M_SRV" ]; then - echo "Command '$M_SRV' is not an executable file" >&2 - exit 1 -fi -if [ ! -x "$M_CLI" ]; then - echo "Command '$M_CLI' is not an executable file" >&2 - exit 1 -fi - -if echo "$PEERS" | grep -i openssl > /dev/null; then - if which "$OPENSSL" >/dev/null 2>&1; then :; else - echo "Command '$OPENSSL' not found" >&2 - exit 1 - fi -fi - -if echo "$PEERS" | grep -i gnutls > /dev/null; then - for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do - if which "$CMD" >/dev/null 2>&1; then :; else - echo "Command '$CMD' not found" >&2 - exit 1 - fi - done -fi - -for PEER in $PEERS; do - case "$PEER" in - mbed*|[Oo]pen*|[Gg]nu*) - ;; - *) - echo "Unknown peers: $PEER" >&2 - exit 1 - esac -done - -# Pick a "unique" port in the range 10000-19999. -PORT="0000$$" -PORT="1$(echo $PORT | tail -c 5)" - -# Also pick a unique name for intermediate files -SRV_OUT="srv_out.$$" -CLI_OUT="cli_out.$$" - -# client timeout delay: be more patient with valgrind -if [ "$MEMCHECK" -gt 0 ]; then - DOG_DELAY=30 -else - DOG_DELAY=10 -fi - -SKIP_NEXT="NO" - -trap cleanup INT TERM HUP - -for MODE in $MODES; do - for TYPE in $TYPES; do - - # PSK cipher suites do not allow client certificate verification. - # This means PSK test cases with VERIFY=YES should be replaced by - # VERIFY=NO or be ignored. SUB_VERIFIES variable is used to constrain - # verification option for PSK test cases. - SUB_VERIFIES=$VERIFIES - if [ "$TYPE" = "PSK" ]; then - SUB_VERIFIES="NO" - fi - - for VERIFY in $SUB_VERIFIES; do - VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') - for PEER in $PEERS; do - - setup_arguments - - case "$PEER" in - - [Oo]pen*) - - reset_ciphersuites - add_common_ciphersuites - add_openssl_ciphersuites - filter_ciphersuites - - if [ "X" != "X$M_CIPHERS" ]; then - start_server "OpenSSL" - translate_ciphers m $M_CIPHERS - for i in $ciphers; do - o_check_ciphersuite "${i%%=*}" - run_client mbedTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - if [ "X" != "X$O_CIPHERS" ]; then - start_server "mbedTLS" - translate_ciphers o $O_CIPHERS - for i in $ciphers; do - o_check_ciphersuite "${i%%=*}" - run_client OpenSSL ${i%%=*} ${i#*=} - done - stop_server - fi - - ;; - - [Gg]nu*) - - reset_ciphersuites - add_common_ciphersuites - add_gnutls_ciphersuites - filter_ciphersuites - - if [ "X" != "X$M_CIPHERS" ]; then - start_server "GnuTLS" - translate_ciphers m $M_CIPHERS - for i in $ciphers; do - run_client mbedTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - if [ "X" != "X$G_CIPHERS" ]; then - start_server "mbedTLS" - translate_ciphers g $G_CIPHERS - for i in $ciphers; do - run_client GnuTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - ;; - - mbed*) - - reset_ciphersuites - add_common_ciphersuites - add_openssl_ciphersuites - add_gnutls_ciphersuites - add_mbedtls_ciphersuites - filter_ciphersuites - - if [ "X" != "X$M_CIPHERS" ]; then - start_server "mbedTLS" - translate_ciphers m $M_CIPHERS - for i in $ciphers; do - run_client mbedTLS ${i%%=*} ${i#*=} - done - stop_server - fi - - ;; - - *) - echo "Unknown peer: $PEER" >&2 - exit 1 - ;; - - esac - - done - done - done -done - -echo "------------------------------------------------------------------------" - -if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ]; then - printf "FAILED" -else - printf "PASSED" -fi - -if [ "$MEMCHECK" -gt 0 ]; then - MEMREPORT=", $SRVMEM server memory errors" -else - MEMREPORT="" -fi - -PASSED=$(( $TESTS - $FAILED )) -echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))" - -if [ $((TESTS - SKIPPED)) -lt $MIN_TESTS ]; then - cat < - -#ifndef MBEDTLS_PLATFORM_STD_CALLOC -static inline void *custom_calloc(size_t nmemb, size_t size) -{ - if (nmemb == 0 || size == 0) { - return NULL; - } - return calloc(nmemb, size); -} - -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc -#endif diff --git a/tests/context-info.sh b/tests/context-info.sh deleted file mode 100755 index 4ad5e0c4f7..0000000000 --- a/tests/context-info.sh +++ /dev/null @@ -1,418 +0,0 @@ -#!/bin/sh - -# context-info.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# This program is intended for testing the ssl_context_info program -# - -set -eu - -if ! cd "$(dirname "$0")"; then - exit 125 -fi - -# Variables - -THIS_SCRIPT_NAME=$(basename "$0") -PROG_PATH="../programs/ssl/ssl_context_info" -OUT_FILE="ssl_context_info.log" -IN_DIR="../framework/data_files/base64" - -USE_VALGRIND=0 - -T_COUNT=0 -T_PASSED=0 -T_FAILED=0 - - -# Functions - -print_usage() { - echo "Usage: $0 [options]" - printf " -h|--help\tPrint this help.\n" - printf " -m|--memcheck\tUse valgrind to check the memory.\n" -} - -# Print test name -print_name() { - printf "%s %.*s " "$1" $(( 71 - ${#1} )) \ - "........................................................................" -} - -# Print header to the test output file -print_header() -{ - date="$(date)" - echo "******************************************************************" > $2 - echo "* File created by: $THIS_SCRIPT_NAME" >> $2 - echo "* Test name: $1" >> $2 - echo "* Date: $date" >> $2 - echo "* Command: $3" >> $2 - echo "******************************************************************" >> $2 - echo "" >> $2 -} - -# Print footer at the end of file -print_footer() -{ - echo "" >> $1 - echo "******************************************************************" >> $1 - echo "* End command" >> $1 - echo "******************************************************************" >> $1 - echo "" >> $1 -} - -# Use the arguments of this script -get_options() { - while [ $# -gt 0 ]; do - case "$1" in - -h|--help) - print_usage - exit 0 - ;; - -m|--memcheck) - USE_VALGRIND=1 - ;; - *) - echo "Unknown argument: '$1'" - print_usage - exit 1 - ;; - esac - shift - done -} - -# Current test failed -fail() -{ - T_FAILED=$(( $T_FAILED + 1)) - FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE" - - echo "FAIL" - echo " Error: $1" - - cp -f "$OUT_FILE" "$FAIL_OUT" - echo "Error: $1" >> "$FAIL_OUT" -} - -# Current test passed -pass() -{ - T_PASSED=$(( $T_PASSED + 1)) - echo "PASS" -} - -# Usage: run_test [ -arg ] [option [...]] -# Options: -m -# -n -# -u -run_test() -{ - TEST_NAME="$1" - RUN_CMD="$PROG_PATH -f $IN_DIR/$2" - - if [ "-arg" = "$3" ]; then - RUN_CMD="$RUN_CMD $4" - shift 4 - else - shift 2 - fi - - # prepend valgrind to our commands if active - if [ "$USE_VALGRIND" -gt 0 ]; then - RUN_CMD="valgrind --leak-check=full $RUN_CMD" - fi - - T_COUNT=$(( $T_COUNT + 1)) - print_name "$TEST_NAME" - - # run tested program - print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD" - eval "$RUN_CMD" >> "$OUT_FILE" 2>&1 - print_footer "$OUT_FILE" - - # check valgrind's results - if [ "$USE_VALGRIND" -gt 0 ]; then - if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" && - grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null - then - fail "Memory error detected" - return - fi - fi - - # check other assertions - # lines beginning with == are added by valgrind, ignore them, because we already checked them before - # lines with 'Serious error when reading debug info', are valgrind issues as well - # lines beginning with * are added by this script, ignore too - while [ $# -gt 0 ] - do - case $1 in - "-m") - if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the output" - return - fi - ;; - - "-n") - if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then - fail "pattern '$2' MUST NOT be present in the output" - return - fi - ;; - - "-u") - if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then - fail "lines following pattern '$2' must be once in the output" - return - fi - ;; - - *) - echo "Unknown test: $1" >&2 - exit 1 - esac - shift 2 - done - - rm -f "$OUT_FILE" - - pass -} - -get_options "$@" - -# Tests - -run_test "Default configuration, server" \ - "srv_def.txt" \ - -n "ERROR" \ - -u "major.* 2$" \ - -u "minor.* 21$" \ - -u "path.* 0$" \ - -u "MBEDTLS_HAVE_TIME$" \ - -u "MBEDTLS_X509_CRT_PARSE_C$" \ - -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -u "MBEDTLS_SSL_ALPN$" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* 9$" \ - -u "compression.* disabled$" \ - -u "DTLS datagram packing.* enabled$" \ - -n "Certificate" \ - -n "bytes left to analyze from context" - -run_test "Default configuration, client" \ - "cli_def.txt" \ - -n "ERROR" \ - -u "major.* 2$" \ - -u "minor.* 21$" \ - -u "path.* 0$" \ - -u "MBEDTLS_HAVE_TIME$" \ - -u "MBEDTLS_X509_CRT_PARSE_C$" \ - -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS$" \ - -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -u "MBEDTLS_SSL_ALPN$" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* 9$" \ - -u "compression.* disabled$" \ - -u "DTLS datagram packing.* enabled$" \ - -u "cert. version .* 3$" \ - -u "serial number.* 02$" \ - -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \ - -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \ - -u "issued on.* 2019-02-10 14:44:06$" \ - -u "expires on.* 2029-02-10 14:44:06$" \ - -u "signed using.* RSA with SHA-256$" \ - -u "RSA key size.* 2048 bits$" \ - -u "basic constraints.* CA=false$" \ - -n "bytes left to analyze from context" - -run_test "No packing, server" \ - "srv_no_packing.txt" \ - -n "ERROR" \ - -u "DTLS datagram packing.* disabled" - -run_test "No packing, client" \ - "cli_no_packing.txt" \ - -n "ERROR" \ - -u "DTLS datagram packing.* disabled" - -run_test "DTLS CID, server" \ - "srv_cid.txt" \ - -n "ERROR" \ - -u "in CID.* DE AD" \ - -u "out CID.* BE EF" - -run_test "DTLS CID, client" \ - "cli_cid.txt" \ - -n "ERROR" \ - -u "in CID.* BE EF" \ - -u "out CID.* DE AD" - -run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \ - "srv_no_mfl.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - -run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \ - "cli_no_mfl.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - -run_test "No MBEDTLS_SSL_ALPN, server" \ - "srv_no_alpn.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_ALPN" - -run_test "No MBEDTLS_SSL_ALPN, client" \ - "cli_no_alpn.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_ALPN" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \ - "srv_no_keep_cert.txt" \ - -arg "--keep-peer-cert=0" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00" \ - -u "compression.* disabled" \ - -u "DTLS datagram packing.* enabled" \ - -n "ERROR" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \ - "cli_no_keep_cert.txt" \ - -arg "--keep-peer-cert=0" \ - -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ - -u "cipher flags.* 0x00" \ - -u "compression.* disabled" \ - -u "DTLS datagram packing.* enabled" \ - -n "ERROR" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \ - "srv_no_keep_cert.txt" \ - -m "Deserializing" \ - -m "ERROR" - -run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \ - "cli_no_keep_cert.txt" \ - -m "Deserializing" \ - -m "ERROR" - -run_test "Minimal configuration, server" \ - "srv_min_cfg.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -n "MBEDTLS_SSL_ALPN$" \ - -run_test "Minimal configuration, client" \ - "cli_min_cfg.txt" \ - -n "ERROR" \ - -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \ - -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS$" \ - -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \ - -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \ - -n "MBEDTLS_SSL_ALPN$" \ - -run_test "MTU=10000" \ - "mtu_10000.txt" \ - -n "ERROR" \ - -u "MTU.* 10000$" - -run_test "MFL=1024" \ - "mfl_1024.txt" \ - -n "ERROR" \ - -u "MFL.* 1024$" - -run_test "Older version (v2.19.1)" \ - "v2.19.1.txt" \ - -n "ERROR" \ - -u "major.* 2$" \ - -u "minor.* 19$" \ - -u "path.* 1$" \ - -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ - -u "Message-Digest.* 9$" \ - -u "compression.* disabled$" \ - -u "serial number.* 01:70:AF:40:B4:E6$" \ - -u "issuer name.* CN=ca$" \ - -u "subject name.* L=160001, OU=acc1, CN=device01$" \ - -u "issued on.* 2020-03-06 09:50:18$" \ - -u "expires on.* 2056-02-26 09:50:18$" \ - -u "signed using.* ECDSA with SHA256$" \ - -u "lifetime.* 0 sec.$" \ - -u "MFL.* none$" \ - -u "negotiate truncated HMAC.* disabled$" \ - -u "Encrypt-then-MAC.* enabled$" \ - -u "DTLS datagram packing.* enabled$" \ - -u "verify result.* 0x00000000$" \ - -n "bytes left to analyze from context" - -run_test "Wrong base64 format" \ - "def_bad_b64.txt" \ - -m "ERROR" \ - -u "The length of the base64 code found should be a multiple of 4" \ - -n "bytes left to analyze from context" - -run_test "Too much data at the beginning of base64 code" \ - "def_b64_too_big_1.txt" \ - -m "ERROR" \ - -n "The length of the base64 code found should be a multiple of 4" \ - -run_test "Too much data in the middle of base64 code" \ - "def_b64_too_big_2.txt" \ - -m "ERROR" \ - -n "The length of the base64 code found should be a multiple of 4" \ - -run_test "Too much data at the end of base64 code" \ - "def_b64_too_big_3.txt" \ - -m "ERROR" \ - -n "The length of the base64 code found should be a multiple of 4" \ - -u "bytes left to analyze from context" - -run_test "Empty file as input" \ - "empty.txt" \ - -u "Finished. No valid base64 code found" - -run_test "Not empty file without base64 code" \ - "../../../tests/context-info.sh" \ - -n "Deserializing" - -run_test "Binary file instead of text file" \ - "../../../programs/ssl/ssl_context_info" \ - -m "ERROR" \ - -u "Too many bad symbols detected. File check aborted" \ - -n "Deserializing" - -run_test "Decoder continues past 0xff character" \ - "def_b64_ff.bin" \ - -n "No valid base64" \ - -u "ciphersuite.* TLS-" - - -# End of tests - -echo -if [ $T_FAILED -eq 0 ]; then - echo "PASSED ( $T_COUNT tests )" -else - echo "FAILED ( $T_FAILED / $T_COUNT tests )" -fi - -exit $T_FAILED diff --git a/tests/git-scripts/README.md b/tests/git-scripts/README.md deleted file mode 100644 index 23db168c37..0000000000 --- a/tests/git-scripts/README.md +++ /dev/null @@ -1,16 +0,0 @@ -README for git hooks script -=========================== -git has a way to run scripts, which are invoked by specific git commands. -The git hooks are located in `/.git/hooks`, and as such are not under version control -for more information, see the [git documentation](https://git-scm.com/docs/githooks). - -The Mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tests/git-scripts`, in order to make the hook scripts successfully work. - -Example: - -Execute the following command to create a link on Linux from the Mbed TLS `.git/hooks` directory: -`ln -s ../../tests/git-scripts/pre-push.sh pre-push` - -**Note: Currently the Mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** - -These scripts can also be used independently. diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh deleted file mode 100755 index 9192678a5c..0000000000 --- a/tests/git-scripts/pre-push.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# pre-push.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Called by "git push" after it has checked the remote status, but before anything has been -# pushed. If this script exits with a non-zero status nothing will be pushed. -# This script can also be used independently, not using git. -# -# This hook is called with the following parameters: -# -# $1 -- Name of the remote to which the push is being done -# $2 -- URL to which the push is being done -# -# If pushing without using a named remote those arguments will be equal. -# -# Information about the commits which are being pushed is supplied as lines to -# the standard input in the form: -# -# -# - -REMOTE="$1" -URL="$2" - -echo "REMOTE is $REMOTE" -echo "URL is $URL" - -set -eu - -tests/scripts/all.sh -q -k 'check_*' diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h deleted file mode 100644 index 67573926e1..0000000000 --- a/tests/include/alt-dummy/platform_alt.h +++ /dev/null @@ -1,16 +0,0 @@ -/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PLATFORM_ALT_H -#define PLATFORM_ALT_H - -typedef struct mbedtls_platform_context { - int dummy; -} -mbedtls_platform_context; - - -#endif /* platform_alt.h */ diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h deleted file mode 100644 index 07d5da4275..0000000000 --- a/tests/include/alt-dummy/threading_alt.h +++ /dev/null @@ -1,14 +0,0 @@ -/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef THREADING_ALT_H -#define THREADING_ALT_H - -typedef struct mbedtls_threading_mutex_t { - int dummy; -} mbedtls_threading_mutex_t; - -#endif /* threading_alt.h */ diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h deleted file mode 100644 index 69bee60f67..0000000000 --- a/tests/include/alt-dummy/timing_alt.h +++ /dev/null @@ -1,19 +0,0 @@ -/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef TIMING_ALT_H -#define TIMING_ALT_H - -struct mbedtls_timing_hr_time { - int dummy; -}; - -typedef struct mbedtls_timing_delay_context { - int dummy; -} mbedtls_timing_delay_context; - - -#endif /* timing_alt.h */ diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h deleted file mode 100644 index 31f4477c2b..0000000000 --- a/tests/include/test/certs.h +++ /dev/null @@ -1,234 +0,0 @@ -/** - * \file certs.h - * - * \brief Sample certificates for testing - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_CERTS_H -#define MBEDTLS_CERTS_H - -#include "mbedtls/build_info.h" - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* List of all PEM-encoded CA certificates, terminated by NULL; - * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded - * otherwise. */ -extern const char *mbedtls_test_cas[]; -extern const size_t mbedtls_test_cas_len[]; - -/* List of all DER-encoded CA certificates, terminated by NULL */ -extern const unsigned char *mbedtls_test_cas_der[]; -extern const size_t mbedtls_test_cas_der_len[]; - -#if defined(MBEDTLS_PEM_PARSE_C) -/* Concatenation of all CA certificates in PEM format if available */ -extern const char mbedtls_test_cas_pem[]; -extern const size_t mbedtls_test_cas_pem_len; -#endif /* MBEDTLS_PEM_PARSE_C */ - -/* - * CA test certificates - */ - -extern const char mbedtls_test_ca_crt_ec_pem[]; -extern const char mbedtls_test_ca_key_ec_pem[]; -extern const char mbedtls_test_ca_pwd_ec_pem[]; -extern const char mbedtls_test_ca_key_rsa_pem[]; -extern const char mbedtls_test_ca_pwd_rsa_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_ca_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_ca_crt_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_ec_der[]; -extern const unsigned char mbedtls_test_ca_key_rsa_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_ca_crt_ec_pem_len; -extern const size_t mbedtls_test_ca_key_ec_pem_len; -extern const size_t mbedtls_test_ca_pwd_ec_pem_len; -extern const size_t mbedtls_test_ca_key_rsa_pem_len; -extern const size_t mbedtls_test_ca_pwd_rsa_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_ca_crt_ec_der_len; -extern const size_t mbedtls_test_ca_key_ec_der_len; -extern const size_t mbedtls_test_ca_pwd_ec_der_len; -extern const size_t mbedtls_test_ca_key_rsa_der_len; -extern const size_t mbedtls_test_ca_pwd_rsa_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_ca_crt_ec[]; -extern const char mbedtls_test_ca_key_ec[]; -extern const char mbedtls_test_ca_pwd_ec[]; -extern const char mbedtls_test_ca_key_rsa[]; -extern const char mbedtls_test_ca_pwd_rsa[]; -extern const char mbedtls_test_ca_crt_rsa_sha1[]; -extern const char mbedtls_test_ca_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_ca_crt_ec_len; -extern const size_t mbedtls_test_ca_key_ec_len; -extern const size_t mbedtls_test_ca_pwd_ec_len; -extern const size_t mbedtls_test_ca_key_rsa_len; -extern const size_t mbedtls_test_ca_pwd_rsa_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha1_len; -extern const size_t mbedtls_test_ca_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_ca_crt_rsa[]; -extern const size_t mbedtls_test_ca_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_ca_crt; -extern const char *mbedtls_test_ca_key; -extern const char *mbedtls_test_ca_pwd; -extern const size_t mbedtls_test_ca_crt_len; -extern const size_t mbedtls_test_ca_key_len; -extern const size_t mbedtls_test_ca_pwd_len; - -/* - * Server test certificates - */ - -extern const char mbedtls_test_srv_crt_ec_pem[]; -extern const char mbedtls_test_srv_key_ec_pem[]; -extern const char mbedtls_test_srv_pwd_ec_pem[]; -extern const char mbedtls_test_srv_key_rsa_pem[]; -extern const char mbedtls_test_srv_pwd_rsa_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha1_pem[]; -extern const char mbedtls_test_srv_crt_rsa_sha256_pem[]; - -extern const unsigned char mbedtls_test_srv_crt_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_ec_der[]; -extern const unsigned char mbedtls_test_srv_key_rsa_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[]; -extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[]; - -extern const size_t mbedtls_test_srv_crt_ec_pem_len; -extern const size_t mbedtls_test_srv_key_ec_pem_len; -extern const size_t mbedtls_test_srv_pwd_ec_pem_len; -extern const size_t mbedtls_test_srv_key_rsa_pem_len; -extern const size_t mbedtls_test_srv_pwd_rsa_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len; - -extern const size_t mbedtls_test_srv_crt_ec_der_len; -extern const size_t mbedtls_test_srv_key_ec_der_len; -extern const size_t mbedtls_test_srv_pwd_ec_der_len; -extern const size_t mbedtls_test_srv_key_rsa_der_len; -extern const size_t mbedtls_test_srv_pwd_rsa_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_srv_crt_ec[]; -extern const char mbedtls_test_srv_key_ec[]; -extern const char mbedtls_test_srv_pwd_ec[]; -extern const char mbedtls_test_srv_key_rsa[]; -extern const char mbedtls_test_srv_pwd_rsa[]; -extern const char mbedtls_test_srv_crt_rsa_sha1[]; -extern const char mbedtls_test_srv_crt_rsa_sha256[]; - -extern const size_t mbedtls_test_srv_crt_ec_len; -extern const size_t mbedtls_test_srv_key_ec_len; -extern const size_t mbedtls_test_srv_pwd_ec_len; -extern const size_t mbedtls_test_srv_key_rsa_len; -extern const size_t mbedtls_test_srv_pwd_rsa_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha1_len; -extern const size_t mbedtls_test_srv_crt_rsa_sha256_len; - -/* Config-dependent dispatch between SHA-1 and SHA-256 - * (SHA-256 if enabled, otherwise SHA-1) */ - -extern const char mbedtls_test_srv_crt_rsa[]; -extern const size_t mbedtls_test_srv_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_srv_crt; -extern const char *mbedtls_test_srv_key; -extern const char *mbedtls_test_srv_pwd; -extern const size_t mbedtls_test_srv_crt_len; -extern const size_t mbedtls_test_srv_key_len; -extern const size_t mbedtls_test_srv_pwd_len; - -/* - * Client test certificates - */ - -extern const char mbedtls_test_cli_crt_ec_pem[]; -extern const char mbedtls_test_cli_key_ec_pem[]; -extern const char mbedtls_test_cli_pwd_ec_pem[]; -extern const char mbedtls_test_cli_key_rsa_pem[]; -extern const char mbedtls_test_cli_pwd_rsa_pem[]; -extern const char mbedtls_test_cli_crt_rsa_pem[]; - -extern const unsigned char mbedtls_test_cli_crt_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_ec_der[]; -extern const unsigned char mbedtls_test_cli_key_rsa_der[]; -extern const unsigned char mbedtls_test_cli_crt_rsa_der[]; - -extern const size_t mbedtls_test_cli_crt_ec_pem_len; -extern const size_t mbedtls_test_cli_key_ec_pem_len; -extern const size_t mbedtls_test_cli_pwd_ec_pem_len; -extern const size_t mbedtls_test_cli_key_rsa_pem_len; -extern const size_t mbedtls_test_cli_pwd_rsa_pem_len; -extern const size_t mbedtls_test_cli_crt_rsa_pem_len; - -extern const size_t mbedtls_test_cli_crt_ec_der_len; -extern const size_t mbedtls_test_cli_key_ec_der_len; -extern const size_t mbedtls_test_cli_key_rsa_der_len; -extern const size_t mbedtls_test_cli_crt_rsa_der_len; - -/* Config-dependent dispatch between PEM and DER encoding - * (PEM if enabled, otherwise DER) */ - -extern const char mbedtls_test_cli_crt_ec[]; -extern const char mbedtls_test_cli_key_ec[]; -extern const char mbedtls_test_cli_pwd_ec[]; -extern const char mbedtls_test_cli_key_rsa[]; -extern const char mbedtls_test_cli_pwd_rsa[]; -extern const char mbedtls_test_cli_crt_rsa[]; - -extern const size_t mbedtls_test_cli_crt_ec_len; -extern const size_t mbedtls_test_cli_key_ec_len; -extern const size_t mbedtls_test_cli_pwd_ec_len; -extern const size_t mbedtls_test_cli_key_rsa_len; -extern const size_t mbedtls_test_cli_pwd_rsa_len; -extern const size_t mbedtls_test_cli_crt_rsa_len; - -/* Config-dependent dispatch between EC and RSA - * (RSA if enabled, otherwise EC) */ - -extern const char *mbedtls_test_cli_crt; -extern const char *mbedtls_test_cli_key; -extern const char *mbedtls_test_cli_pwd; -extern const size_t mbedtls_test_cli_crt_len; -extern const size_t mbedtls_test_cli_key_len; -extern const size_t mbedtls_test_cli_pwd_len; - -#ifdef __cplusplus -} -#endif - -#endif /* certs.h */ diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h deleted file mode 100644 index d019c5065e..0000000000 --- a/tests/include/test/ssl_helpers.h +++ /dev/null @@ -1,779 +0,0 @@ -/** \file ssl_helpers.h - * - * \brief This file contains helper functions to set up a TLS connection. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef SSL_HELPERS_H -#define SSL_HELPERS_H - -#include "mbedtls/build_info.h" - -#include - -#include -#include -#include -#include - -#if defined(MBEDTLS_SSL_TLS_C) -#include -#include -#include - -#include "test/certs.h" - -#if defined(MBEDTLS_SSL_CACHE_C) -#include "mbedtls/ssl_cache.h" -#endif - -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_ssl_errors, \ - psa_generic_status_to_mbedtls) - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_384) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 -#endif -#if defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 -#endif -#endif /* PSA_WANT_ALG_GCM */ -#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 -#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 -#endif -#endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256) -#define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 -#endif - -#if defined(MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256) || \ - defined(MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256) -#define MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -#endif - -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) -#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -#endif - -#if defined(PSA_WANT_ALG_GCM) || \ - defined(PSA_WANT_ALG_CCM) || \ - defined(PSA_WANT_ALG_CHACHA20_POLY1305) -#define MBEDTLS_TEST_HAS_AEAD_ALG -#endif - -enum { -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - tls13_label_ ## name, - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL -}; - -#if defined(MBEDTLS_SSL_ALPN) -#define MBEDTLS_TEST_MAX_ALPN_LIST_SIZE 10 -#endif - -typedef struct mbedtls_test_ssl_log_pattern { - const char *pattern; - size_t counter; -} mbedtls_test_ssl_log_pattern; - -typedef struct mbedtls_test_handshake_test_options { - const char *cipher; - uint16_t *group_list; - mbedtls_ssl_protocol_version client_min_version; - mbedtls_ssl_protocol_version client_max_version; - mbedtls_ssl_protocol_version server_min_version; - mbedtls_ssl_protocol_version server_max_version; - mbedtls_ssl_protocol_version expected_negotiated_version; - int expected_handshake_result; - int expected_ciphersuite; - int pk_alg; - int opaque_alg; - int opaque_alg2; - int opaque_usage; - data_t *psk_str; - int dtls; - int srv_auth_mode; - int serialize; - int mfl; - int cli_msg_len; - int srv_msg_len; - int expected_cli_fragments; - int expected_srv_fragments; - int renegotiate; - int legacy_renegotiation; - void *srv_log_obj; - void *cli_log_obj; - void (*srv_log_fun)(void *, int, const char *, int, const char *); - void (*cli_log_fun)(void *, int, const char *, int, const char *); - int resize_buffers; - int early_data; - int max_early_data_size; -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_context *cache; -#endif -#if defined(MBEDTLS_SSL_ALPN) - const char *alpn_list[MBEDTLS_TEST_MAX_ALPN_LIST_SIZE]; -#endif -} mbedtls_test_handshake_test_options; - -/* - * Buffer structure for custom I/O callbacks. - */ -typedef struct mbedtls_test_ssl_buffer { - size_t start; - size_t content_length; - size_t capacity; - unsigned char *buffer; -} mbedtls_test_ssl_buffer; - -/* - * Context for a message metadata queue (fifo) that is on top of the ring buffer. - */ -typedef struct mbedtls_test_ssl_message_queue { - size_t *messages; - int pos; - int num; - int capacity; -} mbedtls_test_ssl_message_queue; - -/* - * Context for the I/O callbacks simulating network connection. - */ - -#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 - -typedef struct mbedtls_test_mock_socket { - int status; - mbedtls_test_ssl_buffer *input; - mbedtls_test_ssl_buffer *output; - struct mbedtls_test_mock_socket *peer; -} mbedtls_test_mock_socket; - -/* Errors used in the message socket mocks */ - -#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 -#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 -#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 - -/* - * Structure used as an addon, or a wrapper, around the mocked sockets. - * Contains an input queue, to which the other socket pushes metadata, - * and an output queue, to which this one pushes metadata. This context is - * considered as an owner of the input queue only, which is initialized and - * freed in the respective setup and free calls. - */ -typedef struct mbedtls_test_message_socket_context { - mbedtls_test_ssl_message_queue *queue_input; - mbedtls_test_ssl_message_queue *queue_output; - mbedtls_test_mock_socket *socket; -} mbedtls_test_message_socket_context; - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Endpoint structure for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint { - const char *name; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_test_mock_socket socket; - uintptr_t user_data_cookie; /* A unique value associated with this endpoint */ - - /* Objects only used by DTLS. - * They should be guarded by MBEDTLS_SSL_PROTO_DTLS, but - * currently aren't because some code accesses them without guards. */ - mbedtls_test_message_socket_context dtls_context; -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer; -#endif - - /* Objects owned by the endpoint */ - int *ciphersuites; - mbedtls_test_ssl_message_queue queue_input; - mbedtls_x509_crt *ca_chain; - mbedtls_x509_crt *cert; - mbedtls_pk_context *pkey; -} mbedtls_test_ssl_endpoint; - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Random number generator aimed for TLS unitary tests. Its main purpose is to - * simplify the set-up of a random number generator for TLS - * unitary tests: no need to set up a good entropy source for example. - */ -int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len); - -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str); - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts); - -void mbedtls_test_free_handshake_options( - mbedtls_test_handshake_test_options *opts); - -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); - -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity); - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); - -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len); - -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len); - -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ -int mbedtls_test_ssl_message_queue_setup( - mbedtls_test_ssl_message_queue *queue, size_t capacity); - -void mbedtls_test_ssl_message_queue_free( - mbedtls_test_ssl_message_queue *queue); - -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len); - -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len); - -/* - * Setup and teardown functions for mock sockets. - */ -void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket); - -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_test_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); - -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_test_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize); - - -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ -int mbedtls_test_mock_tcp_send_b(void *ctx, - const unsigned char *buf, size_t len); - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); - -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ -int mbedtls_test_mock_tcp_send_nb(void *ctx, - const unsigned char *buf, size_t len); - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); - -void mbedtls_test_message_socket_init( - mbedtls_test_message_socket_context *ctx); - -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx); - -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ -void mbedtls_test_message_socket_close( - mbedtls_test_message_socket_context *ctx); - -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, - const unsigned char *buf, size_t len); - -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info. - */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, - unsigned char *buf, size_t buf_len); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -/* - * Load default CA certificates and endpoint keys into \p ep. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage); - -/** Initialize the configuration in an SSL endpoint structure. - * - * \note You must call `mbedtls_test_ssl_endpoint_free()` after - * calling this function, even if it fails. This is necessary to - * free data that may have been stored in the endpoint structure. - * - * \param[out] ep The endpoint structure to configure. - * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT. - * \param[in] options The options to use for configuring the endpoint - * structure. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_init_conf( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options); - -/** Initialize the session context in an endpoint structure. - * - * \note The endpoint structure must have been set up with - * mbedtls_test_ssl_endpoint_init_conf() with the same \p options. - * Between calling mbedtls_test_ssl_endpoint_init_conf() and - * mbedtls_test_ssl_endpoint_init_ssl(), you may configure `ep->ssl` - * further if you know what you're doing. - * - * \note You must call `mbedtls_test_ssl_endpoint_free()` after - * calling this function, even if it fails. This is necessary to - * free data that may have been stored in the endpoint structure. - * - * \param[out] ep The endpoint structure to set up. - * \param[in] options The options used for configuring the endpoint - * structure. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_init_ssl( - mbedtls_test_ssl_endpoint *ep, - const mbedtls_test_handshake_test_options *options); - -/** Initialize the configuration and a context in an SSL endpoint structure. - * - * This function is equivalent to calling - * mbedtls_test_ssl_endpoint_init_conf() followed by - * mbedtls_test_ssl_endpoint_init_ssl(). - * - * \note You must call `mbedtls_test_ssl_endpoint_free()` after - * calling this function, even if it fails. This is necessary to - * free data that may have been stored in the endpoint structure. - * - * \param[out] ep The endpoint structure to configure. - * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT. - * \param[in] options The options to use for configuring the endpoint - * structure. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options); - -/* - * Deinitializes endpoint represented by \p ep. - */ -void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep); - -/* Join a DTLS client with a DTLS server. - * - * You must call this function after setting up the endpoint objects - * and before starting a DTLS handshake. - * - * \param client The client. It must have been set up with - * mbedtls_test_ssl_endpoint_init(). - * \param server The server. It must have been set up with - * mbedtls_test_ssl_endpoint_init(). - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, - mbedtls_test_ssl_endpoint *server); - -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * For example, to perform a full handshake: - * ``` - * mbedtls_test_move_handshake_to_state( - * &server.ssl, &client.ssl, - * MBEDTLS_SSL_HANDSHAKE_OVER); - * mbedtls_test_move_handshake_to_state( - * &client.ssl, &server.ssl, - * MBEDTLS_SSL_HANDSHAKE_OVER); - * ``` - * Note that you need both calls to reach the handshake-over state on - * both sides. - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state); - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX -#else -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES) -int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, - size_t iv_len, - const unsigned char *input, - size_t ilen, - unsigned char *output, - size_t *olen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING && - PSA_WANT_KEY_TYPE_AES */ - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len); - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -/** - * \param[in,out] record The record to prepare. - * It must contain the data to MAC at offset - * `record->data_offset`, of length - * `record->data_length`. - * On success, write the MAC immediately - * after the data and increment - * `record->data_length` accordingly. - * \param[in,out] transform_out The out transform, typically prepared by - * mbedtls_test_ssl_build_transforms(). - * Its HMAC context may be used. Other than that - * it is treated as an input parameter. - * - * \return 0 on success, an `MBEDTLS_ERR_xxx` error code - * or -1 on error. - */ -int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, - mbedtls_ssl_transform *transform_out); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ -int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type, - const char *crt_file); - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ -int mbedtls_test_ssl_exchange_data( - mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_ssl_do_handshake_with_endpoints( - mbedtls_test_ssl_endpoint *server_ep, - mbedtls_test_ssl_endpoint *client_ep, - mbedtls_test_handshake_test_options *options, - mbedtls_ssl_protocol_version proto); -#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/** Perform an SSL handshake and exchange data over the connection. - * - * This function also handles cases where the handshake is expected to fail. - * - * If the handshake succeeds as expected, this function validates that - * connection parameters are as expected, exchanges data over the - * connection, and exercises some optional protocol features if they - * are enabled. See the code to see what features are validated and exercised. - * - * The handshake is expected to fail in the following cases: - * - If `options->expected_handshake_result != 0`. - * - If `options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN`. - * - * \param[in] options Options for the connection. - * \param client The client endpoint. It must have been set up with - * mbedtls_test_ssl_endpoint_init() with \p options - * and #MBEDTLS_SSL_IS_CLIENT. - * \param server The server endpoint. It must have been set up with - * mbedtls_test_ssl_endpoint_init() with \p options - * and #MBEDTLS_SSL_IS_CLIENT. - * - * \return 1 on success, 0 on failure. On failure, this function - * calls mbedtls_test_fail(), indicating the failure - * reason and location. The causes of failure are: - * - Inconsistent options or bad endpoint state. - * - Operational problem during the handshake. - * - The handshake was expected to pass, but failed. - * - The handshake was expected to fail, but passed or - * failed with a different result. - * - The handshake passed as expected, but some connection - * parameter (e.g. protocol version, cipher suite, ...) - * is not as expected. - * - The handshake passed as expected, but something - * went wrong when attempting to exchange data. - * - The handshake passed as expected, but something - * went wrong when exercising other features - * (e.g. renegotiation, serialization, ...). - */ -int mbedtls_test_ssl_perform_connection( - const mbedtls_test_handshake_test_options *options, - mbedtls_test_ssl_endpoint *client, - mbedtls_test_ssl_endpoint *server); - -void mbedtls_test_ssl_perform_handshake( - const mbedtls_test_handshake_test_options *options); -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_TEST_HOOKS) -/* - * Tweak vector lengths in a TLS 1.3 Certificate message - * - * \param[in] buf Buffer containing the Certificate message to tweak - * \param[in]]out] end End of the buffer to parse - * \param tweak Tweak identifier (from 1 to the number of tweaks). - * \param[out] expected_result Error code expected from the parsing function - * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that - * is expected to fail. All zeroes if no - * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. - */ -int mbedtls_test_tweak_tls13_certificate_msg_vector_len( - unsigned char *buf, unsigned char **end, int tweak, - int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -int mbedtls_test_ticket_write( - void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *ticket_lifetime); - -int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len); -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_get_tls13_ticket( - mbedtls_test_handshake_test_options *client_options, - mbedtls_test_handshake_test_options *server_options, - mbedtls_ssl_session *session); -#endif - -#define ECJPAKE_TEST_PWD "bla" - -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = (use_opaque_arg) ? \ - mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ - mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) - -#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - group_id_); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - tls_id_); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_type, &psa_bits), PSA_SUCCESS); \ - TEST_EQUAL(psa_family_, PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type)); \ - TEST_EQUAL(psa_bits_, psa_bits); - -#define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ - TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ - MBEDTLS_ECP_DP_NONE); \ - TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ - 0); \ - TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_type, &psa_bits), \ - PSA_ERROR_NOT_SUPPORTED); - -#endif /* MBEDTLS_SSL_TLS_C */ - -#endif /* SSL_HELPERS_H */ diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh deleted file mode 100755 index e57d09d342..0000000000 --- a/tests/make-in-docker.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -eu - -# make-in-docker.sh -# -# Purpose -# ------- -# This runs make in a Docker container. -# -# See also: -# - scripts/docker_env.sh for general Docker prerequisites and other information. -# -# WARNING: the Dockerfile used by this script is no longer maintained! See -# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start -# for the set of Docker images we use on the CI. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -source tests/scripts/docker_env.sh - -run_in_docker make $@ diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh deleted file mode 100644 index 88f3b1297c..0000000000 --- a/tests/opt-testcases/sample.sh +++ /dev/null @@ -1,383 +0,0 @@ -# Test that SSL sample programs can interoperate with each other -# and with OpenSSL and GnuTLS. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -: ${PROGRAMS_DIR:=../programs/ssl} - -# Disable session tickets for ssl_client1 when potentially using TLS 1.3 -# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved -# and (if relevant) implemented in ssl_client1. -run_test "Sample: ssl_client1, ssl_server2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server2 tickets=0" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_client1, openssl server, TLS 1.2" \ - -P 4433 \ - "$O_SRV -tls1_2" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -c "Protocol.*TLSv1.2" \ - -S "ERROR" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_client1, gnutls server, TLS 1.2" \ - -P 4433 \ - "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "Version: TLS1.2" \ - -c "Protocol version:TLS1.2" \ - -S "Error" \ - -C "error" - -# Disable session tickets for ssl_client1 when using TLS 1.3 -# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved -# and (if relevant) implemented in ssl_client1. -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_client1, openssl server, TLS 1.3" \ - -P 4433 \ - "$O_NEXT_SRV -tls1_3 -num_tickets 0" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -c "New, TLSv1.3, Cipher is" \ - -S "ERROR" \ - -C "error" - -# Disable session tickets for ssl_client1 when using TLS 1.3 -# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved -# and (if relevant) implemented in ssl_client1. -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \ - -P 4433 \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 --noticket" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "Version: TLS1.3" \ - -c "Protocol version:TLS1.3" \ - -S "Error" \ - -C "error" - -# The server complains of extra data after it closes the connection -# because the client keeps sending data, so the server receives -# more application data when it expects a new handshake. We consider -# the test a success if both sides have sent and received application -# data, no matter what happens afterwards. -run_test "Sample: dtls_client, ssl_server2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -C "error" - -# The dtls_client program connects to localhost. This test case fails on -# systems where the name "localhost" resolves to an IPv6 address, but -# the IPv6 connection is not possible. Possible reasons include: -# * OpenSSL is too old (IPv6 support was added in 1.1.0). -# * OpenSSL was built without IPv6 support. -# * A firewall blocks IPv6. -# -# To facilitate working with this test case, have it run with $OPENSSL_NEXT -# which is at least 1.1.1a. At the time it was introduced, this test case -# passed with OpenSSL 1.0.2g on an environment where IPv6 is disabled. -requires_protocol_version dtls12 -run_test "Sample: dtls_client, openssl server, DTLS 1.2" \ - -P 4433 \ - "$O_NEXT_SRV -dtls1_2" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "Echo this" \ - -c "Echo this" \ - -c "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -S "ERROR" \ - -C "error" - -requires_protocol_version dtls12 -run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \ - -P 4433 \ - "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "Server listening" \ - -s "[1-9][0-9]* bytes command:" \ - -c "Echo this" \ - -c "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -S "Error" \ - -C "error" - -run_test "Sample: ssl_server, ssl_client2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$PROGRAMS_DIR/ssl_client2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client1 with ssl_server" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_server, openssl client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$O_CLI -tls1_2" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls12 -run_test "Sample: ssl_server, gnutls client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Description:.*TLS1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_server, openssl client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "New, TLSv1.3, Cipher is" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_server, gnutls client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_server" \ - "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "Description:.*TLS1.3" \ - -S "error" \ - -C "ERROR" - -run_test "Sample: ssl_fork_server, ssl_client2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$PROGRAMS_DIR/ssl_client2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client1 with ssl_fork_server" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$O_CLI -tls1_2" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls12 -run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Description:.*TLS1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "New, TLSv1.3, Cipher is" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_fork_server" \ - "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "Description:.*TLS1.3" \ - -S "error" \ - -C "ERROR" - -run_test "Sample: ssl_pthread_server, ssl_client2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$PROGRAMS_DIR/ssl_client2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client1 with ssl_pthread_server" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$PROGRAMS_DIR/ssl_client1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version tls12 -run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$O_CLI -tls1_2" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls12 -run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "Successful connection using: TLS-" \ - -c "Description:.*TLS1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_openssl_tls1_3 -run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "New, TLSv1.3, Cipher is" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version tls13 -requires_gnutls_tls1_3 -run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \ - -P 4433 \ - "$PROGRAMS_DIR/ssl_pthread_server" \ - "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \ - 0 \ - -s "Successful connection using: TLS1-3-" \ - -c "Description:.*TLS1.3" \ - -S "error" \ - -C "ERROR" - -run_test "Sample: dtls_client with dtls_server" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$PROGRAMS_DIR/dtls_client" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -run_test "Sample: ssl_client2, dtls_server" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$PROGRAMS_DIR/ssl_client2 dtls=1" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "[1-9][0-9]* bytes read" \ - -c "[1-9][0-9]* bytes written" \ - -S "error" \ - -C "error" - -requires_protocol_version dtls12 -run_test "Sample: dtls_server, openssl client, DTLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$O_CLI -dtls1_2" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "Protocol.*TLSv1.2" \ - -S "error" \ - -C "ERROR" - -requires_protocol_version dtls12 -run_test "Sample: dtls_server, gnutls client, DTLS 1.2" \ - -P 4433 \ - "$PROGRAMS_DIR/dtls_server" \ - "$G_CLI -u --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \ - 0 \ - -s "[1-9][0-9]* bytes read" \ - -s "[1-9][0-9]* bytes written" \ - -c "Description:.*DTLS1.2" \ - -S "error" \ - -C "ERROR" diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh deleted file mode 100644 index 1bb251fdb8..0000000000 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ /dev/null @@ -1,3325 +0,0 @@ -# Systematic testing of TLS 1.3 key exchange modes. - -# DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by -# scripts in future(#6280) - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: all/psk, good" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: all/psk, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_ephemeral, fail, no common kex mode" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No suitable PSK key exchange mode" \ - -S "Pre shared key found" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername wrong_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No suitable PSK key exchange mode" \ - -S "Pre shared key found" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:-ECDHE-PSK:-DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f71 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -S "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: secp256r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: secp521r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: x25519" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "write selected_group: x448" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk, fail, no common kex mode" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: all/psk, good" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -s "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_all, good" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=ephemeral_all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/all, good" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity wrong_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -s "No suitable PSK key exchange mode" \ - -S "Pre shared key found" \ - -s "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ - -S "No usable PSK or ticket" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ - "$P_SRV tls13_kex_modes=psk_or_ephemeral debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f71" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "Invalid binder." \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: secp256r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_521 -run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: secp521r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255 -run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: x25519" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_MONTGOMERY_448 -run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "write selected_group: x448" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ - "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ - 0 \ - -s "write selected_group: secp384r1" \ - -s "HRR selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ - 0 \ - -s "write selected_group: secp384r1" \ - -s "HRR selected_group: secp384r1" \ - -S "key exchange mode: psk$" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - - -# Add psk test cases for mbedtls client code - -# MbedTls->MbedTLS kinds of tls13_kex_modes -# PSK mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->m: psk/psk, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->m: psk/psk, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/ephemeral_all, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# psk_ephemeral mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c psk=040506 tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# ephemeral mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/psk, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 1 \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/psk_ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 1 \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/psk_all, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 1 \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -# ephemeral_all mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "key exchange mode: ephemeral" \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "key exchange mode: ephemeral" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "key exchange mode: ephemeral" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: ephemeral_all/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# psk_all mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral, fail - no common kex mode" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: psk_all/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -# all mode in client -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/ephemeral_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "ClientHello message misses mandatory extensions." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/psk_all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/all, good" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=010203 psk_identity=0d0e0f tls13_kex_modes=all" \ - 0 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "No usable PSK or ticket" \ - -s "key exchange mode: ephemeral" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->m: all/all, fail, key material mismatch" \ - "$P_SRV nbio=2 debug_level=5 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - "$P_CLI nbio=2 debug_level=5 psk=040506 psk_identity=0a0b0c tls13_kex_modes=all" \ - 1 \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Invalid binder." - -#OPENSSL-SERVER psk mode -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->O: psk/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" - -#OPENSSL-SERVER psk_all mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_all/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER psk_ephemeral mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER ephemeral mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER ephemeral_all mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -#OPENSSL-SERVER all mode -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: all/all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ - "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203" \ - "$P_CLI debug_level=4 sig_algs=ecdsa_secp256r1_sha256 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" - -#GNUTLS-SERVER psk mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->G: psk/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: m->G: psk/ephemeral_all, fail - no common kex mode" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk" \ - 1 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer" - -#GNUTLS-SERVER psk_all mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_all/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER psk_ephemeral mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk_ephemeral" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER ephemeral mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ - 0 \ - -c "Selected key exchange mode: ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER ephemeral_all mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral_all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -#GNUTLS-SERVER all mode -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: all/all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ - "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=../framework/data_files/simplepass.psk" \ - "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -c "=> write client hello" \ - -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ - -c "client hello, adding psk_key_exchange_modes extension" \ - -c "client hello, adding PSK binder list" \ - -s "Parsing extension 'PSK Key Exchange Modes/45'" \ - -s "Parsing extension 'Pre Shared Key/41'" \ - -c "<= write client hello" \ - -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh deleted file mode 100644 index cc6a31d795..0000000000 --- a/tests/opt-testcases/tls13-misc.sh +++ /dev/null @@ -1,1310 +0,0 @@ -# Miscellaneous tests of TLS 1.3 features. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\ - -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "No matched ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \ - "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 0" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -S "ticket is not authentic" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \ - "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \ - "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 reco_mode=1 reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 2" \ - -s "sent selected_identity: 1" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: ephemeral$" \ - -s "ticket is not authentic" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \ - "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 1 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -S "Found PSK KEX MODE" \ - -S "key exchange mode: psk$" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured psk only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "key exchange mode: psk$" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "found psk key exchange modes extension" \ - -s "found pre_shared_key extension" \ - -s "Found PSK_EPHEMERAL KEX MODE" \ - -s "Found PSK KEX MODE" \ - -s "key exchange mode: psk_ephemeral$" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \ - "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \ - "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \ - localhost" \ - 0 \ - -s "key exchange mode: ephemeral$" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption with servername" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ - "$P_CLI server_name=localhost reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption with early data" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -C "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -C "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -C "received max_early_data_size" \ - -C "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -c "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \ - "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -C "received max_early_data_size" \ - -C "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -c "0 bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -C "bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \ - "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \ - "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -C "EncryptedExtensions: early_data(42) extension received." \ - -C "bytes of early data written" \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -S "early data bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... failed" \ - -S "Protocol is TLSv1.3" \ - -S "key exchange mode: psk" \ - -S "Select PSK ciphersuite" \ - -s "Ticket lifetime (604801) is greater than 7 days." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \ - "$P_CLI debug_level=2 reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -c "Discard new session ticket" \ - -c "Reconnecting with saved session... failed" \ - -s "Protocol is TLSv1.3" \ - -S "key exchange mode: psk" \ - -S "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, servername check failed" \ - "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \ - sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "Hostname mismatch the session ticket, disable session resumption." \ - -s "Protocol is TLSv1.3" \ - -S "key exchange mode: psk" \ - -S "Select PSK ciphersuite" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -s "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket expired." \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -s "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -s "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -s "Ticket age exceeds limitation" \ - -S "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \ - "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -S "key exchange mode: psk" \ - -S "ticket is not authentic" \ - -S "ticket is expired" \ - -S "Invalid ticket creation time" \ - -S "Ticket age exceeds limitation" \ - -s "Ticket age outside tolerance window" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Pre-configured PSK number = 1" \ - -S "sent selected_identity:" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "No suitable PSK key exchange mode" \ - -s "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \ - "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \ - "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -s "key exchange mode: ephemeral" \ - -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: psk$" \ - -s "found matched identity" \ - -S "No suitable PSK key exchange mode" \ - -S "No usable PSK or ticket" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->O: resumption" \ - "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS -run_test "TLS 1.3 m->O: resumption fails, no ticket support" \ - "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -C "Reconnecting with saved session... ok" \ - -c "Ignore NewSessionTicket, not supported." - -# No early data m->O tests for the time being. The option -early_data is needed -# to enable early data on OpenSSL server and it is not compatible with the -# -www option we usually use for testing with OpenSSL server (see -# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the -# ephemeral then ticket based scenario we use for early data testing the first -# handshake fails. The following skipped test is here to illustrate the kind -# of testing we would like to do. -# https://github.com/Mbed-TLS/mbedtls/issues/9582 -skip_next_test -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->O: resumption with early data" \ - "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -s "decrypted early data with length:" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ - "$P_CLI reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS -run_test "TLS 1.3 m->G: resumption fails, no ticket support" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 1 \ - -c "Protocol is TLSv1.3" \ - -C "Saving session for reuse... ok" \ - -C "Reconnecting with saved session... ok" \ - -c "Ignore NewSessionTicket, not supported." - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session... ok" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption with early data" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -s "decrypted early data with length:" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -c "ClientHello: early_data(42) extension exists." \ - -c "EncryptedExtensions: early_data(42) extension received." \ - -c "bytes of early data written" \ - -s "decrypted early data with length:" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=3 early_data=1 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -C "received max_early_data_size: 16384" \ - -C "NewSessionTicket: early_data(42) extension received." \ - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \ - "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \ - --earlydata --maxearlydata 16384" \ - "$P_CLI debug_level=3 early_data=0 reco_mode=1 reconnect=1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Saving session for reuse... ok" \ - -c "Reconnecting with saved session" \ - -c "HTTP/1.0 200 OK" \ - -c "received max_early_data_size: 16384" \ - -c "NewSessionTicket: early_data(42) extension received." \ - -C "ClientHello: early_data(42) extension exists." \ - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -# https://github.com/openssl/openssl/issues/10714 -# Until now, OpenSSL client does not support reconnect. -skip_next_test -run_test "TLS 1.3 O->m: resumption" \ - "$P_SRV debug_level=2 tickets=1" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption" \ - "$P_SRV debug_level=2 tickets=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -# Test the session resumption when the cipher suite for the original session is -# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not -# 256 bits long as with all the other TLS 1.3 cipher suites. -run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=2 tickets=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" - -EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) -EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption with early data" \ - "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "$( head -1 $EARLY_DATA_INPUT )" \ - -s "$( tail -1 $EARLY_DATA_INPUT )" \ - -s "200 early data bytes read" \ - -s "106 early data bytes read" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 -run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \ - "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \ - -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "$( head -1 $EARLY_DATA_INPUT )" \ - -s "$( tail -1 $EARLY_DATA_INPUT )" \ - -s "200 early data bytes read" \ - -s "106 early data bytes read" - -# The Mbed TLS server does not allow early data for the ticket it sends but -# the GnuTLS indicates early data anyway when resuming with the ticket and -# sends early data. The Mbed TLS server does not expect early data in -# association with the ticket thus it eventually fails the resumption -# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 -# specification and thus its behavior may change in following versions. -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \ - "$P_SRV debug_level=4 tickets=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 1 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EarlyData: rejected, feature disabled in server configuration." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -s "EarlyData: deprotect and discard app data records" \ - -s "EarlyData: Too much early data received" - -# The Mbed TLS server does not allow early data for the ticket it sends but -# the GnuTLS indicates early data anyway when resuming with the ticket and -# sends early data. The Mbed TLS server does not expect early data in -# association with the ticket thus it eventually fails the resumption -# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3 -# specification and thus its behavior may change in following versions. -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \ - "$P_SRV debug_level=4 tickets=1 early_data=0" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \ - --earlydata $EARLY_DATA_INPUT" \ - 1 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -S "Sent max_early_data_size" \ - -S "NewSessionTicket: early_data(42) extension exists." \ - -s "ClientHello: early_data(42) extension exists." \ - -s "EarlyData: rejected, feature disabled in server configuration." \ - -S "EncryptedExtensions: early_data(42) extension exists." \ - -s "EarlyData: deprotect and discard app data records" \ - -s "EarlyData: Too much early data received" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \ - "$P_SRV debug_level=4 tickets=1 early_data=1" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "key exchange mode: psk" \ - -s "Select PSK ciphersuite" \ - -s "Sent max_early_data_size" \ - -s "NewSessionTicket: early_data(42) extension exists." \ - -S "ClientHello: early_data(42) extension exists." \ - -S "EncryptedExtensions: early_data(42) extension exists." - -requires_config_enabled MBEDTLS_SSL_EARLY_DATA -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_HAVE_TIME -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \ - "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \ - "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \ - 0 \ - -s "key exchange mode: ephemeral" \ - -S "key exchange mode: psk" \ - -s "found matched identity" \ - -s "EarlyData: rejected, not a session resumption" \ - -C "EncryptedExtensions: early_data(42) extension exists." diff --git a/tests/psa-client-server/README.md b/tests/psa-client-server/README.md deleted file mode 100644 index e6d9c873bc..0000000000 --- a/tests/psa-client-server/README.md +++ /dev/null @@ -1,6 +0,0 @@ -### PSA Crypto Client-Server Testing - -Everything in this directory should currently be considered experimental. We are adding features and extending CI support for it. - -Once stable, of production quality, and being tested by the CI, it will eventually be migrated into -the [MbedTLS framework repository](https://github.com/Mbed-TLS/mbedtls-framework). diff --git a/tests/psa-client-server/psasim/.gitignore b/tests/psa-client-server/psasim/.gitignore deleted file mode 100644 index 4065abf771..0000000000 --- a/tests/psa-client-server/psasim/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -bin/* -*.o -*.so -test/psa_ff_bootstrap.c -test/psa_manifest/* -test/client -test/partition -cscope.out -*.orig -*.swp -*.DS_Store -*psa_ff_bootstrap_* diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile deleted file mode 100644 index ec6691f422..0000000000 --- a/tests/psa-client-server/psasim/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L - -ifeq ($(DEBUG),1) -override CFLAGS += -DDEBUG -O0 -g -endif - -CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto -SERVER_LIBS := -Lserver_libs -lmbedcrypto - -MBEDTLS_ROOT_PATH = ../../.. -COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \ - -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include \ - -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - -GENERATED_H_FILES = include/psa_manifest/manifest.h \ - include/psa_manifest/pid.h \ - include/psa_manifest/sid.h - -LIBPSACLIENT_SRC = src/psa_ff_client.c \ - src/psa_sim_crypto_client.c \ - src/psa_sim_serialise.c -LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o) - -PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c - -PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \ - $(wildcard src/aut_*.c) - -PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c - -PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ - src/psa_ff_server.c \ - src/psa_sim_crypto_server.c \ - src/psa_sim_serialise.c - -.PHONY: all clean client_libs server_libs - -all: - -test/seedfile: - dd if=/dev/urandom of=./test/seedfile bs=64 count=1 - -src/%.o: src/%.c $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@ - -client_libs/libpsaclient: $(LIBPSACLIENT_OBJS) - mkdir -p client_libs - $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS) - -test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ - -test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ - -test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@ - -$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c - tools/psa_autogen.py src/manifest.json - -# Build MbedTLS libraries (crypto, x509 and tls) and copy them locally to -# build client/server applications. -# -# Note: these rules assume that mbedtls_config.h is already configured by all.sh. -# If not using all.sh then the user must do it manually. -client_libs: client_libs/libpsaclient -client_libs server_libs: - $(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a - mkdir -p $@ - cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/ - -clean_server_intermediate_files: - rm -f $(PARTITION_SERVER_BOOTSTRAP) - rm -rf include/psa_manifest - -clean: clean_server_intermediate_files - rm -f test/psa_client_base test/psa_client_full test/psa_server - rm -rf client_libs server_libs - rm -f test/psa_service_* test/psa_notify_* test/*.log - rm -f test/seedfile diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md deleted file mode 100644 index db49ae9473..0000000000 --- a/tests/psa-client-server/psasim/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# psasim - -PSASIM holds necessary C source and header files which allows to test Mbed TLS in a "pure crypto client" scenario, i.e `MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C`. -In practical terms it means that this allow to build PSASIM with Mbed TLS sources and get 2 Linux applications, a client and a server, which are connected through Linux's shared memeory, and in which the client relies on the server to perform all PSA Crypto operations. - -The goal of PSASIM is _not_ to provide a ready-to-use solution for anyone looking to implement the pure crypto client structure (see [Limitations](#limitations) for details), but to provide an example of TF-PSA-Crypto RPC (Remote Procedure Call) implementation using Mbed TLS. -## Limitations - -In the current implementation: - -- Only Linux PC is supported. -- There can be only 1 client connected to 1 server. -- Shared memory is the only communication medium allowed. Others can be implemented (ex: net sockets), but in terms of simulation speed shared memory proved to be the fastest. -- Server is not secure at all: keys and operation structs are stored on the RAM, so they can easily be dumped. - -## Testing - -Please refer to `tests/scripts/components-psasim.sh` for guidance on how to build & test PSASIM: - -- `component_test_psasim()`: builds the server and a couple of test clients which are used to evaluate some basic PSA Crypto API commands. -- `component_test_suite_with_psasim()`: builds the server and _all_ the usual test suites (those found under the `/tests/suites/*` folder) which are used by the CI and runs them. A small subset of test suites (`test_suite_constant_time_hmac`,`test_suite_lmots`,`test_suite_lms`) are being skipped, for CI turnover time optimization. They can be run locally if required. - -## How to update automatically generated files - -A significant portion of the intermediate code of PSASIM is auto-generated using Perl. In particular: - -- `psa_sim_serialise.[c|h]`: - - Generated by `psa_sim_serialise.pl`. - - These files provide the serialisation/deserialisation support that is required to pass functions' parameters between client and server. -- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: - - Generated by `psa_sim_generate.pl`. - - `psa_sim_crypto_[client|server].c` provide interfaces for PSA Crypto APIs on client and server sides, while `psa_functions_codes.h` simply enumerates all PSA Crypto APIs. - -These files need to be regenerated whenever some PSA Crypto API is added/deleted/modified. The procedure is as follows: - -- `psa_sim_serialise.[c|h]`: - - go to `/tests/psa-client-server/psasim/src/` - - run `./psa_sim_serialise.pl h > psa_sim_serialise.h` - - run `./psa_sim_serialise.pl c > psa_sim_serialise.c` -- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: - - go to Mbed TLS' root folder - - run `./tests/psa-client-server/psasim/src/psa_sim_generate.pl` diff --git a/tests/psa-client-server/psasim/include/client.h b/tests/psa-client-server/psasim/include/client.h deleted file mode 100644 index d48498e682..0000000000 --- a/tests/psa-client-server/psasim/include/client.h +++ /dev/null @@ -1,75 +0,0 @@ -/* PSA Firmware Framework client header for psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef __PSA_CLIENT_H__ -#define __PSA_CLIENT_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -#include "psa/crypto.h" - -#include "error_ext.h" -/*********************** PSA Client Macros and Types *************************/ - -#define PSA_FRAMEWORK_VERSION (0x0100) - -#define PSA_VERSION_NONE (0) - -/* PSA response types */ -#define PSA_CONNECTION_REFUSED PSA_ERROR_CONNECTION_REFUSED -#define PSA_CONNECTION_BUSY PSA_ERROR_CONNECTION_BUSY -#define PSA_DROP_CONNECTION PSA_ERROR_PROGRAMMER_ERROR - -/* PSA message handles */ -#define PSA_NULL_HANDLE ((psa_handle_t) 0) - -#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t) (handle) > 0) -#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t) (handle)) - -/** - * A read-only input memory region provided to an RoT Service. - */ -typedef struct psa_invec { - const void *base; - size_t len; -} psa_invec; - -/** - * A writable output memory region provided to an RoT Service. - */ -typedef struct psa_outvec { - void *base; - size_t len; -} psa_outvec; - -/*************************** PSA Client API **********************************/ - -uint32_t psa_framework_version(void); - -uint32_t psa_version(uint32_t sid); - -psa_handle_t psa_connect(uint32_t sid, uint32_t version); - -psa_status_t psa_call(psa_handle_t handle, - int32_t type, - const psa_invec *in_vec, - size_t in_len, - psa_outvec *out_vec, - size_t out_len); - -void psa_close(psa_handle_t handle); - -#ifdef __cplusplus -} -#endif - -#endif /* __PSA_CLIENT_H__ */ diff --git a/tests/psa-client-server/psasim/include/common.h b/tests/psa-client-server/psasim/include/common.h deleted file mode 100644 index ee5b5a3789..0000000000 --- a/tests/psa-client-server/psasim/include/common.h +++ /dev/null @@ -1,52 +0,0 @@ -/* Common definitions used for clients and services */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef _COMMON_H_ -#define _COMMON_H_ - -#include -#include - -/* Increasing this might break on some platforms */ -#define MAX_FRAGMENT_SIZE 200 - -#define CONNECT_REQUEST 1 -#define CALL_REQUEST 2 -#define CLOSE_REQUEST 3 -#define VERSION_REQUEST 4 -#define READ_REQUEST 5 -#define READ_RESPONSE 6 -#define WRITE_REQUEST 7 -#define WRITE_RESPONSE 8 -#define SKIP_REQUEST 9 -#define PSA_REPLY 10 - -#define NON_SECURE (1 << 30) - -typedef int32_t psa_handle_t; - -#define PSA_MAX_IOVEC (4u) - -#define PSA_IPC_CALL (0) - -struct message_text { - int qid; - int32_t psa_type; - char buf[MAX_FRAGMENT_SIZE]; -}; - -struct message { - long message_type; - struct message_text message_text; -}; - -typedef struct vector_sizes { - size_t invec_sizes[PSA_MAX_IOVEC]; - size_t outvec_sizes[PSA_MAX_IOVEC]; -} vector_sizes_t; - -#endif /* _COMMON_H_ */ diff --git a/tests/psa-client-server/psasim/include/error_ext.h b/tests/psa-client-server/psasim/include/error_ext.h deleted file mode 100644 index 6c82b8a72f..0000000000 --- a/tests/psa-client-server/psasim/include/error_ext.h +++ /dev/null @@ -1,19 +0,0 @@ -/* PSA status codes used by psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_ERROR_H -#define PSA_ERROR_H - -#include - -#include "common.h" - -#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) -#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) -#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131) - -#endif diff --git a/tests/psa-client-server/psasim/include/init.h b/tests/psa-client-server/psasim/include/init.h deleted file mode 100644 index de95d905c7..0000000000 --- a/tests/psa-client-server/psasim/include/init.h +++ /dev/null @@ -1,15 +0,0 @@ -/* Declarations of internal functions. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -void raise_signal(psa_signal_t signal); -void __init_psasim(const char **array, - int size, - const int allow_ns_clients_array[32], - const uint32_t versions[32], - const int strict_policy_array[32]); diff --git a/tests/psa-client-server/psasim/include/lifecycle.h b/tests/psa-client-server/psasim/include/lifecycle.h deleted file mode 100644 index 1148397a88..0000000000 --- a/tests/psa-client-server/psasim/include/lifecycle.h +++ /dev/null @@ -1,17 +0,0 @@ -/* PSA lifecycle states used by psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u) -#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu) -#define PSA_LIFECYCLE_UNKNOWN (0x0000u) -#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u) -#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u) -#define PSA_LIFECYCLE_SECURED (0x3000u) -#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u) -#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u) -#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u) -#define psa_rot_lifecycle_state(void) PSA_LIFECYCLE_UNKNOWN diff --git a/tests/psa-client-server/psasim/include/service.h b/tests/psa-client-server/psasim/include/service.h deleted file mode 100644 index cbcb918cb2..0000000000 --- a/tests/psa-client-server/psasim/include/service.h +++ /dev/null @@ -1,253 +0,0 @@ -/* PSA Firmware Framework service header for psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef __PSA_SERVICE_H__ -#define __PSA_SERVICE_H__ - -#ifdef __cplusplus -extern "C" { -#endif -#include -#include -#include - -#include "common.h" - -#include "psa/crypto.h" - -/********************** PSA Secure Partition Macros and Types ****************/ - -/* PSA wait timeouts */ -#define PSA_POLL (0x00000000u) -#define PSA_BLOCK (0x80000000u) - -/* A mask value that includes all Secure Partition signals */ -#define PSA_WAIT_ANY (~0u) - -/* Doorbell signal */ -#define PSA_DOORBELL (0x00000008u) - -/* PSA message types */ -#define PSA_IPC_CONNECT (-1) -#define PSA_IPC_DISCONNECT (-2) - -/* Return code from psa_get() */ -#define PSA_ERR_NOMSG (INT32_MIN + 3) - -/* Store a set of one or more Secure Partition signals */ -typedef uint32_t psa_signal_t; - -/** - * Describe a message received by an RoT Service after calling \ref psa_get(). - */ -typedef struct psa_msg_t { - uint32_t type; /* One of the following values: - * \ref PSA_IPC_CONNECT - * \ref PSA_IPC_CALL - * \ref PSA_IPC_DISCONNECT - */ - psa_handle_t handle; /* A reference generated by the SPM to the - * message returned by psa_get(). - */ - int32_t client_id; /* Partition ID of the sender of the message */ - void *rhandle; /* Be useful for binding a connection to some - * application-specific data or function - * pointer within the RoT Service - * implementation. - */ - size_t in_size[PSA_MAX_IOVEC]; /* Provide the size of each client input - * vector in bytes. - */ - size_t out_size[PSA_MAX_IOVEC];/* Provide the size of each client output - * vector in bytes. - */ -} psa_msg_t; - -/************************* PSA Secure Partition API **************************/ - -/** - * \brief Return the Secure Partition interrupt signals that have been asserted - * from a subset of signals provided by the caller. - * - * \param[in] signal_mask A set of signals to query. Signals that are not - * in this set will be ignored. - * \param[in] timeout Specify either blocking \ref PSA_BLOCK or - * polling \ref PSA_POLL operation. - * - * \retval >0 At least one signal is asserted. - * \retval 0 No signals are asserted. This is only seen when - * a polling timeout is used. - */ -psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout); - -/** - * \brief Retrieve the message which corresponds to a given RoT Service signal - * and remove the message from the RoT Service queue. - * - * \param[in] signal The signal value for an asserted RoT Service. - * \param[out] msg Pointer to \ref psa_msg_t object for receiving - * the message. - * - * \retval PSA_SUCCESS Success, *msg will contain the delivered - * message. - * \retval PSA_ERR_NOMSG Message could not be delivered. - * \retval "Does not return" The call is invalid because one or more of the - * following are true: - * \arg signal has more than a single bit set. - * \arg signal does not correspond to an RoT Service. - * \arg The RoT Service signal is not currently - * asserted. - * \arg The msg pointer provided is not a valid memory - * reference. - */ -psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg); - -/** - * \brief Associate some RoT Service private data with a client connection. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] rhandle Reverse handle allocated by the RoT Service. - * - * \retval void Success, rhandle will be provided with all - * subsequent messages delivered on this - * connection. - * \retval "Does not return" msg_handle is invalid. - */ -void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle); - -/** - * \brief Read a message parameter or part of a message parameter from a client - * input vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] invec_idx Index of the input vector to read from. Must be - * less than \ref PSA_MAX_IOVEC. - * \param[out] buffer Buffer in the Secure Partition to copy the - * requested data to. - * \param[in] num_bytes Maximum number of bytes to be read from the - * client input vector. - * - * \retval >0 Number of bytes copied. - * \retval 0 There was no remaining data in this input - * vector. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg invec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - * \arg the memory reference for buffer is invalid or - * not writable. - */ -size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, - void *buffer, size_t num_bytes); - -/** - * \brief Skip over part of a client input vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] invec_idx Index of input vector to skip from. Must be - * less than \ref PSA_MAX_IOVEC. - * \param[in] num_bytes Maximum number of bytes to skip in the client - * input vector. - * - * \retval >0 Number of bytes skipped. - * \retval 0 There was no remaining data in this input - * vector. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg invec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - */ -size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes); - -/** - * \brief Write a message response to a client output vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[out] outvec_idx Index of output vector in message to write to. - * Must be less than \ref PSA_MAX_IOVEC. - * \param[in] buffer Buffer with the data to write. - * \param[in] num_bytes Number of bytes to write to the client output - * vector. - * - * \retval void Success - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg outvec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - * \arg The memory reference for buffer is invalid. - * \arg The call attempts to write data past the end - * of the client output vector. - */ -void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, - const void *buffer, size_t num_bytes); - -/** - * \brief Complete handling of a specific message and unblock the client. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] status Message result value to be reported to the - * client. - * - * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg An invalid status code is specified for the - * type of message. - */ -void psa_reply(psa_handle_t msg_handle, psa_status_t status); - -/** - * \brief Send a PSA_DOORBELL signal to a specific Secure Partition. - * - * \param[in] partition_id Secure Partition ID of the target partition. - * - * \retval void Success. - * \retval "Does not return" partition_id does not correspond to a Secure - * Partition. - */ -void psa_notify(int32_t partition_id); - -/** - * \brief Clear the PSA_DOORBELL signal. - * - * \retval void Success. - * \retval "Does not return" The Secure Partition's doorbell signal is not - * currently asserted. - */ -void psa_clear(void); - -/** - * \brief Inform the SPM that an interrupt has been handled (end of interrupt). - * - * \param[in] irq_signal The interrupt signal that has been processed. - * - * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg irq_signal is not an interrupt signal. - * \arg irq_signal indicates more than one signal. - * \arg irq_signal is not currently asserted. - */ -void psa_eoi(psa_signal_t irq_signal); - -#define psa_panic(X) abort(); - -#ifdef __cplusplus -} -#endif - -#endif /* __PSA_SERVICE_H__ */ diff --git a/tests/psa-client-server/psasim/include/util.h b/tests/psa-client-server/psasim/include/util.h deleted file mode 100644 index dfc9a32379..0000000000 --- a/tests/psa-client-server/psasim/include/util.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Common definitions used for clients and services */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "service.h" - -#include - -#define PRINT(fmt, ...) \ - fprintf(stdout, fmt "\n", ##__VA_ARGS__) - -#if defined(DEBUG) -#define INFO(fmt, ...) \ - fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) -#else /* !DEBUG */ -#define INFO(...) -#endif /* DEBUG*/ - -#define ERROR(fmt, ...) \ - fprintf(stderr, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) - -#define FATAL(fmt, ...) \ - { \ - fprintf(stderr, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ - abort(); \ - } - -#define PROJECT_ID 'M' -#define PATHNAMESIZE 256 -#define TMP_FILE_BASE_PATH "./" diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c deleted file mode 100644 index ed198790c6..0000000000 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ /dev/null @@ -1,71 +0,0 @@ -/** - * This is the base AUT that exectues all other AUTs meant to test PSA APIs - * through PSASIM. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#include "mbedtls/build_info.h" - -#include "psa/crypto.h" - -#include -#include -#include - -int psa_hash_compute_main(void); -int psa_hash_main(void); -int psa_aead_encrypt_main(char *cipher_name); -int psa_aead_encrypt_decrypt_main(void); -int psa_cipher_encrypt_decrypt_main(void); -int psa_asymmetric_encrypt_decrypt_main(void); -int psa_random_main(void); -int psa_mac_main(void); -int psa_key_agreement_main(void); -int psa_sign_verify_main(void); -int psa_hkdf_main(void); - -#define TEST_MODULE(main_func) \ - do { \ - char title[128] = { 0 }; \ - char separator[128] = { 0 }; \ - int title_len = snprintf(title, sizeof(title), "=== Test: %s ===", #main_func); \ - memset(separator, '=', title_len); \ - printf("%s\n%s\n%s\n", separator, title, separator); \ - ret = main_func; \ - if (ret != 0) { \ - goto exit; \ - } \ - } while (0) - -int main() -{ - int ret; - - TEST_MODULE(psa_hash_compute_main()); - TEST_MODULE(psa_hash_main()); - - TEST_MODULE(psa_aead_encrypt_main("aes128-gcm")); - TEST_MODULE(psa_aead_encrypt_main("aes256-gcm")); - TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8")); - TEST_MODULE(psa_aead_encrypt_main("chachapoly")); - TEST_MODULE(psa_aead_encrypt_decrypt_main()); - TEST_MODULE(psa_cipher_encrypt_decrypt_main()); - TEST_MODULE(psa_asymmetric_encrypt_decrypt_main()); - - TEST_MODULE(psa_random_main()); - - TEST_MODULE(psa_mac_main()); - TEST_MODULE(psa_key_agreement_main()); - TEST_MODULE(psa_sign_verify_main()); - TEST_MODULE(psa_hkdf_main()); - -exit: - return (ret != 0) ? 1 : 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c deleted file mode 100644 index 64463f57fc..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c +++ /dev/null @@ -1,227 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "psa/crypto.h" - -#include -#include -#include - -const char usage[] = - "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; - -/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ -const unsigned char iv1[12] = { 0x00 }; -const unsigned char add_data1[] = { 0x01, 0x02 }; -const unsigned char msg1_part1[] = { 0x03, 0x04 }; -const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; - -/* Dummy data (2nd message) */ -const unsigned char iv2[12] = { 0x10 }; -const unsigned char add_data2[] = { 0x11, 0x12 }; -const unsigned char msg2_part1[] = { 0x13, 0x14 }; -const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; - -/* Maximum total size of the messages */ -#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) -#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) -#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) - -/* Dummy key material - never do this in production! - * 32-byte is enough to all the key size supported by this program. */ -const unsigned char key_bytes[32] = { 0x2a }; - -/* Print the contents of a buffer in hex */ -void print_buf(const char *title, uint8_t *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run a PSA function and bail out if it fails. - * The symbolic name of the error code can be recovered using: - * programs/psa/psa_constant_name status */ -#define PSA_CHECK(expr) \ - do \ - { \ - status = (expr); \ - if (status != PSA_SUCCESS) \ - { \ - printf("Error %d at line %d: %s\n", \ - (int) status, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } \ - while (0) - -/* - * Prepare encryption material: - * - interpret command-line argument - * - set up key - * - outputs: key and algorithm, which together hold all the information - */ -static psa_status_t aead_prepare(const char *info, - psa_key_id_t *key, - psa_algorithm_t *alg) -{ - psa_status_t status; - - /* Convert arg to alg + key_bits + key_type */ - size_t key_bits; - psa_key_type_t key_type; - if (strcmp(info, "aes128-gcm") == 0) { - *alg = PSA_ALG_GCM; - key_bits = 128; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "aes256-gcm") == 0) { - *alg = PSA_ALG_GCM; - key_bits = 256; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "aes128-gcm_8") == 0) { - *alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8); - key_bits = 128; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "chachapoly") == 0) { - *alg = PSA_ALG_CHACHA20_POLY1305; - key_bits = 256; - key_type = PSA_KEY_TYPE_CHACHA20; - } else { - puts(usage); - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Prepare key attributes */ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, *alg); - psa_set_key_type(&attributes, key_type); - psa_set_key_bits(&attributes, key_bits); // optional - - /* Import key */ - PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key)); - -exit: - return status; -} - -/* - * Print out some information. - * - * All of this information was present in the command line argument, but his - * function demonstrates how each piece can be recovered from (key, alg). - */ -static void aead_info(psa_key_id_t key, psa_algorithm_t alg) -{ - psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; - (void) psa_get_key_attributes(key, &attr); - psa_key_type_t key_type = psa_get_key_type(&attr); - size_t key_bits = psa_get_key_bits(&attr); - psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); - size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); - - const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES" - : key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha" - : "???"; - const char *base_str = base_alg == PSA_ALG_GCM ? "GCM" - : base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly" - : "???"; - - printf("%s, %u, %s, %u\n", - type_str, (unsigned) key_bits, base_str, (unsigned) tag_len); -} - -/* - * Encrypt a 2-part message. - */ -static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *part1, size_t part1_len, - const unsigned char *part2, size_t part2_len) -{ - psa_status_t status; - size_t olen, olen_tag; - unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)]; - unsigned char *p = out, *end = out + sizeof(out); - unsigned char tag[PSA_AEAD_TAG_MAX_SIZE]; - - psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT; - PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg)); - - PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len)); - PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len)); - PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen)); - p += olen; - PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen)); - p += olen; - PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen, - tag, sizeof(tag), &olen_tag)); - p += olen; - memcpy(p, tag, olen_tag); - p += olen_tag; - - olen = p - out; - print_buf("out", out, olen); - -exit: - psa_aead_abort(&op); // required on errors, harmless on success - return status; -} - -/* - * AEAD demo: set up key/alg, print out info, encrypt messages. - */ -static psa_status_t aead_demo(const char *info) -{ - psa_status_t status; - - psa_key_id_t key; - psa_algorithm_t alg; - - PSA_CHECK(aead_prepare(info, &key, &alg)); - - aead_info(key, alg); - - PSA_CHECK(aead_encrypt(key, alg, - iv1, sizeof(iv1), add_data1, sizeof(add_data1), - msg1_part1, sizeof(msg1_part1), - msg1_part2, sizeof(msg1_part2))); - PSA_CHECK(aead_encrypt(key, alg, - iv2, sizeof(iv2), add_data2, sizeof(add_data2), - msg2_part1, sizeof(msg2_part1), - msg2_part2, sizeof(msg2_part2))); - -exit: - psa_destroy_key(key); - - return status; -} - -/* - * Main function - */ -int psa_aead_encrypt_main(char *cipher_name) -{ - psa_status_t status = PSA_SUCCESS; - - /* Initialize the PSA crypto library. */ - PSA_CHECK(psa_crypto_init()); - - /* Run the demo */ - PSA_CHECK(aead_demo(cipher_name)); - - /* Deinitialize the PSA crypto library. */ - mbedtls_psa_crypto_free(); - -exit: - return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c deleted file mode 100644 index 87ef39a9ed..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -/* - * Temporary hack: psasim’s Makefile only does: - * -Itests/psa-client-server/psasim/include - * -I$(MBEDTLS_ROOT_PATH)/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - * None of those cover tf-psa-crypto/core, so we rely on the - * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative - * include "../tf-psa-crypto/core/tf_psa_crypto_common.h" in order to pull in tf_psa_crypto_common.h here, - * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the - * new GCC-15 unterminated-string-initialization warning). - * See GitHub issue #10223 for the proper long-term fix. - * https://github.com/Mbed-TLS/mbedtls/issues/10223 - */ -#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" -#include -#include -#include - -#define BUFFER_SIZE 500 - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_aead_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - const uint8_t plaintext[] = "Hello World!"; - /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; - size_t nonce_length = sizeof(nonce); - size_t ciphertext_length; - size_t plaintext_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_CCM); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 256); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(nonce, nonce_length); - if (status != PSA_SUCCESS) { - printf("psa_generate_random failed\n"); - return EXIT_FAILURE; - } - - status = psa_aead_encrypt(key_id, // key - PSA_ALG_CCM, // algorithm - nonce, nonce_length, // nonce - NULL, 0, // additional data - plaintext, sizeof(plaintext), // plaintext - encrypt, sizeof(encrypt), // ciphertext - &ciphertext_length); // length of output - if (status != PSA_SUCCESS) { - printf("psa_aead_encrypt failed\n"); - return EXIT_FAILURE; - } - - printf("AES-CCM encryption:\n"); - printf("- Plaintext: '%s':\n", plaintext); - printf("- Key: "); - print_bytestr(key_bytes, sizeof(key_bytes)); - printf("\n- Nonce: "); - print_bytestr(nonce, nonce_length); - printf("\n- No additional data\n"); - printf("- Ciphertext:\n"); - - for (size_t j = 0; j < ciphertext_length; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", encrypt[j]); - } - - printf("\n"); - - status = psa_aead_decrypt(key_id, // key - PSA_ALG_CCM, // algorithm - nonce, nonce_length, // nonce - NULL, 0, // additional data - encrypt, ciphertext_length, // ciphertext - decrypt, sizeof(decrypt), // plaintext - &plaintext_length); // length of output - if (status != PSA_SUCCESS) { - printf("psa_aead_decrypt failed\n"); - return EXIT_FAILURE; - } - - if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c deleted file mode 100644 index 02d8cf486d..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#define KEY_BITS 4096 -#define BUFFER_SIZE PSA_BITS_TO_BYTES(KEY_BITS) - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_asymmetric_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t original[BUFFER_SIZE/2] = { 0 }; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - size_t encrypted_length; - size_t decrypted_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(original, sizeof(original)); - if (status != PSA_SUCCESS) { - printf("psa_generate_random() failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); - psa_set_key_bits(&attributes, KEY_BITS); - - status = psa_generate_key(&attributes, &key_id); - if (status != PSA_SUCCESS) { - printf("psa_generate_key failed (%d)\n", status); - return EXIT_FAILURE; - } - - status = psa_asymmetric_encrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, - original, sizeof(original), NULL, 0, - encrypt, sizeof(encrypt), &encrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_asymmetric_encrypt failed (%d)\n", status); - return EXIT_FAILURE; - } - - status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, - encrypt, encrypted_length, NULL, 0, - decrypt, sizeof(decrypt), &decrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_decrypt failed (%d)\n", status); - return EXIT_FAILURE; - } - - if (memcmp(original, decrypt, sizeof(original)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c deleted file mode 100644 index 82bdca54dc..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" -#include -#include -#include - -#define BUFFER_SIZE 4096 - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_cipher_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t original[BUFFER_SIZE] = { 0 }; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - size_t encrypted_length; - size_t decrypted_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(original, sizeof(original)); - if (status != PSA_SUCCESS) { - printf("psa_generate_random() failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_ECB_NO_PADDING); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 256); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, - original, sizeof(original), - encrypt, sizeof(encrypt), &encrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_encrypt failed\n"); - return EXIT_FAILURE; - } - - status = psa_cipher_decrypt(key_id, PSA_ALG_ECB_NO_PADDING, - encrypt, encrypted_length, - decrypt, sizeof(decrypt), &decrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_decrypt failed\n"); - return EXIT_FAILURE; - } - - if (memcmp(original, decrypt, sizeof(original)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c deleted file mode 100644 index b429c0bc58..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hash.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define HASH_ALG PSA_ALG_SHA_256 - -static const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -static const size_t sample_message_length = sizeof(sample_message) - 1; - -#define EXPECTED_HASH_VALUE { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -static const size_t expected_hash_len = sizeof(expected_hash); - -int psa_hash_main(void) -{ - psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_length; - psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT; - - mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - /* Compute hash using multi-part operation */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED) { - mbedtls_printf("unknown hash algorithm supplied\n"); - return EXIT_FAILURE; - } else if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_setup failed\n"); - return EXIT_FAILURE; - } - - status = psa_hash_update(&hash_operation, sample_message, sample_message_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_update failed\n"); - goto cleanup; - } - - status = psa_hash_clone(&hash_operation, &cloned_hash_operation); - if (status != PSA_SUCCESS) { - mbedtls_printf("PSA hash clone failed\n"); - goto cleanup; - } - - status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_finish failed\n"); - goto cleanup; - } - - /* Check the result of the operation against the sample */ - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - status = - psa_hash_verify(&cloned_hash_operation, expected_hash, - expected_hash_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_verify failed\n"); - goto cleanup; - } else { - mbedtls_printf("Multi-part hash operation successful!\n"); - } - - /* A bit of white-box testing: ensure that we can abort an operation more - * times than there are operation slots on the simulator server. - */ - for (int i = 0; i < 200; i++) { - /* This should be a no-op */ - status = psa_hash_abort(&hash_operation); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_abort failed\n"); - goto cleanup; - } - } - - /* Compute hash using multi-part operation using the same operation struct */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED) { - mbedtls_printf("unknown hash algorithm supplied\n"); - goto cleanup; - } else if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_setup failed: %d\n", status); - goto cleanup; - } - - status = psa_hash_update(&hash_operation, sample_message, sample_message_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_update failed\n"); - goto cleanup; - } - - /* Don't use psa_hash_finish() when going to check against an expected result */ - status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_verify failed: %d\n", status); - goto cleanup; - } else { - mbedtls_printf("Second multi-part hash operation successful!\n"); - } - - /* Clear local variables prior to one-shot hash demo */ - memset(hash, 0, sizeof(hash)); - hash_length = 0; - - /* Compute hash using one-shot function call */ - status = psa_hash_compute(HASH_ALG, - sample_message, sample_message_length, - hash, sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_compute failed\n"); - goto cleanup; - } - - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - mbedtls_printf("One-shot hash operation successful!\n\n"); - - /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - - for (size_t j = 0; j < expected_hash_len; j++) { - mbedtls_printf("%02x", hash[j]); - } - - mbedtls_printf("\n"); - - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; - -cleanup: - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c deleted file mode 100644 index 959e0c38ab..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define HASH_ALG PSA_ALG_SHA_256 - -static const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -static const size_t sample_message_length = sizeof(sample_message) - 1; - -#define EXPECTED_HASH_VALUE { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -static const size_t expected_hash_len = sizeof(expected_hash); - -int psa_hash_compute_main(void) -{ - psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_length; - - mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - /* Clear local variables prior to one-shot hash demo */ - memset(hash, 0, sizeof(hash)); - hash_length = 0; - - /* Compute hash using one-shot function call */ - status = psa_hash_compute(HASH_ALG, - sample_message, sample_message_length, - hash, sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_compute failed\n"); - goto cleanup; - } - - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - mbedtls_printf("One-shot hash operation successful!\n\n"); - - /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - - for (size_t j = 0; j < expected_hash_len; j++) { - mbedtls_printf("%02x", hash[j]); - } - - mbedtls_printf("\n"); - - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; - -cleanup: - return EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c b/tests/psa-client-server/psasim/src/aut_psa_hkdf.c deleted file mode 100644 index 891fdb3f92..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include -#include "mbedtls/build_info.h" - -int psa_hkdf_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - - /* Example test vector from RFC 5869 */ - - /* Input keying material (IKM) */ - unsigned char ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - - unsigned char salt[] = - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; - - /* Context and application specific information, which can be of zero length */ - unsigned char info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; - - /* Expected OKM based on the RFC 5869-provided test vector */ - unsigned char expected_okm[] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, - 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, - 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, - 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, - 0x58, 0x65 }; - - /* The output size of the HKDF function depends on the hash function used. - * In our case we use SHA-256, which produces a 32 byte fingerprint. - * Therefore, we allocate a buffer of 32 bytes to hold the output keying - * material (OKM). - */ - unsigned char output[32]; - - psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); - - printf("PSA Crypto API: HKDF SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&attributes, ikm, sizeof(ikm), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_setup(&operation, alg); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_setup failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_SALT, - salt, sizeof(salt)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_bytes (salt) failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_SECRET, - key_id); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_key failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_INFO, - info, sizeof(info)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_bytes (info) failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_output_bytes(&operation, output, sizeof(output)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_output_bytes failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_abort(&operation); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_abort failed"); - return EXIT_FAILURE; - } - - printf("OKM: \n"); - - for (size_t j = 0; j < sizeof(output); j++) { - if (output[j] != expected_okm[j]) { - printf("\n --- Unexpected outcome!\n"); - return EXIT_FAILURE; - } - - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", output[j]); - } - - printf("\n"); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c b/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c deleted file mode 100644 index 4a0aab1477..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include "psa/crypto.h" -#include -#include -#include -#include "mbedtls/build_info.h" -#include "mbedtls/debug.h" -#include "mbedtls/platform.h" - -#define BUFFER_SIZE 500 - -#define SERVER_PK_VALUE { \ - 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, \ - 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, 0xa1, \ - 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, \ - 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, \ - 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, 0x24, 0xa5, 0xb9, \ - 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, \ - 0xb6, 0x98, 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, \ - 0xf3, 0x20 \ -} - -#define KEY_BITS 256 - -int psa_key_agreement_main(void) -{ - psa_status_t status; - psa_key_attributes_t client_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t server_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t client_key_id = 0; - psa_key_id_t server_key_id = 0; - uint8_t client_pk[BUFFER_SIZE] = { 0 }; - size_t client_pk_len; - size_t key_bits; - psa_key_type_t key_type; - - const uint8_t server_pk[] = SERVER_PK_VALUE; - uint8_t derived_key[BUFFER_SIZE] = { 0 }; - size_t derived_key_len; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&client_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&client_attributes, PSA_ALG_ECDH); - psa_set_key_type(&client_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - psa_set_key_bits(&client_attributes, KEY_BITS); - - /* Generate ephemeral key pair */ - status = psa_generate_key(&client_attributes, &client_key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_generate_key failed\n"); - return EXIT_FAILURE; - } - status = psa_export_public_key(client_key_id, - client_pk, sizeof(client_pk), - &client_pk_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_export_public_key failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Client Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", client_pk_len); - - for (size_t j = 0; j < client_pk_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", client_pk[j]); - } - mbedtls_printf("\n\n"); - - psa_set_key_usage_flags(&server_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm(&server_attributes, PSA_ALG_ECDSA_ANY); - psa_set_key_type(&server_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); - - /* Import server public key */ - status = psa_import_key(&server_attributes, server_pk, sizeof(server_pk), &server_key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_get_key_attributes(server_key_id, &check_attributes); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_get_key_attributes failed\n"); - return EXIT_FAILURE; - } - - key_bits = psa_get_key_bits(&check_attributes); - if (key_bits != 256) { - mbedtls_printf("Incompatible key size!\n"); - return EXIT_FAILURE; - } - - key_type = psa_get_key_type(&check_attributes); - if (key_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) { - mbedtls_printf("Unsupported key type!\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Server Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", sizeof(server_pk)); - - for (size_t j = 0; j < sizeof(server_pk); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", server_pk[j]); - } - mbedtls_printf("\n\n"); - - /* Generate ECDHE derived key */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, // algorithm - client_key_id, // client secret key - server_pk, sizeof(server_pk), // server public key - derived_key, sizeof(derived_key), // buffer to store derived key - &derived_key_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_raw_key_agreement failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Derived Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", derived_key_len); - - for (size_t j = 0; j < derived_key_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", derived_key[j]); - } - mbedtls_printf("\n"); - - psa_destroy_key(server_key_id); - psa_destroy_key(client_key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_mac.c b/tests/psa-client-server/psasim/src/aut_psa_mac.c deleted file mode 100644 index 18b4b571a3..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_mac.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" - -/* constant-time buffer comparison */ -static inline int safer_memcmp(const void *a, const void *b, size_t n) -{ - size_t i; - volatile const unsigned char *A = (volatile const unsigned char *) a; - volatile const unsigned char *B = (volatile const unsigned char *) b; - volatile unsigned char diff = 0; - - for (i = 0; i < n; i++) { - /* Read volatile data in order before computing diff. - * This avoids IAR compiler warning: - * 'the order of volatile accesses is undefined ..' */ - unsigned char x = A[i], y = B[i]; - diff |= x ^ y; - } - - return diff; -} - - -int psa_mac_main(void) -{ - uint8_t input[] = "Hello World!"; - psa_status_t status; - size_t mac_size_real = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t mac[PSA_MAC_MAX_SIZE]; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - const uint8_t key_bytes[16] = "kkkkkkkkkkkkkkkk"; - const uint8_t mbedtls_test_hmac_sha256[] = { - 0xae, 0x72, 0x34, 0x5a, 0x10, 0x36, 0xfb, 0x71, - 0x35, 0x3c, 0x7d, 0x6c, 0x81, 0x98, 0x52, 0x86, - 0x00, 0x4a, 0x43, 0x7c, 0x2d, 0xb3, 0x1a, 0xd8, - 0x67, 0xb1, 0xad, 0x11, 0x4d, 0x18, 0x49, 0x8b - }; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE | - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Single-part MAC operation with psa_mac_compute() */ - status = psa_mac_compute(key_id, - PSA_ALG_HMAC(PSA_ALG_SHA_256), - input, - sizeof(input), - mac, - sizeof(mac), - &mac_size_real); - if (status != PSA_SUCCESS) { - printf("psa_mac_compute failed\n"); - return EXIT_FAILURE; - } - - printf("HMAC-SHA-256(%s) with psa_mac_compute():\n", input); - - for (size_t j = 0; j < mac_size_real; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", mac[j]); - } - - printf("\n"); - - if (safer_memcmp(mac, - mbedtls_test_hmac_sha256, - mac_size_real - ) != 0) { - printf("\nMAC verified incorrectly!\n"); - } else { - printf("\nMAC verified correctly!\n"); - } - - psa_destroy_key(key_id); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Single-part MAC operation with psa_mac_verify() */ - status = psa_mac_verify(key_id, - PSA_ALG_HMAC(PSA_ALG_SHA_256), - input, - sizeof(input), - mbedtls_test_hmac_sha256, - sizeof(mbedtls_test_hmac_sha256)); - if (status != PSA_SUCCESS) { - printf("psa_mac_verify failed\n"); - return EXIT_FAILURE; - } else { - printf("psa_mac_verify passed successfully\n"); - } - - psa_destroy_key(key_id); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Multi-part MAC operation */ - status = psa_mac_sign_setup(&operation, key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256)); - if (status != PSA_SUCCESS) { - printf("psa_mac_sign_setup failed\n"); - return EXIT_FAILURE; - } - - status = psa_mac_update(&operation, input, sizeof(input)); - if (status != PSA_SUCCESS) { - printf("psa_mac_update failed\n"); - return EXIT_FAILURE; - } - - status = psa_mac_sign_finish(&operation, mac, sizeof(mac), &mac_size_real); - if (status != PSA_SUCCESS) { - printf("psa_mac_sign_finish failed\n"); - return EXIT_FAILURE; - } - - if (safer_memcmp(mac, - mbedtls_test_hmac_sha256, - mac_size_real - ) != 0) { - printf("MAC, calculated with multi-part MAC operation, verified incorrectly!\n"); - } else { - printf("MAC, calculated with multi-part MAC operation, verified correctly!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c deleted file mode 100644 index 203f4d44ba..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_random.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include -#include -#include -#include - -#include "mbedtls/private/entropy.h" - -#define BUFFER_SIZE 100 - -int psa_random_main(void) -{ - psa_status_t status; - uint8_t output[BUFFER_SIZE] = { 0 }; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(output, BUFFER_SIZE); - if (status != PSA_SUCCESS) { - printf("psa_generate_random failed\n"); - return EXIT_FAILURE; - } - - printf("Random bytes generated:\n"); - - for (size_t j = 0; j < BUFFER_SIZE; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", output[j]); - } - - printf("\n"); - - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c b/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c deleted file mode 100644 index 98df9e5162..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define KEY_BYTES_VALUE { \ - 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, \ - 0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, \ - 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee \ -} - -#define PLAINTEXT_VALUE "Hello World!" - -/* SHA-256(plaintext) */ -#define HASH_VALUE { \ - 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ - 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ - 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ -} - -int psa_sign_verify_main(void) -{ - psa_status_t status; - psa_key_id_t key_id = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; - size_t signature_length; - const uint8_t key_bytes[] = KEY_BYTES_VALUE; - const uint8_t plaintext[] = PLAINTEXT_VALUE; - const uint8_t hash[] = HASH_VALUE; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_sign_hash(key_id, // key handle - PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm - hash, sizeof(hash), // hash of the message - signature, sizeof(signature), // signature (as output) - &signature_length); // length of signature output - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_sign_hash failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("ECDSA-SHA256 signature of SHA-256('%s'):\n", plaintext); - - for (size_t j = 0; j < signature_length; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", signature[j]); - } - - mbedtls_printf("\n"); - - status = psa_verify_hash(key_id, // key handle - PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm - hash, sizeof(hash), // hash of message - signature, signature_length); // signature - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_verify_hash failed\n"); - return EXIT_FAILURE; - } else { - mbedtls_printf("\nSignature verification successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c deleted file mode 100644 index 4c63abf5a3..0000000000 --- a/tests/psa-client-server/psasim/src/client.c +++ /dev/null @@ -1,23 +0,0 @@ -/* psasim test client */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Includes from mbedtls */ -#include "psa/crypto.h" -#include "util.h" - -int main() -{ - /* psa_crypto_init() connects to the server */ - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - ERROR("psa_crypto_init returned %d", status); - return 1; - } - - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/manifest.json b/tests/psa-client-server/psasim/src/manifest.json deleted file mode 100644 index e67b636c17..0000000000 --- a/tests/psa-client-server/psasim/src/manifest.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "psa_framework_version":1.0, - "name":"TEST_PARTITION", - "type":"PSA-ROT", - "priority":"LOW", - "entry_point":"psa_server_main", - "stack_size":"0x400", - "heap_size":"0x100", - "services":[ - { - "name":"PSA_SID_CRYPTO", - "sid":"0x0000F000", - "signal":"PSA_CRYPTO", - "non_secure_clients": "true", - "minor_version":1, - "minor_policy":"STRICT" - } - ], - "irqs": [ - { - "source": "SIGINT", - "signal": "SIGINT_SIG" - }, - { - "source": "SIGTSTP", - "signal": "SIGSTP_SIG" - } - ] -} diff --git a/tests/psa-client-server/psasim/src/psa_ff_client.c b/tests/psa-client-server/psasim/src/psa_ff_client.c deleted file mode 100644 index 0d6bbf3c92..0000000000 --- a/tests/psa-client-server/psasim/src/psa_ff_client.c +++ /dev/null @@ -1,385 +0,0 @@ -/* PSA firmware framework client API */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "client.h" -#include "common.h" -#include "error_ext.h" -#include "util.h" - -typedef struct internal_handle { - int server_qid; - int client_qid; - int internal_server_qid; - int valid; -} internal_handle_t; - -typedef struct vectors { - const psa_invec *in_vec; - size_t in_len; - psa_outvec *out_vec; - size_t out_len; -} vectors_t; - -/* Note that this implementation is functional and not secure */ -int __psa_ff_client_security_state = NON_SECURE; - -/* Access to this global is not thread safe */ -#define MAX_HANDLES 32 -static internal_handle_t handles[MAX_HANDLES] = { { 0 } }; - -static int get_next_free_handle() -{ - /* Never return handle 0 as it's a special null handle */ - for (int i = 1; i < MAX_HANDLES; i++) { - if (handles[i].valid == 0) { - return i; - } - } - return -1; -} - -static int handle_is_valid(psa_handle_t handle) -{ - if (handle > 0 && handle < MAX_HANDLES) { - if (handles[handle].valid == 1) { - return 1; - } - } - ERROR("ERROR: Invalid handle"); - return 0; -} - -static int get_queue_info(char *path, int *cqid, int *sqid) -{ - key_t server_queue_key; - int rx_qid, server_qid; - - INFO("Attempting to contact a RoT service queue"); - - if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) { - ERROR("msgget: rx_qid"); - return -1; - } - - if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) { - ERROR("ftok"); - return -2; - } - - if ((server_qid = msgget(server_queue_key, 0)) == -1) { - ERROR("msgget: server_qid"); - return -3; - } - - *cqid = rx_qid; - *sqid = server_qid; - - return 0; -} - -static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, - int *internal_server_qid) -{ - struct message response, request; - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t invec_seek[4] = { 0 }; - size_t data_size; - psa_status_t invec, outvec; /* TODO: Should these be size_t ? */ - - assert(internal_server_qid > 0); - - while (1) { - data_size = 0; - invec = 0; - outvec = 0; - - /* read response from server */ - if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { - ERROR(" msgrcv failed"); - return ret; - } - - /* process return message from server */ - switch (response.message_type) { - case PSA_REPLY: - memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); - INFO(" Message received from server: %d", ret); - if (type == PSA_IPC_CONNECT && ret > 0) { - *internal_server_qid = ret; - INFO(" ASSSIGNED q ID %d", *internal_server_qid); - ret = PSA_SUCCESS; - } - return ret; - break; - case READ_REQUEST: - /* read data request */ - request.message_type = READ_RESPONSE; - - assert(vecs != 0); - - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked for %lu bytes from invec %d", data_size, invec); - - /* need to add more checks here */ - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - - if (data_size > MAX_FRAGMENT_SIZE) { - data_size = MAX_FRAGMENT_SIZE; - } - - /* send response */ - INFO(" invec_seek[invec] is %lu", invec_seek[invec]); - INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]); - memcpy(request.message_text.buf, - (vecs->in_vec[invec].base + invec_seek[invec]), - data_size); - - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - - INFO(" Sending message of type %li", request.message_type); - INFO(" with content %s", request.message_text.buf); - - if (msgsnd(*internal_server_qid, &request, - sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to read request"); - } - break; - case WRITE_REQUEST: - assert(vecs != 0); - - request.message_type = WRITE_RESPONSE; - - memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t)); - INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec); - - assert(outvec >= 0 && outvec < PSA_MAX_IOVEC); - - /* copy memory into message and send back amount written */ - size_t sofar = vecs->out_vec[outvec].len; - memcpy(vecs->out_vec[outvec].base + sofar, - response.message_text.buf+(sizeof(size_t)*2), data_size); - INFO(" Data size is %lu", data_size); - vecs->out_vec[outvec].len += data_size; - - INFO(" Sending message of type %li", request.message_type); - - /* send response */ - if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to write request"); - } - break; - case SKIP_REQUEST: - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec); - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - break; - - default: - FATAL(" ERROR: unknown internal message type: %ld", - response.message_type); - } - } -} - -static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, - int32_t type, uint32_t minor_version, vectors_t *vecs) -{ - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ - struct message request; - request.message_type = 1; /* TODO: change this */ - request.message_text.psa_type = type; - vector_sizes_t vec_sizes; - - /* If the client is non-secure then set the NS bit */ - if (__psa_ff_client_security_state != 0) { - request.message_type |= NON_SECURE; - } - - assert(request.message_type >= 0); - - INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); - INFO(" internal_server_qid = %i", *internal_server_qid); - - request.message_text.qid = rx_qid; - - if (type == PSA_IPC_CONNECT) { - memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); - request_msg_size = request_msg_size + sizeof(minor_version); - INFO(" Request msg size is %lu", request_msg_size); - } else { - assert(internal_server_qid > 0); - } - - if (vecs != NULL && type >= PSA_IPC_CALL) { - - memset(&vec_sizes, 0, sizeof(vec_sizes)); - - /* Copy invec sizes */ - for (size_t i = 0; i < (vecs->in_len); i++) { - vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; - INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); - } - - /* Copy outvec sizes */ - for (size_t i = 0; i < (vecs->out_len); i++) { - vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; - - /* Reset to 0 since we need to eventually fill in with bytes written */ - vecs->out_vec[i].len = 0; - } - - memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); - request_msg_size = request_msg_size + sizeof(vec_sizes); - } - - INFO(" Sending and then waiting"); - - /* send message to server */ - if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { - ERROR(" msgsnd failed"); - return ret; - } - - return process_response(rx_qid, vecs, type, internal_server_qid); -} - - -uint32_t psa_framework_version(void) -{ - return PSA_FRAMEWORK_VERSION; -} - -psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) -{ - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - /* if there's a free handle available */ - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid); - INFO("Attempting to contact RoT service at %s", pathname); - - /* if communication is possible */ - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - PSA_IPC_CONNECT, - minor_version, - NULL); - - /* if connection accepted by RoT service */ - if (ret >= 0) { - handles[idx].valid = 1; - return idx; - } else { - ERROR("Server didn't like you"); - } - } else { - ERROR("Couldn't contact RoT service. Does it exist?"); - - if (__psa_ff_client_security_state == 0) { - ERROR("Invalid SID"); - } - } - } - - INFO("Couldn't obtain a free handle"); - return PSA_ERROR_CONNECTION_REFUSED; -} - -uint32_t psa_version(uint32_t sid) -{ - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid); - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - VERSION_REQUEST, - 0, - NULL); - INFO("psa_version: Recieved from server %d", ret); - if (ret > 0) { - return ret; - } - } - } - ERROR("psa_version failed: does the service exist?"); - return PSA_VERSION_NONE; -} - -psa_status_t psa_call(psa_handle_t handle, - int32_t type, - const psa_invec *in_vec, - size_t in_len, - psa_outvec *out_vec, - size_t out_len) -{ - handle_is_valid(handle); - - if ((in_len + out_len) > PSA_MAX_IOVEC) { - ERROR("Too many iovecs: %lu + %lu", in_len, out_len); - } - - vectors_t vecs = { 0 }; - vecs.in_vec = in_vec; - vecs.in_len = in_len; - vecs.out_vec = out_vec; - vecs.out_len = out_len; - - return send(handles[handle].client_qid, - handles[handle].server_qid, - &handles[handle].internal_server_qid, - type, - 0, - &vecs); -} - -void psa_close(psa_handle_t handle) -{ - handle_is_valid(handle); - if (send(handles[handle].client_qid, handles[handle].server_qid, - &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) { - ERROR("ERROR: Couldn't send disconnect msg"); - } else { - if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) { - ERROR("ERROR: Failed to delete msg queue"); - } - } - INFO("Closing handle %u", handle); - handles[handle].valid = 0; -} diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c deleted file mode 100644 index 00c5272646..0000000000 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ /dev/null @@ -1,655 +0,0 @@ -/* PSA Firmware Framework service API */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "service.h" -#include "init.h" -#include "error_ext.h" -#include "common.h" -#include "util.h" - -#define MAX_CLIENTS 128 -#define MAX_MESSAGES 32 - -struct connection { - uint32_t client; - void *rhandle; - int client_to_server_q; -}; - -/* Note that this implementation is functional and not secure. */ -int __psa_ff_client_security_state = NON_SECURE; - -static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */ -static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */ -static uint32_t message_client[MAX_MESSAGES] = { 0 }; /* Each client's response queue */ -static int nsacl[32]; -static int strict_policy[32] = { 0 }; -static uint32_t rot_svc_versions[32]; -static int rot_svc_incoming_queue[32] = { -1 }; -static struct connection connections[MAX_CLIENTS] = { { 0 } }; - -static uint32_t exposed_signals = 0; - -void print_vectors(vector_sizes_t *sizes) -{ - INFO("Printing iovec sizes"); - for (int j = 0; j < PSA_MAX_IOVEC; j++) { - INFO("Invec %d: %lu", j, sizes->invec_sizes[j]); - } - - for (int j = 0; j < PSA_MAX_IOVEC; j++) { - INFO("Outvec %d: %lu", j, sizes->outvec_sizes[j]); - } -} - -int find_connection(uint32_t client) -{ - for (int i = 1; i < MAX_CLIENTS; i++) { - if (client == connections[i].client) { - return i; - } - } - return -1; -} - -void destroy_connection(uint32_t client) -{ - int idx = find_connection(client); - if (idx >= 0) { - connections[idx].client = 0; - connections[idx].rhandle = 0; - INFO("Destroying connection"); - } else { - ERROR("Couldn't destroy connection for %u", client); - } -} - -int find_free_connection() -{ - INFO("Allocating connection"); - return find_connection(0); -} - -static void reply(psa_handle_t msg_handle, psa_status_t status) -{ - pending_message[msg_handle] = 1; - psa_reply(msg_handle, status); - pending_message[msg_handle] = 0; -} - -psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) -{ - psa_signal_t mask; - struct message msg; - vector_sizes_t sizes; - struct msqid_ds qinfo; - uint32_t requested_version; - ssize_t len; - int idx; - - if (timeout == PSA_POLL) { - INFO("psa_wait: Called in polling mode"); - } - - do { - mask = signal_mask; - - /* Check the status of each queue */ - for (int i = 0; i < 32; i++) { - if (mask & 0x1) { - if (i < 3) { - // do nothing (reserved) - } else if (i == 3) { - // this must be psa doorbell - } else { - /* Check if this signal corresponds to a queue */ - if (rot_svc_incoming_queue[i] >= 0 && (pending_message[i] == 0)) { - - /* AFAIK there is no "peek" method in SysV, so try to get a message */ - len = msgrcv(rot_svc_incoming_queue[i], - &msg, - sizeof(struct message_text), - 0, - IPC_NOWAIT); - if (len > 0) { - - INFO("Storing that QID in message_client[%d]", i); - INFO("The message handle will be %d", i); - - msgctl(rot_svc_incoming_queue[i], IPC_STAT, &qinfo); - messages[i].client_id = qinfo.msg_lspid; /* PID of last msgsnd(2) call */ - message_client[i] = msg.message_text.qid; - idx = find_connection(msg.message_text.qid); - - if (msg.message_type & NON_SECURE) { - /* This is a non-secure message */ - - /* Check if NS client is allowed for this RoT service */ - if (nsacl[i] <= 0) { -#if 0 - INFO( - "Rejecting non-secure client due to manifest security policy"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ -#endif - } - - msg.message_type &= ~(NON_SECURE); /* clear */ - messages[i].client_id = messages[i].client_id * -1; - } - - INFO("Got a message from client ID %d", messages[i].client_id); - INFO("Message type is %lu", msg.message_type); - INFO("PSA message type is %d", msg.message_text.psa_type); - - messages[i].handle = i; - - switch (msg.message_text.psa_type) { - case PSA_IPC_CONNECT: - - if (len >= 16) { - memcpy(&requested_version, msg.message_text.buf, - sizeof(requested_version)); - INFO("Requesting version %u", requested_version); - INFO("Implemented version %u", rot_svc_versions[i]); - /* TODO: need to check whether the policy is strict, - * and if so, then reject the client if the number doesn't match */ - - if (requested_version > rot_svc_versions[i]) { - INFO( - "Rejecting client because requested version that was too high"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ - } - - if (strict_policy[i] == 1 && - (requested_version != rot_svc_versions[i])) { - INFO( - "Rejecting client because enforcing a STRICT version policy"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ - } else { - INFO("Not rejecting client"); - } - } - - messages[i].type = PSA_IPC_CONNECT; - - if (idx < 0) { - idx = find_free_connection(); - } - - if (idx >= 0) { - connections[idx].client = msg.message_text.qid; - } else { - /* We've run out of system wide connections */ - reply(i, PSA_ERROR_CONNECTION_BUSY); - ERROR("Ran out of free connections"); - continue; - } - - break; - case PSA_IPC_DISCONNECT: - messages[i].type = PSA_IPC_DISCONNECT; - break; - case VERSION_REQUEST: - INFO("Got a version request"); - reply(i, rot_svc_versions[i]); - continue; /* Skip to next signal */ - break; - - default: - - /* PSA CALL */ - if (msg.message_text.psa_type >= 0) { - messages[i].type = msg.message_text.psa_type; - memcpy(&sizes, msg.message_text.buf, sizeof(sizes)); - print_vectors(&sizes); - memcpy(&messages[i].in_size, &sizes.invec_sizes, - (sizeof(size_t) * PSA_MAX_IOVEC)); - memcpy(&messages[i].out_size, &sizes.outvec_sizes, - (sizeof(size_t) * PSA_MAX_IOVEC)); - } else { - FATAL("UNKNOWN MESSAGE TYPE RECEIVED %li", - msg.message_type); - } - break; - } - messages[i].handle = i; - - /* Check if the client has a connection */ - if (idx >= 0) { - messages[i].rhandle = connections[idx].rhandle; - } else { - /* Client is begging for a programmer error */ - reply(i, PSA_ERROR_PROGRAMMER_ERROR); - continue; - } - - /* House keeping */ - pending_message[i] = 1; /* set message as pending */ - exposed_signals |= (0x1 << i); /* assert the signal */ - } - } - } - mask = mask >> 1; - } - } - - if ((timeout == PSA_BLOCK) && (exposed_signals > 0)) { - break; - } else { - /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */ - } - } while (timeout == PSA_BLOCK); - - /* Assert signals */ - return signal_mask & exposed_signals; -} - -static int signal_to_index(psa_signal_t signal) -{ - int i; - int count = 0; - int ret = -1; - - for (i = 0; i < 32; i++) { - if (signal & 0x1) { - ret = i; - count++; - } - signal = signal >> 1; - } - - if (count > 1) { - ERROR("ERROR: Too many signals"); - return -1; /* Too many signals */ - } - return ret; -} - -static void clear_signal(psa_signal_t signal) -{ - exposed_signals = exposed_signals & ~signal; -} - -void raise_signal(psa_signal_t signal) -{ - exposed_signals |= signal; -} - -psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg) -{ - int index = signal_to_index(signal); - if (index < 0) { - ERROR("Bad signal"); - } - - clear_signal(signal); - - assert(messages[index].handle != 0); - - if (pending_message[index] == 1) { - INFO("There is a pending message!"); - memcpy(msg, &messages[index], sizeof(struct psa_msg_t)); - assert(msg->handle != 0); - return PSA_SUCCESS; - } else { - INFO("no pending message"); - } - - return PSA_ERROR_DOES_NOT_EXIST; -} - -static inline int is_valid_msg_handle(psa_handle_t h) -{ - if (h > 0 && h < MAX_MESSAGES) { - return 1; - } - ERROR("Not a valid message handle"); - return 0; -} - -static inline int is_call_msg(psa_handle_t h) -{ - assert(messages[h].type >= PSA_IPC_CALL); - return 1; -} - -void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle) -{ - is_valid_msg_handle(msg_handle); - int idx = find_connection(message_client[msg_handle]); - INFO("Setting rhandle to %p", rhandle); - assert(idx >= 0); - connections[idx].rhandle = rhandle; -} - -/* Sends a message from the server to the client. Does not wait for a response */ -static void send_msg(psa_handle_t msg_handle, - int ctrl_msg, - psa_status_t status, - size_t amount, - const void *data, - size_t data_amount) -{ - struct message response; - int flags = 0; - - assert(ctrl_msg > 0); /* According to System V, it must be greater than 0 */ - - response.message_type = ctrl_msg; - if (ctrl_msg == PSA_REPLY) { - memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); - } else if (ctrl_msg == READ_REQUEST || ctrl_msg == WRITE_REQUEST || ctrl_msg == SKIP_REQUEST) { - memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); - memcpy(response.message_text.buf+sizeof(size_t), &amount, sizeof(size_t)); - if (ctrl_msg == WRITE_REQUEST) { - /* TODO: Check if too big */ - memcpy(response.message_text.buf + (sizeof(size_t) * 2), data, data_amount); - } - } - - /* TODO: sizeof doesn't need to be so big here for small responses */ - if (msgsnd(message_client[msg_handle], &response, sizeof(response.message_text), flags) == -1) { - ERROR("Failed to reply"); - } -} - -static size_t skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) -{ - if (num_bytes < (messages[msg_handle].in_size[invec_idx] - num_bytes)) { - messages[msg_handle].in_size[invec_idx] = messages[msg_handle].in_size[invec_idx] - - num_bytes; - return num_bytes; - } else { - if (num_bytes >= messages[msg_handle].in_size[invec_idx]) { - size_t ret = messages[msg_handle].in_size[invec_idx]; - messages[msg_handle].in_size[invec_idx] = 0; - return ret; - } else { - return num_bytes; - } - } -} - -size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, - void *buffer, size_t num_bytes) -{ - size_t sofar = 0; - struct message msg = { 0 }; - int idx; - ssize_t len; - - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - if (invec_idx >= PSA_MAX_IOVEC) { - ERROR("Invalid iovec number"); - } - - /* If user wants more data than what's available, truncate their request */ - if (num_bytes > messages[msg_handle].in_size[invec_idx]) { - num_bytes = messages[msg_handle].in_size[invec_idx]; - } - - while (sofar < num_bytes) { - INFO("Server: requesting %lu bytes from client", (num_bytes - sofar)); - send_msg(msg_handle, READ_REQUEST, invec_idx, (num_bytes - sofar), NULL, 0); - - idx = find_connection(message_client[msg_handle]); - assert(idx >= 0); - - len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); - len = (len - offsetof(struct message_text, buf)); - - if (len < 0) { - FATAL("Internal error: failed to dispatch read request to the client"); - } - - if (len > (num_bytes - sofar)) { - if ((num_bytes - sofar) > 0) { - memcpy(buffer+sofar, msg.message_text.buf, (num_bytes - sofar)); - } - } else { - memcpy(buffer + sofar, msg.message_text.buf, len); - } - - INFO("Printing what i got so far: %s", msg.message_text.buf); - - sofar = sofar + len; - } - - /* Update the seek count */ - skip(msg_handle, invec_idx, num_bytes); - INFO("Finished psa_read"); - return sofar; -} - -void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, - const void *buffer, size_t num_bytes) -{ - size_t sofar = 0; - struct message msg = { 0 }; - int idx; - ssize_t len; - - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - if (outvec_idx >= PSA_MAX_IOVEC) { - ERROR("Invalid iovec number"); - } - - if (num_bytes > messages[msg_handle].out_size[outvec_idx]) { - ERROR("Program tried to write too much data %lu/%lu", num_bytes, - messages[msg_handle].out_size[outvec_idx]); - } - - while (sofar < num_bytes) { - size_t sending = (num_bytes - sofar); - if (sending > (MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2))) { - sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); - } - - INFO("Server: sending %lu bytes to client, sofar = %lu", sending, (long) sofar); - - send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer + sofar, sending); - - idx = find_connection(message_client[msg_handle]); - assert(idx >= 0); - - len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); - if (len < 1) { - FATAL("Client didn't give me a full response"); - } - sofar = sofar + sending; - } - - /* Update the seek count */ - messages[msg_handle].out_size[outvec_idx] -= num_bytes; -} - -size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) -{ - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - size_t ret = skip(msg_handle, invec_idx, num_bytes); - - /* notify client to skip */ - send_msg(msg_handle, SKIP_REQUEST, invec_idx, num_bytes, NULL, 0); - return ret; -} - -static void destroy_temporary_queue(int myqid) -{ - if (msgctl(myqid, IPC_RMID, NULL) != 0) { - INFO("ERROR: Failed to delete msg queue %d", myqid); - } -} - -static int make_temporary_queue() -{ - int myqid; - if ((myqid = msgget(IPC_PRIVATE, 0660)) == -1) { - INFO("msgget: myqid"); - return -1; - } - return myqid; -} - -/** - * Assumes msg_handle is the index into the message array - */ -void psa_reply(psa_handle_t msg_handle, psa_status_t status) -{ - int idx, q; - is_valid_msg_handle(msg_handle); - - if (pending_message[msg_handle] != 1) { - ERROR("Not a valid message handle"); - } - - if (messages[msg_handle].type == PSA_IPC_CONNECT) { - switch (status) { - case PSA_SUCCESS: - idx = find_connection(message_client[msg_handle]); - q = make_temporary_queue(); - if (q > 0 && idx >= 0) { - connections[idx].client_to_server_q = q; - status = q; - } else { - FATAL("What happened?"); - } - break; - case PSA_ERROR_CONNECTION_REFUSED: - destroy_connection(message_client[msg_handle]); - break; - case PSA_ERROR_CONNECTION_BUSY: - destroy_connection(message_client[msg_handle]); - break; - case PSA_ERROR_PROGRAMMER_ERROR: - destroy_connection(message_client[msg_handle]); - break; - default: - ERROR("Not a valid reply %d", status); - } - } else if (messages[msg_handle].type == PSA_IPC_DISCONNECT) { - idx = find_connection(message_client[msg_handle]); - if (idx >= 0) { - destroy_temporary_queue(connections[idx].client_to_server_q); - } - destroy_connection(message_client[msg_handle]); - } - - send_msg(msg_handle, PSA_REPLY, status, 0, NULL, 0); - - pending_message[msg_handle] = 0; - message_client[msg_handle] = 0; -} - -/* TODO: make sure you only clear interrupt signals, and not others */ -void psa_eoi(psa_signal_t signal) -{ - int index = signal_to_index(signal); - if (index >= 0 && (rot_svc_incoming_queue[index] >= 0)) { - clear_signal(signal); - } else { - ERROR("Tried to EOI a signal that isn't an interrupt"); - } -} - -void psa_notify(int32_t partition_id) -{ - char pathname[PATHNAMESIZE] = { 0 }; - - if (partition_id < 0) { - ERROR("Not a valid secure partition"); - } - - snprintf(pathname, PATHNAMESIZE, "/tmp/psa_notify_%u", partition_id); - INFO("psa_notify: notifying partition %u using %s", - partition_id, pathname); - INFO("psa_notify is unimplemented"); -} - -void psa_clear(void) -{ - clear_signal(PSA_DOORBELL); -} - -void __init_psasim(const char **array, - int size, - const int allow_ns_clients_array[32], - const uint32_t versions[32], - const int strict_policy_array[32]) -{ - static uint8_t library_initialised = 0; - key_t key; - int qid; - FILE *fp; - char doorbell_file[PATHNAMESIZE] = { 0 }; - char queue_path[PATHNAMESIZE]; - snprintf(doorbell_file, PATHNAMESIZE, "psa_notify_%u", getpid()); - - if (library_initialised > 0) { - return; - } else { - library_initialised = 1; - } - - if (size != 32) { - FATAL("Unsupported value. Aborting."); - } - - array[3] = doorbell_file; - - for (int i = 0; i < 32; i++) { - if (strncmp(array[i], "", 1) != 0) { - INFO("Setting up %s", array[i]); - memset(queue_path, 0, sizeof(queue_path)); - snprintf(queue_path, sizeof(queue_path), "%s%s", TMP_FILE_BASE_PATH, array[i]); - - /* Create file if doesn't exist */ - fp = fopen(queue_path, "ab+"); - if (fp) { - fclose(fp); - } - - if ((key = ftok(queue_path, PROJECT_ID)) == -1) { - FATAL("Error finding message queue during initialisation"); - } - - /* TODO: Investigate. Permissions are likely to be too relaxed */ - if ((qid = msgget(key, IPC_CREAT | 0660)) == -1) { - FATAL("Error opening message queue during initialisation"); - } else { - rot_svc_incoming_queue[i] = qid; - } - } - } - - memcpy(nsacl, allow_ns_clients_array, sizeof(int) * 32); - memcpy(strict_policy, strict_policy_array, sizeof(int) * 32); - memcpy(rot_svc_versions, versions, sizeof(uint32_t) * 32); - memset(&connections, 0, sizeof(struct connection) * MAX_CLIENTS); - - __psa_ff_client_security_state = 0; /* Set the client status to SECURE */ -} diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h deleted file mode 100644 index 74746b653b..0000000000 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ /dev/null @@ -1,107 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef _PSA_FUNCTIONS_CODES_H_ -#define _PSA_FUNCTIONS_CODES_H_ - -enum { - /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT - * and VERSION_REQUEST */ - PSA_CRYPTO_INIT = 100, - PSA_AEAD_ABORT, - PSA_AEAD_DECRYPT, - PSA_AEAD_DECRYPT_SETUP, - PSA_AEAD_ENCRYPT, - PSA_AEAD_ENCRYPT_SETUP, - PSA_AEAD_FINISH, - PSA_AEAD_GENERATE_NONCE, - PSA_AEAD_SET_LENGTHS, - PSA_AEAD_SET_NONCE, - PSA_AEAD_UPDATE, - PSA_AEAD_UPDATE_AD, - PSA_AEAD_VERIFY, - PSA_ASYMMETRIC_DECRYPT, - PSA_ASYMMETRIC_ENCRYPT, - PSA_CAN_DO_HASH, - PSA_CIPHER_ABORT, - PSA_CIPHER_DECRYPT, - PSA_CIPHER_DECRYPT_SETUP, - PSA_CIPHER_ENCRYPT, - PSA_CIPHER_ENCRYPT_SETUP, - PSA_CIPHER_FINISH, - PSA_CIPHER_GENERATE_IV, - PSA_CIPHER_SET_IV, - PSA_CIPHER_UPDATE, - PSA_COPY_KEY, - PSA_DESTROY_KEY, - PSA_EXPORT_KEY, - PSA_EXPORT_PUBLIC_KEY, - PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, - PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, - PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, - PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, - PSA_GENERATE_KEY, - PSA_GENERATE_KEY_CUSTOM, - PSA_GENERATE_KEY_IOP_ABORT, - PSA_GENERATE_KEY_IOP_COMPLETE, - PSA_GENERATE_KEY_IOP_GET_NUM_OPS, - PSA_GENERATE_KEY_IOP_SETUP, - PSA_GENERATE_RANDOM, - PSA_GET_KEY_ATTRIBUTES, - PSA_HASH_ABORT, - PSA_HASH_CLONE, - PSA_HASH_COMPARE, - PSA_HASH_COMPUTE, - PSA_HASH_FINISH, - PSA_HASH_SETUP, - PSA_HASH_UPDATE, - PSA_HASH_VERIFY, - PSA_IMPORT_KEY, - PSA_INTERRUPTIBLE_GET_MAX_OPS, - PSA_INTERRUPTIBLE_SET_MAX_OPS, - PSA_KEY_AGREEMENT, - PSA_KEY_AGREEMENT_IOP_ABORT, - PSA_KEY_AGREEMENT_IOP_COMPLETE, - PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS, - PSA_KEY_AGREEMENT_IOP_SETUP, - PSA_KEY_DERIVATION_ABORT, - PSA_KEY_DERIVATION_GET_CAPACITY, - PSA_KEY_DERIVATION_INPUT_BYTES, - PSA_KEY_DERIVATION_INPUT_INTEGER, - PSA_KEY_DERIVATION_INPUT_KEY, - PSA_KEY_DERIVATION_KEY_AGREEMENT, - PSA_KEY_DERIVATION_OUTPUT_BYTES, - PSA_KEY_DERIVATION_OUTPUT_KEY, - PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM, - PSA_KEY_DERIVATION_SET_CAPACITY, - PSA_KEY_DERIVATION_SETUP, - PSA_MAC_ABORT, - PSA_MAC_COMPUTE, - PSA_MAC_SIGN_FINISH, - PSA_MAC_SIGN_SETUP, - PSA_MAC_UPDATE, - PSA_MAC_VERIFY, - PSA_MAC_VERIFY_FINISH, - PSA_MAC_VERIFY_SETUP, - PSA_PURGE_KEY, - PSA_RAW_KEY_AGREEMENT, - PSA_RESET_KEY_ATTRIBUTES, - PSA_SIGN_HASH, - PSA_SIGN_HASH_ABORT, - PSA_SIGN_HASH_COMPLETE, - PSA_SIGN_HASH_GET_NUM_OPS, - PSA_SIGN_HASH_START, - PSA_SIGN_MESSAGE, - PSA_VERIFY_HASH, - PSA_VERIFY_HASH_ABORT, - PSA_VERIFY_HASH_COMPLETE, - PSA_VERIFY_HASH_GET_NUM_OPS, - PSA_VERIFY_HASH_START, - PSA_VERIFY_MESSAGE, -}; - -#endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c deleted file mode 100644 index 9051f20535..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ /dev/null @@ -1,7906 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* client calls */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#define CLIENT_PRINT(fmt, ...) \ - INFO("Client: " fmt, ##__VA_ARGS__) - -static psa_handle_t handle = -1; - -#if defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" -#endif - -int psa_crypto_call(int function, - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - // psa_outvec outvecs[1]; - if (handle < 0) { - fprintf(stderr, "NOT CONNECTED\n"); - exit(1); - } - - psa_invec invec; - invec.base = in_params; - invec.len = in_params_len; - - size_t max_receive = 24576; - uint8_t *receive = malloc(max_receive); - if (receive == NULL) { - fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); - exit(1); - } - - size_t actual_received = 0; - - psa_outvec outvecs[2]; - outvecs[0].base = &actual_received; - outvecs[0].len = sizeof(actual_received); - outvecs[1].base = receive; - outvecs[1].len = max_receive; - - psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); - if (status != PSA_SUCCESS) { - free(receive); - return 0; - } - - *out_params = receive; - *out_params_len = actual_received; - - return 1; // success -} - -psa_status_t psa_crypto_init(void) -{ - const char *mbedtls_version; - uint8_t *result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - mbedtls_version = mbedtls_version_get_string_full(); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); - handle = psa_connect(PSA_SID_CRYPTO_SID, 1); - - if (handle < 0) { - CLIENT_PRINT("Couldn't connect %d", handle); - return PSA_ERROR_COMMUNICATION_FAILURE; - } - - int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); - - if (!ok) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); - if (!ok) { - goto fail; - } - -fail: - free(result); - - return status; -} - -void mbedtls_psa_crypto_free(void) -{ - /* Do not try to close a connection that was never started.*/ - if (handle == -1) { - return; - } - - CLIENT_PRINT("Closing handle"); - psa_close(handle); - handle = -1; -} - - -psa_status_t psa_aead_abort( - psa_aead_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - additional_data, additional_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *plaintext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_decrypt_setup( - psa_aead_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_DECRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_DECRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, - size_t *ciphertext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - additional_data, additional_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_encrypt_setup( - psa_aead_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ENCRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ENCRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_finish( - psa_aead_operation_t *operation, - uint8_t *ciphertext, size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, size_t tag_size, - size_t *tag_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length) + - psasim_serialise_buffer_needs(tag, tag_size) + - psasim_serialise_size_t_needs(*tag_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *ciphertext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - tag, tag_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *tag_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - tag, tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - tag_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_generate_nonce( - psa_aead_operation_t *operation, - uint8_t *nonce, size_t nonce_size, - size_t *nonce_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_size) + - psasim_serialise_size_t_needs(*nonce_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *nonce_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_GENERATE_NONCE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_GENERATE_NONCE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - nonce, nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - nonce_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_set_lengths( - psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(ad_length) + - psasim_serialise_size_t_needs(plaintext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - ad_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - plaintext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_SET_LENGTHS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_SET_LENGTHS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_set_nonce( - psa_aead_operation_t *operation, - const uint8_t *nonce, size_t nonce_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_SET_NONCE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_SET_NONCE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_update( - psa_aead_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_update_ad( - psa_aead_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_UPDATE_AD, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_UPDATE_AD server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_verify( - psa_aead_operation_t *operation, - uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, size_t tag_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length) + - psasim_serialise_buffer_needs(tag, tag_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *plaintext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - tag, tag_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_asymmetric_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - salt, salt_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_ASYMMETRIC_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_ASYMMETRIC_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_asymmetric_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - salt, salt_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_ASYMMETRIC_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_ASYMMETRIC_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -int psa_can_do_hash( - psa_algorithm_t hash_alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - int value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(hash_alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - hash_alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CAN_DO_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CAN_DO_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_int( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_cipher_abort( - psa_cipher_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_decrypt_setup( - psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_DECRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_DECRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_encrypt_setup( - psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ENCRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ENCRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_finish( - psa_cipher_operation_t *operation, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_generate_iv( - psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, - size_t *iv_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_size) + - psasim_serialise_size_t_needs(*iv_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - iv, iv_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *iv_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_GENERATE_IV, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_GENERATE_IV server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - iv, iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - iv_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_set_iv( - psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - iv, iv_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_SET_IV, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_SET_IV server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_update( - psa_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_copy_key( - mbedtls_svc_key_id_t source_key, - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *target_key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(source_key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*target_key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - source_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *target_key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_COPY_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_COPY_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - target_key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_destroy_key( - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_DESTROY_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_DESTROY_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_key( - mbedtls_svc_key_id_t key, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_public_key( - mbedtls_svc_key_id_t key, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_public_key_iop_abort( - psa_export_public_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_public_key_iop_complete( - psa_export_public_key_iop_t *operation, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_export_public_key_iop_get_num_ops( - psa_export_public_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_export_public_key_iop_setup( - psa_export_public_key_iop_t *operation, - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key( - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_custom( - const psa_key_attributes_t *attributes, - const psa_custom_key_parameters_t *custom, - const uint8_t *custom_data, size_t custom_data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_custom_key_parameters_t_needs(*custom) + - psasim_serialise_buffer_needs(custom_data, custom_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_custom_key_parameters_t( - &pos, &remaining, - *custom); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - custom_data, custom_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_CUSTOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_CUSTOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_iop_abort( - psa_generate_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_iop_complete( - psa_generate_key_iop_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_generate_key_iop_get_num_ops( - psa_generate_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_generate_key_iop_setup( - psa_generate_key_iop_t *operation, - const psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_random( - uint8_t *output, size_t output_size - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_buffer_needs(output, output_size); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_RANDOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_RANDOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_get_key_attributes( - mbedtls_svc_key_id_t key, - psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GET_KEY_ATTRIBUTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GET_KEY_ATTRIBUTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_abort( - psa_hash_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_clone( - const psa_hash_operation_t *source_operation, - psa_hash_operation_t *target_operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*source_operation) + - psasim_serialise_psa_hash_operation_t_needs(*target_operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *source_operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *target_operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_CLONE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_CLONE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - target_operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_compare( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_COMPARE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_COMPARE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, - size_t *hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_COMPUTE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_COMPUTE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_finish( - psa_hash_operation_t *operation, - uint8_t *hash, size_t hash_size, - size_t *hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_setup( - psa_hash_operation_t *operation, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_update( - psa_hash_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_verify( - psa_hash_operation_t *operation, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_buffer_needs(data, data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_IMPORT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_IMPORT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_interruptible_get_max_ops( - void - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - 0; - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_INTERRUPTIBLE_GET_MAX_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_INTERRUPTIBLE_GET_MAX_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -void psa_interruptible_set_max_ops( - uint32_t max_ops - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(max_ops); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_uint32_t( - &pos, &remaining, - max_ops); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_INTERRUPTIBLE_SET_MAX_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_INTERRUPTIBLE_SET_MAX_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); -} - - -psa_status_t psa_key_agreement( - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - psa_algorithm_t alg, - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_agreement_iop_abort( - psa_key_agreement_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_agreement_iop_complete( - psa_key_agreement_iop_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_key_agreement_iop_get_num_ops( - psa_key_agreement_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_key_agreement_iop_setup( - psa_key_agreement_iop_t *operation, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - psa_algorithm_t alg, - const psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_abort( - psa_key_derivation_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *operation, - size_t *capacity - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(*capacity); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *capacity); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_GET_CAPACITY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_GET_CAPACITY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - capacity); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - const uint8_t *data, size_t data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_buffer_needs(data, data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_BYTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_BYTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_integer( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - uint64_t value - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_uint64_t_needs(value); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_uint64_t( - &pos, &remaining, - value); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_INTEGER, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_INTEGER server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_key( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *operation, - uint8_t *output, size_t output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_BYTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_BYTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_key( - const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_key_custom( - const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - const psa_custom_key_parameters_t *custom, - const uint8_t *custom_data, size_t custom_data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_custom_key_parameters_t_needs(*custom) + - psasim_serialise_buffer_needs(custom_data, custom_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_custom_key_parameters_t( - &pos, &remaining, - *custom); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - custom_data, custom_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *operation, - size_t capacity - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(capacity); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - capacity); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_SET_CAPACITY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_SET_CAPACITY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_setup( - psa_key_derivation_operation_t *operation, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_abort( - psa_mac_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_compute( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *mac, size_t mac_size, - size_t *mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_COMPUTE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_COMPUTE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_sign_finish( - psa_mac_operation_t *operation, - uint8_t *mac, size_t mac_size, - size_t *mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_SIGN_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_SIGN_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_sign_setup( - psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_SIGN_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_SIGN_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_update( - psa_mac_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *mac, size_t mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify_finish( - psa_mac_operation_t *operation, - const uint8_t *mac, size_t mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify_setup( - psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_purge_key( - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_PURGE_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_PURGE_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_raw_key_agreement( - psa_algorithm_t alg, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_RAW_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_RAW_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -void psa_reset_key_attributes( - psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_RESET_KEY_ATTRIBUTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_RESET_KEY_ATTRIBUTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); -} - - -psa_status_t psa_sign_hash( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_hash_abort( - psa_sign_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_hash_complete( - psa_sign_hash_interruptible_operation_t *operation, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_sign_hash_get_num_ops( - const psa_sign_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_sign_hash_start( - psa_sign_hash_interruptible_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_START, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_START server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_message( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_MESSAGE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_MESSAGE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash_abort( - psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash_complete( - psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_verify_hash_get_num_ops( - const psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_verify_hash_start( - psa_verify_hash_interruptible_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_START, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_START server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_message( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_MESSAGE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_MESSAGE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c deleted file mode 100644 index bd121c5433..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ /dev/null @@ -1,9226 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* server implementations */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#include - -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -#include "service.h" - -#if !defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)(int, int, const char *, int); -#endif - -// Returns 1 for success, 0 for failure -int psa_crypto_init_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - uint8_t *result = NULL; - int ok; - - // Now we call the actual target function - - status = psa_crypto_init( - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *nonce = NULL; - size_t nonce_length; - uint8_t *additional_data = NULL; - size_t additional_data_length; - uint8_t *ciphertext = NULL; - size_t ciphertext_length; - uint8_t *plaintext = NULL; - size_t plaintext_size; - size_t plaintext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &additional_data, &additional_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_decrypt( - key, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, ciphertext_length, - plaintext, plaintext_size, - &plaintext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(plaintext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - free(additional_data); - free(ciphertext); - free(plaintext); - - return 1; // success - -fail: - free(result); - - free(nonce); - free(additional_data); - free(ciphertext); - free(plaintext); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_decrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_decrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *nonce = NULL; - size_t nonce_length; - uint8_t *additional_data = NULL; - size_t additional_data_length; - uint8_t *plaintext = NULL; - size_t plaintext_length; - uint8_t *ciphertext = NULL; - size_t ciphertext_size; - size_t ciphertext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &additional_data, &additional_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ciphertext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_encrypt( - key, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, plaintext_length, - ciphertext, ciphertext_size, - &ciphertext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(ciphertext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - free(additional_data); - free(plaintext); - free(ciphertext); - - return 1; // success - -fail: - free(result); - - free(nonce); - free(additional_data); - free(plaintext); - free(ciphertext); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_encrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_encrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *ciphertext = NULL; - size_t ciphertext_size; - size_t ciphertext_length; - uint8_t *tag = NULL; - size_t tag_size; - size_t tag_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &tag, &tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &tag_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_finish( - operation, - ciphertext, ciphertext_size, - &ciphertext_length, - tag, tag_size, - &tag_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(ciphertext_length) + - psasim_serialise_buffer_needs(tag, tag_size) + - psasim_serialise_size_t_needs(tag_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - tag, tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - tag_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(ciphertext); - free(tag); - - return 1; // success - -fail: - free(result); - - free(ciphertext); - free(tag); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_generate_nonce_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *nonce = NULL; - size_t nonce_size; - size_t nonce_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &nonce_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_generate_nonce( - operation, - nonce, nonce_size, - &nonce_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(nonce, nonce_size) + - psasim_serialise_size_t_needs(nonce_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - nonce, nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - nonce_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - - return 1; // success - -fail: - free(result); - - free(nonce); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_set_lengths_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - size_t ad_length; - size_t plaintext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ad_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_set_lengths( - operation, - ad_length, - plaintext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_set_nonce_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *nonce = NULL; - size_t nonce_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_set_nonce( - operation, - nonce, nonce_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - - return 1; // success - -fail: - free(result); - - free(nonce); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_update( - operation, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_update_ad_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_update_ad( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *plaintext = NULL; - size_t plaintext_size; - size_t plaintext_length; - uint8_t *tag = NULL; - size_t tag_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &tag, &tag_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_verify( - operation, - plaintext, plaintext_size, - &plaintext_length, - tag, tag_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(plaintext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(plaintext); - free(tag); - - return 1; // success - -fail: - free(result); - - free(plaintext); - free(tag); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_asymmetric_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *salt = NULL; - size_t salt_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &salt, &salt_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_asymmetric_decrypt( - key, - alg, - input, input_length, - salt, salt_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(salt); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(salt); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_asymmetric_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *salt = NULL; - size_t salt_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &salt, &salt_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_asymmetric_encrypt( - key, - alg, - input, input_length, - salt, salt_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(salt); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(salt); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_can_do_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - int value = 0; - psa_algorithm_t hash_alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &hash_alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_can_do_hash( - hash_alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_int_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_int( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_decrypt( - key, - alg, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_decrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_decrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_encrypt( - key, - alg, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_encrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_encrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_finish( - operation, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_generate_iv_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *iv = NULL; - size_t iv_size; - size_t iv_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &iv, &iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &iv_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_generate_iv( - operation, - iv, iv_size, - &iv_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(iv, iv_size) + - psasim_serialise_size_t_needs(iv_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - iv, iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - iv_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(iv); - - return 1; // success - -fail: - free(result); - - free(iv); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_set_iv_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *iv = NULL; - size_t iv_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &iv, &iv_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_set_iv( - operation, - iv, iv_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(iv); - - return 1; // success - -fail: - free(result); - - free(iv); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_update( - operation, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_copy_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t source_key; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t target_key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &source_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &target_key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_copy_key( - source_key, - &attributes, - &target_key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(target_key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - target_key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_destroy_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_destroy_key( - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_key( - key, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key( - key, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_export_public_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_export_public_key_iop_t operation; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key_iop_complete( - &operation, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_export_public_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_export_public_key_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_export_public_key_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key_iop_setup( - &operation, - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key( - &attributes, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_custom_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_custom_key_parameters_t custom; - uint8_t *custom_data = NULL; - size_t custom_data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_custom_key_parameters_t( - &pos, &remaining, - &custom); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &custom_data, &custom_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_custom( - &attributes, - &custom, - custom_data, custom_data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(custom_data); - - return 1; // success - -fail: - free(result); - - free(custom_data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_complete( - &operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_generate_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_generate_key_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_setup( - &operation, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_random_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t *output = NULL; - size_t output_size; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_random( - output, output_size - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_get_key_attributes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_get_key_attributes( - key, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_attributes_t_needs(attributes); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_clone_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *source_operation; - psa_hash_operation_t *target_operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &source_operation); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &target_operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_clone( - source_operation, - target_operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(target_operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - target_operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_compare_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_compare( - alg, - input, input_length, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(hash); - - return 1; // success - -fail: - free(result); - - free(input); - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_compute_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *hash = NULL; - size_t hash_size; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_compute( - alg, - input, input_length, - hash, hash_size, - &hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(hash_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(hash); - - return 1; // success - -fail: - free(result); - - free(input); - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *hash = NULL; - size_t hash_size; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_finish( - operation, - hash, hash_size, - &hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(hash_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_setup( - operation, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_update( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_verify( - operation, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_import_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - uint8_t *data = NULL; - size_t data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_import_key( - &attributes, - data, data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_interruptible_get_max_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - - uint8_t *result = NULL; - int ok; - - // Now we call the actual target function - - value = psa_interruptible_get_max_ops( - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_interruptible_set_max_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t max_ops; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &pos, &remaining, - &max_ops); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - psa_interruptible_set_max_ops( - max_ops - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs(); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - psa_algorithm_t alg; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement( - private_key, - peer_key, peer_key_length, - alg, - &attributes, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_complete( - &operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_key_agreement_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_key_agreement_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - psa_algorithm_t alg; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_setup( - &operation, - private_key, - peer_key, peer_key_length, - alg, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_get_capacity_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - size_t capacity; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &capacity); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_get_capacity( - operation, - &capacity - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_size_t_needs(capacity); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - capacity); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_bytes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - uint8_t *data = NULL; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_bytes( - operation, - step, - data, data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_integer_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - uint64_t value; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint64_t( - &pos, &remaining, - &value); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_integer( - operation, - step, - value - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_key( - operation, - step, - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_key_agreement( - operation, - step, - private_key, - peer_key, peer_key_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_bytes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - uint8_t *output = NULL; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_bytes( - operation, - output, output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_key_derivation_operation_t *operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_key( - &attributes, - operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_key_custom_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_key_derivation_operation_t *operation; - psa_custom_key_parameters_t custom; - uint8_t *custom_data = NULL; - size_t custom_data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_custom_key_parameters_t( - &pos, &remaining, - &custom); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &custom_data, &custom_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_key_custom( - &attributes, - operation, - &custom, - custom_data, custom_data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(custom_data); - - return 1; // success - -fail: - free(result); - - free(custom_data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_set_capacity_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - size_t capacity; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &capacity); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_set_capacity( - operation, - capacity - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_setup( - operation, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_compute_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *mac = NULL; - size_t mac_size; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_compute( - key, - alg, - input, input_length, - mac, mac_size, - &mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(mac_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(mac); - - return 1; // success - -fail: - free(result); - - free(input); - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_sign_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *mac = NULL; - size_t mac_size; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_sign_finish( - operation, - mac, mac_size, - &mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(mac_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(mac); - - return 1; // success - -fail: - free(result); - - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_sign_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_sign_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_update( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *mac = NULL; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify( - key, - alg, - input, input_length, - mac, mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(mac); - - return 1; // success - -fail: - free(result); - - free(input); - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *mac = NULL; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify_finish( - operation, - mac, mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(mac); - - return 1; // success - -fail: - free(result); - - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_purge_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_purge_key( - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_raw_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_raw_key_agreement( - alg, - private_key, - peer_key, peer_key_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - free(output); - - return 1; // success - -fail: - free(result); - - free(peer_key); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_reset_key_attributes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - psa_reset_key_attributes( - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(attributes); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash( - key, - alg, - hash, hash_length, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_complete( - operation, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(signature); - - return 1; // success - -fail: - free(result); - - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_sign_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_sign_hash_get_num_ops( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_start_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_start( - operation, - key, - alg, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_message_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_message( - key, - alg, - input, input_length, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(signature); - - return 1; // success - -fail: - free(result); - - free(input); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash( - key, - alg, - hash, hash_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_complete( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_verify_hash_get_num_ops( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_start_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_start( - operation, - key, - alg, - hash, hash_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_message_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_message( - key, - alg, - input, input_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(signature); - - return 1; // success - -fail: - free(result); - - free(input); - free(signature); - - return 0; // This shouldn't happen! -} - -psa_status_t psa_crypto_call(psa_msg_t msg) -{ - int ok = 0; - - int func = msg.type; - - /* We only expect a single input buffer, with everything serialised in it */ - if (msg.in_size[1] != 0 || msg.in_size[2] != 0 || msg.in_size[3] != 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* We expect exactly 2 output buffers, one for size, the other for data */ - if (msg.out_size[0] != sizeof(size_t) || msg.out_size[1] == 0 || - msg.out_size[2] != 0 || msg.out_size[3] != 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - uint8_t *in_params = NULL; - size_t in_params_len = 0; - uint8_t *out_params = NULL; - size_t out_params_len = 0; - - in_params_len = msg.in_size[0]; - in_params = malloc(in_params_len); - if (in_params == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - /* Read the bytes from the client */ - size_t actual = psa_read(msg.handle, 0, in_params, in_params_len); - if (actual != in_params_len) { - free(in_params); - return PSA_ERROR_CORRUPTION_DETECTED; - } - - switch (func) { - case PSA_CRYPTO_INIT: - ok = psa_crypto_init_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ABORT: - ok = psa_aead_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_DECRYPT: - ok = psa_aead_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_DECRYPT_SETUP: - ok = psa_aead_decrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ENCRYPT: - ok = psa_aead_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ENCRYPT_SETUP: - ok = psa_aead_encrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_FINISH: - ok = psa_aead_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_GENERATE_NONCE: - ok = psa_aead_generate_nonce_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_SET_LENGTHS: - ok = psa_aead_set_lengths_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_SET_NONCE: - ok = psa_aead_set_nonce_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_UPDATE: - ok = psa_aead_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_UPDATE_AD: - ok = psa_aead_update_ad_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_VERIFY: - ok = psa_aead_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_ASYMMETRIC_DECRYPT: - ok = psa_asymmetric_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_ASYMMETRIC_ENCRYPT: - ok = psa_asymmetric_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CAN_DO_HASH: - ok = psa_can_do_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ABORT: - ok = psa_cipher_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_DECRYPT: - ok = psa_cipher_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_DECRYPT_SETUP: - ok = psa_cipher_decrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ENCRYPT: - ok = psa_cipher_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ENCRYPT_SETUP: - ok = psa_cipher_encrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_FINISH: - ok = psa_cipher_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_GENERATE_IV: - ok = psa_cipher_generate_iv_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_SET_IV: - ok = psa_cipher_set_iv_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_UPDATE: - ok = psa_cipher_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_COPY_KEY: - ok = psa_copy_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_DESTROY_KEY: - ok = psa_destroy_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_KEY: - ok = psa_export_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY: - ok = psa_export_public_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_ABORT: - ok = psa_export_public_key_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE: - ok = psa_export_public_key_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS: - ok = psa_export_public_key_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_SETUP: - ok = psa_export_public_key_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY: - ok = psa_generate_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_CUSTOM: - ok = psa_generate_key_custom_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_ABORT: - ok = psa_generate_key_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_COMPLETE: - ok = psa_generate_key_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_GET_NUM_OPS: - ok = psa_generate_key_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_SETUP: - ok = psa_generate_key_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_RANDOM: - ok = psa_generate_random_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GET_KEY_ATTRIBUTES: - ok = psa_get_key_attributes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_ABORT: - ok = psa_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_CLONE: - ok = psa_hash_clone_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_COMPARE: - ok = psa_hash_compare_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_COMPUTE: - ok = psa_hash_compute_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_FINISH: - ok = psa_hash_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_SETUP: - ok = psa_hash_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_UPDATE: - ok = psa_hash_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_VERIFY: - ok = psa_hash_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_IMPORT_KEY: - ok = psa_import_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_INTERRUPTIBLE_GET_MAX_OPS: - ok = psa_interruptible_get_max_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_INTERRUPTIBLE_SET_MAX_OPS: - ok = psa_interruptible_set_max_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT: - ok = psa_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_ABORT: - ok = psa_key_agreement_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_COMPLETE: - ok = psa_key_agreement_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS: - ok = psa_key_agreement_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_SETUP: - ok = psa_key_agreement_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_ABORT: - ok = psa_key_derivation_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_GET_CAPACITY: - ok = psa_key_derivation_get_capacity_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_BYTES: - ok = psa_key_derivation_input_bytes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_INTEGER: - ok = psa_key_derivation_input_integer_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_KEY: - ok = psa_key_derivation_input_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_KEY_AGREEMENT: - ok = psa_key_derivation_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_BYTES: - ok = psa_key_derivation_output_bytes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_KEY: - ok = psa_key_derivation_output_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM: - ok = psa_key_derivation_output_key_custom_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_SET_CAPACITY: - ok = psa_key_derivation_set_capacity_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_SETUP: - ok = psa_key_derivation_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_ABORT: - ok = psa_mac_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_COMPUTE: - ok = psa_mac_compute_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_SIGN_FINISH: - ok = psa_mac_sign_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_SIGN_SETUP: - ok = psa_mac_sign_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_UPDATE: - ok = psa_mac_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY: - ok = psa_mac_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY_FINISH: - ok = psa_mac_verify_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY_SETUP: - ok = psa_mac_verify_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_PURGE_KEY: - ok = psa_purge_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_RAW_KEY_AGREEMENT: - ok = psa_raw_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_RESET_KEY_ATTRIBUTES: - ok = psa_reset_key_attributes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH: - ok = psa_sign_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_ABORT: - ok = psa_sign_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_COMPLETE: - ok = psa_sign_hash_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_GET_NUM_OPS: - ok = psa_sign_hash_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_START: - ok = psa_sign_hash_start_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_MESSAGE: - ok = psa_sign_message_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH: - ok = psa_verify_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_ABORT: - ok = psa_verify_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_COMPLETE: - ok = psa_verify_hash_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_GET_NUM_OPS: - ok = psa_verify_hash_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_START: - ok = psa_verify_hash_start_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_MESSAGE: - ok = psa_verify_message_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - } - - free(in_params); - - if (out_params_len > msg.out_size[1]) { - fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\n", - out_params_len, msg.out_size[1]); - exit(1); - } - - /* Write the exact amount of data we're returning */ - psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); - - /* And write the data itself */ - if (out_params_len) { - psa_write(msg.handle, 1, out_params, out_params_len); - } - - free(out_params); - - return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; -} - -void psa_crypto_close(void) -{ - psa_sim_serialize_reset(); -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl deleted file mode 100755 index 0f4c86f817..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ /dev/null @@ -1,1208 +0,0 @@ -#!/usr/bin/env perl -# -# This is a proof-of-concept script to show that the client and server wrappers -# can be created by a script. It is not hooked into the build, so is run -# manually and the output files are what are to be reviewed. In due course -# this will be replaced by a Python script based on the -# code_wrapper.psa_wrapper module. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -use strict; -use Data::Dumper; -use File::Basename; -use JSON qw(encode_json); - -my $debug = 0; - -# Globals (sorry!) -my $output_dir = dirname($0); - -my %functions = get_functions(); -my @functions = sort keys %functions; - -# We don't want these functions (e.g. because they are not implemented, etc) -my @skip_functions = ( - 'mbedtls_psa_crypto_free', # redefined rather than wrapped - 'mbedtls_psa_external_get_random', # not in the default config, uses unsupported type - 'mbedtls_psa_get_stats', # uses unsupported type - 'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type - 'psa_get_key_slot_number', # not in the default config, uses unsupported type - 'psa_key_derivation_verify_bytes', # not implemented yet - 'psa_key_derivation_verify_key', # not implemented yet -); - -my $skip_functions_re = '\A(' . join('|', @skip_functions). ')\Z'; -@functions = grep(!/$skip_functions_re - |_pake_ # Skip everything PAKE - |_init\Z # constructors - /x, @functions); -# Restore psa_crypto_init() and put it first. -unshift @functions, 'psa_crypto_init'; - -# get_functions(), called above, returns a data structure for each function -# that we need to create client and server stubs for. The functions are -# listed from PSA header files. -# -# In this script, the data for psa_crypto_init() looks like: -# -# "psa_crypto_init": { -# "return": { # Info on return type -# "type": "psa_status_t", # Return type -# "name": "status", # Name to be used for this in C code -# "default": "PSA_ERROR_CORRUPTION_DETECTED" # Default value -# }, -# "args": [], # void function, so args empty -# } -# -# The data for psa_hash_compute() looks like: -# -# "psa_hash_compute": { -# "return": { # Information on return type -# "type": "psa_status_t", -# "name": "status", -# "default": "PSA_ERROR_CORRUPTION_DETECTED" -# }, -# "args": [{ -# "type": "psa_algorithm_t", # Type of first argument -# "ctypename": "psa_algorithm_t ", # C type with trailing spaces -# # (so that e.g. `char *` looks ok) -# "name": "alg", -# "is_output": 0 -# }, { -# "type": "const buffer", # Specially created -# "ctypename": "", # (so no C type) -# "name": "input, input_length", # A pair of arguments -# "is_output": 0 # const, so not an output argument -# }, { -# "type": "buffer", # Specially created -# "ctypename": "", -# "name": "hash, hash_size", -# "is_output": 1 # Not const, so output argument -# }, { -# "type": "size_t", # size_t *hash_length -# "ctypename": "size_t ", -# "name": "*hash_length", # * comes into the name -# "is_output": 1 -# } -# ], -# }, -# -# It's possible that a production version might not need both type and ctypename; -# that was done for convenience and future-proofing during development. - -write_function_codes("$output_dir/psa_functions_codes.h"); - -write_client_calls("$output_dir/psa_sim_crypto_client.c"); - -write_server_implementations("$output_dir/psa_sim_crypto_server.c"); - -sub write_function_codes -{ - my ($file) = @_; - - open(my $fh, ">", $file) || die("$0: $file: $!\n"); - - # NOTE: psa_crypto_init() is written manually - - print $fh <", $file) || die("$0: $file: $!\n"); - - print $fh client_calls_header(); - - for my $function (@functions) { - # psa_crypto_init() is hand written to establish connection to server - if ($function ne "psa_crypto_init") { - my $f = $functions{$function}; - output_client($fh, $f, $function); - } - } - - close($fh); -} - -sub write_server_implementations -{ - my ($file) = @_; - - open(my $fh, ">", $file) || die("$0: $file: $!\n"); - - print $fh server_implementations_header(); - - print $fh debug_functions() if $debug; - - for my $function (@functions) { - my $f = $functions{$function}; - output_server_wrapper($fh, $f, $function); - } - - # Now output a switch statement that calls each of the wrappers - - print $fh < msg.out_size[1]) { - fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\\n", - out_params_len, msg.out_size[1]); - exit(1); - } - - /* Write the exact amount of data we're returning */ - psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); - - /* And write the data itself */ - if (out_params_len) { - psa_write(msg.handle, 1, out_params, out_params_len); - } - - free(out_params); - - return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; -} -EOF - - # Finally, add psa_crypto_close() - - print $fh < -#include - -#include - -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -#include "service.h" - -#if !defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)(int, int, const char *, int); -#endif -EOF -} - -sub client_calls_header -{ - my $code = <<'EOF'; -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* client calls */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#define CLIENT_PRINT(fmt, ...) \ - INFO("Client: " fmt, ##__VA_ARGS__) - -static psa_handle_t handle = -1; - -#if defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" -#endif -EOF - - $code .= debug_functions() if $debug; - - $code .= <<'EOF'; - -int psa_crypto_call(int function, - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - // psa_outvec outvecs[1]; - if (handle < 0) { - fprintf(stderr, "NOT CONNECTED\n"); - exit(1); - } - - psa_invec invec; - invec.base = in_params; - invec.len = in_params_len; - - size_t max_receive = 24576; - uint8_t *receive = malloc(max_receive); - if (receive == NULL) { - fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); - exit(1); - } - - size_t actual_received = 0; - - psa_outvec outvecs[2]; - outvecs[0].base = &actual_received; - outvecs[0].len = sizeof(actual_received); - outvecs[1].base = receive; - outvecs[1].len = max_receive; - - psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); - if (status != PSA_SUCCESS) { - free(receive); - return 0; - } - - *out_params = receive; - *out_params_len = actual_received; - - return 1; // success -} - -psa_status_t psa_crypto_init(void) -{ - const char *mbedtls_version; - uint8_t *result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - mbedtls_version = mbedtls_version_get_string_full(); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); - handle = psa_connect(PSA_SID_CRYPTO_SID, 1); - - if (handle < 0) { - CLIENT_PRINT("Couldn't connect %d", handle); - return PSA_ERROR_COMMUNICATION_FAILURE; - } - - int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); - - if (!ok) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); - if (!ok) { - goto fail; - } - -fail: - free(result); - - return status; -} - -void mbedtls_psa_crypto_free(void) -{ - /* Do not try to close a connection that was never started.*/ - if (handle == -1) { - return; - } - - CLIENT_PRINT("Closing handle"); - psa_close(handle); - handle = -1; -} -EOF -} - -sub debug_functions -{ - return <> 4); - p[1] = hex_digit(b & 0x0F); - - return 2; -} - -int hex_uint16(char *p, uint16_t b) -{ - hex_byte(p, b >> 8); - hex_byte(p + 2, b & 0xFF); - - return 4; -} - -char human_char(uint8_t c) -{ - return (c >= ' ' && c <= '~') ? (char)c : '.'; -} - -void dump_buffer(const uint8_t *buffer, size_t len) -{ - char line[80]; - - const uint8_t *p = buffer; - - size_t max = (len > 0xFFFF) ? 0xFFFF : len; - - for (size_t i = 0; i < max; i += 16) { - - char *q = line; - - q += hex_uint16(q, (uint16_t)i); - *q++ = ' '; - *q++ = ' '; - - size_t ll = (i + 16 > max) ? (max % 16) : 16; - - size_t j; - for (j = 0; j < ll; j++) { - q += hex_byte(q, p[i + j]); - *q++ = ' '; - } - - while (j++ < 16) { - *q++ = ' '; - *q++ = ' '; - *q++ = ' '; - } - - *q++ = ' '; - - for (j = 0; j < ll; j++) { - *q++ = human_char(p[i + j]); - } - - *q = '\\0'; - - printf("%s\\n", line); - } -} - -void hex_dump(uint8_t *p, size_t n) -{ - for (size_t i = 0; i < n; i++) { - printf("0x%02X ", p[i]); - } - printf("\\n"); -} -EOF -} - -sub output_server_wrapper -{ - my ($fh, $f, $name) = @_; - - my $ret_type = $f->{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $ret_default = $f->{return}->{default}; - - my @buffers = (); # We need to free() these on exit - - print $fh <{args}; - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - $argtype =~ s/^const //; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh <= 0) { # If we have any args (>= 0) - print $fh <= 0) { # If we have any args (>= 0) - print $fh <[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh <{is_output}, @$args); - - my $sep1 = (($ret_type eq "void") and ($#outputs < 0)) ? ";" : " +"; - - print $fh <{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - $argname =~ s/^\*//; # Remove any leading * - my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : ""; - - print $fh <{is_output}, @$args); - - for my $i (0 .. $#outputs) { - my $arg = $outputs[$i]; - die("$i: this should have been filtered out by grep") unless $arg->{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype eq "buffer") { - print $fh <{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $ret_default = $f->{return}->{default}; - - print $fh <{args}; - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - print $fh <[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - print $fh <{is_output}, @$args); - - for my $i (0 .. $#outputs) { - my $arg = $outputs[$i]; - die("$i: this should have been filtered out by grep") unless $arg->{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype eq "buffer") { - print $fh <{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $args = $f->{args}; - - if ($ret_type eq "void") { - print $fh "\n $name(\n"; - } else { - print $fh "\n $ret_name = $name(\n"; - } - - print $fh " );\n" if $#$args < 0; # If no arguments, empty arg list - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh " $n1, $n2"; - } else { - $argname =~ s/^\*/\&/; # Replace leading * with & - if ($is_server && $argtype =~ /^psa_\w+_operation_t/) { - $argname =~ s/^\&//; # Actually, for psa_XXX_operation_t, don't do this on the server side - } - print $fh " $argname"; - } - my $sep = ($i == $#$args) ? "\n );" : ","; - print $fh "$sep\n"; - } -} - -sub output_signature -{ - my ($fh, $f, $name, $what) = @_; - - my $ret_type = $f->{return}->{type}; - my $args = $f->{args}; - - my $final_sep = ($what eq "declaration") ? "\n);" : "\n )"; - - print $fh "\n$ret_type $name(\n"; - - print $fh " void\n )\n" if $#$args < 0; # No arguments - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $ctypename = $arg->{ctypename}; # e.g. "int ", "char *"; empty for buffer - my $argname = $arg->{name}; - - if ($argtype =~ /^(const )?buffer$/) { - my $const = length($1) ? "const " : ""; - my ($n1, $n2) = split(/,/, $argname); - print $fh " ${const}uint8_t *$n1, size_t $n2"; - } else { - print $fh " $ctypename$argname"; - } - my $sep = ($i == $#$args) ? $final_sep : ","; - print $fh "$sep\n"; - } -} - -sub get_functions -{ - my $header_dir = 'tf-psa-crypto/include'; - my $src = ""; - for my $header_file ('psa/crypto.h', 'psa/crypto_extra.h') { - local *HEADER; - open HEADER, '<', "$header_dir/$header_file" - or die "$header_dir/$header_file: $!"; - while (
) { - chomp; - s/\/\/.*//; - s/\s+^//; - s/\s+/ /g; - $_ .= "\n"; - $src .= $_; - } - close HEADER; - } - - $src =~ s/\/\*.*?\*\///gs; - - my @src = split(/\n+/, $src); - - my @rebuild = (); - my %funcs = (); - for (my $i = 0; $i <= $#src; $i++) { - my $line = $src[$i]; - if ($line =~ /^(static(?:\s+inline)?\s+)? - ((?:(?:enum|struct|union)\s+)?\w+\s*\**\s*)\s+ - ((?:mbedtls|psa)_\w*)\(/x) { - # begin function declaration - #print "have one $line\n"; - while ($line !~ /;/) { - $line .= $src[$i + 1]; - $i++; - } - if ($line =~ /^static/) { - # IGNORE static inline functions: they're local. - next; - } - $line =~ s/\s+/ /g; - if ($line =~ /(\w+)\s+\b(\w+)\s*\(\s*(.*\S)\s*\)\s*[;{]/s) { - my ($ret_type, $func, $args) = ($1, $2, $3); - - my $copy = $line; - $copy =~ s/{$//; - my $f = { - "orig" => $copy, - }; - - my @args = split(/\s*,\s*/, $args); - - my $ret_name = ""; - $ret_name = "status" if $ret_type eq "psa_status_t"; - $ret_name = "value" if $ret_type eq "uint32_t"; - $ret_name = "value" if $ret_type eq "int"; - $ret_name = "(void)" if $ret_type eq "void"; - die("ret_name for $ret_type?") unless length($ret_name); - my $ret_default = ""; - $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t"; - $ret_default = "0" if $ret_type eq "uint32_t"; - $ret_default = "0" if $ret_type eq "int"; - $ret_default = "(void)" if $ret_type eq "void"; - die("ret_default for $ret_type?") unless length($ret_default); - - #print "FUNC $func RET_NAME $ret_name RET_TYPE $ret_type ARGS (", join("; ", @args), ")\n"; - - $f->{return} = { - "type" => $ret_type, - "default" => $ret_default, - "name" => $ret_name, - }; - $f->{args} = []; - # psa_algorithm_t alg; const uint8_t *input; size_t input_length; uint8_t *hash; size_t hash_size; size_t *hash_length - for (my $i = 0; $i <= $#args; $i++) { - my $arg = $args[$i]; - # "type" => "psa_algorithm_t", - # "ctypename" => "psa_algorithm_t ", - # "name" => "alg", - # "is_output" => 0, - my ($type, $ctype, $name, $is_output); - if ($arg =~ /^(\w+)\s+(\w+)$/) { # e.g. psa_algorithm_t alg - ($type, $name) = ($1, $2); - $ctype = $type . " "; - $is_output = 0; - } elsif ($arg =~ /^((const)\s+)?uint8_t\s*\*\s*(\w+)$/) { - $type = "buffer"; - $is_output = (length($1) == 0) ? 1 : 0; - $type = "const buffer" if !$is_output; - $ctype = ""; - $name = $3; - #print("$arg: $name: might be a buffer?\n"); - die("$arg: not a buffer 1!\n") if $i == $#args; - my $next = $args[$i + 1]; - if ($func eq "psa_key_derivation_verify_bytes" && - $arg eq "const uint8_t *expected_output" && - $next eq "size_t output_length") { - $next = "size_t expected_output_length"; # doesn't follow naming convention, so override - } - die("$arg: not a buffer 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/; - $i++; # We're using the next param here - my $nname = $1; - $name .= ", " . $nname; - } elsif ($arg =~ /^((const)\s+)?(\w+)\s*\*(\w+)$/) { - ($type, $name) = ($3, "*" . $4); - $ctype = $1 . $type . " "; - $is_output = (length($1) == 0) ? 1 : 0; - } elsif ($arg eq "void") { - # we'll just ignore this one - } else { - die("ARG HELP $arg\n"); - } - #print "$arg => <$type><$ctype><$name><$is_output>\n"; - if ($arg ne "void") { - push(@{$f->{args}}, { - "type" => $type, - "ctypename" => $ctype, - "name" => $name, - "is_output" => $is_output, - }); - } - } - $funcs{$func} = $f; - } else { - die("FAILED"); - } - push(@rebuild, $line); - } elsif ($line =~ /^#/i) { - # IGNORE directive - while ($line =~ /\\$/) { - $i++; - $line = $src[$i]; - } - } elsif ($line =~ /^(?:typedef +)?(enum|struct|union)[^;]*$/) { - # IGNORE compound type definition - while ($line !~ /^\}/) { - $i++; - $line = $src[$i]; - } - } elsif ($line =~ /^typedef /i) { - # IGNORE type definition - } elsif ($line =~ / = .*;$/) { - # IGNORE assignment in inline function definition - } else { - if ($line =~ /psa_/) { - print "NOT PARSED: $line\n"; - } - push(@rebuild, $line); - } - } - - #print ::Dumper(\%funcs); - #exit; - - return %funcs; -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c deleted file mode 100644 index 0dde934ada..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ /dev/null @@ -1,1765 +0,0 @@ -/** - * \file psa_sim_serialise.c - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa_sim_serialise.h" -#include "util.h" -#include -#include - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; - * but we don't get it on server builds, so redefine it here with a unique type name - */ -typedef uint32_t psasim_client_handle_t; - -typedef struct psasim_operation_s { - psasim_client_handle_t handle; -} psasim_operation_t; - -#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ - -static psa_hash_operation_t hash_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t hash_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_hash_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_hash_operation_slot(void) -{ - psasim_client_handle_t handle = next_hash_operation_handle++; - if (next_hash_operation_handle == 0) { /* wrapped around */ - FATAL("Hash operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (hash_operation_handles[i] == 0) { - hash_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (hash_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_aead_operation_t aead_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t aead_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_aead_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_aead_operation_slot(void) -{ - psasim_client_handle_t handle = next_aead_operation_handle++; - if (next_aead_operation_handle == 0) { /* wrapped around */ - FATAL("Aead operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (aead_operation_handles[i] == 0) { - aead_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (aead_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_mac_operation_t mac_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t mac_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_mac_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_mac_operation_slot(void) -{ - psasim_client_handle_t handle = next_mac_operation_handle++; - if (next_mac_operation_handle == 0) { /* wrapped around */ - FATAL("Mac operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (mac_operation_handles[i] == 0) { - mac_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (mac_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_cipher_operation_t cipher_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t cipher_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_cipher_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_cipher_operation_slot(void) -{ - psasim_client_handle_t handle = next_cipher_operation_handle++; - if (next_cipher_operation_handle == 0) { /* wrapped around */ - FATAL("Cipher operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (cipher_operation_handles[i] == 0) { - cipher_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (cipher_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_key_derivation_operation_t key_derivation_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t key_derivation_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_key_derivation_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_key_derivation_operation_slot(void) -{ - psasim_client_handle_t handle = next_key_derivation_operation_handle++; - if (next_key_derivation_operation_handle == 0) { /* wrapped around */ - FATAL("Key_derivation operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (key_derivation_operation_handles[i] == 0) { - key_derivation_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_key_derivation_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (key_derivation_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_sign_hash_interruptible_operation_t sign_hash_interruptible_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t sign_hash_interruptible_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_sign_hash_interruptible_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_sign_hash_interruptible_operation_slot(void) -{ - psasim_client_handle_t handle = next_sign_hash_interruptible_operation_handle++; - if (next_sign_hash_interruptible_operation_handle == 0) { /* wrapped around */ - FATAL("Sign_hash_interruptible operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (sign_hash_interruptible_operation_handles[i] == 0) { - sign_hash_interruptible_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_sign_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (sign_hash_interruptible_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_verify_hash_interruptible_operation_t verify_hash_interruptible_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t verify_hash_interruptible_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_verify_hash_interruptible_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_verify_hash_interruptible_operation_slot(void) -{ - psasim_client_handle_t handle = next_verify_hash_interruptible_operation_handle++; - if (next_verify_hash_interruptible_operation_handle == 0) { /* wrapped around */ - FATAL("Verify_hash_interruptible operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (verify_hash_interruptible_operation_handles[i] == 0) { - verify_hash_interruptible_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_verify_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (verify_hash_interruptible_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -size_t psasim_serialise_begin_needs(void) -{ - /* The serialisation buffer will - * start with a byte of 0 to indicate version 0, - * then have 1 byte each for length of int, long, void *, - * then have 4 bytes to indicate endianness. */ - return 4 + sizeof(uint32_t); -} - -int psasim_serialise_begin(uint8_t **pos, size_t *remaining) -{ - uint32_t endian = 0x1234; - - if (*remaining < 4 + sizeof(endian)) { - return 0; - } - - *(*pos)++ = 0; /* version */ - *(*pos)++ = (uint8_t) sizeof(int); - *(*pos)++ = (uint8_t) sizeof(long); - *(*pos)++ = (uint8_t) sizeof(void *); - - memcpy(*pos, &endian, sizeof(endian)); - - *pos += sizeof(endian); - - return 1; -} - -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining) -{ - uint8_t version = 255; - uint8_t int_size = 0; - uint8_t long_size = 0; - uint8_t ptr_size = 0; - uint32_t endian; - - if (*remaining < 4 + sizeof(endian)) { - return 0; - } - - memcpy(&version, (*pos)++, sizeof(version)); - if (version != 0) { - return 0; - } - - memcpy(&int_size, (*pos)++, sizeof(int_size)); - if (int_size != sizeof(int)) { - return 0; - } - - memcpy(&long_size, (*pos)++, sizeof(long_size)); - if (long_size != sizeof(long)) { - return 0; - } - - memcpy(&ptr_size, (*pos)++, sizeof(ptr_size)); - if (ptr_size != sizeof(void *)) { - return 0; - } - - *remaining -= 4; - - memcpy(&endian, *pos, sizeof(endian)); - if (endian != 0x1234) { - return 0; - } - - *pos += sizeof(endian); - *remaining -= sizeof(endian); - - return 1; -} - -size_t psasim_serialise_unsigned_int_needs( - unsigned int value) -{ - return sizeof(value); -} - -int psasim_serialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_int_needs( - int value) -{ - return sizeof(value); -} - -int psasim_serialise_int(uint8_t **pos, - size_t *remaining, - int value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_int(uint8_t **pos, - size_t *remaining, - int *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_size_t_needs( - size_t value) -{ - return sizeof(value); -} - -int psasim_serialise_size_t(uint8_t **pos, - size_t *remaining, - size_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_size_t(uint8_t **pos, - size_t *remaining, - size_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint16_t_needs( - uint16_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint32_t_needs( - uint32_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint64_t_needs( - uint64_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size) -{ - (void) buffer; - return sizeof(buffer_size) + buffer_size; -} - -int psasim_serialise_buffer(uint8_t **pos, - size_t *remaining, - const uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length) + buffer_length) { - return 0; - } - - memcpy(*pos, &buffer_length, sizeof(buffer_length)); - *pos += sizeof(buffer_length); - - if (buffer_length > 0) { // To be able to serialise (NULL, 0) - memcpy(*pos, buffer, buffer_length); - *pos += buffer_length; - } - - return 1; -} - -int psasim_deserialise_buffer(uint8_t **pos, - size_t *remaining, - uint8_t **buffer, - size_t *buffer_length) -{ - if (*remaining < sizeof(*buffer_length)) { - return 0; - } - - memcpy(buffer_length, *pos, sizeof(*buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (*buffer_length == 0) { // Deserialise (NULL, 0) - *buffer = NULL; - return 1; - } - - if (*remaining < *buffer_length) { - return 0; - } - - uint8_t *data = malloc(*buffer_length); - if (data == NULL) { - return 0; - } - - memcpy(data, *pos, *buffer_length); - *pos += *buffer_length; - *remaining -= *buffer_length; - - *buffer = data; - - return 1; -} - -/* When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. */ -int psasim_deserialise_return_buffer(uint8_t **pos, - size_t *remaining, - uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length)) { - return 0; - } - - size_t length_check; - - memcpy(&length_check, *pos, sizeof(buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server - return 0; - } - - if (length_check == 0) { // Deserialise (NULL, 0) - return 1; - } - - if (*remaining < buffer_length) { - return 0; - } - - memcpy(buffer, *pos, buffer_length); - *pos += buffer_length; - *remaining -= buffer_length; - - return 1; -} - -size_t psasim_serialise_psa_custom_key_parameters_t_needs( - psa_custom_key_parameters_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_status_t_needs( - psa_status_t value) -{ - return psasim_serialise_int_needs(value); -} - -int psasim_serialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t value) -{ - return psasim_serialise_int(pos, remaining, value); -} - -int psasim_deserialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t *value) -{ - return psasim_deserialise_int(pos, remaining, value); -} - -size_t psasim_serialise_psa_algorithm_t_needs( - psa_algorithm_t value) -{ - return psasim_serialise_unsigned_int_needs(value); -} - -int psasim_serialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t value) -{ - return psasim_serialise_unsigned_int(pos, remaining, value); -} - -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t *value) -{ - return psasim_deserialise_unsigned_int(pos, remaining, value); -} - -size_t psasim_serialise_psa_key_derivation_step_t_needs( - psa_key_derivation_step_t value) -{ - return psasim_serialise_uint16_t_needs(value); -} - -int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t value) -{ - return psasim_serialise_uint16_t(pos, remaining, value); -} - -int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t *value) -{ - return psasim_deserialise_uint16_t(pos, remaining, value); -} - -size_t psasim_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - hash_operations; - - if (completed) { - memset(&hash_operations[slot], - 0, - sizeof(psa_hash_operation_t)); - hash_operation_handles[slot] = 0; - } - - client_operation.handle = hash_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_hash_operation_slot(); - } else { - slot = find_hash_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &hash_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - aead_operations; - - if (completed) { - memset(&aead_operations[slot], - 0, - sizeof(psa_aead_operation_t)); - aead_operation_handles[slot] = 0; - } - - client_operation.handle = aead_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_aead_operation_slot(); - } else { - slot = find_aead_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &aead_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_key_attributes_t_needs( - psa_key_attributes_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - mac_operations; - - if (completed) { - memset(&mac_operations[slot], - 0, - sizeof(psa_mac_operation_t)); - mac_operation_handles[slot] = 0; - } - - client_operation.handle = mac_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_mac_operation_slot(); - } else { - slot = find_mac_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &mac_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - cipher_operations; - - if (completed) { - memset(&cipher_operations[slot], - 0, - sizeof(psa_cipher_operation_t)); - cipher_operation_handles[slot] = 0; - } - - client_operation.handle = cipher_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_cipher_operation_slot(); - } else { - slot = find_cipher_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &cipher_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - key_derivation_operations; - - if (completed) { - memset(&key_derivation_operations[slot], - 0, - sizeof(psa_key_derivation_operation_t)); - key_derivation_operation_handles[slot] = 0; - } - - client_operation.handle = key_derivation_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_key_derivation_operation_slot(); - } else { - slot = find_key_derivation_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &key_derivation_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - sign_hash_interruptible_operations; - - if (completed) { - memset(&sign_hash_interruptible_operations[slot], - 0, - sizeof(psa_sign_hash_interruptible_operation_t)); - sign_hash_interruptible_operation_handles[slot] = 0; - } - - client_operation.handle = sign_hash_interruptible_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_sign_hash_interruptible_operation_slot(); - } else { - slot = find_sign_hash_interruptible_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &sign_hash_interruptible_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - verify_hash_interruptible_operations; - - if (completed) { - memset(&verify_hash_interruptible_operations[slot], - 0, - sizeof(psa_verify_hash_interruptible_operation_t)); - verify_hash_interruptible_operation_handles[slot] = 0; - } - - client_operation.handle = verify_hash_interruptible_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_verify_hash_interruptible_operation_slot(); - } else { - slot = find_verify_hash_interruptible_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &verify_hash_interruptible_operations[slot]; - - return 1; -} - -size_t psasim_serialise_mbedtls_svc_key_id_t_needs( - mbedtls_svc_key_id_t value) -{ - return sizeof(value); -} - -int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_key_agreement_iop_t_needs( - psa_key_agreement_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_generate_key_iop_t_needs( - psa_generate_key_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_export_public_key_iop_t_needs( - psa_export_public_key_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -void psa_sim_serialize_reset(void) -{ - memset(hash_operation_handles, 0, - sizeof(hash_operation_handles)); - memset(hash_operations, 0, - sizeof(hash_operations)); - memset(aead_operation_handles, 0, - sizeof(aead_operation_handles)); - memset(aead_operations, 0, - sizeof(aead_operations)); - memset(mac_operation_handles, 0, - sizeof(mac_operation_handles)); - memset(mac_operations, 0, - sizeof(mac_operations)); - memset(cipher_operation_handles, 0, - sizeof(cipher_operation_handles)); - memset(cipher_operations, 0, - sizeof(cipher_operations)); - memset(key_derivation_operation_handles, 0, - sizeof(key_derivation_operation_handles)); - memset(key_derivation_operations, 0, - sizeof(key_derivation_operations)); - memset(sign_hash_interruptible_operation_handles, 0, - sizeof(sign_hash_interruptible_operation_handles)); - memset(sign_hash_interruptible_operations, 0, - sizeof(sign_hash_interruptible_operations)); - memset(verify_hash_interruptible_operation_handles, 0, - sizeof(verify_hash_interruptible_operation_handles)); - memset(verify_hash_interruptible_operations, 0, - sizeof(verify_hash_interruptible_operations)); -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h deleted file mode 100644 index 3b6f08e19d..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ /dev/null @@ -1,1432 +0,0 @@ -/** - * \file psa_sim_serialise.h - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#include "psa/crypto.h" -#include "psa/crypto_types.h" -#include "psa/crypto_values.h" - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/** Reset all operation slots. - * - * Should be called when all clients have disconnected. - */ -void psa_sim_serialize_reset(void); - -/** Return how much buffer space is needed by \c psasim_serialise_begin(). - * - * \return The number of bytes needed in the buffer for - * \c psasim_serialise_begin()'s output. - */ -size_t psasim_serialise_begin_needs(void); - -/** Begin serialisation into a buffer. - * - * This must be the first serialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error (likely - * no space). - */ -int psasim_serialise_begin(uint8_t **pos, size_t *remaining); - -/** Begin deserialisation of a buffer. - * - * This must be the first deserialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); - -/** Return how much buffer space is needed by \c psasim_serialise_unsigned_int() - * to serialise an `unsigned int`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_unsigned_int() to serialise - * the given value. - */ -size_t psasim_serialise_unsigned_int_needs( - unsigned int value); - -/** Serialise an `unsigned int` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int value); - -/** Deserialise an `unsigned int` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `unsigned int` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int *value); - -/** Return how much buffer space is needed by \c psasim_serialise_int() - * to serialise an `int`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_int() to serialise - * the given value. - */ -size_t psasim_serialise_int_needs( - int value); - -/** Serialise an `int` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_int(uint8_t **pos, - size_t *remaining, - int value); - -/** Deserialise an `int` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `int` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_int(uint8_t **pos, - size_t *remaining, - int *value); - -/** Return how much buffer space is needed by \c psasim_serialise_size_t() - * to serialise a `size_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_size_t() to serialise - * the given value. - */ -size_t psasim_serialise_size_t_needs( - size_t value); - -/** Serialise a `size_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_size_t(uint8_t **pos, - size_t *remaining, - size_t value); - -/** Deserialise a `size_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `size_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_size_t(uint8_t **pos, - size_t *remaining, - size_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint16_t() - * to serialise an `uint16_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint16_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint16_t_needs( - uint16_t value); - -/** Serialise an `uint16_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t value); - -/** Deserialise an `uint16_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint16_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint32_t() - * to serialise an `uint32_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint32_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint32_t_needs( - uint32_t value); - -/** Serialise an `uint32_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t value); - -/** Deserialise an `uint32_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint32_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint64_t() - * to serialise an `uint64_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint64_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint64_t_needs( - uint64_t value); - -/** Serialise an `uint64_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t value); - -/** Deserialise an `uint64_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint64_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t *value); - -/** Return how much space is needed by \c psasim_serialise_buffer() - * to serialise a buffer: a (`uint8_t *`, `size_t`) pair. - * - * \param buffer Pointer to the buffer to be serialised - * (needed in case some serialisations are value- - * dependent). - * \param buffer_size Number of bytes in the buffer to be serialised. - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_buffer() to serialise - * the specified buffer. - */ -size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size); - -/** Serialise a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param buffer Pointer to the buffer to be serialised. - * \param buffer_length Number of bytes in the buffer to be serialised. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_buffer(uint8_t **pos, size_t *remaining, - const uint8_t *buffer, size_t buffer_length); - -/** Deserialise a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the serialisation buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the serialisation buffer. - * \param buffer Pointer to a `uint8_t *` to receive the address - * of a newly-allocated buffer, which the caller - * must `free()`. - * \param buffer_length Pointer to a `size_t` to receive the number of - * bytes in the deserialised buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining, - uint8_t **buffer, size_t *buffer_length); - -/** Deserialise a buffer returned from the server. - * - * When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the serialisation buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the serialisation buffer. - * \param buffer Pointer to a `uint8_t *` to receive the address - * of a newly-allocated buffer, which the caller - * must `free()`. - * \param buffer_length Pointer to a `size_t` to receive the number of - * bytes in the deserialised buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining, - uint8_t *buffer, size_t buffer_length); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_custom_key_parameters_t() - * to serialise a `psa_custom_key_parameters_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_custom_key_parameters_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_custom_key_parameters_t_needs( - psa_custom_key_parameters_t value); - -/** Serialise a `psa_custom_key_parameters_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t value); - -/** Deserialise a `psa_custom_key_parameters_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_custom_key_parameters_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_status_t() - * to serialise a `psa_status_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_status_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_status_t_needs( - psa_status_t value); - -/** Serialise a `psa_status_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t value); - -/** Deserialise a `psa_status_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_status_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_algorithm_t() - * to serialise a `psa_algorithm_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_algorithm_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_algorithm_t_needs( - psa_algorithm_t value); - -/** Serialise a `psa_algorithm_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t value); - -/** Deserialise a `psa_algorithm_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_algorithm_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_step_t() - * to serialise a `psa_key_derivation_step_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_step_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_derivation_step_t_needs( - psa_key_derivation_step_t value); - -/** Serialise a `psa_key_derivation_step_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t value); - -/** Deserialise a `psa_key_derivation_step_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_step_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_hash_operation_t() - * to serialise a `psa_hash_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_hash_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t value); - -/** Serialise a `psa_hash_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t value); - -/** Deserialise a `psa_hash_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_hash_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_hash_operation_t() - * to serialise a `psa_hash_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_hash_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t *value); - -/** Serialise a `psa_hash_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value, - int completed); - -/** Deserialise a `psa_hash_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_hash_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_aead_operation_t() - * to serialise a `psa_aead_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_aead_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t value); - -/** Serialise a `psa_aead_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t value); - -/** Deserialise a `psa_aead_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_aead_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_aead_operation_t() - * to serialise a `psa_aead_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_aead_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t *value); - -/** Serialise a `psa_aead_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value, - int completed); - -/** Deserialise a `psa_aead_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_aead_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_attributes_t() - * to serialise a `psa_key_attributes_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_attributes_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_attributes_t_needs( - psa_key_attributes_t value); - -/** Serialise a `psa_key_attributes_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t value); - -/** Deserialise a `psa_key_attributes_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_attributes_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_mac_operation_t() - * to serialise a `psa_mac_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_mac_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t value); - -/** Serialise a `psa_mac_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t value); - -/** Deserialise a `psa_mac_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_mac_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_mac_operation_t() - * to serialise a `psa_mac_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_mac_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t *value); - -/** Serialise a `psa_mac_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value, - int completed); - -/** Deserialise a `psa_mac_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_mac_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_cipher_operation_t() - * to serialise a `psa_cipher_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_cipher_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t value); - -/** Serialise a `psa_cipher_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t value); - -/** Deserialise a `psa_cipher_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_cipher_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_cipher_operation_t() - * to serialise a `psa_cipher_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_cipher_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t *value); - -/** Serialise a `psa_cipher_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value, - int completed); - -/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_cipher_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_operation_t() - * to serialise a `psa_key_derivation_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t value); - -/** Serialise a `psa_key_derivation_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t value); - -/** Deserialise a `psa_key_derivation_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_key_derivation_operation_t() - * to serialise a `psa_key_derivation_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t *value); - -/** Serialise a `psa_key_derivation_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value, - int completed); - -/** Deserialise a `psa_key_derivation_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_sign_hash_interruptible_operation_t() - * to serialise a `psa_sign_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t value); - -/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t value); - -/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_sign_hash_interruptible_operation_t() - * to serialise a `psa_sign_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t *value); - -/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value, - int completed); - -/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_verify_hash_interruptible_operation_t() - * to serialise a `psa_verify_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t value); - -/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t value); - -/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_verify_hash_interruptible_operation_t() - * to serialise a `psa_verify_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t *value); - -/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value, - int completed); - -/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() - * to serialise a `mbedtls_svc_key_id_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_mbedtls_svc_key_id_t() to serialise - * the given value. - */ -size_t psasim_serialise_mbedtls_svc_key_id_t_needs( - mbedtls_svc_key_id_t value); - -/** Serialise a `mbedtls_svc_key_id_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t value); - -/** Deserialise a `mbedtls_svc_key_id_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `mbedtls_svc_key_id_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_agreement_iop_t() - * to serialise a `psa_key_agreement_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_agreement_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_agreement_iop_t_needs( - psa_key_agreement_iop_t value); - -/** Serialise a `psa_key_agreement_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t value); - -/** Deserialise a `psa_key_agreement_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_agreement_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_generate_key_iop_t() - * to serialise a `psa_generate_key_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_generate_key_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_generate_key_iop_t_needs( - psa_generate_key_iop_t value); - -/** Serialise a `psa_generate_key_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t value); - -/** Deserialise a `psa_generate_key_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_generate_key_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_export_public_key_iop_t() - * to serialise a `psa_export_public_key_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_export_public_key_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_export_public_key_iop_t_needs( - psa_export_public_key_iop_t value); - -/** Serialise a `psa_export_public_key_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t value); - -/** Deserialise a `psa_export_public_key_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_export_public_key_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl deleted file mode 100755 index 0c9faf42ef..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ /dev/null @@ -1,1048 +0,0 @@ -#!/usr/bin/env perl -# -# psa_sim_serialise.pl - Sample Perl script to show how many serialisation -# functions can be created by templated scripting. -# -# This is an example only, and is expected to be replaced by a Python script -# for production use. It is not hooked into the build: it needs to be run -# manually: -# -# perl psa_sim_serialise.pl h > psa_sim_serialise.h -# perl psa_sim_serialise.pl c > psa_sim_serialise.c -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -use strict; - -my $usage = "$0: usage: $0 c|h\n"; -my $which = lc(shift) || die($usage); -die($usage) unless $which eq "c" || $which eq "h"; - -# Most types are serialised as a fixed-size (per type) octet string, with -# no type indication. This is acceptable as (a) this is for the test PSA crypto -# simulator only, not production, and (b) these functions are called by -# code that itself is written by script. -# -# We also want to keep serialised data reasonably compact as communication -# between client and server goes in messages of less than 200 bytes each. -# -# This script is able to create serialisation functions for plain old C data -# types (e.g. unsigned int), types typedef'd to those, and even structures -# that don't contain pointers. -# -# Structures that contain pointers will need to have their serialisation and -# deserialisation functions written manually (like those for the "buffer" type -# are). -# -my @types = qw(unsigned-int int size_t - uint16_t uint32_t uint64_t - buffer - psa_custom_key_parameters_t - psa_status_t psa_algorithm_t psa_key_derivation_step_t - psa_hash_operation_t - psa_aead_operation_t - psa_key_attributes_t - psa_mac_operation_t - psa_cipher_operation_t - psa_key_derivation_operation_t - psa_sign_hash_interruptible_operation_t - psa_verify_hash_interruptible_operation_t - mbedtls_svc_key_id_t - psa_key_agreement_iop_t - psa_generate_key_iop_t - psa_export_public_key_iop_t); - -grep(s/-/ /g, @types); - -# IS-A: Some data types are typedef'd; we serialise them as the other type -my %isa = ( - "psa_status_t" => "int", - "psa_algorithm_t" => "unsigned int", - "psa_key_derivation_step_t" => "uint16_t", -); - -if ($which eq "h") { - - print h_header(); - - for my $type (@types) { - if ($type eq "buffer") { - print declare_buffer_functions(); - } else { - print declare_needs($type, ""); - print declare_serialise($type, ""); - print declare_deserialise($type, ""); - - if ($type =~ /^psa_\w+_operation_t$/) { - print declare_needs($type, "server_"); - print declare_serialise($type, "server_"); - print declare_deserialise($type, "server_"); - } - } - } - -} elsif ($which eq "c") { - - my $have_operation_types = (grep(/psa_\w+_operation_t/, @types)) ? 1 : 0; - - print c_header(); - print c_define_types_for_operation_types() if $have_operation_types; - - for my $type (@types) { - next unless $type =~ /^psa_(\w+)_operation_t$/; - print define_operation_type_data_and_functions($1); - } - - print c_define_begins(); - - for my $type (@types) { - if ($type eq "buffer") { - print define_buffer_functions(); - } elsif (exists($isa{$type})) { - print define_needs_isa($type, $isa{$type}); - print define_serialise_isa($type, $isa{$type}); - print define_deserialise_isa($type, $isa{$type}); - } else { - print define_needs($type); - print define_serialise($type); - print define_deserialise($type); - - if ($type =~ /^psa_\w+_operation_t$/) { - print define_server_needs($type); - print define_server_serialise($type); - print define_server_deserialise($type); - } - } - } - - print define_server_serialize_reset(@types); -} else { - die("internal error - shouldn't happen"); -} - -sub declare_needs -{ - my ($type, $server) = @_; - - my $an = ($type =~ /^[ui]/) ? "an" : "a"; - my $type_d = $type; - $type_d =~ s/ /_/g; - - my $ptr = (length($server)) ? "*" : ""; - - return < -#include - -#include "psa/crypto.h" -#include "psa/crypto_types.h" -#include "psa/crypto_values.h" - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/** Reset all operation slots. - * - * Should be called when all clients have disconnected. - */ -void psa_sim_serialize_reset(void); - -/** Return how much buffer space is needed by \c psasim_serialise_begin(). - * - * \return The number of bytes needed in the buffer for - * \c psasim_serialise_begin()'s output. - */ -size_t psasim_serialise_begin_needs(void); - -/** Begin serialisation into a buffer. - * - * This must be the first serialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error (likely - * no space). - */ -int psasim_serialise_begin(uint8_t **pos, size_t *remaining); - -/** Begin deserialisation of a buffer. - * - * This must be the first deserialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); -EOF -} - -sub define_needs -{ - my ($type) = @_; - - my $type_d = $type; - $type_d =~ s/ /_/g; - - return < 0) { // To be able to serialise (NULL, 0) - memcpy(*pos, buffer, buffer_length); - *pos += buffer_length; - } - - return 1; -} - -int psasim_deserialise_buffer(uint8_t **pos, - size_t *remaining, - uint8_t **buffer, - size_t *buffer_length) -{ - if (*remaining < sizeof(*buffer_length)) { - return 0; - } - - memcpy(buffer_length, *pos, sizeof(*buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (*buffer_length == 0) { // Deserialise (NULL, 0) - *buffer = NULL; - return 1; - } - - if (*remaining < *buffer_length) { - return 0; - } - - uint8_t *data = malloc(*buffer_length); - if (data == NULL) { - return 0; - } - - memcpy(data, *pos, *buffer_length); - *pos += *buffer_length; - *remaining -= *buffer_length; - - *buffer = data; - - return 1; -} - -/* When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. */ -int psasim_deserialise_return_buffer(uint8_t **pos, - size_t *remaining, - uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length)) { - return 0; - } - - size_t length_check; - - memcpy(&length_check, *pos, sizeof(buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server - return 0; - } - - if (length_check == 0) { // Deserialise (NULL, 0) - return 1; - } - - if (*remaining < buffer_length) { - return 0; - } - - memcpy(buffer, *pos, buffer_length); - *pos += buffer_length; - *remaining -= buffer_length; - - return 1; -} -EOF -} - - -sub c_header -{ - return <<'EOF'; -/** - * \file psa_sim_serialise.c - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa_sim_serialise.h" -#include "util.h" -#include -#include - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ -EOF -} - -sub c_define_types_for_operation_types -{ - return <<'EOF'; - -/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; - * but we don't get it on server builds, so redefine it here with a unique type name - */ -typedef uint32_t psasim_client_handle_t; - -typedef struct psasim_operation_s { - psasim_client_handle_t handle; -} psasim_operation_t; - -#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ -EOF -} - -sub define_operation_type_data_and_functions -{ - my ($type) = @_; # e.g. 'hash' rather than 'psa_hash_operation_t' - - my $utype = ucfirst($type); - - return < $#code; - - # Find where the ( is - my $idx = index($code[$i], "("); - die("can't find (") if $idx < 0; - - my $indent = " " x ($idx + 1); - do { - # Indent each line up until the one with the ; on it - $code[++$i] =~ s/^\s+/$indent/; - } while ($code[$i] !~ /;/); - - return join("\n", @code) . "\n"; -} diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c deleted file mode 100644 index aa0c75a488..0000000000 --- a/tests/psa-client-server/psasim/src/server.c +++ /dev/null @@ -1,117 +0,0 @@ -/* psasim test server */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include "service.h" -#include "error_ext.h" -#include "util.h" -#include "psa_manifest/manifest.h" -#include "psa_functions_codes.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#ifdef DEBUG -#define SERVER_PRINT(fmt, ...) \ - PRINT("Server: " fmt, ##__VA_ARGS__) -#else -#define SERVER_PRINT(...) -#endif - -#define BUF_SIZE 25 - -static int kill_on_disconnect = 0; /* Kill the server on client disconnection. */ - -void parse_input_args(int argc, char *argv[]) -{ - int opt; - - while ((opt = getopt(argc, argv, "k")) != -1) { - switch (opt) { - case 'k': - kill_on_disconnect = 1; - break; - default: - fprintf(stderr, "Usage: %s [-k]\n", argv[0]); - exit(EXIT_FAILURE); - } - } -} - -int psa_server_main(int argc, char *argv[]) -{ - psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR; - psa_msg_t msg = { -1 }; - const int magic_num = 66; - int client_disconnected = 0; - extern psa_status_t psa_crypto_call(psa_msg_t msg); - extern psa_status_t psa_crypto_close(void); - -#if defined(MBEDTLS_VERSION_C) - const char *mbedtls_version = mbedtls_version_get_string_full(); - SERVER_PRINT("%s", mbedtls_version); -#endif - - parse_input_args(argc, argv); - SERVER_PRINT("Starting"); - - while (!(kill_on_disconnect && client_disconnected)) { - psa_signal_t signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); - - if (signals > 0) { - SERVER_PRINT("Signals: 0x%08x", signals); - } - - if (signals & PSA_CRYPTO_SIGNAL) { - if (PSA_SUCCESS == psa_get(PSA_CRYPTO_SIGNAL, &msg)) { - SERVER_PRINT("handle: %d - rhandle: %p", msg.handle, (int *) msg.rhandle); - switch (msg.type) { - case PSA_IPC_CONNECT: - SERVER_PRINT("Got a connection message"); - psa_set_rhandle(msg.handle, (void *) &magic_num); - ret = PSA_SUCCESS; - break; - case PSA_IPC_DISCONNECT: - SERVER_PRINT("Got a disconnection message"); - ret = PSA_SUCCESS; - client_disconnected = 1; - psa_crypto_close(); - break; - default: - SERVER_PRINT("Got an IPC call of type %d", msg.type); - ret = psa_crypto_call(msg); - SERVER_PRINT("Internal function call returned %d", ret); - - if (msg.client_id > 0) { - psa_notify(msg.client_id); - } else { - SERVER_PRINT("Client is non-secure, so won't notify"); - } - } - - psa_reply(msg.handle, ret); - } else { - SERVER_PRINT("Failed to retrieve message"); - } - } else if (SIGSTP_SIG & signals) { - SERVER_PRINT("Recieved SIGSTP signal. Gonna EOI it."); - psa_eoi(SIGSTP_SIG); - } else if (SIGINT_SIG & signals) { - SERVER_PRINT("Handling interrupt!"); - SERVER_PRINT("Gracefully quitting"); - psa_panic(); - } else { - SERVER_PRINT("No signal asserted"); - } - } - - return 0; -} diff --git a/tests/psa-client-server/psasim/test/kill_servers.sh b/tests/psa-client-server/psasim/test/kill_servers.sh deleted file mode 100755 index d72263791f..0000000000 --- a/tests/psa-client-server/psasim/test/kill_servers.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -e - -pkill psa_server || true - -# Remove temporary files -rm -f psa_notify_* - -# Remove all IPCs -# Not just ipcrm -all=msg as it is not supported on macOS. -# Filter out header and empty lines, choosing to select based on keys being -# output in hex. -ipcs -q | fgrep 0x | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh deleted file mode 100755 index f54e352532..0000000000 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This is a simple bash script that tests psa_client/psa_server interaction. -# This script is automatically executed when "make run" is launched by the -# "psasim" root folder. The script can also be launched manually once -# binary files are built (i.e. after "make test" is executed from the "psasim" -# root folder). - -set -e - -cd "$(dirname "$0")" - -CLIENT_BIN=$1 -shift - -./kill_servers.sh - -./start_server.sh -./$CLIENT_BIN "$@" - -./kill_servers.sh diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh deleted file mode 100755 index 1249930af1..0000000000 --- a/tests/psa-client-server/psasim/test/start_server.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -e - -# The server creates some local files when it starts up so we can wait for this -# event as signal that the server is ready so that we can start client(s). -function wait_for_server_startup() { - SECONDS=0 - TIMEOUT=10 - - while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do - if [ "$SECONDS" -ge "$TIMEOUT" ]; then - echo "Timeout: psa_server not started within $TIMEOUT seconds." - return 1 - fi - sleep 0.1 - done -} - -$(dirname "$0")/psa_server & -wait_for_server_startup diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py deleted file mode 100755 index fbc98060fe..0000000000 --- a/tests/psa-client-server/psasim/tools/psa_autogen.py +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/env python3 -"""This hacky script generates a partition from a manifest file""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import json -import os -import sys -from os import listdir - -if len(sys.argv) != 2: - print("Usage: psa_autogen ") - sys.exit(1) - -FILENAME = str(sys.argv[1]) - -SCRIPT_PATH = os.path.dirname(__file__) -GENERATED_H_PATH = os.path.join(SCRIPT_PATH, "..", "include", "psa_manifest") -GENERATED_C_PATH = os.path.join(SCRIPT_PATH, "..", "src") - -MANIFEST_FILE = os.path.join(GENERATED_H_PATH, "manifest.h") -PID_FILE = os.path.join(GENERATED_H_PATH, "pid.h") -SID_FILE = os.path.join(GENERATED_H_PATH, "sid.h") - -with open(str(FILENAME), "r") as read_file: - data = json.load(read_file) - FILENAME = os.path.basename(FILENAME) - FILENAME = FILENAME.split('.')[0] - print("Base filename is " + str(FILENAME)) - - if str(data['psa_framework_version'] == "1.0"): - entry_point = str(data['entry_point']) - partition_name = str(data['name']) - services = data['services'] - try: - irqs = data['irqs'] - except KeyError: - irqs = [] - - try: - os.mkdir(GENERATED_H_PATH) - print("Generating psa_manifest directory") - except OSError: - print("PSA manifest directory already exists") - - manifest_content = [] - pids_content = [] - sids_content = [] - - if len(services) > 28: - print ("Unsupported number of services") - - count = 4 # For creating SID array - nsacl = "const int ns_allowed[32] = { " - policy = "const int strict_policy[32] = { " - qcode = "const char *psa_queues[] = { " - versions = "const uint32_t versions[32] = { " - queue_path = "psa_service_" - start = False - - for x in range(0, count): - qcode = qcode + "\"\", " - nsacl = nsacl + "0, " - policy = policy + "0, " - versions = versions + "0, " - - # Go through all the services to make sid.h and pid.h - for svc in services: - manifest_content.append("#define {}_SIGNAL 0x{:08x}".format(svc['signal'], 2**count)) - sids_content.append("#define {}_SID {}".format(svc['name'], svc['sid'])) - qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\"," - ns_clients = svc['non_secure_clients'] - print(str(svc)) - if ns_clients == "true": - nsacl = nsacl + "1, " - else: - nsacl = nsacl + "0, " - try: - versions = versions + str(svc['minor_version']) + ", " - except KeyError: - versions = versions + "1, " - - strict = 0 - try: - if str(svc['minor_policy']).lower() == "strict": - strict = 1 - policy = policy + "1, " - else: - policy = policy + "0, " - except KeyError: - strict = 0 - policy = policy + "0, " - - count = count+1 - - sigcode = "" - handlercode = "void __sig_handler(int signo) {\n" - irqcount = count - for irq in irqs: - manifest_content.append("#define {} 0x{:08x}".format(irq['signal'], 2**irqcount)) - sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source']) - handlercode = handlercode + \ - " if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount) - irqcount = irqcount+1 - - handlercode = handlercode + "}\n" - - while (count < 32): - qcode = qcode + "\"\", " - nsacl = nsacl + "0, " - versions = versions + "0, " - policy = policy + "0, " - count = count + 1 - - qcode = qcode + "};\n" - nsacl = nsacl + "};\n" - versions = versions + "};\n" - policy = policy + "};\n" - - with open(MANIFEST_FILE, "wt") as output: - output.write("\n".join(manifest_content)) - with open(SID_FILE, "wt") as output: - output.write("\n".join(sids_content)) - with open(PID_FILE, "wt") as output: - output.write("\n".join(pids_content)) - - symbols = [] - - # Go through source files and look for the entrypoint - for root, directories, filenames in os.walk(GENERATED_C_PATH): - for filename in filenames: - if "psa_ff_bootstrap" in filename or filename == "psa_manifest": - continue - try: - fullpath = os.path.join(root,filename) - with open(fullpath, encoding='utf-8') as currentFile: - text = currentFile.read() - if str(entry_point + "(") in text: - symbols.append(filename) - except IOError: - print("Couldn't open " + filename) - except UnicodeDecodeError: - pass - - print(str("Number of entrypoints detected: " + str(len(symbols)))) - if len(symbols) < 1: - print("Couldn't find function " + entry_point) - sys.exit(1) - elif len(symbols) > 1: - print("Duplicate entrypoint symbol detected: " + str(symbols)) - sys.exit(2) - else: - C_FILENAME = os.path.join(GENERATED_C_PATH, "psa_ff_bootstrap_" + partition_name + ".c") - c_content = [] - c_content.append("#include ") - c_content.append("#include \"" + symbols[0] + "\"") - c_content.append("#include ") - c_content.append(qcode) - c_content.append(nsacl) - c_content.append(policy) - c_content.append(versions) - c_content.append(handlercode) - c_content.append("int main(int argc, char *argv[]) {") - c_content.append(" (void) argc;") - c_content.append(sigcode) - c_content.append(" __init_psasim(psa_queues, 32, ns_allowed, versions," - "strict_policy);") - c_content.append(" " + entry_point + "(argc, argv);") - c_content.append("}") - with open(C_FILENAME, "wt") as output: - output.write("\n".join(c_content)) - - print("Success") diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh deleted file mode 100755 index 089cb6b9e0..0000000000 --- a/tests/scripts/all.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash - -# all.sh (mbedtls part) -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file is executable; it is the entry point for users and the CI. -# See "Files structure" in all-core.sh for other files used. - -# This script must be invoked from the project's root. - -FRAMEWORK="$PWD/framework" -source $FRAMEWORK/scripts/all-core.sh - -main "$@" diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py deleted file mode 100755 index d5843f867e..0000000000 --- a/tests/scripts/analyze_outcomes.py +++ /dev/null @@ -1,680 +0,0 @@ -#!/usr/bin/env python3 - -"""Analyze the test outcomes from a full CI run. - -This script can also run on outcomes from a partial run, but the results are -less likely to be useful. -""" - -import re -import typing - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import outcome_analysis - - -class CoverageTask(outcome_analysis.CoverageTask): - """Justify test cases that are never executed.""" - - @staticmethod - def _has_word_re(words: typing.Iterable[str], - exclude: typing.Optional[str] = None) -> typing.Pattern: - """Construct a regex that matches if any of the words appears. - - The occurrence must start and end at a word boundary. - - If exclude is specified, strings containing a match for that - regular expression will not match the returned pattern. - """ - exclude_clause = r'' - if exclude: - exclude_clause = r'(?!.*' + exclude + ')' - return re.compile(exclude_clause + - r'.*\b(?:' + r'|'.join(words) + r')\b.*', - re.DOTALL) - - IGNORED_TESTS = { - 'ssl-opt': [ - # We don't run ssl-opt.sh with Valgrind on the CI because - # it's extremely slow. We don't intend to change this. - 'DTLS client reconnect from same port: reconnect, nbio, valgrind', - # We don't have IPv6 in our CI environment. - # https://github.com/Mbed-TLS/mbedtls-test/issues/176 - 'DTLS cookie: enabled, IPv6', - # Disabled due to OpenSSL bug. - # https://github.com/openssl/openssl/issues/18887 - 'DTLS fragmenting: 3d, openssl client, DTLS 1.2', - # We don't run ssl-opt.sh with Valgrind on the CI because - # it's extremely slow. We don't intend to change this. - 'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)', - # TLS doesn't use restartable ECDH yet. - # https://github.com/Mbed-TLS/mbedtls/issues/7294 - re.compile(r'EC restart:.*no USE_PSA.*'), - ], - 'test_suite_config.mbedtls_boolean': [ - # Missing coverage of test configurations. - # https://github.com/Mbed-TLS/mbedtls/issues/9585 - 'Config: !MBEDTLS_SSL_DTLS_ANTI_REPLAY', - # Missing coverage of test configurations. - # https://github.com/Mbed-TLS/mbedtls/issues/9585 - 'Config: !MBEDTLS_SSL_DTLS_HELLO_VERIFY', - # We don't run test_suite_config when we test this. - # https://github.com/Mbed-TLS/mbedtls/issues/9586 - 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED', - ], - 'test_suite_config.crypto_combinations': [ - # New thing in crypto. Not intended to be tested separately - # in mbedtls. - # https://github.com/Mbed-TLS/mbedtls/issues/10300 - 'Config: entropy: NV seed only', - ], - 'test_suite_config.psa_boolean': [ - # We don't test with HMAC disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9591 - 'Config: !PSA_WANT_ALG_HMAC', - # The DERIVE key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_DERIVE', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT', - 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE', - 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', - 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', - # We don't test with HMAC disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9591 - 'Config: !PSA_WANT_KEY_TYPE_HMAC', - # The PASSWORD key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_PASSWORD', - # The PASSWORD_HASH key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_PASSWORD_HASH', - # The RAW_DATA key type is always enabled. - 'Config: !PSA_WANT_KEY_TYPE_RAW_DATA', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', - # Algorithm declared but not supported. - 'Config: PSA_WANT_ALG_CBC_MAC', - # Algorithm declared but not supported. - 'Config: PSA_WANT_ALG_XTS', - # More granularity of key pair type enablement macros - # than we care to test. - # https://github.com/Mbed-TLS/mbedtls/issues/9590 - 'Config: PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE', - 'Config: PSA_WANT_KEY_TYPE_ECC_KEY_PAIR', - 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR', - 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE', - # https://github.com/Mbed-TLS/mbedtls/issues/9583 - 'Config: !MBEDTLS_ECP_NIST_OPTIM', - # We never test without the PSA client code. Should we? - # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/112 - 'Config: !MBEDTLS_PSA_CRYPTO_CLIENT', - # We only test multithreading with pthreads. - # https://github.com/Mbed-TLS/mbedtls/issues/9584 - 'Config: !MBEDTLS_THREADING_PTHREAD', - # Built but not tested. - # https://github.com/Mbed-TLS/mbedtls/issues/9587 - 'Config: MBEDTLS_AES_USE_HARDWARE_ONLY', - # Untested platform-specific optimizations. - # https://github.com/Mbed-TLS/mbedtls/issues/9588 - 'Config: MBEDTLS_HAVE_SSE2', - # Untested aspect of the platform interface. - # https://github.com/Mbed-TLS/mbedtls/issues/9589 - 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', - # In a client-server build, test_suite_config runs in the - # client configuration, so it will never report - # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. - 'Config: MBEDTLS_PSA_CRYPTO_SPM', - # We don't test on armv8 yet. - 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', - # We don't run test_suite_config when we test this. - # https://github.com/Mbed-TLS/mbedtls/issues/9586 - 'Config: MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', - ], - 'test_suite_config.psa_combinations': [ - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - 'Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA', - ], - 'test_suite_pkcs12': [ - # We never test with CBC/PKCS5/PKCS12 enabled but - # PKCS7 padding disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9580 - 'PBE Decrypt, (Invalid padding & PKCS7 padding disabled)', - 'PBE Encrypt, pad = 8 (PKCS7 padding disabled)', - ], - 'test_suite_pkcs5': [ - # We never test with CBC/PKCS5/PKCS12 enabled but - # PKCS7 padding disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9580 - 'PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)', - 'PBES2 Encrypt, pad=6 (PKCS7 padding disabled)', - 'PBES2 Encrypt, pad=8 (PKCS7 padding disabled)', - ], - 'test_suite_psa_crypto': [ - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - re.compile(r'.*ECDSA.*only deterministic supported'), - ], - 'test_suite_psa_crypto_metadata': [ - # Algorithms declared but not supported. - # https://github.com/Mbed-TLS/mbedtls/issues/9579 - 'Asymmetric signature: Ed25519ph', - 'Asymmetric signature: Ed448ph', - 'Asymmetric signature: pure EdDSA', - 'Cipher: XTS', - 'MAC: CBC_MAC-3DES', - 'MAC: CBC_MAC-AES-128', - 'MAC: CBC_MAC-AES-192', - 'MAC: CBC_MAC-AES-256', - ], - 'test_suite_psa_crypto_not_supported.generated': [ - # We never test with DH key support disabled but support - # for a DH group enabled. The dependencies of these test - # cases don't really make sense. - # https://github.com/Mbed-TLS/mbedtls/issues/9574 - re.compile(r'PSA \w+ DH_.*type not supported'), - # We only test partial support for DH with the 2048-bit group - # enabled and the other groups disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9575 - 'PSA generate DH_KEY_PAIR(RFC7919) 2048-bit group not supported', - 'PSA import DH_KEY_PAIR(RFC7919) 2048-bit group not supported', - 'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported', - ], - 'test_suite_psa_crypto_op_fail.generated': [ - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - re.compile(r'.*: !ECDSA but DETERMINISTIC_ECDSA with ECC_.*'), - # We never test with the HMAC algorithm enabled but the HMAC - # key type disabled. Those dependencies don't really make sense. - # https://github.com/Mbed-TLS/mbedtls/issues/9573 - re.compile(r'.* !HMAC with HMAC'), - # We don't test with ECDH disabled but the key type enabled. - # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/161 - re.compile(r'PSA key_agreement.* !ECDH with ECC_KEY_PAIR\(.*'), - # We don't test with FFDH disabled but the key type enabled. - # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/160 - re.compile(r'PSA key_agreement.* !FFDH with DH_KEY_PAIR\(.*'), - ], - 'test_suite_psa_crypto_op_fail.misc': [ - # We don't test this unusual, but sensible configuration. - # https://github.com/Mbed-TLS/mbedtls/issues/9592 - 'PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)', #pylint: disable=line-too-long - ], - 'tls13-misc': [ - # Disabled due to OpenSSL bug. - # https://github.com/openssl/openssl/issues/10714 - 'TLS 1.3 O->m: resumption', - # Disabled due to OpenSSL command line limitation. - # https://github.com/Mbed-TLS/mbedtls/issues/9582 - 'TLS 1.3 m->O: resumption with early data', - ], - } - - -# The names that we give to classes derived from DriverVSReference do not -# follow the usual naming convention, because it's more readable to use -# underscores and parts of the configuration names. Also, these classes -# are just there to specify some data, so they don't need repetitive -# documentation. -#pylint: disable=invalid-name,missing-class-docstring - -class DriverVSReference_hash(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa' - DRIVER = 'test_psa_crypto_config_accel_hash_use_psa' - IGNORED_SUITES = [ - 'shax', 'mdx', # the software implementations that are being excluded - 'md.psa', # purposefully depends on whether drivers are present - 'psa_crypto_low_hash.generated', # testing the builtins - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_hmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hmac' - DRIVER = 'test_psa_crypto_config_accel_hmac' - IGNORED_SUITES = [ - # These suites require legacy hash support, which is disabled - # in the accelerated component. - 'shax', 'mdx', - # This suite tests builtins directly, but these are missing - # in the accelerated case. - 'psa_crypto_low_hash.generated', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - re.compile(r'.*\bMBEDTLS_MD_C\b') - ], - 'test_suite_md': [ - # Builtin HMAC is not supported in the accelerate component. - re.compile('.*HMAC.*'), - # Following tests make use of functions which are not available - # when MD_C is disabled, as it happens in the accelerated - # test component. - re.compile('generic .* Hash file .*'), - 'MD list', - ], - 'test_suite_md.psa': [ - # "legacy only" tests require hash algorithms to be NOT - # accelerated, but this of course false for the accelerated - # test component. - re.compile('PSA dispatch .* legacy only'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_cipher_aead_cmac' - DRIVER = 'test_psa_crypto_config_accel_cipher_aead_cmac' - # Modules replaced by drivers. - IGNORED_SUITES = [ - # low-level (block/stream) cipher modules - 'aes', 'aria', 'camellia', 'des', 'chacha20', - # AEAD modes, CMAC and POLY1305 - 'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305', - # The Cipher abstraction layer - 'cipher', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'), - re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_CIPHER_.*'), - ], - # PEM decryption is not supported so far. - # The rest of PEM (write, unencrypted read) works though. - 'test_suite_pem': [ - re.compile(r'PEM read .*(AES|DES|\bencrypt).*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on AES_C/DES_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single low error' - ], - # The en/decryption part of PKCS#12 is not supported so far. - # The rest of PKCS#12 (key derivation) works though. - 'test_suite_pkcs12': [ - re.compile(r'PBE Encrypt, .*'), - re.compile(r'PBE Decrypt, .*'), - ], - # The en/decryption part of PKCS#5 is not supported so far. - # The rest of PKCS#5 (PBKDF2) works though. - 'test_suite_pkcs5': [ - re.compile(r'PBES2 Encrypt, .*'), - re.compile(r'PBES2 Decrypt .*'), - ], - # Encrypted keys are not supported so far. - # pylint: disable=line-too-long - 'test_suite_pkparse': [ - 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)', - 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)', - re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'), - ], - # Encrypted keys are not supported so far. - 'ssl-opt': [ - 'TLS: password protected server key', - 'TLS: password protected client key', - 'TLS: password protected server key, two certificates', - ], - } - -class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ecp_light_only' - DRIVER = 'test_psa_crypto_config_accel_ecc_ecp_light_only' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # This test wants a legacy function that takes f_rng, p_rng - # arguments, and uses legacy ECDSA for that. The test is - # really about the wrapper around the PSA RNG, not ECDSA. - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # In the accelerated test ECP_C is not set (only ECP_LIGHT is) - # so we must ignore disparities in the tests for which ECP_C - # is required. - 'test_suite_ecp': [ - re.compile(r'ECP check public-private .*'), - re.compile(r'ECP calculate public: .*'), - re.compile(r'ECP gen keypair .*'), - re.compile(r'ECP point muladd .*'), - re.compile(r'ECP point multiplication .*'), - re.compile(r'ECP test vectors .*'), - ], - } - -class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_ecp_at_all' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_ecp_at_all' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - 'test_suite_pkparse': [ - # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED - # is automatically enabled in build_info.h (backward compatibility) - # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a - # consequence compressed points are supported in the reference - # component but not in the accelerated one, so they should be skipped - # while checking driver's coverage. - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - } - -class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - } - -class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - } - -class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ffdh' - DRIVER = 'test_psa_crypto_config_accel_ffdh' - IGNORED_TESTS = { - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_tfm_config(outcome_analysis.DriverVSReference): - REFERENCE = 'test_tfm_config_no_p256m' - DRIVER = 'test_tfm_config_p256m_driver_accel_ec' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'asn1parse', 'asn1write', - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*') - ], - 'test_suite_config.crypto_combinations': [ - 'Config: ECC: Weierstrass curves only', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - } - -class DriverVSReference_rsa(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_rsa_crypto' - DRIVER = 'test_psa_crypto_config_accel_rsa_crypto' - IGNORED_SUITES = [ - # Modules replaced by drivers. - 'rsa', 'pkcs1_v15', 'pkcs1_v21', - # We temporarily don't care about PK stuff. - 'pk', 'pkwrite', 'pkparse' - ] - IGNORED_TESTS = { - 'test_suite_bignum.misc': [ - re.compile(r'.*\bmbedtls_mpi_is_prime.*'), - re.compile(r'.*\bmbedtls_mpi_gen_prime.*'), - ], - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'), - re.compile(r'.*\bMBEDTLS_GENPRIME\b.*') - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on RSA_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single high error' - ], - # Constant time operations only used for PKCS1_V15 - 'test_suite_constant_time': [ - re.compile(r'mbedtls_ct_zeroize_if .*'), - re.compile(r'mbedtls_ct_memmove_left .*') - ], - 'test_suite_psa_crypto': [ - # We don't support generate_key_custom entry points - # in drivers yet. - re.compile(r'PSA generate key custom: RSA, e=.*'), - re.compile(r'PSA generate key ext: RSA, e=.*'), - ], - } - -class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference): - REFERENCE = 'test_full_block_cipher_legacy_dispatch' - DRIVER = 'test_full_block_cipher_psa_dispatch' - IGNORED_SUITES = [ - # Skipped in the accelerated component - 'aes', 'aria', 'camellia', - # These require AES_C, ARIA_C or CAMELLIA_C to be enabled in - # order for the cipher module (actually cipher_wrapper) to work - # properly. However these symbols are disabled in the accelerated - # component so we ignore them. - 'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria', - 'cipher.camellia', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - ], - 'test_suite_cmac': [ - # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - 'CMAC null arguments', - re.compile('CMAC.* (AES|ARIA|Camellia).*'), - ], - 'test_suite_cipher.padding': [ - # Following tests require AES_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), - ], - 'test_suite_pkcs5': [ - # The AES part of PKCS#5 PBES2 is not yet supported. - # The rest of PKCS#5 (PBKDF2) works, though. - re.compile(r'PBES2 .* AES-.*') - ], - 'test_suite_pkparse': [ - # PEM (called by pkparse) requires AES_C in order to decrypt - # the key, but this is not available in the accelerated - # component. - re.compile('Parse RSA Key.*(password|AES-).*'), - ], - 'test_suite_pem': [ - # Following tests require AES_C, but this is diabled in the - # accelerated component. - re.compile('PEM read .*AES.*'), - 'PEM read (unknown encryption algorithm)', - ], - 'test_suite_error': [ - # Following tests depend on AES_C but are not about them - # really, just need to know some error code is there. - 'Single low error', - 'Low and high error', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -#pylint: enable=invalid-name,missing-class-docstring - - -# List of tasks with a function that can handle this task and additional arguments if required -KNOWN_TASKS = { - 'analyze_coverage': CoverageTask, - 'analyze_driver_vs_reference_hash': DriverVSReference_hash, - 'analyze_driver_vs_reference_hmac': DriverVSReference_hmac, - 'analyze_driver_vs_reference_cipher_aead_cmac': DriverVSReference_cipher_aead_cmac, - 'analyze_driver_vs_reference_ecp_light_only': DriverVSReference_ecp_light_only, - 'analyze_driver_vs_reference_no_ecp_at_all': DriverVSReference_no_ecp_at_all, - 'analyze_driver_vs_reference_ecc_no_bignum': DriverVSReference_ecc_no_bignum, - 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': DriverVSReference_ecc_ffdh_no_bignum, - 'analyze_driver_vs_reference_ffdh_alg': DriverVSReference_ffdh_alg, - 'analyze_driver_vs_reference_tfm_config': DriverVSReference_tfm_config, - 'analyze_driver_vs_reference_rsa': DriverVSReference_rsa, - 'analyze_block_cipher_dispatch': DriverVSReference_block_cipher_dispatch, -} - -if __name__ == '__main__': - outcome_analysis.main(KNOWN_TASKS) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py deleted file mode 100755 index 3d0924602c..0000000000 --- a/tests/scripts/audit-validity-dates.py +++ /dev/null @@ -1,469 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -"""Audit validity date of X509 crt/crl/csr. - -This script is used to audit the validity date of crt/crl/csr used for testing. -It prints the information about X.509 objects excluding the objects that -are valid throughout the desired validity period. The data are collected -from framework/data_files/ and tests/suites/*.data files by default. -""" - -import os -import re -import typing -import argparse -import datetime -import glob -import logging -import hashlib -from enum import Enum - -# The script requires cryptography >= 35.0.0 which is only available -# for Python >= 3.6. -import cryptography -from cryptography import x509 - -from generate_test_code import FileWrapper - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree -from mbedtls_framework import logging_util - -def check_cryptography_version(): - match = re.match(r'^[0-9]+', cryptography.__version__) - if match is None or int(match.group(0)) < 35: - raise Exception("audit-validity-dates requires cryptography >= 35.0.0" - + "({} is too old)".format(cryptography.__version__)) - -class DataType(Enum): - CRT = 1 # Certificate - CRL = 2 # Certificate Revocation List - CSR = 3 # Certificate Signing Request - - -class DataFormat(Enum): - PEM = 1 # Privacy-Enhanced Mail - DER = 2 # Distinguished Encoding Rules - - -class AuditData: - """Store data location, type and validity period of X.509 objects.""" - #pylint: disable=too-few-public-methods - def __init__(self, data_type: DataType, x509_obj): - self.data_type = data_type - # the locations that the x509 object could be found - self.locations = [] # type: typing.List[str] - self.fill_validity_duration(x509_obj) - self._obj = x509_obj - encoding = cryptography.hazmat.primitives.serialization.Encoding.DER - self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest() - - @property - def identifier(self): - """ - Identifier of the underlying X.509 object, which is consistent across - different runs. - """ - return self._identifier - - def fill_validity_duration(self, x509_obj): - """Read validity period from an X.509 object.""" - # Certificate expires after "not_valid_after" - # Certificate is invalid before "not_valid_before" - if self.data_type == DataType.CRT: - self.not_valid_after = x509_obj.not_valid_after - self.not_valid_before = x509_obj.not_valid_before - # CertificateRevocationList expires after "next_update" - # CertificateRevocationList is invalid before "last_update" - elif self.data_type == DataType.CRL: - self.not_valid_after = x509_obj.next_update - self.not_valid_before = x509_obj.last_update - # CertificateSigningRequest is always valid. - elif self.data_type == DataType.CSR: - self.not_valid_after = datetime.datetime.max - self.not_valid_before = datetime.datetime.min - else: - raise ValueError("Unsupported file_type: {}".format(self.data_type)) - - -class X509Parser: - """A parser class to parse crt/crl/csr file or data in PEM/DER format.""" - PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}(?P.*?)-{5}END (?P=type)-{5}' - PEM_TAG_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n' - PEM_TAGS = { - DataType.CRT: 'CERTIFICATE', - DataType.CRL: 'X509 CRL', - DataType.CSR: 'CERTIFICATE REQUEST' - } - - def __init__(self, - backends: - typing.Dict[DataType, - typing.Dict[DataFormat, - typing.Callable[[bytes], object]]]) \ - -> None: - self.backends = backends - self.__generate_parsers() - - def __generate_parser(self, data_type: DataType): - """Parser generator for a specific DataType""" - tag = self.PEM_TAGS[data_type] - pem_loader = self.backends[data_type][DataFormat.PEM] - der_loader = self.backends[data_type][DataFormat.DER] - def wrapper(data: bytes): - pem_type = X509Parser.pem_data_type(data) - # It is in PEM format with target tag - if pem_type == tag: - return pem_loader(data) - # It is in PEM format without target tag - if pem_type: - return None - # It might be in DER format - try: - result = der_loader(data) - except ValueError: - result = None - return result - wrapper.__name__ = "{}.parser[{}]".format(type(self).__name__, tag) - return wrapper - - def __generate_parsers(self): - """Generate parsers for all support DataType""" - self.parsers = {} - for data_type, _ in self.PEM_TAGS.items(): - self.parsers[data_type] = self.__generate_parser(data_type) - - def __getitem__(self, item): - return self.parsers[item] - - @staticmethod - def pem_data_type(data: bytes) -> typing.Optional[str]: - """Get the tag from the data in PEM format - - :param data: data to be checked in binary mode. - :return: PEM tag or "" when no tag detected. - """ - m = re.search(X509Parser.PEM_TAG_REGEX, data) - if m is not None: - return m.group('type').decode('UTF-8') - else: - return None - - @staticmethod - def check_hex_string(hex_str: str) -> bool: - """Check if the hex string is possibly DER data.""" - hex_len = len(hex_str) - # At least 6 hex char for 3 bytes: Type + Length + Content - if hex_len < 6: - return False - # Check if Type (1 byte) is SEQUENCE. - if hex_str[0:2] != '30': - return False - # Check LENGTH (1 byte) value - content_len = int(hex_str[2:4], base=16) - consumed = 4 - if content_len in (128, 255): - # Indefinite or Reserved - return False - elif content_len > 127: - # Definite, Long - length_len = (content_len - 128) * 2 - content_len = int(hex_str[consumed:consumed+length_len], base=16) - consumed += length_len - # Check LENGTH - if hex_len != content_len * 2 + consumed: - return False - return True - - -class Auditor: - """ - A base class that uses X509Parser to parse files to a list of AuditData. - - A subclass must implement the following methods: - - collect_default_files: Return a list of file names that are defaultly - used for parsing (auditing). The list will be stored in - Auditor.default_files. - - parse_file: Method that parses a single file to a list of AuditData. - - A subclass may override the following methods: - - parse_bytes: Defaultly, it parses `bytes` that contains only one valid - X.509 data(DER/PEM format) to an X.509 object. - - walk_all: Defaultly, it iterates over all the files in the provided - file name list, calls `parse_file` for each file and stores the results - by extending the `results` passed to the function. - """ - def __init__(self, logger): - self.logger = logger - self.default_files = self.collect_default_files() - self.parser = X509Parser({ - DataType.CRT: { - DataFormat.PEM: x509.load_pem_x509_certificate, - DataFormat.DER: x509.load_der_x509_certificate - }, - DataType.CRL: { - DataFormat.PEM: x509.load_pem_x509_crl, - DataFormat.DER: x509.load_der_x509_crl - }, - DataType.CSR: { - DataFormat.PEM: x509.load_pem_x509_csr, - DataFormat.DER: x509.load_der_x509_csr - }, - }) - - def collect_default_files(self) -> typing.List[str]: - """Collect the default files for parsing.""" - raise NotImplementedError - - def parse_file(self, filename: str) -> typing.List[AuditData]: - """ - Parse a list of AuditData from file. - - :param filename: name of the file to parse. - :return list of AuditData parsed from the file. - """ - raise NotImplementedError - - def parse_bytes(self, data: bytes): - """Parse AuditData from bytes.""" - for data_type in list(DataType): - try: - result = self.parser[data_type](data) - except ValueError as val_error: - result = None - self.logger.warning(val_error) - if result is not None: - audit_data = AuditData(data_type, result) - return audit_data - return None - - def walk_all(self, - results: typing.Dict[str, AuditData], - file_list: typing.Optional[typing.List[str]] = None) \ - -> None: - """ - Iterate over all the files in the list and get audit data. The - results will be written to `results` passed to this function. - - :param results: The dictionary used to store the parsed - AuditData. The keys of this dictionary should - be the identifier of the AuditData. - """ - if file_list is None: - file_list = self.default_files - for filename in file_list: - data_list = self.parse_file(filename) - for d in data_list: - if d.identifier in results: - results[d.identifier].locations.extend(d.locations) - else: - results[d.identifier] = d - - @staticmethod - def find_test_dir(): - """Get the relative path for the Mbed TLS test directory.""" - return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests') - - -class TestDataAuditor(Auditor): - """Class for auditing files in `framework/data_files/`""" - - def collect_default_files(self): - """Collect all files in `framework/data_files/`""" - test_data_glob = os.path.join(build_tree.guess_mbedtls_root(), - 'framework', 'data_files/**') - data_files = [f for f in glob.glob(test_data_glob, recursive=True) - if os.path.isfile(f)] - return data_files - - def parse_file(self, filename: str) -> typing.List[AuditData]: - """ - Parse a list of AuditData from data file. - - :param filename: name of the file to parse. - :return list of AuditData parsed from the file. - """ - with open(filename, 'rb') as f: - data = f.read() - - results = [] - # Try to parse all PEM blocks. - is_pem = False - for idx, m in enumerate(re.finditer(X509Parser.PEM_REGEX, data, flags=re.S), 1): - is_pem = True - result = self.parse_bytes(data[m.start():m.end()]) - if result is not None: - result.locations.append("{}#{}".format(filename, idx)) - results.append(result) - - # Might be DER format. - if not is_pem: - result = self.parse_bytes(data) - if result is not None: - result.locations.append("{}".format(filename)) - results.append(result) - - return results - - -def parse_suite_data(data_f): - """ - Parses .data file for test arguments that possiblly have a - valid X.509 data. If you need a more precise parser, please - use generate_test_code.parse_test_data instead. - - :param data_f: file object of the data file. - :return: Generator that yields test function argument list. - """ - for line in data_f: - line = line.strip() - # Skip comments - if line.startswith('#'): - continue - - # Check parameters line - match = re.search(r'\A\w+(.*:)?\"', line) - if match: - # Read test vectors - parts = re.split(r'(?[0-9a-fA-F]+)"', test_arg) - if not match: - continue - if not X509Parser.check_hex_string(match.group('data')): - continue - audit_data = self.parse_bytes(bytes.fromhex(match.group('data'))) - if audit_data is None: - continue - audit_data.locations.append("{}:{}:#{}".format(filename, - data_f.line_no, - idx + 1)) - audit_data_list.append(audit_data) - - return audit_data_list - - -def list_all(audit_data: AuditData): - for loc in audit_data.locations: - print("{}\t{:20}\t{:20}\t{:3}\t{}".format( - audit_data.identifier, - audit_data.not_valid_before.isoformat(timespec='seconds'), - audit_data.not_valid_after.isoformat(timespec='seconds'), - audit_data.data_type.name, - loc)) - - -def main(): - """ - Perform argument parsing. - """ - parser = argparse.ArgumentParser(description=__doc__) - - parser.add_argument('-a', '--all', - action='store_true', - help='list the information of all the files') - parser.add_argument('-v', '--verbose', - action='store_true', dest='verbose', - help='show logs') - parser.add_argument('--from', dest='start_date', - help=('Start of desired validity period (UTC, YYYY-MM-DD). ' - 'Default: today'), - metavar='DATE') - parser.add_argument('--to', dest='end_date', - help=('End of desired validity period (UTC, YYYY-MM-DD). ' - 'Default: --from'), - metavar='DATE') - parser.add_argument('--data-files', action='append', nargs='*', - help='data files to audit', - metavar='FILE') - parser.add_argument('--suite-data-files', action='append', nargs='*', - help='suite data files to audit', - metavar='FILE') - - args = parser.parse_args() - - # start main routine - # setup logger - logger = logging.getLogger() - logging_util.configure_logger(logger) - logger.setLevel(logging.DEBUG if args.verbose else logging.ERROR) - - td_auditor = TestDataAuditor(logger) - sd_auditor = SuiteDataAuditor(logger) - - data_files = [] - suite_data_files = [] - if args.data_files is None and args.suite_data_files is None: - data_files = td_auditor.default_files - suite_data_files = sd_auditor.default_files - else: - if args.data_files is not None: - data_files = [x for l in args.data_files for x in l] - if args.suite_data_files is not None: - suite_data_files = [x for l in args.suite_data_files for x in l] - - # validity period start date - if args.start_date: - start_date = datetime.datetime.fromisoformat(args.start_date) - else: - start_date = datetime.datetime.today() - # validity period end date - if args.end_date: - end_date = datetime.datetime.fromisoformat(args.end_date) - else: - end_date = start_date - - # go through all the files - audit_results = {} - td_auditor.walk_all(audit_results, data_files) - sd_auditor.walk_all(audit_results, suite_data_files) - - logger.info("Total: {} objects found!".format(len(audit_results))) - - # we filter out the files whose validity duration covers the provided - # duration. - filter_func = lambda d: (start_date < d.not_valid_before) or \ - (d.not_valid_after < end_date) - - sortby_end = lambda d: d.not_valid_after - - if args.all: - filter_func = None - - # filter and output the results - for d in sorted(filter(filter_func, audit_results.values()), key=sortby_end): - list_all(d) - - logger.debug("Done!") - -check_cryptography_version() -if __name__ == "__main__": - main() diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh deleted file mode 100755 index 298422687f..0000000000 --- a/tests/scripts/basic-build-test.sh +++ /dev/null @@ -1,248 +0,0 @@ -#!/bin/sh - -# basic-build-test.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Executes the basic test suites, captures the results, and generates a simple -# test report and code coverage report. -# -# The tests include: -# * Unit tests - executed using tests/scripts/run-test-suite.pl -# * Self-tests - executed using the test suites above -# * System tests - executed using tests/ssl-opt.sh -# * Interoperability tests - executed using tests/compat.sh -# -# The tests focus on functionality and do not consider performance. -# -# Note the tests self-adapt due to configurations in include/mbedtls/mbedtls_config.h -# which can lead to some tests being skipped, and can cause the number of -# available tests to fluctuate. -# -# This script has been written to be generic and should work on any shell. -# -# Usage: basic-build-test.sh -# - -# Abort on errors (and uninitiliased variables) -set -eu - -if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from Mbed TLS root" >&2 - exit 1 -fi - -: ${OPENSSL:="openssl"} -: ${GNUTLS_CLI:="gnutls-cli"} -: ${GNUTLS_SERV:="gnutls-serv"} - -# Used to make ssl-opt.sh deterministic. -# -# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept -# in sync. If you change the value here because it breaks some tests, you'll -# definitely want to change it in all.sh as well. -: ${SEED:=1} -export SEED - -# if MAKEFLAGS is not set add the -j option to speed up invocations of make -if [ -z "${MAKEFLAGS+set}" ]; then - export MAKEFLAGS="-j" -fi - -# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh -# we just export the variables they require -export OPENSSL="$OPENSSL" -export GNUTLS_CLI="$GNUTLS_CLI" -export GNUTLS_SERV="$GNUTLS_SERV" - -CONFIG_H='include/mbedtls/mbedtls_config.h' -CONFIG_BAK="$CONFIG_H.bak" - -# Step 0 - print build environment info -OPENSSL="$OPENSSL" \ - GNUTLS_CLI="$GNUTLS_CLI" \ - GNUTLS_SERV="$GNUTLS_SERV" \ - framework/scripts/output_env.sh -echo - -# Step 1 - Make and instrumented build for code coverage -export CFLAGS=' --coverage -g3 -O0 ' -export LDFLAGS=' --coverage' -make -f scripts/legacy.make clean -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.py full -make -f scripts/legacy.make - -# Step 2 - Execute the tests -TEST_OUTPUT=out_${PPID} -cd tests -if [ ! -f "seedfile" ]; then - dd if=/dev/urandom of="seedfile" bs=64 count=1 -fi -if [ ! -f "../tf-psa-crypto/tests/seedfile" ]; then - cp "seedfile" "../tf-psa-crypto/tests/seedfile" -fi -echo - -# Step 2a - Unit Tests (keep going even if some tests fail) -echo '################ Unit tests ################' -perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT -echo '^^^^^^^^^^^^^^^^ Unit tests ^^^^^^^^^^^^^^^^' -echo - -# Step 2b - System Tests (keep going even if some tests fail) -echo -echo '################ ssl-opt.sh ################' -echo "ssl-opt.sh will use SEED=$SEED for udp_proxy" -sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT -echo '^^^^^^^^^^^^^^^^ ssl-opt.sh ^^^^^^^^^^^^^^^^' -echo - -# Step 2c - Compatibility tests (keep going even if some tests fail) -echo '################ compat.sh ################' -{ - echo '#### compat.sh: Default versions' - sh compat.sh -e 'ARIA\|CHACHA' - echo - - echo '#### compat.sh: next (ARIA, ChaCha)' - OPENSSL="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA' - echo -} | tee compat-test-$TEST_OUTPUT -echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^' -echo - -# Step 3 - Process the coverage report -cd .. -{ - make -f scripts/legacy.make lcov - echo SUCCESS -} | tee tests/cov-$TEST_OUTPUT - -if [ "$(tail -n1 tests/cov-$TEST_OUTPUT)" != "SUCCESS" ]; then - echo >&2 "Fatal: 'make lcov' failed" - exit 2 -fi - - -# Step 4 - Summarise the test report -echo -echo "=========================================================================" -echo "Test Report Summary" -echo - -# A failure of the left-hand side of a pipe is ignored (this is a limitation -# of sh). We'll use the presence of this file as a marker that the generation -# of the report succeeded. -rm -f "tests/basic-build-test-$$.ok" - -{ - - cd tests - - # Step 4a - Unit tests - echo "Unit tests - tests/scripts/run-test-suites.pl" - - PASSED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ') - SKIPPED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/skipped :[ \t]*\([0-9]*\)/\1/p'| tr -d ' ') - TOTAL_SUITES=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) .*, [0-9]* tests run)/\1/p'| tr -d ' ') - FAILED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/failed :[\t]*\([0-9]*\)/\1/p' |tr -d ' ') - - echo "No test suites : $TOTAL_SUITES" - echo "Passed : $PASSED_TESTS" - echo "Failed : $FAILED_TESTS" - echo "Skipped : $SKIPPED_TESTS" - echo "Total exec'd tests : $(($PASSED_TESTS + $FAILED_TESTS))" - echo "Total avail tests : $(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))" - echo - - TOTAL_PASS=$PASSED_TESTS - TOTAL_FAIL=$FAILED_TESTS - TOTAL_SKIP=$SKIPPED_TESTS - TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS)) - TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS)) - - # Step 4b - TLS Options tests - echo "TLS Options tests - tests/ssl-opt.sh" - - PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p') - SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p') - TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p') - FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS)) - - echo "Passed : $PASSED_TESTS" - echo "Failed : $FAILED_TESTS" - echo "Skipped : $SKIPPED_TESTS" - echo "Total exec'd tests : $TOTAL_TESTS" - echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))" - echo - - TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) - TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) - TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) - TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS)) - TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS)) - - - # Step 4c - System Compatibility tests - echo "System/Compatibility tests - tests/compat.sh" - - PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') - SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') - EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }') - FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS)) - - echo "Passed : $PASSED_TESTS" - echo "Failed : $FAILED_TESTS" - echo "Skipped : $SKIPPED_TESTS" - echo "Total exec'd tests : $EXED_TESTS" - echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))" - echo - - TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS)) - TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS)) - TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS)) - TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS)) - TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS)) - - - # Step 4d - Grand totals - echo "-------------------------------------------------------------------------" - echo "Total tests" - - echo "Total Passed : $TOTAL_PASS" - echo "Total Failed : $TOTAL_FAIL" - echo "Total Skipped : $TOTAL_SKIP" - echo "Total exec'd tests : $TOTAL_EXED" - echo "Total avail tests : $TOTAL_AVAIL" - echo - - - # Step 4e - Coverage report - echo "Coverage statistics:" - sed -n '1,/^Overall coverage/d; /%/p' cov-$TEST_OUTPUT - echo - - rm unit-test-$TEST_OUTPUT - rm sys-test-$TEST_OUTPUT - rm compat-test-$TEST_OUTPUT - rm cov-$TEST_OUTPUT - - # Mark the report generation as having succeeded. This must be the - # last thing in the report generation. - touch "basic-build-test-$$.ok" -} | tee coverage-summary.txt - -make -f scripts/legacy.make clean - -if [ -f "$CONFIG_BAK" ]; then - mv "$CONFIG_BAK" "$CONFIG_H" -fi - -# The file must exist, otherwise it means something went wrong while generating -# the coverage report. If something did go wrong, rm will complain so this -# script will exit with a failure status. -rm "tests/basic-build-test-$$.ok" diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh deleted file mode 100644 index e791ad065c..0000000000 --- a/tests/scripts/components-basic-checks.sh +++ /dev/null @@ -1,123 +0,0 @@ -# components-basic-checks.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Basic checks -################################################################ - -component_check_recursion () { - msg "Check: recursion.pl" # < 1s - ./framework/scripts/recursion.pl library/*.c - ./framework/scripts/recursion.pl ${PSA_CORE_PATH}/*.c - ./framework/scripts/recursion.pl ${BUILTIN_SRC_PATH}/*.c -} - -component_check_generated_files () { - msg "Check make_generated_files.py consistency" - $MAKE_COMMAND neat - $FRAMEWORK/scripts/make_generated_files.py - $FRAMEWORK/scripts/make_generated_files.py --check - $MAKE_COMMAND neat - - msg "Check files generated with make" - MBEDTLS_ROOT_DIR="$PWD" - $MAKE_COMMAND generated_files - $FRAMEWORK/scripts/make_generated_files.py --check - - cd $TF_PSA_CRYPTO_ROOT_DIR - ./framework/scripts/make_generated_files.py --check - - msg "Check files generated with cmake" - cd "$MBEDTLS_ROOT_DIR" - mkdir "$OUT_OF_SOURCE_DIR" - cd "$OUT_OF_SOURCE_DIR" - cmake -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR" - make - cd "$MBEDTLS_ROOT_DIR" - - $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check - - cd $TF_PSA_CRYPTO_ROOT_DIR - ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check - - # This component ends with the generated files present in the source tree. - # This is necessary for subsequent components! -} - -component_check_doxy_blocks () { - msg "Check: doxygen markup outside doxygen blocks" # < 1s - ./framework/scripts/check-doxy-blocks.pl -} - -component_check_files () { - msg "Check: file sanity checks (permissions, encodings)" # < 1s - framework/scripts/check_files.py -} - -component_check_changelog () { - msg "Check: changelog entries" # < 1s - rm -f ChangeLog.new - ./framework/scripts/assemble_changelog.py -o ChangeLog.new - if [ -e ChangeLog.new ]; then - # Show the diff for information. It isn't an error if the diff is - # non-empty. - diff -u ChangeLog ChangeLog.new || true - rm ChangeLog.new - fi -} - -component_check_names () { - msg "Check: declared and exported names (builds the library)" # < 3s - framework/scripts/check_names.py -v -} - -component_check_test_cases () { - msg "Check: test case descriptions" # < 1s - if [ $QUIET -eq 1 ]; then - opt='--quiet' - else - opt='' - fi - framework/scripts/check_test_cases.py -q $opt - unset opt -} - -component_check_doxygen_warnings () { - msg "Check: doxygen warnings (builds the documentation)" # ~ 3s - ./framework/scripts/doxygen.sh -} - -component_check_code_style () { - msg "Check C code style" - ./framework/scripts/code_style.py -} - -support_check_code_style () { - case $(uncrustify --version) in - *0.75.1*) true;; - *) false;; - esac -} - -component_check_python_files () { - msg "Lint: Python scripts" - ./framework/scripts/check-python-files.sh -} - -component_check_test_helpers () { - msg "unit test: generate_test_code.py" - # unittest writes out mundane stuff like number or tests run on stderr. - # Our convention is to reserve stderr for actual errors, and write - # harmless info on stdout so it can be suppress with --quiet. - ./framework/scripts/test_generate_test_code.py 2>&1 - - msg "unit test: translate_ciphers.py" - python3 -m unittest framework/scripts/translate_ciphers.py 2>&1 - - msg "unit test: generate_config_checks.py" - tests/scripts/test_config_checks.py 2>&1 -} diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh deleted file mode 100644 index ce923b5cc4..0000000000 --- a/tests/scripts/components-build-system.sh +++ /dev/null @@ -1,241 +0,0 @@ -# components-build-system.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Build System Testing -################################################################ - -component_test_make_shared () { - msg "build/test: make shared" # ~ 40s - $MAKE_COMMAND SHARED=1 TEST_CPP=1 all check - ldd programs/util/strerror | grep libmbedcrypto - $FRAMEWORK/tests/programs/dlopen_demo.sh -} - -component_test_cmake_shared () { - msg "build/test: cmake shared" # ~ 2min - cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On . - make - ldd programs/util/strerror | grep libtfpsacrypto - make test - $FRAMEWORK/tests/programs/dlopen_demo.sh -} - -support_test_cmake_out_of_source () { - distrib_id="" - distrib_ver="" - distrib_ver_minor="" - distrib_ver_major="" - - # Attempt to parse lsb-release to find out distribution and version. If not - # found this should fail safe (test is supported). - if [[ -f /etc/lsb-release ]]; then - - while read -r lsb_line; do - case "$lsb_line" in - "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; - "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; - esac - done < /etc/lsb-release - - distrib_ver_major="${distrib_ver%%.*}" - distrib_ver="${distrib_ver#*.}" - distrib_ver_minor="${distrib_ver%%.*}" - fi - - # Running the out of source CMake test on Ubuntu 16.04 using more than one - # processor (as the CI does) can create a race condition whereby the build - # fails to see a generated file, despite that file actually having been - # generated. This problem appears to go away with 18.04 or newer, so make - # the out of source tests unsupported on Ubuntu 16.04. - [ "$distrib_id" != "Ubuntu" ] || [ "$distrib_ver_major" -gt 16 ] -} - -component_test_cmake_out_of_source () { - # Remove existing generated files so that we use the ones cmake - # generates - $MAKE_COMMAND neat - - msg "build: cmake 'out-of-source' build" - MBEDTLS_ROOT_DIR="$PWD" - mkdir "$OUT_OF_SOURCE_DIR" - cd "$OUT_OF_SOURCE_DIR" - # Note: Explicitly generate files as these are turned off in releases - # Note: Use Clang compiler also for C++ (C uses it by default) - CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON \ - -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR" - make - - msg "test: cmake 'out-of-source' build" - make test - # Check that ssl-opt.sh can find the test programs. - # Also ensure that there are no error messages such as - # "No such file or directory", which would indicate that some required - # file is missing (ssl-opt.sh tolerates the absence of some files so - # may exit with status 0 but emit errors). - ./tests/ssl-opt.sh -f 'Default' >ssl-opt.out 2>ssl-opt.err - grep PASS ssl-opt.out - cat ssl-opt.err >&2 - # If ssl-opt.err is non-empty, record an error and keep going. - [ ! -s ssl-opt.err ] - rm ssl-opt.out ssl-opt.err - cd "$MBEDTLS_ROOT_DIR" - rm -rf "$OUT_OF_SOURCE_DIR" -} - -component_test_cmake_as_subdirectory () { - # Remove existing generated files so that we use the ones CMake - # generates - $MAKE_COMMAND neat - - msg "build: cmake 'as-subdirectory' build" - cd programs/test/cmake_subproject - # Note: Explicitly generate files as these are turned off in releases - cmake -D GEN_FILES=ON . - make - ./cmake_subproject -} - -support_test_cmake_as_subdirectory () { - support_test_cmake_out_of_source -} - -component_test_cmake_as_package () { - # Remove existing generated files so that we use the ones CMake - # generates - $MAKE_COMMAND neat - - msg "build: cmake 'as-package' build" - root_dir="$(pwd)" - cd programs/test/cmake_package - build_variant_dir="$(pwd)" - cmake . - make - ./cmake_package - if [[ "$OSTYPE" == linux* ]]; then - PKG_CONFIG_PATH="${build_variant_dir}/mbedtls/pkgconfig" \ - ${root_dir}/framework/scripts/pkgconfig.sh \ - mbedtls mbedx509 mbedcrypto - # These are the EXPECTED package names. Renaming these could break - # consumers of pkg-config, consider carefully. - fi -} - -support_test_cmake_as_package () { - support_test_cmake_out_of_source -} - -component_test_cmake_as_package_install () { - # Remove existing generated files so that we use the ones CMake - # generates - $MAKE_COMMAND neat - - msg "build: cmake 'as-installed-package' build" - cd programs/test/cmake_package_install - cmake . - make - - if ! cmp -s "mbedtls/lib/libtfpsacrypto.a" "mbedtls/lib/libmbedcrypto.a"; then - echo "Error: Crypto static libraries are different or one of them is missing/unreadable." >&2 - exit 1 - fi - if ! cmp -s "mbedtls/lib/libtfpsacrypto.so" "mbedtls/lib/libmbedcrypto.so"; then - echo "Error: Crypto shared libraries are different or one of them is missing/unreadable." >&2 - exit 1 - fi - - ./cmake_package_install -} - -support_test_cmake_as_package_install () { - support_test_cmake_out_of_source -} - -component_build_cmake_custom_config_file () { - # Make a copy of config file to use for the in-tree test - cp "$CONFIG_H" include/mbedtls_config_in_tree_copy.h - cp "$CRYPTO_CONFIG_H" include/mbedtls_crypto_config_in_tree_copy.h - - MBEDTLS_ROOT_DIR="$PWD" - mkdir "$OUT_OF_SOURCE_DIR" - cd "$OUT_OF_SOURCE_DIR" - - # Build once to get the generated files (which need an intact config file) - cmake "$MBEDTLS_ROOT_DIR" - make - - msg "build: cmake with -DMBEDTLS_CONFIG_FILE" - cd "$MBEDTLS_ROOT_DIR" - scripts/config.py full - cp include/mbedtls/mbedtls_config.h $OUT_OF_SOURCE_DIR/full_config.h - cp tf-psa-crypto/include/psa/crypto_config.h $OUT_OF_SOURCE_DIR/full_crypto_config.h - cd "$OUT_OF_SOURCE_DIR" - echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H" - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h "$MBEDTLS_ROOT_DIR" - make - - msg "build: cmake with -DMBEDTLS/TF_PSA_CRYPTO_CONFIG_FILE + -DMBEDTLS/TF_PSA_CRYPTO_USER_CONFIG_FILE" - # In the user config, disable one feature (for simplicity, pick a feature - # that nothing else depends on). - echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - echo '#undef MBEDTLS_NIST_KW_C' >crypto_user_config.h - - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h -DTF_PSA_CRYPTO_USER_CONFIG_FILE=crypto_user_config.h "$MBEDTLS_ROOT_DIR" - make - not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C - - rm -f user_config.h full_config.h full_crypto_config.h - - cd "$MBEDTLS_ROOT_DIR" - rm -rf "$OUT_OF_SOURCE_DIR" - - # Now repeat the test for an in-tree build: - - # Restore config for the in-tree test - mv include/mbedtls_config_in_tree_copy.h "$CONFIG_H" - mv include/mbedtls_crypto_config_in_tree_copy.h "$CRYPTO_CONFIG_H" - - # Build once to get the generated files (which need an intact config) - cmake . - make - - msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE" - cp include/mbedtls/mbedtls_config.h full_config.h - cp tf-psa-crypto/include/psa/crypto_config.h full_crypto_config.h - - echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H" - cmake -DGEN_FILES=OFF -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h -DMBEDTLS_CONFIG_FILE=full_config.h . - make - - msg "build: cmake (in-tree) with -DMBEDTLS/TF_PSA_CRYPTO_CONFIG_FILE + -DMBEDTLS/TF_PSA_CRYPTO_USER_CONFIG_FILE" - # In the user config, disable one feature (for simplicity, pick a feature - # that nothing else depends on). - echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - echo '#undef MBEDTLS_NIST_KW_C' >crypto_user_config.h - - cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h -DTF_PSA_CRYPTO_CONFIG_FILE=full_crypto_config.h -DTF_PSA_CRYPTO_USER_CONFIG_FILE=crypto_user_config.h . - make - not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C - - rm -f user_config.h full_config.h -} - -support_build_cmake_custom_config_file () { - support_test_cmake_out_of_source -} - -component_build_cmake_programs_no_testing () { - # Verify that the type of builds performed by oss-fuzz don't get accidentally broken - msg "build: cmake with -DENABLE_PROGRAMS=ON and -DENABLE_TESTING=OFF" - cmake -DENABLE_PROGRAMS=ON -DENABLE_TESTING=OFF . - make -} -support_build_cmake_programs_no_testing () { - support_test_cmake_out_of_source -} diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh deleted file mode 100644 index 6ccb57d700..0000000000 --- a/tests/scripts/components-compiler.sh +++ /dev/null @@ -1,173 +0,0 @@ -# components-compiler.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Compiler Testing -################################################################ - -support_build_tfm_armcc () { - support_build_armcc -} - -component_build_tfm_armcc () { - # test the TF-M configuration can build cleanly with various warning flags enabled - cp configs/config-tfm.h "$CONFIG_H" - cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - - msg "build: TF-M config, armclang armv7-m thumb2" - helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" -} - -test_build_opt () { - info=$1 cc=$2; shift 2 - $cc --version - for opt in "$@"; do - msg "build/test: $cc $opt, $info" # ~ 30s - $MAKE_COMMAND CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" - # We're confident enough in compilers to not run _all_ the tests, - # but at least run the unit tests. In particular, runs with - # optimizations use inline assembly whereas runs with -O0 - # skip inline assembly. - $MAKE_COMMAND test # ~30s - $MAKE_COMMAND clean - done -} - -# For FreeBSD we invoke the function by name so this condition is added -# to disable the existing test_clang_opt function for linux. -if [[ $(uname) != "Linux" ]]; then - component_test_clang_opt () { - scripts/config.py full - test_build_opt 'full config' clang -O0 -Os -O2 - } -fi - -component_test_clang_latest_opt () { - scripts/config.py full - test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2 -} - -support_test_clang_latest_opt () { - type "$CLANG_LATEST" >/dev/null 2>/dev/null -} - -component_test_clang_earliest_opt () { - scripts/config.py full - test_build_opt 'full config' "$CLANG_EARLIEST" -O2 -} - -support_test_clang_earliest_opt () { - type "$CLANG_EARLIEST" >/dev/null 2>/dev/null -} - -component_test_gcc_latest_opt () { - scripts/config.py full - test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2 -} - -support_test_gcc_latest_opt () { - type "$GCC_LATEST" >/dev/null 2>/dev/null -} - -# Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : -# test with GCC 15. -# Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this -# separate component. -# For the time being, we don't make $GCC_LATEST be GCC 15 on the CI -# platform, because that would break branches where #9814 isn't fixed yet. -support_test_gcc15_drivers_opt () { - if type gcc-15 >/dev/null 2>/dev/null; then - GCC_15=gcc-15 - elif [ -x /usr/local/gcc-15/bin/gcc-15 ]; then - GCC_15=/usr/local/gcc-15/bin/gcc-15 - else - return 1 - fi -} -component_test_gcc15_drivers_opt () { - msg "build: GCC 15: full + test drivers dispatching to builtins" - scripts/config.py full - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" - loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - - $MAKE_COMMAND CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" - - msg "test: GCC 15: full + test drivers dispatching to builtins" - $MAKE_COMMAND test -} - -component_test_gcc_earliest_opt () { - scripts/config.py full - test_build_opt 'full config' "$GCC_EARLIEST" -O2 -} - -support_test_gcc_earliest_opt () { - type "$GCC_EARLIEST" >/dev/null 2>/dev/null -} - -component_build_mingw () { - msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs - - # note Make tests only builds the tests, but doesn't run them - $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests - $MAKE_COMMAND WINDOWS_BUILD=1 clean - - msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs - $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests - $MAKE_COMMAND WINDOWS_BUILD=1 clean - - msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s - ./scripts/config.py unset MBEDTLS_AESNI_C # - $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib - $MAKE_COMMAND WINDOWS_BUILD=1 clean -} - -support_build_mingw () { - case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in - [0-5]*|"") false;; - *) true;; - esac -} - -component_build_zeroize_checks () { - msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()" - - scripts/config.py full - - # Only compile - we're looking for sizeof-pointer-memaccess warnings - $MAKE_COMMAND CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" -} - -component_test_zeroize () { - # Test that the function mbedtls_platform_zeroize() is not optimized away by - # different combinations of compilers and optimization flags by using an - # auxiliary GDB script. Unfortunately, GDB does not return error values to the - # system in all cases that the script fails, so we must manually search the - # output to check whether the pass string is present and no failure strings - # were printed. - - # Don't try to disable ASLR. We don't care about ASLR here. We do care - # about a spurious message if Gdb tries and fails, so suppress that. - gdb_disable_aslr= - if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then - gdb_disable_aslr='set disable-randomization off' - fi - - for optimization_flag in -O2 -O3 -Ofast -Os; do - for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - $MAKE_COMMAND programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - grep "The buffer was correctly zeroized" test_zeroize.log - not grep -i "error" test_zeroize.log - rm -f test_zeroize.log - $MAKE_COMMAND clean - done - done -} diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh deleted file mode 100644 index 637dbd0fd9..0000000000 --- a/tests/scripts/components-configuration-crypto.sh +++ /dev/null @@ -1,2438 +0,0 @@ -# components-configuration-crypto.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - Crypto -################################################################ - -component_test_psa_crypto_key_id_encodes_owner () { - msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" - make test -} - -component_test_psa_assume_exclusive_buffers () { - msg "build: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full config + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS, cmake, gcc, ASan" - make test -} - -component_test_crypto_with_static_key_slots() { - msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - scripts/config.py crypto_full - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that - # is enough to contain: - # - all RSA public keys up to 4096 bits (max of PSA_VENDOR_RSA_MAX_KEY_BITS). - # - RSA key pairs up to 1024 bits, but not 2048 or larger. - # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS). - # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS). - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212 - # Disable the fully dynamic key store (default on) since it conflicts - # with the static behavior that we're testing here. - scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - - msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test -} - -# check_renamed_symbols HEADER LIB -# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol -# name in LIB. -check_renamed_symbols () { - ! nm "$2" | sed 's/.* //' | - grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")" -} - -component_build_psa_crypto_spm () { - msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc" - scripts/config.py full - scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS - scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM - # We can only compile, not link, since our test and sample programs - # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM - # is active. - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib - - # Check that if a symbol is renamed by crypto_spe.h, the non-renamed - # version is not present. - echo "Checking for renamed symbols in the library" - check_renamed_symbols framework/tests/include/spe/crypto_spe.h library/libmbedcrypto.a -} - -# The goal of this component is to build a configuration where: -# - test code and libtestdriver1 can make use of calloc/free and -# - core library (including PSA core) cannot use calloc/free. -component_test_psa_crypto_without_heap() { - msg "crypto without heap: build libtestdriver1" - # Disable PSA features that cannot be accelerated and whose builtin support - # requires calloc/free. - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py unset-all "^PSA_WANT_ALG_HKDF" - scripts/config.py unset-all "^PSA_WANT_ALG_PBKDF2_" - scripts/config.py unset-all "^PSA_WANT_ALG_TLS12_" - # RSA key support requires ASN1 parse/write support for testing, but ASN1 - # is disabled below. - scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" - scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" - # EC-JPAKE use calloc/free in PSA core - scripts/config.py unset PSA_WANT_ALG_JPAKE - # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. - # This is required to get the proper test coverage otherwise there are - # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. - scripts/config.py set PSA_WANT_ECC_SECP_K1_192 - scripts/config.py set PSA_WANT_ECC_SECP_R1_192 - scripts/config.py set TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS || true - - # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). - PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT) - loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') - - helper_libtestdriver1_adjust_config crypto - helper_libtestdriver1_make_drivers "$loc_accel_list" - - msg "crypto without heap: build main library" - # Disable all legacy MBEDTLS_xxx symbols. - scripts/config.py unset-all "^MBEDTLS_" - # Build the PSA core using the proper config file. - scripts/config.py set MBEDTLS_PSA_CRYPTO_C - # Enable fully-static key slots in PSA core. - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Prevent PSA core from creating a copy of input/output buffers. - scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS - # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - # Set calloc/free as null pointer functions. Calling them would crash - # the program so we can use this as a "sentinel" for being sure no module - # is making use of these functions in the library. - scripts/config.py set MBEDTLS_PLATFORM_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL - scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL - - helper_libtestdriver1_make_main "$loc_accel_list" lib - - msg "crypto without heap: build test suites and helpers" - # Reset calloc/free functions to normal operations so that test code can - # freely use them. - scripts/config.py unset MBEDTLS_PLATFORM_MEMORY - scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC - scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE - helper_libtestdriver1_make_main "$loc_accel_list" tests - - msg "crypto without heap: test" - $MAKE_COMMAND test -} - -component_test_no_rsa_key_pair_generation () { - msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - $MAKE_COMMAND - - msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - $MAKE_COMMAND test -} - -component_test_no_pem_no_fs () { - msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" - scripts/config.py unset MBEDTLS_PEM_PARSE_C - scripts/config.py unset MBEDTLS_FS_IO - scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min - tests/ssl-opt.sh -} - -component_test_rsa_no_crt () { - msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min - scripts/config.py set MBEDTLS_RSA_NO_CRT - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f RSA - - msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min - tests/compat.sh -t RSA - - msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_no_ctr_drbg_use_psa () { - msg "build: Full minus CTR_DRBG, PSA crypto in TLS" - scripts/config.py full - scripts/config.py unset MBEDTLS_CTR_DRBG_C - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" - make test - - # In this configuration, the TLS test programs use HMAC_DRBG. - # The SSL tests are slow, so run a small subset, just enough to get - # confidence that the SSL code copes with HMAC_DRBG. - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' - - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" - tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL -} - -component_test_no_hmac_drbg_use_psa () { - msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" - scripts/config.py full - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" - make test - - # Normally our ECDSA implementation uses deterministic ECDSA. But since - # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used - # instead. - # Test SSL with non-deterministic ECDSA. Only test features that - # might be affected by how ECDSA signature is performed. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|SSL async private: sign' - - # To save time, only test one protocol version, since this part of - # the protocol is identical in (D)TLS up to 1.2. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" - tests/compat.sh -m tls12 -t 'ECDSA' -} - -component_test_psa_external_rng_no_drbg_use_psa () { - msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" - $MAKE_COMMAND test - - msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|opaque' -} - -component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - $MAKE_COMMAND test - - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - tests/ssl-opt.sh -f 'Default\|opaque' -} - -component_full_no_pkparse_pkwrite () { - msg "build: full without pkparse and pkwrite" - - scripts/config.py crypto_full - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - - $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). - not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o - not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o - - msg "test: full without pkparse and pkwrite" - $MAKE_COMMAND test -} - -component_test_crypto_full_md_light_only () { - msg "build: crypto_full with only the light subset of MD" - scripts/config.py crypto_full - - # Disable MD - scripts/config.py unset MBEDTLS_MD_C - # Disable direct dependencies of MD_C - scripts/config.py unset MBEDTLS_HKDF_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_PKCS7_C - # Disable indirect dependencies of MD_C - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - # Disable things that would auto-enable MD_C - scripts/config.py unset MBEDTLS_PKCS5_C - - # Note: MD-light is auto-enabled in build_info.h by modules that need it, - # which we haven't disabled, so no need to explicitly enable it. - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - # Make sure we don't have the HMAC functions, but the hashing functions - not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o - grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o - - msg "test: crypto_full with only the light subset of MD" - $MAKE_COMMAND test -} - -component_test_full_no_cipher () { - msg "build: full no CIPHER" - - scripts/config.py full - - # The built-in implementation of the following algs/key-types depends - # on CIPHER_C so we disable them. - # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 - # so we keep them enabled. - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py unset PSA_WANT_ALG_CMAC - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py unset PSA_WANT_ALG_CFB - scripts/config.py unset PSA_WANT_ALG_CTR - scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_OFB - scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER - - # The following modules directly depends on CIPHER_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - $MAKE_COMMAND - - # Ensure that CIPHER_C was not re-enabled - not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o - - msg "test: full no CIPHER" - $MAKE_COMMAND test -} - -component_test_full_no_ccm () { - msg "build: full no PSA_WANT_ALG_CCM" - - # Full config enables: - # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA - # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated - scripts/config.py full - - # Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still - # enabled, but not used from TLS since USE_PSA is set. - # This is helpful to ensure that TLS tests below have proper dependencies. - # - # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause - # PSA_WANT_ALG_CCM to be re-enabled. - scripts/config.py unset PSA_WANT_ALG_CCM - - $MAKE_COMMAND - - msg "test: full no PSA_WANT_ALG_CCM" - $MAKE_COMMAND test -} - -component_test_full_no_ccm_star_no_tag () { - msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - - # Full config enables CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated - scripts/config.py full - - # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all - # other components that enable MBEDTLS_PSA_BUILTIN_CIPHER internal symbol. - # This basically disables all unauthenticated ciphers on the PSA side, while - # keeping AEADs enabled. - # - # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause - # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled. - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py unset PSA_WANT_ALG_CTR - scripts/config.py unset PSA_WANT_ALG_CFB - scripts/config.py unset PSA_WANT_ALG_OFB - scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - # NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will - # mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also. - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - - $MAKE_COMMAND - - # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled - not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o - - msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - $MAKE_COMMAND test -} - -component_test_config_symmetric_only () { - msg "build: configs/config-symmetric-only.h" - MBEDTLS_CONFIG="configs/config-symmetric-only.h" - CRYPTO_CONFIG="tf-psa-crypto/configs/crypto-config-symmetric-only.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-symmetric-only.h - unit tests" - make test -} - -component_test_everest () { - msg "build: Everest ECDH context (ASan build)" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: metatests (clang, ASan)" - tests/scripts/run-metatests.sh any asan poison - - msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f ECDH - - msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min - # Exclude some symmetric ciphers that are redundant here to gain time. - tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' -} - -component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset PSA_WANT_ALG_JPAKE - - # Disable all curves - scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 - - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: Everest ECDH context, only Curve25519" # ~ 50s - $MAKE_COMMAND test -} - -component_test_psa_collect_statuses () { - msg "build+test: psa_collect_statuses" # ~30s - scripts/config.py full - tests/scripts/psa_collect_statuses.py - # Check that psa_crypto_init() succeeded at least once - grep -q '^0:psa_crypto_init:' tests/statuses.log - rm -f tests/statuses.log -} - -# Check that the specified libraries exist and are empty. -are_empty_libraries () { - nm "$@" >/dev/null 2>/dev/null - ! nm "$@" 2>/dev/null | grep -v ':$' | grep . -} - -component_test_crypto_for_psa_service () { - msg "build: make, config for PSA crypto service" - scripts/config.py crypto - scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - # Disable things that are not needed for just cryptography, to - # reach a configuration that would be typical for a PSA cryptography - # service providing all implemented PSA algorithms. - # System stuff - scripts/config.py unset MBEDTLS_ERROR_C - scripts/config.py unset MBEDTLS_TIMING_C - scripts/config.py unset MBEDTLS_VERSION_FEATURES - # Crypto stuff with no PSA interface - scripts/config.py unset MBEDTLS_BASE64_C - scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent - # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG. - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_PEM_PARSE_C - scripts/config.py unset MBEDTLS_PEM_WRITE_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_PKCS5_C - # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed - # in PSA code to work with RSA keys. We don't require users to set those: - # they will be reenabled in build_info.h. - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - $MAKE_COMMAND CFLAGS='-O1 -Werror' all test - are_empty_libraries library/libmbedx509.* library/libmbedtls.* -} - -component_build_crypto_baremetal () { - msg "build: make, crypto only, baremetal config" - scripts/config.py crypto_baremetal - $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" - are_empty_libraries library/libmbedx509.* library/libmbedtls.* -} - -support_build_crypto_baremetal () { - support_build_baremetal "$@" -} - -# depends.py family of tests -component_test_depends_py_cipher_id () { - msg "test/build: depends.py cipher_id (gcc)" - tests/scripts/depends.py cipher_id -} - -component_test_depends_py_cipher_chaining () { - msg "test/build: depends.py cipher_chaining (gcc)" - tests/scripts/depends.py cipher_chaining -} - -component_test_depends_py_curves () { - msg "test/build: depends.py curves (gcc)" - tests/scripts/depends.py curves -} - -component_test_depends_py_hashes () { - msg "test/build: depends.py hashes (gcc)" - tests/scripts/depends.py hashes -} - -component_test_depends_py_pkalgs () { - msg "test/build: depends.py pkalgs (gcc)" - tests/scripts/depends.py pkalgs -} - -component_test_psa_crypto_config_ffdh_2048_only () { - msg "build: full config - only DH 2048" - - scripts/config.py full - - # Disable all DH groups other than 2048. - scripts/config.py unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - - $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full config - only DH 2048" - $MAKE_COMMAND test - - msg "ssl-opt: full config - only DH 2048" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_accel_ecdsa () { - msg "build: accelerated ECDSA" - - # Configure - # --------- - - # Start from default config + TLS 1.3 - helper_libtestdriver1_adjust_config "default" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - - # Run the tests - # ------------- - - msg "test: accelerated ECDSA" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ecdh () { - msg "build: accelerated ECDH" - - # Configure - # --------- - - # Start from default config (no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDH \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - - # Run the tests - # ------------- - - msg "test: accelerated ECDH" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ffdh () { - msg "build: full with accelerated FFDH" - - # Configure - # --------- - - # start with full (USE_PSA and TLS 1.3) - helper_libtestdriver1_adjust_config "full" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_psa_ffdh_key_agreement ${BUILTIN_SRC_PATH}/psa_crypto_ffdh.o - - # Run the tests - # ------------- - - msg "test: full with accelerated FFDH" - $MAKE_COMMAND test - - msg "ssl-opt: full with accelerated FFDH alg" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_reference_ffdh () { - msg "build: full with non-accelerated FFDH" - - # Start with full (USE_PSA and TLS 1.3) - helper_libtestdriver1_adjust_config "full" - - $MAKE_COMMAND - - msg "test suites: full with non-accelerated FFDH alg" - $MAKE_COMMAND test - - msg "ssl-opt: full with non-accelerated FFDH alg" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_accel_pake () { - msg "build: full with accelerated PAKE" - - # Configure - # --------- - - helper_libtestdriver1_adjust_config "full" - - loc_accel_list="ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Make built-in fallback not available - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecjpake_init ${BUILTIN_SRC_PATH}/ecjpake.o - - # Run the tests - # ------------- - - msg "test: full with accelerated PAKE" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ecc_some_key_types () { - msg "build: full with accelerated EC algs and some key types" - - # Configure - # --------- - - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Algorithms and key types to accelerate - # For key types, use an explicitly list to omit GENERATE (and DERIVE) - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - KEY_TYPE_ECC_PUBLIC_KEY \ - KEY_TYPE_ECC_KEY_PAIR_BASIC \ - KEY_TYPE_ECC_KEY_PAIR_IMPORT \ - KEY_TYPE_ECC_KEY_PAIR_EXPORT \ - $(helper_get_psa_curve_list)" - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # this is not supported by the driver API yet - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # ECP should be re-enabled but not the others - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test suites: full with accelerated EC algs and some key types" - $MAKE_COMMAND test -} - -# Run tests with only (non-)Weierstrass accelerated -# Common code used in: -# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves -# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves -common_test_psa_crypto_config_accel_ecc_some_curves () { - weierstrass=$1 - if [ $weierstrass -eq 1 ]; then - desc="Weierstrass" - else - desc="non-Weierstrass" - fi - - msg "build: crypto_full minus PK with accelerated EC algs and $desc curves" - - # Configure - # --------- - - # Start with config crypto_full and remove PK_C: - # that's what's supported now, see docs/driver-only-builds.md. - helper_libtestdriver1_adjust_config "crypto_full" - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - - # Note: Curves are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - # Note: the following loop is a modified version of - # helper_get_psa_curve_list that only keeps Weierstrass families. - loc_weierstrass_list="" - loc_non_weierstrass_list="" - for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - case $item in - ECC_BRAINPOOL*|ECC_SECP*) - loc_weierstrass_list="$loc_weierstrass_list $item" - ;; - *) - loc_non_weierstrass_list="$loc_non_weierstrass_list $item" - ;; - esac - done - if [ $weierstrass -eq 1 ]; then - loc_curve_list=$loc_weierstrass_list - else - loc_curve_list=$loc_non_weierstrass_list - fi - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $loc_curve_list" - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # this is not supported by the driver API yet - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - # For grep to work below we need less inlining in ecp.c - ASAN_CFLAGS="$ASAN_CFLAGS -O0" helper_libtestdriver1_make_main "$loc_accel_list" - - # We expect ECDH to be re-enabled for the missing curves - grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - # We expect ECP to be re-enabled, however the parts specific to the - # families of curves that are accelerated should be ommited. - # - functions with mxz in the name are specific to Montgomery curves - # - ecp_muladd is specific to Weierstrass curves - ##nm ${BUILTIN_SRC_PATH}/ecp.o | tee ecp.syms - if [ $weierstrass -eq 1 ]; then - not grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o - grep mxz ${BUILTIN_SRC_PATH}/ecp.o - else - grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o - not grep mxz ${BUILTIN_SRC_PATH}/ecp.o - fi - # We expect ECDSA and ECJPAKE to be re-enabled only when - # Weierstrass curves are not accelerated - if [ $weierstrass -eq 1 ]; then - not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - else - grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - fi - - # Run the tests - # ------------- - - msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { - common_test_psa_crypto_config_accel_ecc_some_curves 1 -} - -component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () { - common_test_psa_crypto_config_accel_ecc_some_curves 0 -} - -# Auxiliary function to build config for all EC based algorithms (EC-JPAKE, -# ECDH, ECDSA) with and without drivers. -# The input parameter is a boolean value which indicates: -# - 0 keep built-in EC algs, -# - 1 exclude built-in EC algs (driver only). -# -# This is used by the two following components to ensure they always use the -# same config, except for the use of driver or built-in EC algorithms: -# - component_test_psa_crypto_config_accel_ecc_ecp_light_only; -# - component_test_psa_crypto_config_reference_ecc_ecp_light_only. -# This supports comparing their test coverage with analyze_outcomes.py. -config_psa_crypto_config_ecp_light_only () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only -component_test_psa_crypto_config_accel_ecc_ecp_light_only () { - msg "build: full with accelerated EC algs" - - # Configure - # --------- - - # Use the same config as reference, only without built-in EC algs - config_psa_crypto_config_ecp_light_only 1 - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Do not disable builtin curves because that support is required for: - # - MBEDTLS_PK_PARSE_EC_EXTENDED - # - MBEDTLS_PK_PARSE_EC_COMPRESSED - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test suites: full with accelerated EC algs" - $MAKE_COMMAND test - - msg "ssl-opt: full with accelerated EC algs" - tests/ssl-opt.sh -} - -# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only -component_test_psa_crypto_config_reference_ecc_ecp_light_only () { - msg "build: non-accelerated EC algs" - - config_psa_crypto_config_ecp_light_only 0 - - $MAKE_COMMAND - - msg "test suites: full with non-accelerated EC algs" - $MAKE_COMMAND test - - msg "ssl-opt: full with non-accelerated EC algs" - tests/ssl-opt.sh -} - -# This helper function is used by: -# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all() -# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() -# to ensure that both tests use the same underlying configuration when testing -# driver's coverage with analyze_outcomes.py. -# -# This functions accepts 1 boolean parameter as follows: -# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore -# excluding their built-in implementation as well as ECP_C & ECP_LIGHT -# - 0: include built-in implementation of EC algorithms. -# -# PK_C and RSA_C are always disabled to ensure there is no remaining dependency -# on the ECP module. -config_psa_crypto_no_ecp_at_all () { - driver_only="$1" - # start with full config for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Build and test a configuration where driver accelerates all EC algs while -# all support and dependencies from ECP and ECP_LIGHT are removed on the library -# side. -# -# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() -component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { - msg "build: full + accelerated EC algs - ECP" - - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_no_ecp_at_all 1 - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Build - # ----- - - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP module was not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test: full + accelerated EC algs - ECP" - $MAKE_COMMAND test - - msg "ssl-opt: full + accelerated EC algs - ECP" - tests/ssl-opt.sh -} - -# Reference function used for driver's coverage analysis in analyze_outcomes.py -# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all(). -# Keep in sync with its accelerated counterpart. -component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { - msg "build: full + non accelerated EC algs" - - config_psa_crypto_no_ecp_at_all 0 - - $MAKE_COMMAND - - msg "test: full + non accelerated EC algs" - $MAKE_COMMAND test - - msg "ssl-opt: full + non accelerated EC algs" - tests/ssl-opt.sh -} - -# This is a common configuration helper used directly from: -# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# and indirectly from: -# - component_test_psa_crypto_config_accel_ecc_no_bignum -# - accelerate all EC algs, disable RSA and FFDH -# - component_test_psa_crypto_config_reference_ecc_no_bignum -# - this is the reference component of the above -# - it still disables RSA and FFDH, but it uses builtin EC algs -# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# - accelerate all EC and FFDH algs, disable only RSA -# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# - this is the reference component of the above -# - it still disables RSA, but it uses builtin EC and FFDH algs -# -# This function accepts 2 parameters: -# $1: a boolean value which states if we are testing an accelerated scenario -# or not. -# $2: a string value which states which components are tested. Allowed values -# are "ECC" or "ECC_DH". -config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - driver_only="$1" - test_target="$2" - # start with full config for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # RSA support is intentionally disabled on this test because RSA_C depends - # on BIGNUM_C. - scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - # Also disable key exchanges that depend on RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - - if [ "$test_target" = "ECC" ]; then - # When testing ECC only, we disable FFDH support, both from builtin and - # PSA sides. - scripts/config.py unset PSA_WANT_ALG_FFDH - scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" - scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*" - fi - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Common helper used by: -# - component_test_psa_crypto_config_accel_ecc_no_bignum -# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# -# The goal is to build and test accelerating either: -# - ECC only or -# - both ECC and FFDH -# -# It is meant to be used in conjunction with -# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers -# coverage analysis in the "analyze_outcomes.py" script. -common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - test_target="$1" - - # This is an internal helper to simplify text message handling - if [ "$test_target" = "ECC_DH" ]; then - accel_text="ECC/FFDH" - removed_text="ECP - DH" - else - accel_text="ECC" - removed_text="ECP" - fi - - msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - - # By default we accelerate all EC keys/algs - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Optionally we can also add DH to the list of accelerated items - if [ "$test_target" = "ECC_DH" ]; then - loc_accel_list="$loc_accel_list \ - ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - fi - - # Build - # ----- - - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o - - # Run the tests - # ------------- - - msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - - $MAKE_COMMAND test - - msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - tests/ssl-opt.sh -} - -# Common helper used by: -# - component_test_psa_crypto_config_reference_ecc_no_bignum -# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# -# The goal is to build and test a reference scenario (i.e. with builtin -# components) compared to the ones used in -# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above. -# -# It is meant to be used in conjunction with -# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers' -# coverage analysis in "analyze_outcomes.py" script. -common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { - test_target="$1" - - # This is an internal helper to simplify text message handling - if [ "$test_target" = "ECC_DH" ]; then - accel_text="ECC/FFDH" - else - accel_text="ECC" - fi - - msg "build: full + non accelerated $accel_text algs + USE_PSA" - - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - - $MAKE_COMMAND - - msg "test suites: full + non accelerated EC algs + USE_PSA" - $MAKE_COMMAND test - - msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" - tests/ssl-opt.sh -} - -component_test_psa_crypto_config_accel_ecc_no_bignum () { - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC" -} - -component_test_psa_crypto_config_reference_ecc_no_bignum () { - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC" -} - -component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH" -} - -component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH" -} - -component_test_tfm_config_as_is () { - msg "build: configs/config-tfm.h" - MBEDTLS_CONFIG="configs/config-tfm.h" - CRYPTO_CONFIG="tf-psa-crypto/configs/ext/crypto_config_profile_medium.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-tfm.h - unit tests" - make test -} - -# Helper for setting common configurations between: -# - component_test_tfm_config_p256m_driver_accel_ec() -# - component_test_tfm_config_no_p256m() -common_tfm_config () { - # Enable TF-M config - cp configs/config-tfm.h "$CONFIG_H" - cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - - # Config adjustment for better test coverage in our environment. - # This is not needed just to build and pass tests. - # - # Enable filesystem I/O for the benefit of PK parse/write tests. - sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #define MBEDTLS_FS_IO' "$CRYPTO_CONFIG_H" -} - -# Keep this in sync with component_test_tfm_config() as they are both meant -# to be used in analyze_outcomes.py for driver's coverage analysis. -component_test_tfm_config_p256m_driver_accel_ec () { - msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - - common_tfm_config - - # Build crypto library - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o - # Check that p256m was built - grep -q p256_ecdsa_ library/libmbedcrypto.a - - # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration - # files, so we want to ensure that it has not be re-enabled accidentally. - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - - # Run the tests - msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - $MAKE_COMMAND test -} - -# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as -# they are both meant to be used in analyze_outcomes.py for driver's coverage -# analysis. -component_test_tfm_config_no_p256m () { - common_tfm_config - - # Disable P256M driver, which is on by default, so that analyze_outcomes - # can compare this test with test_tfm_config_p256m_driver_accel_ec - scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_PSA_P256M_DRIVER_ENABLED - - msg "build: TF-M config without p256m" - $MAKE_COMMAND CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests - - # Check that p256m was not built - not grep p256_ecdsa_ library/libmbedcrypto.a - - # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration - # files, so we want to ensure that it has not be re-enabled accidentally. - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - - msg "test: TF-M config without p256m" - $MAKE_COMMAND test -} - -# This is an helper used by: -# - component_test_psa_ecc_key_pair_no_derive -# - component_test_psa_ecc_key_pair_no_generate -# The goal is to test with all PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy symbols -# enabled, but one. Input arguments are as follows: -# - $1 is the configuration to start from -# - $2 is the key type under test, i.e. ECC/RSA/DH -# - $3 is the key option to be unset (i.e. generate, derive, etc) -build_and_test_psa_want_key_pair_partial () { - base_config=$1 - key_type=$2 - unset_option=$3 - disabled_psa_want="PSA_WANT_KEY_TYPE_${key_type}_KEY_PAIR_${unset_option}" - - msg "build: $base_config - ${disabled_psa_want}" - scripts/config.py "$base_config" - - # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in - # crypto_config.h so we just disable the one we don't want. - scripts/config.py unset "$disabled_psa_want" - - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: $base_config - ${disabled_psa_want}" - $MAKE_COMMAND test -} - -component_test_psa_ecc_key_pair_no_derive () { - build_and_test_psa_want_key_pair_partial full "ECC" "DERIVE" -} - -component_test_psa_ecc_key_pair_no_generate () { - # TLS needs ECC key generation whenever ephemeral ECDH is enabled. - # We don't have proper guards for configurations with ECC key generation - # disabled (https://github.com/Mbed-TLS/mbedtls/issues/9481). Until - # then (if ever), just test the crypto part of the library. - build_and_test_psa_want_key_pair_partial crypto_full "ECC" "GENERATE" -} - -config_psa_crypto_accel_rsa () { - driver_only=$1 - - # Start from crypto_full config (no X.509, no TLS) - helper_libtestdriver1_adjust_config "crypto_full" - - if [ "$driver_only" -eq 1 ]; then - # We need PEM parsing in the test library as well to support the import - # of PEM encoded RSA keys. - scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C - scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C - fi -} - -component_test_psa_crypto_config_accel_rsa_crypto () { - msg "build: crypto_full with accelerated RSA" - - loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \ - ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \ - KEY_TYPE_RSA_PUBLIC_KEY \ - KEY_TYPE_RSA_KEY_PAIR_BASIC \ - KEY_TYPE_RSA_KEY_PAIR_GENERATE \ - KEY_TYPE_RSA_KEY_PAIR_IMPORT \ - KEY_TYPE_RSA_KEY_PAIR_EXPORT" - - # Configure - # --------- - - config_psa_crypto_accel_rsa 1 - - # Build - # ----- - - # These hashes are needed for unit tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_rsa ${BUILTIN_SRC_PATH}/rsa.o - - # Run the tests - # ------------- - - msg "test: crypto_full with accelerated RSA" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_reference_rsa_crypto () { - msg "build: crypto_full with non-accelerated RSA" - - # Configure - # --------- - config_psa_crypto_accel_rsa 0 - - # Build - # ----- - $MAKE_COMMAND - - # Run the tests - # ------------- - msg "test: crypto_full with non-accelerated RSA" - $MAKE_COMMAND test -} - -# This is a temporary test to verify that full RSA support is present even when -# only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined. -component_test_new_psa_want_key_pair_symbol () { - msg "Build: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - - # Create a temporary output file unless there is already one set - if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then - REMOVE_OUTCOME_ON_EXIT="no" - else - REMOVE_OUTCOME_ON_EXIT="yes" - MBEDTLS_TEST_OUTCOME_FILE="$PWD/out.csv" - export MBEDTLS_TEST_OUTCOME_FILE - fi - - # Start from crypto configuration - scripts/config.py crypto - - # Remove RSA dependencies - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - - # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure - # that proper translations is done in crypto_legacy.h. - scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - - $MAKE_COMMAND - - msg "Test: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - $MAKE_COMMAND test - - # Parse only 1 relevant line from the outcome file, i.e. a test which is - # performing RSA signature. - msg "Verify that 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' is PASS" - cat $MBEDTLS_TEST_OUTCOME_FILE | grep 'RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA)' | grep -q "PASS" - - if [ "$REMOVE_OUTCOME_ON_EXIT" == "yes" ]; then - rm $MBEDTLS_TEST_OUTCOME_FILE - fi -} - -component_test_psa_crypto_config_accel_hash () { - msg "test: accelerated hash" - - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - # Start from default config (no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # There's a risk of something getting re-enabled via config_psa.h; - # make sure it did not happen. Note: it's OK for MD_C to be enabled. - not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o - not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o - not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o - not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o - not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o - - # Run the tests - # ------------- - - msg "test: accelerated hash" - $MAKE_COMMAND test -} - -# Auxiliary function to build config for hashes with and without drivers -config_psa_crypto_hash_use_psa () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # disable the built-in implementation of hashes - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - fi -} - -# Note that component_test_psa_crypto_config_reference_hash_use_psa -# is related to this component and both components need to be kept in sync. -# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa. -component_test_psa_crypto_config_accel_hash_use_psa () { - msg "test: full with accelerated hashes" - - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - config_psa_crypto_hash_use_psa 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # There's a risk of something getting re-enabled via config_psa.h; - # make sure it did not happen. Note: it's OK for MD_C to be enabled. - not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o - not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o - not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o - not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o - not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o - - # Run the tests - # ------------- - - msg "test: full with accelerated hashes" - $MAKE_COMMAND test - - # This is mostly useful so that we can later compare outcome files with - # the reference config in analyze_outcomes.py, to check that the - # dependency declarations in ssl-opt.sh and in TLS code are correct. - msg "test: ssl-opt.sh, full with accelerated hashes" - tests/ssl-opt.sh - - # This is to make sure all ciphersuites are exercised, but we don't need - # interop testing (besides, we already got some from ssl-opt.sh). - msg "test: compat.sh, full with accelerated hashes" - tests/compat.sh -p mbedTLS -V YES -} - -# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa -# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py -# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt). -# Both components need to be kept in sync. -component_test_psa_crypto_config_reference_hash_use_psa () { - msg "test: full without accelerated hashes" - - config_psa_crypto_hash_use_psa 0 - - $MAKE_COMMAND - - msg "test: full without accelerated hashes" - $MAKE_COMMAND test - - msg "test: ssl-opt.sh, full without accelerated hashes" - tests/ssl-opt.sh -} - -# Auxiliary function to build config for hashes with and without drivers -config_psa_crypto_hmac_use_psa () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - if [ "$driver_only" -eq 1 ]; then - # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT - # is still enabled though (for ENTROPY_C among others). - scripts/config.py unset MBEDTLS_MD_C - # Also disable the configuration options that tune the builtin hashes, - # since those hashes are disabled. - scripts/config.py unset-all MBEDTLS_SHA - fi - - # Direct dependencies of MD_C. We disable them also in the reference - # component to work with the same set of features. - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_HKDF_C - # Dependencies of HMAC_DRBG - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA -} - -component_test_psa_crypto_config_accel_hmac () { - msg "test: full with accelerated hmac" - - loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \ - ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - config_psa_crypto_hmac_use_psa 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Ensure that built-in support for HMAC is disabled. - not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o - - # Run the tests - # ------------- - - msg "test: full with accelerated hmac" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_reference_hmac () { - msg "test: full without accelerated hmac" - - config_psa_crypto_hmac_use_psa 0 - - $MAKE_COMMAND - - msg "test: full without accelerated hmac" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_aead () { - msg "test: accelerated AEAD" - - loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \ - KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - # Start from full config - helper_libtestdriver1_adjust_config "full" - - # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o - not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o - not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o - - # Run the tests - # ------------- - - msg "test: accelerated AEAD" - $MAKE_COMMAND test -} - -# This is a common configuration function used in: -# - component_test_psa_crypto_config_accel_cipher_aead_cmac -# - component_test_psa_crypto_config_reference_cipher_aead_cmac -common_psa_crypto_config_accel_cipher_aead_cmac () { - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - scripts/config.py unset MBEDTLS_NIST_KW_C -} - -# The 2 following test components, i.e. -# - component_test_psa_crypto_config_accel_cipher_aead_cmac -# - component_test_psa_crypto_config_reference_cipher_aead_cmac -# are meant to be used together in analyze_outcomes.py script in order to test -# driver's coverage for ciphers and AEADs. -component_test_psa_crypto_config_accel_cipher_aead_cmac () { - msg "build: full config with accelerated cipher inc. AEAD and CMAC" - - loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ - ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ - ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_psa_crypto_config_accel_cipher_aead_cmac - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o - not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o - not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o - not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o - not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o - not grep mbedtls_poly1305 ${BUILTIN_SRC_PATH}/poly1305.o - - # Run the tests - # ------------- - - msg "test: full config with accelerated cipher inc. AEAD and CMAC" - $MAKE_COMMAND test - - msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" - # Exclude password-protected key tests — they require built-in CBC and AES. - tests/ssl-opt.sh -e "TLS: password protected" - - msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC" - tests/compat.sh -V NO -p mbedTLS -} - -component_test_psa_crypto_config_reference_cipher_aead_cmac () { - msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" - common_psa_crypto_config_accel_cipher_aead_cmac - - $MAKE_COMMAND - - msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" - $MAKE_COMMAND test - - msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" - # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. - tests/ssl-opt.sh -e "TLS: password protected" - - msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC" - tests/compat.sh -V NO -p mbedTLS -} - -common_block_cipher_dispatch () { - TEST_WITH_DRIVER="$1" - - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - # Disable cipher's modes that, when not accelerated, cause - # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". - # Keep this also in the reference component in order to skip the same tests - # that were skipped in the accelerated one. - scripts/config.py unset PSA_WANT_ALG_CTR - scripts/config.py unset PSA_WANT_ALG_CFB - scripts/config.py unset PSA_WANT_ALG_OFB - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py unset PSA_WANT_ALG_CMAC - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - - # Disable direct dependency on AES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Prevent the cipher module from using deprecated PSA path. The reason is - # that otherwise there will be tests relying on "aes_info" (defined in - # "cipher_wrap.c") whose functions are not available when AES_C is - # not defined. ARIA and Camellia are not a problem in this case because - # the PSA path is not tested for these key types. - scripts/config.py set MBEDTLS_DEPRECATED_REMOVED -} - -component_test_full_block_cipher_psa_dispatch_static_keystore () { - msg "build: full + PSA dispatch in block_cipher with static keystore" - # Check that the static key store works well when CTR_DRBG uses a - # PSA key for AES. - scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - - loc_accel_list="ALG_ECB_NO_PADDING \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_block_cipher_dispatch 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure disabled components were not re-enabled by accident (additive - # config) - not grep mbedtls_aes_ library/aes.o - not grep mbedtls_aria_ library/aria.o - not grep mbedtls_camellia_ library/camellia.o - - # Run the tests - # ------------- - - msg "test: full + PSA dispatch in block_cipher with static keystore" - $MAKE_COMMAND test -} - -component_test_full_block_cipher_psa_dispatch () { - msg "build: full + PSA dispatch in block_cipher" - - loc_accel_list="ALG_ECB_NO_PADDING \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_block_cipher_dispatch 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure disabled components were not re-enabled by accident (additive - # config) - not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o - - # Run the tests - # ------------- - - msg "test: full + PSA dispatch in block_cipher" - $MAKE_COMMAND test -} - -# This is the reference component of component_test_full_block_cipher_psa_dispatch -component_test_full_block_cipher_legacy_dispatch () { - msg "build: full + legacy dispatch in block_cipher" - - common_block_cipher_dispatch 0 - - $MAKE_COMMAND - - msg "test: full + legacy dispatch in block_cipher" - $MAKE_COMMAND test -} - -component_test_aead_chachapoly_disabled () { - msg "build: full minus CHACHAPOLY" - scripts/config.py full - scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full minus CHACHAPOLY" - $MAKE_COMMAND test -} - -component_test_aead_only_ccm () { - msg "build: full minus CHACHAPOLY and GCM" - scripts/config.py full - scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - scripts/config.py unset PSA_WANT_ALG_GCM - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full minus CHACHAPOLY and GCM" - $MAKE_COMMAND test -} - -component_test_ccm_aes_sha256 () { - msg "build: CCM + AES + SHA256 configuration" - - # Setting a blank config disables everyhing in the library side. - echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H" - cp tf-psa-crypto/configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" - - $MAKE_COMMAND - msg "test: CCM + AES + SHA256 configuration" - $MAKE_COMMAND test -} - -# Test that the given .o file builds with all (valid) combinations of the given options. -# -# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... -# -# The validator function is the name of a function to validate the combination of options. -# It may be "" if all combinations are valid. -# It receives a string containing a combination of options, as passed to the compiler, -# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid. -build_test_config_combos () { - file=$1 - shift - validate_options=$1 - shift - options=("$@") - - # clear all of the options so that they can be overridden on the clang commandline - for opt in "${options[@]}"; do - ./scripts/config.py unset ${opt} - done - - # enter the library directory - cd library - - # The most common issue is unused variables/functions, so ensure -Wunused is set. - warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - - # Extract the command generated by the Makefile to build the target file. - # This ensures that we have any include paths, macro definitions, etc - # that may be applied by make. - # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c" - - makefile=$(TMPDIR=. mktemp) - deps="" - - len=${#options[@]} - source_file=../${file%.o}.c - - targets=0 - echo 'include Makefile' >${makefile} - - for ((i = 0; i < $((2**${len})); i++)); do - # generate each of 2^n combinations of options - # each bit of $i is used to determine if options[i] will be set or not - target="t" - clang_args="" - for ((j = 0; j < ${len}; j++)); do - if (((i >> j) & 1)); then - opt=-D${options[$j]} - clang_args="${clang_args} ${opt}" - target="${target}${opt}" - fi - done - - # if combination is not known to be invalid, add it to the makefile - if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then - cmd="${compile_cmd} ${clang_args}" - echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile} - - deps="${deps} ${target}" - ((++targets)) - fi - done - - echo "build_test_config_combos: ${deps}" >> ${makefile} - - # execute all of the commands via Make (probably in parallel) - make -s -f ${makefile} build_test_config_combos - echo "$targets targets checked" - - # clean up the temporary makefile - rm ${makefile} -} - -validate_aes_config_variations () { - if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ - ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - return 1 - fi - fi - return 0 -} - -component_build_aes_variations () { - # 18s - around 90ms per clang invocation on M1 Pro - # - # aes.o has many #if defined(...) guards that intersect in complex ways. - # Test that all the combinations build cleanly. - - MBEDTLS_ROOT_DIR="$PWD" - msg "build: aes.o for all combinations of relevant config options" - - build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ - "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" - - cd "$MBEDTLS_ROOT_DIR" - msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW, - # manually set or unset those configurations to check - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_NIST_KW_C - - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - - build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ - "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" -} - -component_test_sha3_variations () { - msg "sha3 loop unroll variations" - - # define minimal config sufficient to test SHA3 - cat > include/mbedtls/mbedtls_config.h << END -END - - cat > tf-psa-crypto/include/psa/crypto_config.h << END - #define PSA_WANT_ALG_SHA_256 1 - #define PSA_WANT_ALG_SHA3_224 1 - #define PSA_WANT_ALG_SHA3_256 1 - #define PSA_WANT_ALG_SHA3_384 1 - #define PSA_WANT_ALG_SHA3_512 1 - #define PSA_WANT_KEY_TYPE_AES 1 - #define MBEDTLS_PSA_CRYPTO_C - #define MBEDTLS_CTR_DRBG_C - #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY - #define MBEDTLS_SELF_TEST -END - - msg "all loops unrolled" - $MAKE_COMMAND clean - make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" - ./tf-psa-crypto/tests/test_suite_shax - - msg "all loops rolled up" - $MAKE_COMMAND clean - make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0" - ./tf-psa-crypto/tests/test_suite_shax -} - -support_build_aes_aesce_armcc () { - support_build_armcc -} - -# For timebeing, no aarch64 gcc available in CI and no arm64 CI node. -component_build_aes_aesce_armcc () { - msg "Build: AESCE test on arm64 platform without plain C." - scripts/config.py baremetal - - # armc[56] don't support SHA-512 intrinsics - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - - # Stop armclang warning about feature detection for A64_CRYPTO. - # With this enabled, the library does build correctly under armclang, - # but in baremetal builds (as tested here), feature detection is - # unavailable, and the user is notified via a #warning. So enabling - # this feature would prevent us from building with -Werror on - # armclang. Tracked in #7198. - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py set MBEDTLS_HAVE_ASM - - msg "AESCE, build with default configuration." - scripts/config.py set MBEDTLS_AESCE_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" - - msg "AESCE, build AESCE only" - scripts/config.py set MBEDTLS_AESCE_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" -} - -component_test_aes_only_128_bit_keys () { - msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH" - scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" - $MAKE_COMMAND test -} - -component_test_no_ctr_drbg_aes_only_128_bit_keys () { - msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - scripts/config.py unset MBEDTLS_CTR_DRBG_C - - $MAKE_COMMAND CC=clang CFLAGS='-Werror -Wall -Wextra' - - msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - $MAKE_COMMAND test -} - -component_test_aes_only_128_bit_keys_have_builtins () { - msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - $MAKE_COMMAND test - - msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - programs/test/selftest -} - -component_test_gcm_largetable () { - msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C" - scripts/config.py set MBEDTLS_GCM_LARGE_TABLE - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C" - $MAKE_COMMAND test -} - -component_test_aes_fewer_tables () { - msg "build: default config with AES_FEWER_TABLES enabled" - scripts/config.py set MBEDTLS_AES_FEWER_TABLES - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: AES_FEWER_TABLES" - $MAKE_COMMAND test -} - -component_test_aes_rom_tables () { - msg "build: default config with AES_ROM_TABLES enabled" - scripts/config.py set MBEDTLS_AES_ROM_TABLES - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: AES_ROM_TABLES" - $MAKE_COMMAND test -} - -component_test_aes_fewer_tables_and_rom_tables () { - msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" - scripts/config.py set MBEDTLS_AES_FEWER_TABLES - scripts/config.py set MBEDTLS_AES_ROM_TABLES - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' - - msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" - $MAKE_COMMAND test -} - -# helper for component_test_block_cipher_no_decrypt_aesni() which: -# - enable/disable the list of config options passed from -s/-u respectively. -# - build -# - test for tests_suite_xxx -# - selftest -# -# Usage: helper_block_cipher_no_decrypt_build_test -# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]] -# Options: -s set_opts the list of config options to enable -# -u unset_opts the list of config options to disable -# -c cflags the list of options passed to CFLAGS -# -l ldflags the list of options passed to LDFLAGS -helper_block_cipher_no_decrypt_build_test () { - while [ $# -gt 0 ]; do - case "$1" in - -s) - shift; local set_opts="$1";; - -u) - shift; local unset_opts="$1";; - -c) - shift; local cflags="-Werror -Wall -Wextra $1";; - -l) - shift; local ldflags="$1";; - esac - shift - done - set_opts="${set_opts:-}" - unset_opts="${unset_opts:-}" - cflags="${cflags:-}" - ldflags="${ldflags:-}" - - [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts - [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts - - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - $MAKE_COMMAND clean - $MAKE_COMMAND CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o - # Make sure we don't have mbedtls_aesni_inverse_key in AESNI - not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - $MAKE_COMMAND test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - programs/test/selftest -} - -# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: -config_block_cipher_no_decrypt () { - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING -} - -component_test_block_cipher_no_decrypt_aesni () { - # Test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, AESNI assembly and - # AES C implementation on x86_64 and with AESNI intrinsics on x86. - - # This consistently causes an llvm crash on clang 3.8, so use gcc - export CC=gcc - config_block_cipher_no_decrypt - - # test AESNI intrinsics - helper_block_cipher_no_decrypt_build_test \ - -s "MBEDTLS_AESNI_C" \ - -c "-mpclmul -msse2 -maes" - - # test AESNI assembly - helper_block_cipher_no_decrypt_build_test \ - -s "MBEDTLS_AESNI_C" \ - -c "-mno-pclmul -mno-sse2 -mno-aes" - - # test AES C implementation - helper_block_cipher_no_decrypt_build_test \ - -u "MBEDTLS_AESNI_C" - - # test AESNI intrinsics for i386 target - helper_block_cipher_no_decrypt_build_test \ - -s "MBEDTLS_AESNI_C" \ - -c "-m32 -mpclmul -msse2 -maes" \ - -l "-m32" -} - -support_test_block_cipher_no_decrypt_aesce_armcc () { - support_build_armcc -} - -component_test_block_cipher_no_decrypt_aesce_armcc () { - scripts/config.py baremetal - - # armc[56] don't support SHA-512 intrinsics - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - - # Stop armclang warning about feature detection for A64_CRYPTO. - # With this enabled, the library does build correctly under armclang, - # but in baremetal builds (as tested here), feature detection is - # unavailable, and the user is notified via a #warning. So enabling - # this feature would prevent us from building with -Werror on - # armclang. Tracked in #7198. - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py set MBEDTLS_HAVE_ASM - - config_block_cipher_no_decrypt - - # test AESCE baremetal build - scripts/config.py set MBEDTLS_AESCE_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE" - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra" - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o - # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE - not grep mbedtls_aesce_inverse_key ${BUILTIN_SRC_PATH}/aesce.o - not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o -} - -component_test_ctr_drbg_aes_256_sha_512 () { - msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)" - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)" - make test -} - -component_test_ctr_drbg_aes_256_sha_256 () { - msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" - make test -} - -component_test_ctr_drbg_aes_128_sha_512 () { - msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)" - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)" - make test -} - -component_test_ctr_drbg_aes_128_sha_256 () { - msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" - make test -} - -component_test_full_static_keystore () { - msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - scripts/config.py full - scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - $MAKE_COMMAND CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - $MAKE_COMMAND test -} - -component_test_psa_crypto_drivers () { - # Test dispatch to drivers and fallbacks with - # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that - # are wrappers around the builtin drivers are activated by - # PSA_CRYPTO_DRIVER_TEST. - # - # For the time being, some test cases in test_suite_block_cipher and - # test_suite_md.psa rely on this component to be run at least once by the - # CI. This should disappear as we progress the 4.x work. See - # config_adjust_test_accelerators.h for more information. - msg "build: full + test drivers dispatching to builtins" - scripts/config.py full - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" - loc_cflags="${loc_cflags} -I../framework/tests/include" - - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full + test drivers dispatching to builtins" - $MAKE_COMMAND test -} - -component_build_psa_config_file () { - msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE" # ~40s - cp "$CRYPTO_CONFIG_H" psa_test_config.h - echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" - $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" - # Make sure this feature is enabled. We'll disable it in the next phase. - programs/test/query_compile_time_config PSA_WANT_ALG_CMAC - $MAKE_COMMAND clean - - msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s - # In the user config, disable one feature and its dependencies, which will - # reflect on the mbedtls configuration so we can query it with - # query_compile_time_config. - echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h - echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h - $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" - not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC - - rm -f psa_test_config.h psa_user_config.h -} - -component_build_psa_alt_headers () { - msg "build: make with PSA alt headers" # ~20s - - # Generate alternative versions of the substitutable headers with the - # same content except different include guards. - make -C tests ../framework/tests/include/alt-extra/psa/crypto_platform_alt.h ../framework/tests/include/alt-extra/psa/crypto_struct_alt.h - - # Build the library and some programs. - # Don't build the fuzzers to avoid having to go through hoops to set - # a correct include path for programs/fuzz/Makefile. - $MAKE_COMMAND CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib - make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" - - # Check that we're getting the alternative include guards and not the - # original include guards. - programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H - programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H - programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H - programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H -} - -component_test_min_mpi_window_size () { - msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s - scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s - make test -} - -component_test_xts () { - # Component dedicated to run XTS unit test cases while XTS is not - # supported through the PSA API. - msg "build: Default + MBEDTLS_CIPHER_MODE_XTS" - - cat <<'EOF' >psa_user_config.h -#define MBEDTLS_CIPHER_MODE_XTS -#define TF_PSA_CRYPTO_CONFIG_CHECK_BYPASS -EOF - cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h" - make - - rm -f psa_user_config.h - - msg "test: Default + MBEDTLS_CIPHER_MODE_XTS" - make test -} diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh deleted file mode 100644 index 11885f8840..0000000000 --- a/tests/scripts/components-configuration-platform.sh +++ /dev/null @@ -1,124 +0,0 @@ -# components-configuration-platform.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - Platform -################################################################ - -component_build_no_std_function () { - # catch compile bugs in _uninit functions - msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s - scripts/config.py full - scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check . - make -} - -component_test_psa_driver_get_entropy() -{ - msg "build: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" - # Use hardware polling as the only source for entropy - scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY - - $MAKE_COMMAND - - # Run all the tests - msg "test: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" - $MAKE_COMMAND test -} - -component_build_no_sockets () { - # Note, C99 compliance can also be tested with the sockets support disabled, - # as that requires a POSIX platform (which isn't the same as C99). - msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. - scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY # prevent syscall() on GNU/Linux - scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib -} - -component_test_no_date_time () { - msg "build: default config without MBEDTLS_HAVE_TIME_DATE" - scripts/config.py unset MBEDTLS_HAVE_TIME_DATE - cmake -D CMAKE_BUILD_TYPE:String=Check . - make - - msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" - make test -} - -component_test_platform_calloc_macro () { - msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_PLATFORM_CALLOC_MACRO calloc - scripts/config.py set MBEDTLS_PLATFORM_FREE_MACRO free - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" - make test -} - -component_test_have_int32 () { - msg "build: gcc, force 32-bit bignum limbs" - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' - - msg "test: gcc, force 32-bit bignum limbs" - $MAKE_COMMAND test -} - -component_test_have_int64 () { - msg "build: gcc, force 64-bit bignum limbs" - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' - - msg "test: gcc, force 64-bit bignum limbs" - $MAKE_COMMAND test -} - -component_test_have_int32_cmake_new_bignum () { - msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AESCE_C - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" - - msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" - $MAKE_COMMAND test -} - -component_test_no_udbl_division () { - msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - scripts/config.py full - scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - $MAKE_COMMAND CFLAGS='-Werror -O1' - - msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - $MAKE_COMMAND test -} - -component_test_no_64bit_multiplication () { - msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - scripts/config.py full - scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - $MAKE_COMMAND CFLAGS='-Werror -O1' - - msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - $MAKE_COMMAND test -} diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh deleted file mode 100644 index 5a77c4defc..0000000000 --- a/tests/scripts/components-configuration-tls.sh +++ /dev/null @@ -1,617 +0,0 @@ -# components-configuration-tls.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - TLS -################################################################ - -component_test_config_suite_b () { - msg "build: configs/config-suite-b.h" - MBEDTLS_CONFIG="configs/config-suite-b.h" - CRYPTO_CONFIG="configs/crypto-config-suite-b.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-suite-b.h - unit tests" - make test - - msg "test: configs/config-suite-b.h - compat.sh" - tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS - - msg "build: configs/config-suite-b.h + DEBUG" - MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" - make clean - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C - make ssl-opt - - msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh" - tests/ssl-opt.sh -} - -component_test_no_renegotiation () { - msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min - scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min - tests/ssl-opt.sh -} - -component_test_tls1_2_default_stream_cipher_only () { - msg "build: default with only stream cipher use psa" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset PSA_WANT_ALG_CCM - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py unset PSA_WANT_ALG_GCM - scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) - scripts/config.py set MBEDTLS_SSL_NULL_CIPHERSUITES - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - $MAKE_COMMAND - - msg "test: default with only stream cipher use psa" - $MAKE_COMMAND test - - # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. -} - -component_test_tls1_2_default_cbc_legacy_cipher_only () { - msg "build: default with only CBC-legacy cipher use psa" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset PSA_WANT_ALG_CCM - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py unset PSA_WANT_ALG_GCM - scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy - scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) - scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - $MAKE_COMMAND - - msg "test: default with only CBC-legacy cipher use psa" - $MAKE_COMMAND test - - msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - -component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { - msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset PSA_WANT_ALG_CCM - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py unset PSA_WANT_ALG_GCM - scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy - scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING - # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) - scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - $MAKE_COMMAND - - msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" - $MAKE_COMMAND test - - msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - -component_test_config_thread () { - msg "build: configs/config-thread.h" - MBEDTLS_CONFIG="configs/config-thread.h" - CRYPTO_CONFIG="configs/crypto-config-thread.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-thread.h - unit tests" - make test - - msg "test: configs/config-thread.h - ssl-opt.sh" - tests/ssl-opt.sh -f 'ECJPAKE.*nolog' -} - -component_test_tls1_2_ccm_psk () { - msg "build: configs/config-ccm-psk-tls1_2.h" - MBEDTLS_CONFIG="configs/config-ccm-psk-tls1_2.h" - CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-ccm-psk-tls1_2.h - unit tests" - make test - - msg "test: configs/config-ccm-psk-tls1_2.h - compat.sh" - tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8' -} - -component_test_tls1_2_ccm_psk_dtls () { - msg "build: configs/config-ccm-psk-dtls1_2.h" - MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h" - CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests" - make test - - msg "test: configs/config-ccm-psk-dtls1_2.h - compat.sh" - tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8' - - msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG" - MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG" - make clean - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_DEBUG_C - scripts/config.py -f "$MBEDTLS_CONFIG" set MBEDTLS_ERROR_C - make ssl-opt - - msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh" - tests/ssl-opt.sh -} - -component_test_small_ssl_out_content_len () { - msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" - scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 - scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" - tests/ssl-opt.sh -f "Max fragment\|Large packet" -} - -component_test_small_ssl_in_content_len () { - msg "build: small SSL_IN_CONTENT_LEN (ASan build)" - scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 4096 - scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" - tests/ssl-opt.sh -f "Max fragment" -} - -component_test_small_ssl_dtls_max_buffering () { - msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" - scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" - tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" -} - -component_test_small_mbedtls_ssl_dtls_max_buffering () { - msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" - scripts/config.py set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" - tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" -} - -# Common helper for component_full_without_ecdhe_ecdsa(), -# component_full_without_ecdhe_ecdsa_and_tls13() and component_full_without_tls13 which: -# - starts from the "full" configuration minus the list of symbols passed in -# as 1st parameter -# - build -# - test only TLS (i.e. test_suite_tls and ssl-opt) -build_full_minus_something_and_test_tls () { - symbols_to_disable="$1" - filter="${2-.}" - - msg "build: full minus something, test TLS" - - scripts/config.py full - for sym in $symbols_to_disable; do - echo "Disabling $sym" - scripts/config.py unset $sym - done - - $MAKE_COMMAND - - msg "test: full minus something, test TLS" - ( cd tests; ./test_suite_ssl ) - - msg "ssl-opt: full minus something, test TLS" - tests/ssl-opt.sh -f "$filter" -} - -#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. -component_full_without_ecdhe_ecdsa () { - build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3' -} - -component_full_without_ecdhe_ecdsa_and_tls13 () { - build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - MBEDTLS_SSL_PROTO_TLS1_3" -} - -component_full_without_tls13 () { - build_full_minus_something_and_test_tls "MBEDTLS_SSL_PROTO_TLS1_3" -} - -component_build_no_ssl_srv () { - msg "build: full config except SSL server, make, gcc" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_SSL_SRV_C - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' -} - -component_build_no_ssl_cli () { - msg "build: full config except SSL client, make, gcc" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_SSL_CLI_C - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' -} - -component_test_no_max_fragment_length () { - # Run max fragment length tests with MFL disabled - msg "build: default config except MFL extension (ASan build)" # ~ 30s - scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: ssl-opt.sh, MFL-related tests" - tests/ssl-opt.sh -f "Max fragment length" -} - -component_test_asan_remove_peer_certificate () { - msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)" - scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - make test - - msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - tests/ssl-opt.sh - - msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - tests/compat.sh - - msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" - tests/context-info.sh -} - -component_test_no_max_fragment_length_small_ssl_out_content_len () { - msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" - scripts/config.py unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384 - scripts/config.py set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MFL tests (disabled MFL extension case) & large packet tests" - tests/ssl-opt.sh -f "Max fragment length\|Large buffer" - - msg "test: context-info.sh (disabled MFL extension case)" - tests/context-info.sh -} - -component_test_variable_ssl_in_out_buffer_len () { - msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)" - scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - make test - - msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - tests/ssl-opt.sh - - msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled" - tests/compat.sh -} - -component_test_ssl_alloc_buffer_and_mfl () { - msg "build: default config with memory buffer allocator and MFL extension" - scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_MEMORY_DEBUG - scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH - cmake -DCMAKE_BUILD_TYPE:String=Release . - make - - msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - make test - - msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH" - tests/ssl-opt.sh -f "Handshake memory usage" -} - -component_test_when_no_ciphersuites_have_mac () { - msg "build: when no ciphersuites have MAC" - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py unset PSA_WANT_ALG_CMAC - scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - - scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES - - $MAKE_COMMAND - - msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" - $MAKE_COMMAND test - - msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" - tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' -} - -component_test_tls12_only () { - msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_3, cmake, gcc, ASan" - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (ASan build)" - make test - - msg "test: ssl-opt.sh (ASan build)" - tests/ssl-opt.sh - - msg "test: compat.sh (ASan build)" - tests/compat.sh -} - -component_test_tls13_only () { - msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2" - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT - - scripts/config.py set MBEDTLS_TEST_HOOKS - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test: TLS 1.3 only, all key exchange modes enabled" - $MAKE_COMMAND test - - msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" - tests/ssl-opt.sh -} - -component_test_tls13_only_psk () { - msg "build: TLS 1.3 only from default, only PSK key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py unset PSA_WANT_ALG_ECDH - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py unset PSA_WANT_ALG_RSA_PSS - scripts/config.py unset PSA_WANT_ALG_FFDH - scripts/config.py unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY - scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC - scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT - scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT - scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE - scripts/config.py unset PSA_WANT_DH_RFC7919_2048 - scripts/config.py unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only PSK key exchange mode enabled" - tests/ssl-opt.sh -} - -component_test_tls13_only_ephemeral () { - msg "build: TLS 1.3 only from default, only ephemeral key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only ephemeral key exchange mode" - tests/ssl-opt.sh -} - -#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. -component_test_tls13_only_ephemeral_ffdh () { - msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py unset PSA_WANT_ALG_ECDH - - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_tls13_only_psk_ephemeral () { - msg "build: TLS 1.3 only from default, only PSK ephemeral key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py unset PSA_WANT_ALG_RSA_PSS - - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral key exchange mode" - tests/ssl-opt.sh -} - -component_test_tls13_only_psk_ephemeral_ffdh () { - msg "build: TLS 1.3 only from default, only PSK ephemeral ffdh key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py unset PSA_WANT_ALG_ECDH - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py unset PSA_WANT_ALG_RSA_PSS - - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" - tests/ssl-opt.sh -} - -component_test_tls13_only_psk_all () { - msg "build: TLS 1.3 only from default, without ephemeral key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py unset PSA_WANT_ALG_RSA_PSS - - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" - tests/ssl-opt.sh -} - -component_test_tls13_only_ephemeral_all () { - msg "build: TLS 1.3 only from default, without PSK key exchange mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - - scripts/config.py set MBEDTLS_TEST_HOOKS - $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" - - msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" - cd tests; ./test_suite_ssl; cd .. - - msg "ssl-opt.sh: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" - tests/ssl-opt.sh -} - -component_test_tls13_no_padding () { - msg "build: default config plus early data minus padding" - scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - msg "test: default config plus early data minus padding" - make test - msg "ssl-opt.sh (TLS 1.3 no padding)" - tests/ssl-opt.sh -} - -component_test_tls13_no_compatibility_mode () { - msg "build: default config plus early data minus middlebox compatibility mode" - scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - scripts/config.py set MBEDTLS_SSL_EARLY_DATA - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - msg "test: default config plus early data minus middlebox compatibility mode" - make test - msg "ssl-opt.sh (TLS 1.3 no compatibility mode)" - tests/ssl-opt.sh -} - -component_test_full_minus_session_tickets () { - msg "build: full config without session tickets" - scripts/config.py full - scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS - scripts/config.py unset MBEDTLS_SSL_EARLY_DATA - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - msg "test: full config without session tickets" - make test - msg "ssl-opt.sh (full config without session tickets)" - tests/ssl-opt.sh -} - -component_test_depends_py_kex () { - msg "test/build: depends.py kex (gcc)" - tests/scripts/depends.py kex -} - - diff --git a/tests/scripts/components-configuration-x509.sh b/tests/scripts/components-configuration-x509.sh deleted file mode 100644 index 8010a2a2e6..0000000000 --- a/tests/scripts/components-configuration-x509.sh +++ /dev/null @@ -1,35 +0,0 @@ -# components-configuration-x509.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing - X509 -################################################################ - -component_test_no_x509_info () { - msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s - scripts/config.py full - scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests - scripts/config.py set MBEDTLS_X509_REMOVE_INFO - $MAKE_COMMAND CFLAGS='-Werror -O2' - - msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s - $MAKE_COMMAND test - - msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min - tests/ssl-opt.sh -} - -component_test_sw_inet_pton () { - msg "build: default plus MBEDTLS_TEST_SW_INET_PTON" - - # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton - scripts/config.py set MBEDTLS_TEST_HOOKS - $MAKE_COMMAND CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" - - msg "test: default plus MBEDTLS_TEST_SW_INET_PTON" - $MAKE_COMMAND test -} diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh deleted file mode 100644 index 89104a3bab..0000000000 --- a/tests/scripts/components-configuration.sh +++ /dev/null @@ -1,354 +0,0 @@ -# components-configuration.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Configuration Testing -################################################################ - -component_test_default_out_of_box () { - msg "build: make, default config (out-of-box)" # ~1min - $MAKE_COMMAND - # Disable fancy stuff - unset MBEDTLS_TEST_OUTCOME_FILE - - msg "test: main suites make, default config (out-of-box)" # ~10s - $MAKE_COMMAND test - - msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~10s - tests/scripts/run_demos.py -} - -component_test_default_cmake_gcc_asan () { - msg "build: cmake, gcc, ASan" # ~ 1 min 50s - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "program demos (ASan build)" # ~10s - tests/scripts/run_demos.py - - msg "test: selftest (ASan build)" # ~ 10s - programs/test/selftest - - msg "test: metatests (GCC, ASan build)" - tests/scripts/run-metatests.sh any asan poison - - msg "test: ssl-opt.sh (ASan build)" # ~ 1 min - tests/ssl-opt.sh - - msg "test: compat.sh (ASan build)" # ~ 6 min - tests/compat.sh - - msg "test: context-info.sh (ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_default_cmake_gcc_asan_new_bignum () { - msg "build: cmake, gcc, ASan" # ~ 1 min 50s - scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s - make test - - msg "test: selftest (ASan build)" # ~ 10s - programs/test/selftest - - msg "test: ssl-opt.sh (ASan build)" # ~ 1 min - tests/ssl-opt.sh - - msg "test: compat.sh (ASan build)" # ~ 6 min - tests/compat.sh - - msg "test: context-info.sh (ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_full_cmake_gcc_asan () { - msg "build: full config, cmake, gcc, ASan" - scripts/config.py full - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (full config, ASan build)" - make test - - msg "test: selftest (full config, ASan build)" # ~ 10s - programs/test/selftest - - msg "test: ssl-opt.sh (full config, ASan build)" - tests/ssl-opt.sh - - # Note: the next two invocations cover all compat.sh test cases. - # We should use the same here and in basic-build-test.sh. - msg "test: compat.sh: default version (full config, ASan build)" - tests/compat.sh -e 'ARIA\|CHACHA' - - msg "test: compat.sh: next: ARIA, Chacha (full config, ASan build)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' - - msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec - tests/context-info.sh -} - -component_test_full_cmake_gcc_asan_new_bignum () { - msg "build: full config, cmake, gcc, ASan" - scripts/config.py full - scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: main suites (inc. selftests) (full config, new bignum, ASan)" - make test - - msg "test: selftest (full config, new bignum, ASan)" # ~ 10s - programs/test/selftest - - msg "test: ssl-opt.sh (full config, new bignum, ASan)" - tests/ssl-opt.sh - - # Note: the next two invocations cover all compat.sh test cases. - # We should use the same here and in basic-build-test.sh. - msg "test: compat.sh: default version (full config, new bignum, ASan)" - tests/compat.sh -e 'ARIA\|CHACHA' - - msg "test: compat.sh: next: ARIA, Chacha (full config, new bignum, ASan)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' - - msg "test: context-info.sh (full config, new bignum, ASan)" # ~ 15 sec - tests/context-info.sh -} - -component_test_full_cmake_clang () { - msg "build: cmake, full config, clang" # ~ 50s - scripts/config.py full - CC=clang CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Release \ - -D ENABLE_TESTING=On -D TEST_CPP=1 . - make - - msg "test: main suites (full config, clang)" # ~ 5s - make test - - msg "test: cpp_dummy_build (full config, clang)" # ~ 1s - programs/test/cpp_dummy_build - - msg "test: metatests (clang)" - tests/scripts/run-metatests.sh any pthread - - msg "program demos (full config, clang)" # ~10s - tests/scripts/run_demos.py - - msg "test: psa_constant_names (full config, clang)" # ~ 1s - $FRAMEWORK/scripts/test_psa_constant_names.py - - msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s - tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' -} - -component_test_default_no_deprecated () { - # Test that removing the deprecated features from the default - # configuration leaves something consistent. - msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s - scripts/config.py set MBEDTLS_DEPRECATED_REMOVED - $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' - - msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s - $MAKE_COMMAND test -} - -component_test_full_no_deprecated () { - msg "build: make, full_no_deprecated config" # ~ 30s - scripts/config.py full_no_deprecated - $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' - - msg "test: make, full_no_deprecated config" # ~ 5s - $MAKE_COMMAND test - - msg "test: ensure that X509 has no direct dependency on BIGNUM_C" - not grep mbedtls_mpi library/libmbedx509.a -} - -component_test_full_no_deprecated_deprecated_warning () { - # Test that there is nothing deprecated in "full_no_deprecated". - # A deprecated feature would trigger a warning (made fatal) from - # MBEDTLS_DEPRECATED_WARNING. - msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s - scripts/config.py full_no_deprecated - scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED - scripts/config.py set MBEDTLS_DEPRECATED_WARNING - $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' - - msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s - $MAKE_COMMAND test -} - -component_test_full_deprecated_warning () { - # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes - # with only certain whitelisted types of warnings. - msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s - scripts/config.py full - scripts/config.py set MBEDTLS_DEPRECATED_WARNING - # Expect warnings from '#warning' directives in check_config.h. - # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to - # display #warning messages without them being treated as errors. - $MAKE_COMMAND CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs - - msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s - # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. - # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. - # Expect warnings from '#warning' directives in check_config.h and - # from the use of deprecated functions in test suites. - $MAKE_COMMAND CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests - - msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s - $MAKE_COMMAND test - - msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s - tests/scripts/run_demos.py -} - -component_build_baremetal () { - msg "build: make, baremetal config" - scripts/config.py baremetal - $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" -} - -support_build_baremetal () { - # Older Glibc versions include time.h from other headers such as stdlib.h, - # which makes the no-time.h-in-baremetal check fail. Ubuntu 16.04 has this - # problem, Ubuntu 18.04 is ok. - ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h -} - -component_build_tfm () { - # Check that the TF-M configuration can build cleanly with various - # warning flags enabled. We don't build or run tests, since the - # TF-M configuration needs a TF-M platform. A tweaked version of - # the configuration that works on mainstream platforms is in - # configs/config-tfm.h, tested via test-ref-configs.pl. - cp configs/config-tfm.h "$CONFIG_H" - cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - - msg "build: TF-M config, clang, armv7-m thumb2" - $MAKE_COMMAND lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" - - msg "build: TF-M config, gcc native build" - $MAKE_COMMAND clean - $MAKE_COMMAND lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe" -} - -component_test_malloc_0_null () { - msg "build: malloc(0) returns NULL (ASan+UBSan build)" - scripts/config.py full - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: malloc(0) returns NULL (ASan+UBSan build)" - $MAKE_COMMAND test - - msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" - # Just the calloc selftest. "make test" ran the others as part of the - # test suites. - programs/test/selftest calloc - - msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)" - # Run a subset of the tests. The choice is a balance between coverage - # and time (including time indirectly wasted due to flaky tests). - # The current choice is to skip tests whose description includes - # "proxy", which is an approximation of skipping tests that use the - # UDP proxy, which tend to be slower and flakier. - tests/ssl-opt.sh -e 'proxy' -} - -component_test_no_platform () { - # Full configuration build, without platform support, file IO and net sockets. - # This should catch missing mbedtls_printf definitions, and by disabling file - # IO, it should catch missing '#include ' - msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s - scripts/config.py full_no_platform - scripts/config.py unset MBEDTLS_PLATFORM_C - scripts/config.py unset MBEDTLS_NET_C - scripts/config.py unset MBEDTLS_FS_IO - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - # Use the test alternative implementation of mbedtls_platform_get_entropy() - # which is provided in "framework/tests/src/fake_external_rng_for_test.c" - # since the default one is excluded in this scenario. - scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY - scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY - # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, - # to re-enable platform integration features otherwise disabled in C99 builds - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test -} - -component_build_mbedtls_config_file () { - msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s - scripts/config.py -w full_config.h full - echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" - $MAKE_COMMAND CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" - # Make sure this feature is enabled. We'll disable it in the next phase. - programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - $MAKE_COMMAND clean - - msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE" - # In the user config, disable one feature (for simplicity, pick a feature - # that nothing else depends on). - echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - $MAKE_COMMAND CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" - not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - - rm -f user_config.h full_config.h -} - -component_test_no_strings () { - msg "build: no strings" # ~10s - scripts/config.py full - # Disable options that activate a large amount of string constants. - scripts/config.py unset MBEDTLS_DEBUG_C - scripts/config.py unset MBEDTLS_ERROR_C - scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY - scripts/config.py unset MBEDTLS_VERSION_FEATURES - $MAKE_COMMAND CFLAGS='-Werror -Os' - - msg "test: no strings" # ~ 10s - $MAKE_COMMAND test -} - -component_test_memory_buffer_allocator_backtrace () { - msg "build: default config with memory buffer allocator and backtrace enabled" - scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_MEMORY_BACKTRACE - scripts/config.py set MBEDTLS_MEMORY_DEBUG - cmake -DCMAKE_BUILD_TYPE:String=Release . - make - - msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE" - make test -} - -component_test_memory_buffer_allocator () { - msg "build: default config with memory buffer allocator" - scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - cmake -DCMAKE_BUILD_TYPE:String=Release . - make - - msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C" - make test - - msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C" - # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. - tests/ssl-opt.sh -e '^DTLS proxy' -} diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh deleted file mode 100644 index d6eef6f781..0000000000 --- a/tests/scripts/components-platform.sh +++ /dev/null @@ -1,588 +0,0 @@ -# components-platform.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Platform Testing -################################################################ - -component_test_m32_no_asm () { - # Build without assembly, so as to use portable C code (in a 32-bit - # build) and not the i386-specific inline assembly. - # - # Note that we require gcc, because clang Asan builds fail to link for - # this target (cannot find libclang_rt.lsan-i386.a - this is a known clang issue). - msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - - msg "test: i386, make, gcc, no asm (ASan build)" - $MAKE_COMMAND test -} - -support_test_m32_no_asm () { - case $(uname -m) in - amd64|x86_64) true;; - *) false;; - esac -} - -component_test_m32_o2 () { - # Build with optimization, to use the i386 specific inline assembly - # and go faster for tests. - msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s - scripts/config.py full - scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - - msg "test: i386, make, gcc -O2 (ASan build)" - $MAKE_COMMAND test - - msg "test ssl-opt.sh, i386, make, gcc-O2" - tests/ssl-opt.sh -} - -support_test_m32_o2 () { - support_test_m32_no_asm "$@" -} - -component_test_m32_everest () { - msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - - msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s - $MAKE_COMMAND test - - msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f ECDH - - msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min - # Exclude some symmetric ciphers that are redundant here to gain time. - tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' -} - -support_test_m32_everest () { - support_test_m32_no_asm "$@" -} - -component_test_mx32 () { - msg "build: 64-bit ILP32, make, gcc" # ~ 30s - scripts/config.py full - $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' - - msg "test: 64-bit ILP32, make, gcc" - $MAKE_COMMAND test -} - -support_test_mx32 () { - case $(uname -m) in - amd64|x86_64) true;; - *) false;; - esac -} - -support_test_aesni () { - # Check that gcc targets x86_64 (we can build AESNI), and check for - # AESNI support on the host (we can run AESNI). - # - # The name of this function is possibly slightly misleading, but needs to align - # with the name of the corresponding test, component_test_aesni. - # - # In principle 32-bit x86 can support AESNI, but our implementation does not - # support 32-bit x86, so we check for x86-64. - # We can only grep /proc/cpuinfo on Linux, so this also checks for Linux - (gcc -v 2>&1 | grep Target | grep -q x86_64) && - [[ "$HOSTTYPE" == "x86_64" && "$OSTYPE" == "linux-gnu" ]] && - (lscpu | grep -qw aes) -} - -component_test_aesni () { # ~ 60s - # This tests the two AESNI implementations (intrinsics and assembly), and also the plain C - # fallback. It also tests the logic that is used to select which implementation(s) to build. - # - # This test does not require the host to have support for AESNI (if it doesn't, the run-time - # AESNI detection will fallback to the plain C implementation, so the tests will instead - # exercise the plain C impl). - - msg "build: default config with different AES implementations" - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - scripts/config.py set MBEDTLS_HAVE_ASM - - # test the intrinsics implementation - msg "AES tests, test intrinsics" - $MAKE_COMMAND clean - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - # check that the intrinsics implementation is in use - this should be used by default when - # supported by the compiler - ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" - - # test the asm implementation - msg "AES tests, test assembly" - $MAKE_COMMAND clean - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - # check that the assembly implementation is in use - this should be used if the compiler - # does not support intrinsics - ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI ASSEMBLY" - - # test the plain C implementation - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - msg "AES tests, plain C" - $MAKE_COMMAND clean - $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror' - # check that the plain C implementation is present and the AESNI one is not - grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o - not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o - # check that the built-in software implementation is in use - ./tf-psa-crypto/programs/test/which_aes | grep -q "SOFTWARE" - - # test the AESNI implementation - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - msg "AES tests, test AESNI only" - $MAKE_COMMAND clean - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - # check that the AESNI implementation is present and the plain C one is not - grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o - not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o - ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" -} - -support_test_aesni_m32 () { - support_test_m32_no_asm && (lscpu | grep -qw aes) -} - -component_test_aesni_m32 () { # ~ 60s - # This tests are duplicated from component_test_aesni for i386 target - # - # AESNI intrinsic code supports i386 and assembly code does not support it. - - msg "build: default config with different AES implementations" - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - scripts/config.py set MBEDTLS_HAVE_ASM - - # test the intrinsics implementation with gcc - msg "AES tests, test intrinsics (gcc)" - $MAKE_COMMAND clean - $MAKE_COMMAND CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" - # check that both the AESNI and plain C implementations are present - grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o - grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o - grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes - - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - msg "AES tests, test AESNI only" - $MAKE_COMMAND clean - $MAKE_COMMAND CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' - ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" - # check that the AESNI implementation is present and the plain C one is not - grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o - not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o - not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes -} - -support_test_aesni_m32_clang () { - # clang >= 4 is required to build with target attributes - support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]] -} - -component_test_aesni_m32_clang () { - - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - scripts/config.py set MBEDTLS_HAVE_ASM - - # test the intrinsics implementation with clang - msg "AES tests, test intrinsics (clang)" - $MAKE_COMMAND clean - $MAKE_COMMAND CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" - # check that both the AESNI and plain C implementations are present - grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o - grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o - grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes -} - -support_build_aes_armce () { - # clang >= 11 is required to build with AES extensions - [[ $(clang_version) -ge 11 ]] -} - -component_build_aes_armce () { - # Test variations of AES with Armv8 crypto extensions - scripts/config.py set MBEDTLS_AESCE_C - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - - msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "clang, test aarch64 crypto instructions built" - grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "clang, test A32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "clang, test T32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - - msg "MBEDTLS_AES_USE_both, clang, aarch64" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "clang, test aarch64 crypto instructions built" - grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_both, clang, arm" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "clang, test A32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "MBEDTLS_AES_USE_both, clang, thumb" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "clang, test T32 crypto instructions built" - grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - scripts/config.py unset MBEDTLS_AESCE_C - - msg "no MBEDTLS_AESCE_C, clang, aarch64" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" - msg "clang, test aarch64 crypto instructions not built" - not grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "no MBEDTLS_AESCE_C, clang, arm" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" - msg "clang, test A32 crypto instructions not built" - not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s - - msg "no MBEDTLS_AESCE_C, clang, thumb" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" - msg "clang, test T32 crypto instructions not built" - not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s -} - -support_build_sha_armce () { - # clang >= 4 is required to build with SHA extensions - [[ $(clang_version) -ge 4 ]] -} - -component_build_sha_armce () { - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - # Test variations of SHA256 Armv8 crypto extensions - scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test aarch64 crypto instructions built" - grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test A32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY - - scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, test aarch64 crypto instructions built" - grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - # examine the disassembly for absence of SHA instructions - msg "clang, test A32 crypto instructions not built" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" - not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - - msg "clang, test T32 crypto instructions not built" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" - not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - - msg "clang, test aarch64 crypto instructions not built" - $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" - not grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s -} - -component_test_arm_linux_gnueabi_gcc_arm5vte () { - # Mimic Debian armel port - msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, default config" # ~4m - $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' - - msg "test: main suites make, default config (out-of-box)" # ~7m 40s - $MAKE_COMMAND test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabi_gcc_arm5vte () { - can_run_arm_linux_gnueabi -} - -# The hard float ABI is not implemented for Thumb 1, so use gnueabi -# Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os -component_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { - msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -O0, thumb 1, default config" # ~2m 10s - $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb' - - msg "test: main suites make, default config (out-of-box)" # ~36m - $MAKE_COMMAND test - - msg "selftest: make, default config (out-of-box)" # ~10s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { - can_run_arm_linux_gnueabi -} - -component_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { - msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -Os, thumb 1, default config" # ~3m 10s - $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb' - - msg "test: main suites make, default config (out-of-box)" # ~21m 10s - $MAKE_COMMAND test - - msg "selftest: make, default config (out-of-box)" # ~2s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { - can_run_arm_linux_gnueabi -} - -component_test_arm_linux_gnueabihf_gcc_armv7 () { - msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -O2, A32, default config" # ~4m 30s - $MAKE_COMMAND CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm' - - msg "test: main suites make, default config (out-of-box)" # ~3m 30s - $MAKE_COMMAND test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabihf_gcc_armv7 () { - can_run_arm_linux_gnueabihf -} - -component_test_arm_linux_gnueabihf_gcc_thumb_2 () { - msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -Os, thumb 2, default config" # ~4m - $MAKE_COMMAND CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb' - - msg "test: main suites make, default config (out-of-box)" # ~3m 40s - $MAKE_COMMAND test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_arm_linux_gnueabihf_gcc_thumb_2 () { - can_run_arm_linux_gnueabihf -} - -component_test_aarch64_linux_gnu_gcc () { - msg "test: ${AARCH64_LINUX_GNU_GCC_PREFIX}gcc -O2, default config" # ~3m 50s - $MAKE_COMMAND CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2' - - msg "test: main suites make, default config (out-of-box)" # ~1m 50s - $MAKE_COMMAND test - - msg "selftest: make, default config (out-of-box)" # ~0s - programs/test/selftest - - msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py -} - -support_test_aarch64_linux_gnu_gcc () { - # Minimum version of GCC for MBEDTLS_AESCE_C is 6.0 - [ "$(gcc_version "${AARCH64_LINUX_GNU_GCC_PREFIX}gcc")" -ge 6 ] && can_run_aarch64_linux_gnu -} - -component_build_arm_none_eabi_gcc () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s - scripts/config.py baremetal - $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib - - msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_linux_gnueabi_gcc_arm5vte () { - msg "build: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s - scripts/config.py baremetal - # Build for a target platform that's close to what Debian uses - # for its "armel" distribution (https://wiki.debian.org/ArmEabiPort). - # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments. - # Build everything including programs, see for example - # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720 - $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' - - msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o -} - -support_build_arm_linux_gnueabi_gcc_arm5vte () { - type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 -} - -component_build_arm_none_eabi_gcc_arm5vte () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte, baremetal+debug" # ~ 10s - scripts/config.py baremetal - # This is an imperfect substitute for - # component_build_arm_linux_gnueabi_gcc_arm5vte - # in case the gcc-arm-linux-gnueabi toolchain is not available - $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib - - msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_none_eabi_gcc_m0plus () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s - scripts/config.py baremetal_size - $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib - - msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" - ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o - for lib in library/*.a; do - echo "$lib:" - ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS - done -} - -component_build_arm_none_eabi_gcc_no_udbl_division () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s - scripts/config.py baremetal - scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib - echo "Checking that software 64-bit division is not required" - not grep __aeabi_uldiv library/*.o - not grep __aeabi_uldiv ${PSA_CORE_PATH}/*.o - not grep __aeabi_uldiv ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_none_eabi_gcc_no_64bit_multiplication () { - msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s - scripts/config.py baremetal - scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib - echo "Checking that software 64-bit multiplication is not required" - not grep __aeabi_lmul library/*.o - not grep __aeabi_lmul ${PSA_CORE_PATH}/*.o - not grep __aeabi_lmul ${BUILTIN_SRC_PATH}/*.o -} - -component_build_arm_clang_thumb () { - # ~ 30s - - scripts/config.py baremetal - - msg "build: clang thumb 2, make" - $MAKE_COMMAND clean - $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib - - # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os - msg "build: clang thumb 1 -O0, make" - $MAKE_COMMAND clean - $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib - - msg "build: clang thumb 1 -Os, make" - $MAKE_COMMAND clean - $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib -} - -component_build_armcc () { - # Common configuration for all the builds below - scripts/config.py baremetal - - # armc[56] don't support SHA-512 intrinsics - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - - # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm - scripts/config.py unset MBEDTLS_AESCE_C - - # Stop armclang warning about feature detection for A64_CRYPTO. - # With this enabled, the library does build correctly under armclang, - # but in baremetal builds (as tested here), feature detection is - # unavailable, and the user is notified via a #warning. So enabling - # this feature would prevent us from building with -Werror on - # armclang. Tracked in #7198. - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - scripts/config.py set MBEDTLS_HAVE_ASM - - # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0. - - # ARM Compiler 6 - Target ARMv7-A - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a" - - # ARM Compiler 6 - Target ARMv7-M - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m" - - # ARM Compiler 6 - Target ARMv7-M+DSP - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp" - - # ARM Compiler 6 - Target ARMv8-A - AArch32 - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a" - - # ARM Compiler 6 - Target ARMv8-M - helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main" - - # ARM Compiler 6 - Target Cortex-M0 - no optimisation - helper_armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" - - # ARM Compiler 6 - Target Cortex-M0 - helper_armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" - - # ARM Compiler 6 - Target ARMv8.2-A - AArch64 - # - # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang - # that we have in our CI - scripts/config.py set MBEDTLS_AESCE_C - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" -} - -support_build_armcc () { - armc6_cc="$ARMC6_BIN_DIR/armclang" - (check_tools "$armc6_cc" > /dev/null 2>&1) -} diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh deleted file mode 100644 index e3952c5095..0000000000 --- a/tests/scripts/components-psasim.sh +++ /dev/null @@ -1,99 +0,0 @@ -# components-psasim.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Remote Procedure Call PSA Testing -################################################################ - -# Helper function for controlling (start & stop) the psasim server. -helper_psasim_server() { - OPERATION=$1 - if [ "$OPERATION" == "start" ]; then - msg "start server in tests" - ( - cd tests - ../$PSASIM_PATH/test/start_server.sh - ) - msg "start server in tf-psa-crypto/tests" - ( - cd tf-psa-crypto/tests - ../../$PSASIM_PATH/test/start_server.sh - ) - else - msg "terminate server in tests" - ( - # This will kill both servers and clean up all the message queues, - # and clear temporary files in tests - cd tests - ../$PSASIM_PATH/test/kill_servers.sh - ) - msg "terminate server in tf-psa-crypto/tests" - ( - # This just clears temporary files in tf-psa-crypto/tests - cd tf-psa-crypto/tests - ../../$PSASIM_PATH/test/kill_servers.sh - ) - fi -} - -component_test_psasim() { - msg "build server library and application" - scripts/config.py crypto - helper_psasim_config server - helper_psasim_build server - - helper_psasim_cleanup_before_client - - msg "build library for client" - helper_psasim_config client - helper_psasim_build client - - msg "build basic psasim client" - make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base - msg "test basic psasim client" - $PSASIM_PATH/test/run_test.sh psa_client_base - - msg "build full psasim client" - make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_full - msg "test full psasim client" - $PSASIM_PATH/test/run_test.sh psa_client_full - - helper_psasim_server kill - make -C $PSASIM_PATH clean -} - -component_test_suite_with_psasim() -{ - msg "build server library and application" - helper_psasim_config server - # Modify server's library configuration here (if needed) - helper_psasim_build server - - helper_psasim_cleanup_before_client - - msg "build client library" - helper_psasim_config client - # PAKE functions are still unsupported from PSASIM - scripts/config.py unset PSA_WANT_ALG_JPAKE - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - helper_psasim_build client - - msg "build test suites" - $MAKE_COMMAND PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests - - helper_psasim_server start - - # psasim takes an extremely long execution time on some test suites so we - # exclude them from the list. - SKIP_TEST_SUITES="constant_time_hmac,lmots,lms" - export SKIP_TEST_SUITES - - msg "run test suites" - $MAKE_COMMAND PSASIM=1 test - - helper_psasim_server kill -} diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh deleted file mode 100644 index 26b149f69e..0000000000 --- a/tests/scripts/components-sanitizers.sh +++ /dev/null @@ -1,188 +0,0 @@ -# components-sanitizers.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Sanitizer Testing -################################################################ - -skip_suites_without_constant_flow () { - # Skip the test suites that don't have any constant-flow annotations. - # This will need to be adjusted if we ever start declaring things as - # secret from macros or functions inside framework/tests/include or framework/tests/src. - SKIP_TEST_SUITES=$( - git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' | - sed 's/test_suite_//; s/\.function$//' | - tr '\n' ,),$( - git -C tf-psa-crypto/tests/suites grep -L TEST_CF_ 'test_suite_*.function' | - sed 's/test_suite_//; s/\.function$//' | - tr '\n' ,) - export SKIP_TEST_SUITES -} - -skip_all_except_given_suite () { - # Skip all but the given test suite - SKIP_TEST_SUITES=$( - ls -1 tests/suites/test_suite_*.function | - grep -v $1.function | - sed 's/tests.suites.test_suite_//; s/\.function$//' | - tr '\n' ,),$( - ls -1 tf-psa-crypto/tests/suites/test_suite_*.function | - grep -v $1.function | - sed 's/tf-psa-crypto.tests.suites.test_suite_//; s/\.function$//' | - tr '\n' ,) - export SKIP_TEST_SUITES -} - -component_test_memsan_constant_flow_psa () { - # This tests both (1) accesses to undefined memory, and (2) branches or - # memory access depending on secret values. To distinguish between those: - # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist? - # - or alternatively, change the build type to MemSanDbg, which enables - # origin tracking and nicer stack traces (which are useful for debugging - # anyway), and check if the origin was TEST_CF_SECRET() or something else. - msg "build: cmake MSan (clang), full config with constant flow testing" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm - scripts/config.py unset MBEDTLS_HAVE_ASM - CC=clang cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=MemSan . - make - - msg "test: main suites (Msan + constant flow)" - make test -} - -component_release_test_valgrind_constant_flow_no_asm () { - # This tests both (1) everything that valgrind's memcheck usually checks - # (heap buffer overflows, use of uninitialized memory, use-after-free, - # etc.) and (2) branches or memory access depending on secret values, - # which will be reported as uninitialized memory. To distinguish between - # secret and actually uninitialized: - # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? - # - or alternatively, build with debug info and manually run the offending - # test suite with valgrind --track-origins=yes, then check if the origin - # was TEST_CF_SECRET() or something else. - msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_HAVE_ASM - skip_suites_without_constant_flow - cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - # this only shows a summary of the results (how many of each type) - # details are left in Testing//DynamicAnalysis.xml - msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" - make memcheck -} - -component_release_test_valgrind_constant_flow_psa () { - # This tests both (1) everything that valgrind's memcheck usually checks - # (heap buffer overflows, use of uninitialized memory, use-after-free, - # etc.) and (2) branches or memory access depending on secret values, - # which will be reported as uninitialized memory. To distinguish between - # secret and actually uninitialized: - # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist? - # - or alternatively, build with debug info and manually run the offending - # test suite with valgrind --track-origins=yes, then check if the origin - # was TEST_CF_SECRET() or something else. - msg "build: cmake release GCC, full config with constant flow testing" - scripts/config.py full - scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - skip_suites_without_constant_flow - cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - # this only shows a summary of the results (how many of each type) - # details are left in Testing//DynamicAnalysis.xml - msg "test: some suites (valgrind + constant flow)" - make memcheck -} - -component_test_tsan () { - msg "build: TSan (clang)" - scripts/config.py full - scripts/config.py set MBEDTLS_THREADING_C - scripts/config.py set MBEDTLS_THREADING_PTHREAD - # Self-tests do not currently use multiple threads. - scripts/config.py unset MBEDTLS_SELF_TEST - # Interruptible ECC tests are not thread safe - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . - make - - msg "test: main suites (TSan)" - make test -} - -component_test_memsan () { - msg "build: MSan (clang)" # ~ 1 min 20s - scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm - scripts/config.py unset MBEDTLS_HAVE_ASM - CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . - make - - msg "test: main suites (MSan)" # ~ 10s - make test - - msg "test: metatests (MSan)" - tests/scripts/run-metatests.sh any msan - - msg "program demos (MSan)" # ~20s - tests/scripts/run_demos.py - - msg "test: ssl-opt.sh (MSan)" # ~ 1 min - tests/ssl-opt.sh - - # Optional part(s) - - if [ "$MEMORY" -gt 0 ]; then - msg "test: compat.sh (MSan)" # ~ 6 min 20s - tests/compat.sh - fi -} - -component_release_test_valgrind () { - msg "build: Release (clang)" - # default config - CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - msg "test: main suites, Valgrind (default config)" - make memcheck - - # Optional parts (slow; currently broken on OS X because programs don't - # seem to receive signals under valgrind on OS X). - # These optional parts don't run on the CI. - if [ "$MEMORY" -gt 0 ]; then - msg "test: ssl-opt.sh --memcheck (default config)" - tests/ssl-opt.sh --memcheck - fi - - if [ "$MEMORY" -gt 1 ]; then - msg "test: compat.sh --memcheck (default config)" - tests/compat.sh --memcheck - fi - - if [ "$MEMORY" -gt 0 ]; then - msg "test: context-info.sh --memcheck (default config)" - tests/context-info.sh --memcheck - fi -} - -component_release_test_valgrind_psa () { - msg "build: Release, full (clang)" - # full config - scripts/config.py full - CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . - make - - msg "test: main suites, Valgrind (full config)" - make memcheck -} diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py deleted file mode 100755 index bf401e0675..0000000000 --- a/tests/scripts/depends.py +++ /dev/null @@ -1,631 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -""" -Test Mbed TLS with a subset of algorithms. - -This script can be divided into several steps: - -First, include/mbedtls/mbedtls_config.h or a different config file passed -in the arguments is parsed to extract any configuration options (using config.py). - -Then, test domains (groups of jobs, tests) are built based on predefined data -collected in the DomainData class. Here, each domain has five major traits: -- domain name, can be used to run only specific tests via command-line; -- configuration building method, described in detail below; -- list of symbols passed to the configuration building method; -- commands to be run on each job (only build, build and test, or any other custom); -- optional list of symbols to be excluded from testing. - -The configuration building method can be one of the three following: - -- ComplementaryDomain - build a job for each passed symbol by disabling a single - symbol and its reverse dependencies (defined in REVERSE_DEPENDENCIES); - -- ExclusiveDomain - build a job where, for each passed symbol, only this particular - one is defined and other symbols from the list are unset. For each job look for - any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not - direct dependencies, but rather non-trivial results of other configs missing. Then - look for any unset symbols and handle their reverse dependencies. - Examples of EXCLUSIVE_GROUPS usage: - - PSA_WANT_ALG_SHA_512 job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C - requires either SHA256 or SHA384 to work, so it also has to be disabled. - This is not a dependency on SHA512, but a result of an exclusive domain - config building method. Relevant field: - 'PSA_WANT_ALG_SHA_512': ['-MBEDTLS_SSL_COOKIE_C'], - -- DualDomain - combination of the two above - both complementary and exclusive domain - job generation code will be run. Currently only used for hashes. - -Lastly, the collected jobs are executed and (optionally) tested, with -error reporting and coloring as configured in options. Each test starts with -a full config without a couple of slowing down or unnecessary options -(see set_reference_config), then the specific job config is derived. -""" -import argparse -import os -import re -import subprocess -import sys -import traceback -from typing import Union - -# Add the Mbed TLS Python library directory to the module search path -import scripts_path # pylint: disable=unused-import -import config -from mbedtls_framework import c_build_helper -from mbedtls_framework import crypto_knowledge -from mbedtls_framework import psa_information - -class Colors: # pylint: disable=too-few-public-methods - """Minimalistic support for colored output. -Each field of an object of this class is either None if colored output -is not possible or not desired, or a pair of strings (start, stop) such -that outputting start switches the text color to the desired color and -stop switches the text color back to the default.""" - red = None - green = None - cyan = None - bold_red = None - bold_green = None - def __init__(self, options=None): - """Initialize color profile according to passed options.""" - if not options or options.color in ['no', 'never']: - want_color = False - elif options.color in ['yes', 'always']: - want_color = True - else: - want_color = sys.stderr.isatty() - if want_color: - # Assume ANSI compatible terminal - normal = '\033[0m' - self.red = ('\033[31m', normal) - self.green = ('\033[32m', normal) - self.cyan = ('\033[36m', normal) - self.bold_red = ('\033[1;31m', normal) - self.bold_green = ('\033[1;32m', normal) -NO_COLORS = Colors(None) - -def log_line(text, prefix='depends.py:', suffix='', color=None): - """Print a status message.""" - if color is not None: - prefix = color[0] + prefix - suffix = suffix + color[1] - sys.stderr.write(prefix + ' ' + text + suffix + '\n') - sys.stderr.flush() - -def log_command(cmd): - """Print a trace of the specified command. -cmd is a list of strings: a command name and its arguments.""" - log_line(' '.join(cmd), prefix='+') - -def option_exists(conf, option): - return option in conf.settings - -def set_config_option_value(conf, option, colors, value: Union[bool, str]): - """Set/unset a configuration option, optionally specifying a value. -value can be either True/False (set/unset config option), or a string, -which will make a symbol defined with a certain value.""" - if not option_exists(conf, option): - if value is False: - log_line( - f'Warning, disabling {option} that does not exist in {conf.filename}', - color=colors.cyan - ) - return True - log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) - return False - - if value is False: - log_command(['config.py', 'unset', option]) - conf.unset(option) - elif value is True: - log_command(['config.py', 'set', option]) - conf.set(option) - else: - log_command(['config.py', 'set', option, value]) - conf.set(option, value) - return True - -def set_reference_config(conf, colors): - """Change the library configuration file (mbedtls_config.h) to the reference state. -The reference state is the one from which the tested configurations are -derived.""" - # Turn off options that are not relevant to the tests and slow them down. - log_command(['config.py', 'full']) - conf.adapt(config.full_adapter) - set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False) - -class Job: - """A job builds the library in a specific configuration and runs some tests.""" - def __init__(self, name, config_settings, commands): - """Build a job object. -The job uses the configuration described by config_settings. This is a -dictionary where the keys are preprocessor symbols and the values are -booleans or strings. A boolean indicates whether or not to #define the -symbol. With a string, the symbol is #define'd to that value. -After setting the configuration, the job runs the programs specified by -commands. This is a list of lists of strings; each list of string is a -command name and its arguments and is passed to subprocess.call with -shell=False.""" - self.name = name - self.config_settings = config_settings - self.commands = commands - - def announce(self, colors, what): - '''Announce the start or completion of a job. -If what is None, announce the start of the job. -If what is True, announce that the job has passed. -If what is False, announce that the job has failed.''' - if what is True: - log_line(self.name + ' PASSED', color=colors.green) - elif what is False: - log_line(self.name + ' FAILED', color=colors.red) - else: - log_line('starting ' + self.name, color=colors.cyan) - - def configure(self, conf, colors): - '''Set library configuration options as required for the job.''' - set_reference_config(conf, colors) - for key, value in sorted(self.config_settings.items()): - ret = set_config_option_value(conf, key, colors, value) - if ret is False: - return False - return True - - def _consistency_check(self): - '''Check if the testable option is consistent with the goal. - - The purpose of this function to ensure that every option is set or unset according to - the settings. - ''' - log_command(['consistency check']) - c_name = None - exe_name = None - header = '#include "mbedtls/build_info.h"\n' - - # Generate a C error directive for each setting to test if it is active - for option, value in sorted(self.config_settings.items()): - header += '#if ' - if value: - header += '!' - header += f'defined({option})\n' - header += f'#error "{option}"\n' - header += '#endif\n' - include_path = ['include', 'tf-psa-crypto/include', - 'tf-psa-crypto/drivers/builtin/include'] - - try: - # Generate a C file, build and run it - c_file, c_name, exe_name = c_build_helper.create_c_file(self.name) - c_build_helper.generate_c_file(c_file, 'depends.py', header, lambda x: '') - c_file.close() - c_build_helper.compile_c_file(c_name, exe_name, include_path) - return True - - except c_build_helper.CompileError as e: - # Read the command line output to find out which setting has been failed - failed = {m.group(1) for m in re.finditer('.*#error "(.*)"', e.message) if m} - log_line('Inconsistent config option(s):') - for option in sorted(failed): - log_line(' ' + option) - return False - - finally: - c_build_helper.remove_file_if_exists(c_name) - c_build_helper.remove_file_if_exists(exe_name) - - def test(self, options): - '''Run the job's build and test commands. -Return True if all the commands succeed and False otherwise. -If options.keep_going is false, stop as soon as one command fails. Otherwise -run all the commands, except that if the first command fails, none of the -other commands are run (typically, the first command is a build command -and subsequent commands are tests that cannot run if the build failed).''' - if not self._consistency_check(): - return False - built = False - success = True - for command in self.commands: - log_command(command) - env = os.environ.copy() - if 'MBEDTLS_TEST_CONFIGURATION' in env: - env['MBEDTLS_TEST_CONFIGURATION'] += '-' + self.name - ret = subprocess.call(command, env=env) - if ret != 0: - if command[0] not in ['make', options.make_command]: - log_line('*** [{}] Error {}'.format(' '.join(command), ret)) - if not options.keep_going or not built: - return False - success = False - built = True - return success - -# If the configuration option A requires B, make sure that -# B in REVERSE_DEPENDENCIES[A]. -# All the information here should be contained in check_config.h or check_crypto_config.h. -# This file includes a copy because it changes rarely and it would be a pain -# to extract automatically. -REVERSE_DEPENDENCIES = { - 'PSA_WANT_KEY_TYPE_AES': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', - 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_NIST_KW_C'], - 'PSA_WANT_KEY_TYPE_CHACHA20': ['PSA_WANT_ALG_CHACHA20_POLY1305', - 'PSA_WANT_ALG_STREAM_CIPHER'], - 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], - 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], - - 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE'], - - 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ - 'PSA_WANT_ALG_ECDSA', - 'PSA_WANT_ALG_ECDH', - 'PSA_WANT_ALG_JPAKE', - 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE', - 'MBEDTLS_ECP_RESTARTABLE', - 'MBEDTLS_PK_PARSE_EC_EXTENDED', - 'MBEDTLS_PK_PARSE_EC_COMPRESSED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED'], - 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], - 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', - 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], - 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED'], - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC': [ - 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', - 'PSA_WANT_ALG_RSA_OAEP', - 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'], - - 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'], - 'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'MBEDTLS_LMS_C', - 'MBEDTLS_LMS_PRIVATE', - 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], - 'PSA_WANT_ALG_SHA_512': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'], - 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], -} - -# If an option is tested in an exclusive test, alter the following defines. -# These are not necessarily dependencies, but just minimal required changes -# if a given define is the only one enabled from an exclusive group. -EXCLUSIVE_GROUPS = { - 'PSA_WANT_ALG_SHA_512': ['-MBEDTLS_SSL_COOKIE_C', - '-MBEDTLS_SSL_TLS_C'], - 'PSA_WANT_ECC_MONTGOMERY_448': ['-PSA_WANT_ALG_ECDSA', - '-PSA_WANT_ALG_JPAKE',], - 'PSA_WANT_ECC_MONTGOMERY_255': ['-PSA_WANT_ALG_ECDSA', - '-PSA_WANT_ALG_JPAKE'], - 'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC', - '-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], - 'PSA_WANT_KEY_TYPE_CAMELLIA': ['-PSA_WANT_ALG_CMAC'], - 'PSA_WANT_KEY_TYPE_CHACHA20': ['-PSA_WANT_ALG_CMAC', - '-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-PSA_WANT_ALG_ECB_NO_PADDING'], -} -def handle_exclusive_groups(config_settings, symbol): - """For every symbol tested in an exclusive group check if there are other -defines to be altered. """ - for dep in EXCLUSIVE_GROUPS.get(symbol, []): - unset = dep.startswith('-') - dep = dep[1:] - config_settings[dep] = not unset - -def turn_off_dependencies(config_settings, exclude=None): - """For every option turned off config_settings, also turn off what depends on it. - - An option O is turned off if config_settings[O] is False. - Handle the dependencies recursively. - - If 'exclude' is a symbol, ensure its dependencies are not turned off while dependencies - of other settings are turned off. - """ - - # Determine recursively the settings that should not be turned off for the sake of 'exclude'. - excludes = set() - if exclude: - revdep = set(REVERSE_DEPENDENCIES.get(exclude, [])) - while revdep: - dep = revdep.pop() - excludes.add(dep) - revdep.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - excludes) - - for key, value in sorted(config_settings.items()): - if value is not False: - continue - - # Save the processed settings to handle cross referencies. - # Start with set of settings that we do not want to turn off. - history = excludes.copy() - revdep = set(REVERSE_DEPENDENCIES.get(key, [])) - excludes - while revdep: - dep = revdep.pop() - history.add(dep) - config_settings[dep] = False - # Do not add symbols which are already processed - revdep.update(set(REVERSE_DEPENDENCIES.get(dep, [])) - history) - -class BaseDomain: # pylint: disable=too-few-public-methods, unused-argument - """A base class for all domains.""" - def __init__(self, symbols, commands, exclude): - """Initialize the jobs container""" - self.jobs = [] - -class ExclusiveDomain(BaseDomain): # pylint: disable=too-few-public-methods - """A domain consisting of a set of conceptually-equivalent settings. -Establish a list of configuration symbols. For each symbol, run a test job -with this symbol set and the others unset.""" - def __init__(self, symbols, commands, exclude=None): - """Build a domain for the specified list of configuration symbols. -The domain contains a set of jobs that enable one of the elements -of symbols and disable the others. -Each job runs the specified commands. -If exclude is a regular expression, skip generated jobs whose description -would match this regular expression.""" - super().__init__(symbols, commands, exclude) - base_config_settings = {} - for symbol in symbols: - base_config_settings[symbol] = False - for symbol in symbols: - description = symbol - if exclude and re.match(exclude, description): - continue - config_settings = base_config_settings.copy() - config_settings[symbol] = True - handle_exclusive_groups(config_settings, symbol) - turn_off_dependencies(config_settings, symbol) - job = Job(description, config_settings, commands) - self.jobs.append(job) - -class ComplementaryDomain(BaseDomain): # pylint: disable=too-few-public-methods - """A domain consisting of a set of loosely-related settings. -Establish a list of configuration symbols. For each symbol, run a test job -with this symbol unset. -If exclude is a regular expression, skip generated jobs whose description -would match this regular expression.""" - def __init__(self, symbols, commands, exclude=None): - """Build a domain for the specified list of configuration symbols. -Each job in the domain disables one of the specified symbols. -Each job runs the specified commands.""" - super().__init__(symbols, commands, exclude) - for symbol in symbols: - description = '!' + symbol - if exclude and re.match(exclude, description): - continue - config_settings = {symbol: False} - turn_off_dependencies(config_settings) - job = Job(description, config_settings, commands) - self.jobs.append(job) - -class DualDomain(ExclusiveDomain, ComplementaryDomain): # pylint: disable=too-few-public-methods - """A domain that contains both the ExclusiveDomain and BaseDomain tests. -Both parent class __init__ calls are performed in any order and -each call adds respective jobs. The job array initialization is done once in -BaseDomain, before the parent __init__ calls.""" - -class DomainData: - """A container for domains and jobs, used to structurize testing.""" - def config_symbols_matching(self, regexp): - """List the mbedtls_config.h settings matching regexp.""" - return [symbol for symbol in self.all_config_symbols - if re.match(regexp, symbol)] - - # pylint: disable=too-many-locals - def __init__(self, options, conf): - """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command, '-f', 'scripts/legacy.make', 'CFLAGS=-Werror -O2'] - build_and_test = [build_command, [options.make_command, '-f', - 'scripts/legacy.make', 'test']] - self.all_config_symbols = set(conf.settings.keys()) - psa_info = psa_information.Information().constructors - algs = {crypto_knowledge.Algorithm(alg): symbol - for alg, symbol in ((alg, psa_information.psa_want_symbol(alg)) - for alg in psa_info.algorithms) - if symbol in self.all_config_symbols} - cipher_algs = {alg - for alg in algs - if alg.can_do(crypto_knowledge.AlgorithmCategory.CIPHER)} - key_types = {crypto_knowledge.KeyType(expr): symbol - for key_type in psa_info.key_types - for expr, symbol in ((expr, psa_information.psa_want_symbol(key_type)) - for expr in psa_info.generate_expressions([key_type])) - if symbol in self.all_config_symbols} - - # Find hash modules by category. - hash_symbols = {symbol - for alg, symbol in algs.items() - if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)} - - # Find elliptic curve enabling macros by name. - curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z') - - # Find key exchange enabling macros by name. - key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') - - # Find cipher key types - cipher_key_types = {symbol - for key_type, symbol in key_types.items() - for alg in cipher_algs - if key_type.can_do(alg)} - - # Get cipher modes - cipher_chaining_symbols = {algs[cipher_alg] for cipher_alg in cipher_algs} - - self.domains = { - # Cipher key types - 'cipher_id': ExclusiveDomain(cipher_key_types, build_and_test), - - # XTS is not yet supported via the PSA API. - # See https://github.com/Mbed-TLS/mbedtls/issues/6384 - 'cipher_chaining': ExclusiveDomain(cipher_chaining_symbols, - build_and_test, - exclude=r'PSA_WANT_ALG_XTS'), - - # Elliptic curves. Run the test suites. - 'curves': ExclusiveDomain(curve_symbols, build_and_test), - - # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, SHA3*, - # SHA224 and SHA384 because the built-in entropy module is extensively used - # across various modules, but it depends on either SHA256 or SHA512. - # As a consequence an "exclusive" test of anything other than SHA256 - # or SHA512 with the built-in entropy module enabled is not possible. - 'hashes': DualDomain(hash_symbols, build_and_test, - exclude=r'PSA_WANT_ALG_(?!SHA_(256|512))'), - - # Key exchange types. - 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test), - - 'pkalgs': ComplementaryDomain(['PSA_WANT_ALG_ECDSA', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC', - 'PSA_WANT_ALG_RSA_OAEP', - 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC', - 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], - build_and_test), - } - self.jobs = {} - for domain in self.domains.values(): - for job in domain.jobs: - self.jobs[job.name] = job - - def get_jobs(self, name): - """Return the list of jobs identified by the given name. -A name can either be the name of a domain or the name of one specific job.""" - if name in self.domains: - return sorted(self.domains[name].jobs, key=lambda job: job.name) - else: - return [self.jobs[name]] - -def run(options, job, conf, colors=NO_COLORS): - """Run the specified job (a Job instance).""" - subprocess.check_call([options.make_command, '-f', 'scripts/legacy.make', 'clean']) - job.announce(colors, None) - if not job.configure(conf, colors): - job.announce(colors, False) - return False - conf.write() - success = job.test(options) - job.announce(colors, success) - return success - -def run_tests(options, domain_data, conf): - """Run the desired jobs. -domain_data should be a DomainData instance that describes the available -domains and jobs. -Run the jobs listed in options.tasks.""" - colors = Colors(options) - jobs = [] - failures = [] - successes = [] - for name in options.tasks: - jobs += domain_data.get_jobs(name) - conf.backup() - try: - for job in jobs: - success = run(options, job, conf, colors=colors) - if not success: - if options.keep_going: - failures.append(job.name) - else: - return False - else: - successes.append(job.name) - conf.restore() - except: - # Restore the configuration, except in stop-on-error mode if there - # was an error, where we leave the failing configuration up for - # developer convenience. - if options.keep_going: - conf.restore() - raise - if successes: - log_line('{} passed'.format(' '.join(successes)), color=colors.bold_green) - if failures: - log_line('{} FAILED'.format(' '.join(failures)), color=colors.bold_red) - return False - else: - return True - -def main(): - try: - parser = argparse.ArgumentParser( - formatter_class=argparse.RawDescriptionHelpFormatter, - description= - "Test Mbed TLS with a subset of algorithms.\n\n" - "Example usage:\n" - r"./tests/scripts/depends.py \!PSA_WANT_ALG_SHA_1 PSA_WANT_ALG_SHA_256""\n" - "./tests/scripts/depends.py PSA_WANT_KEY_TYPE_AES hashes\n" - "./tests/scripts/depends.py cipher_id cipher_chaining\n") - parser.add_argument('--color', metavar='WHEN', - help='Colorize the output (always/auto/never)', - choices=['always', 'auto', 'never'], default='auto') - parser.add_argument('-c', '--config', metavar='FILE', - help='Configuration file to modify', - default=config.MbedTLSConfigFile.default_path[0]) - parser.add_argument('-r', '--crypto-config', metavar='FILE', - help='Crypto configuration file to modify', - default=config.CryptoConfigFile.default_path[0]) - parser.add_argument('-C', '--directory', metavar='DIR', - help='Change to this directory before anything else', - default='.') - parser.add_argument('-k', '--keep-going', - help='Try all configurations even if some fail (default)', - action='store_true', dest='keep_going', default=True) - parser.add_argument('-e', '--no-keep-going', - help='Stop as soon as a configuration fails', - action='store_false', dest='keep_going') - parser.add_argument('--list-jobs', - help='List supported jobs and exit', - action='append_const', dest='list', const='jobs') - parser.add_argument('--list-domains', - help='List supported domains and exit', - action='append_const', dest='list', const='domains') - parser.add_argument('--make-command', metavar='CMD', - help='Command to run instead of make (e.g. gmake)', - action='store', default='make') - parser.add_argument('tasks', metavar='TASKS', nargs='*', - help='The domain(s) or job(s) to test (default: all).', - default=True) - options = parser.parse_args() - os.chdir(options.directory) - conf = config.CombinedConfig(config.MbedTLSConfigFile(options.config), - config.CryptoConfigFile(options.crypto_config)) - domain_data = DomainData(options, conf) - - if options.tasks is True: - options.tasks = sorted(domain_data.domains.keys()) - if options.list: - for arg in options.list: - for domain_name in sorted(getattr(domain_data, arg).keys()): - print(domain_name) - sys.exit(0) - else: - sys.exit(0 if run_tests(options, domain_data, conf) else 1) - except Exception: # pylint: disable=broad-except - traceback.print_exc() - sys.exit(3) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl deleted file mode 100755 index ec5e5d8915..0000000000 --- a/tests/scripts/gen_ctr_drbg.pl +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST CTR_DRBG.rsp validation file -# Only uses AES-256-CTR cases that use a Derivation function -# and concats nonce and personalization for initialization. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - my $line = ; - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - next if ($line !~ /^\[AES-256 use df/); - - my $PredictionResistanceStr = get_suite_val("PredictionResistance"); - my $PredictionResistance = 0; - $PredictionResistance = 1 if ($PredictionResistanceStr eq 'True'); - my $EntropyInputLen = get_suite_val("EntropyInputLen"); - my $NonceLen = get_suite_val("NonceLen"); - my $PersonalizationStringLen = get_suite_val("PersonalizationStringLen"); - my $AdditionalInputLen = get_suite_val("AdditionalInputLen"); - - for ($cnt = 0; $cnt < 15; $cnt++) - { - my $Count = get_val("COUNT"); - my $EntropyInput = get_val("EntropyInput"); - my $Nonce = get_val("Nonce"); - my $PersonalizationString = get_val("PersonalizationString"); - my $AdditionalInput1 = get_val("AdditionalInput"); - my $EntropyInputPR1 = get_val("EntropyInputPR") if ($PredictionResistance == 1); - my $EntropyInputReseed = get_val("EntropyInputReseed") if ($PredictionResistance == 0); - my $AdditionalInputReseed = get_val("AdditionalInputReseed") if ($PredictionResistance == 0); - my $AdditionalInput2 = get_val("AdditionalInput"); - my $EntropyInputPR2 = get_val("EntropyInputPR") if ($PredictionResistance == 1); - my $ReturnedBits = get_val("ReturnedBits"); - - if ($PredictionResistance == 1) - { - print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); - print("ctr_drbg_validate_pr"); - print(":\"$Nonce$PersonalizationString\""); - print(":\"$EntropyInput$EntropyInputPR1$EntropyInputPR2\""); - print(":\"$AdditionalInput1\""); - print(":\"$AdditionalInput2\""); - print(":\"$ReturnedBits\""); - print("\n\n"); - } - else - { - print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); - print("ctr_drbg_validate_nopr"); - print(":\"$Nonce$PersonalizationString\""); - print(":\"$EntropyInput$EntropyInputReseed\""); - print(":\"$AdditionalInput1\""); - print(":\"$AdditionalInputReseed\""); - print(":\"$AdditionalInput2\""); - print(":\"$ReturnedBits\""); - print("\n\n"); - } - } -} -close(TEST_DATA); diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl deleted file mode 100755 index 30d45c307d..0000000000 --- a/tests/scripts/gen_gcm_decrypt.pl +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST gcmDecryptxxx.rsp validation files -# Only first 3 of every set used for compile time saving -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if ($line !~ /^\[/); - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - last; - } - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -sub get_val_or_fail($) -{ - my $name = shift; - my $val = "FAIL"; - my $line; - - while($line = ) - { - next if($line !~ /=/ && $line !~ /FAIL/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/) if ($line =~ /=/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - my $key_len = get_suite_val("Keylen"); - next if ($key_len !~ /\d+/); - my $iv_len = get_suite_val("IVlen"); - my $pt_len = get_suite_val("PTlen"); - my $add_len = get_suite_val("AADlen"); - my $tag_len = get_suite_val("Taglen"); - - for ($cnt = 0; $cnt < 3; $cnt++) - { - my $Count = get_val("Count"); - my $key = get_val("Key"); - my $iv = get_val("IV"); - my $ct = get_val("CT"); - my $add = get_val("AAD"); - my $tag = get_val("Tag"); - my $pt = get_val_or_fail("PT"); - - print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n"); - print("gcm_decrypt_and_verify"); - print(":\"$key\""); - print(":\"$ct\""); - print(":\"$iv\""); - print(":\"$add\""); - print(":$tag_len"); - print(":\"$tag\""); - print(":\"$pt\""); - print(":0"); - print("\n\n"); - } -} - -print("GCM Selftest\n"); -print("gcm_selftest:\n\n"); - -close(TEST_DATA); diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl deleted file mode 100755 index b4f08494c0..0000000000 --- a/tests/scripts/gen_gcm_encrypt.pl +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST gcmEncryptIntIVxxx.rsp validation files -# Only first 3 of every set used for compile time saving -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if ($line !~ /^\[/); - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - last; - } - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - my $key_len = get_suite_val("Keylen"); - next if ($key_len !~ /\d+/); - my $iv_len = get_suite_val("IVlen"); - my $pt_len = get_suite_val("PTlen"); - my $add_len = get_suite_val("AADlen"); - my $tag_len = get_suite_val("Taglen"); - - for ($cnt = 0; $cnt < 3; $cnt++) - { - my $Count = get_val("Count"); - my $key = get_val("Key"); - my $pt = get_val("PT"); - my $add = get_val("AAD"); - my $iv = get_val("IV"); - my $ct = get_val("CT"); - my $tag = get_val("Tag"); - - print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n"); - print("gcm_encrypt_and_tag"); - print(":\"$key\""); - print(":\"$pt\""); - print(":\"$iv\""); - print(":\"$add\""); - print(":\"$ct\""); - print(":$tag_len"); - print(":\"$tag\""); - print(":0"); - print("\n\n"); - } -} - -print("GCM Selftest\n"); -print("gcm_selftest:\n\n"); - -close(TEST_DATA); diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl deleted file mode 100755 index fe2d3f5d37..0000000000 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_val($$) -{ - my $str = shift; - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if($line !~ /^# $str/); - last; - } - - while(my $line = ) - { - last if($line eq "\r\n"); - $val .= $line; - } - - $val =~ s/[ \r\n]//g; - - return $val; -} - -my $state = 0; -my $val_n = ""; -my $val_e = ""; -my $val_p = ""; -my $val_q = ""; -my $mod = 0; -my $cnt = 1; -while (my $line = ) -{ - next if ($line !~ /^# Example/); - - ( $mod ) = ($line =~ /A (\d+)/); - $val_n = get_val("RSA modulus n", "N"); - $val_e = get_val("RSA public exponent e", "E"); - $val_p = get_val("Prime p", "P"); - $val_q = get_val("Prime q", "Q"); - - for(my $i = 1; $i <= 6; $i++) - { - my $val_m = get_val("Message to be", "M"); - my $val_salt = get_val("Salt", "Salt"); - my $val_sig = get_val("Signature", "Sig"); - - print("RSASSA-PSS Signature Example ${cnt}_${i}\n"); - print("pkcs1_rsassa_pss_sign:$mod:16:\"$val_p\":16:\"$val_q\":16:\"$val_n\":16:\"$val_e\":SIG_RSA_SHA1:MBEDTLS_MD_SHA1"); - print(":\"$val_m\""); - print(":\"$val_salt\""); - print(":\"$val_sig\":0"); - print("\n\n"); - - print("RSASSA-PSS Signature Example ${cnt}_${i} (verify)\n"); - print("pkcs1_rsassa_pss_verify:$mod:16:\"$val_n\":16:\"$val_e\":SIG_RSA_SHA1:MBEDTLS_MD_SHA1"); - print(":\"$val_m\""); - print(":\"$val_salt\""); - print(":\"$val_sig\":0"); - print("\n\n"); - } - $cnt++; -} -close(TEST_DATA); diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh deleted file mode 100755 index d4ef0f3af1..0000000000 --- a/tests/scripts/generate-afl-tests.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/sh - -# This script splits the data test files containing the test cases into -# individual files (one test case per file) suitable for use with afl -# (American Fuzzy Lop). http://lcamtuf.coredump.cx/afl/ -# -# Usage: generate-afl-tests.sh -# - should be the path to one of the test suite files -# such as 'test_suite_rsa.data' -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# Abort on errors -set -e - -if [ -z $1 ] -then - echo " [!] No test file specified" >&2 - echo "Usage: $0 " >&2 - exit 1 -fi - -SRC_FILEPATH=$(dirname $1)/$(basename $1) -TESTSUITE=$(basename $1 .data) - -THIS_DIR=$(basename $PWD) - -if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ]; -then :; -else - echo " [!] Must be run from Mbed TLS tests directory" >&2 - exit 1 -fi - -DEST_TESTCASE_DIR=$TESTSUITE-afl-tests -DEST_OUTPUT_DIR=$TESTSUITE-afl-out - -echo " [+] Creating output directories" >&2 - -if [ -e $DEST_OUTPUT_DIR/* ]; -then : - echo " [!] Test output files already exist." >&2 - exit 1 -else - mkdir -p $DEST_OUTPUT_DIR -fi - -if [ -e $DEST_TESTCASE_DIR/* ]; -then : - echo " [!] Test output files already exist." >&2 -else - mkdir -p $DEST_TESTCASE_DIR -fi - -echo " [+] Creating test cases" >&2 -cd $DEST_TESTCASE_DIR - -split -p '^\s*$' ../$SRC_FILEPATH - -for f in *; -do - # Strip out any blank lines (no trim on OS X) - sed '/^\s*$/d' $f >testcase_$f - rm $f -done - -cd .. - -echo " [+] Test cases in $DEST_TESTCASE_DIR" >&2 - diff --git a/tests/scripts/generate_server9_bad_saltlen.py b/tests/scripts/generate_server9_bad_saltlen.py deleted file mode 100755 index 9af4dd3b6d..0000000000 --- a/tests/scripts/generate_server9_bad_saltlen.py +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/env python3 -"""Generate server9-bad-saltlen.crt - -Generate a certificate signed with RSA-PSS, with an incorrect salt length. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import subprocess -import argparse -from asn1crypto import pem, x509, core #type: ignore #pylint: disable=import-error - -OPENSSL_RSA_PSS_CERT_COMMAND = r''' -openssl x509 -req -CA {ca_name}.crt -CAkey {ca_name}.key -set_serial 24 {ca_password} \ - {openssl_extfile} -days 3650 -outform DER -in {csr} \ - -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{anounce_saltlen} \ - -sigopt rsa_mgf1_md:sha256 -''' -SIG_OPT = \ - r'-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{saltlen} -sigopt rsa_mgf1_md:sha256' -OPENSSL_RSA_PSS_DGST_COMMAND = r'''openssl dgst -sign {ca_name}.key {ca_password} \ - -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{actual_saltlen} \ - -sigopt rsa_mgf1_md:sha256''' - - -def auto_int(x): - return int(x, 0) - - -def build_argparser(parser): - """Build argument parser""" - parser.description = __doc__ - parser.add_argument('--ca-name', type=str, required=True, - help='Basename of CA files') - parser.add_argument('--ca-password', type=str, - required=True, help='CA key file password') - parser.add_argument('--csr', type=str, required=True, - help='CSR file for generating certificate') - parser.add_argument('--openssl-extfile', type=str, - required=True, help='X905 v3 extension config file') - parser.add_argument('--anounce_saltlen', type=auto_int, - required=True, help='Announced salt length') - parser.add_argument('--actual_saltlen', type=auto_int, - required=True, help='Actual salt length') - parser.add_argument('--output', type=str, required=True) - - -def main(): - parser = argparse.ArgumentParser() - build_argparser(parser) - args = parser.parse_args() - - return generate(**vars(args)) - -def generate(**kwargs): - """Generate different salt length certificate file.""" - ca_password = kwargs.get('ca_password', '') - if ca_password: - kwargs['ca_password'] = r'-passin "pass:{ca_password}"'.format( - **kwargs) - else: - kwargs['ca_password'] = '' - extfile = kwargs.get('openssl_extfile', '') - if extfile: - kwargs['openssl_extfile'] = '-extfile {openssl_extfile}'.format( - **kwargs) - else: - kwargs['openssl_extfile'] = '' - - cmd = OPENSSL_RSA_PSS_CERT_COMMAND.format(**kwargs) - der_bytes = subprocess.check_output(cmd, shell=True) - target_certificate = x509.Certificate.load(der_bytes) - - cmd = OPENSSL_RSA_PSS_DGST_COMMAND.format(**kwargs) - #pylint: disable=unexpected-keyword-arg - der_bytes = subprocess.check_output(cmd, - input=target_certificate['tbs_certificate'].dump(), - shell=True) - - with open(kwargs.get('output'), 'wb') as f: - target_certificate['signature_value'] = core.OctetBitString(der_bytes) - f.write(pem.armor('CERTIFICATE', target_certificate.dump())) - - -if __name__ == '__main__': - main() diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl deleted file mode 100755 index 36143b0caf..0000000000 --- a/tests/scripts/libtestdriver1_rewrite.pl +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env perl - -# Perl code that is executed to transform each original line from a library -# source file into the corresponding line in the test driver copy of the -# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx -# symbols. - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use warnings; -use File::Basename; - -my @public_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/*.h"); - -my $public_files_regex = join('|', map { quotemeta($_) } @public_files); - -my @private_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/private/*.h"); - -my $private_files_regex = join('|', map { quotemeta($_) } @private_files); - -while (<>) { - s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_x509.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_ssl.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!${1}libtestdriver1/include/mbedtls/check_config.h!; - # Files in include/mbedtls and drivers/builtin/include/mbedtls are both - # included in files via #include mbedtls/.h, so when expanding to the - # full path make sure that files in include/mbedtls are not expanded - # to driver/builtin/include/mbedtls. - if ( $public_files_regex ) { - s!^(\s*#\s*include\s*[\"<])mbedtls/($public_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/${2}!; - } - if ( $private_files_regex ) { - s!^(\s*#\s*include\s*[\"<])mbedtls/private/($private_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/private/${2}!; - } - s!^(\s*#\s*include\s*[\"<])mbedtls/!${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; - s!^(\s*#\s*include\s*[\"<])psa/!${1}libtestdriver1/tf-psa-crypto/include/psa/!; - s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; - if (/^\s*#\s*include/) { - print; - next; - } - s/\b(?=MBEDTLS_|PSA_|TF_PSA_CRYPTO_)/LIBTESTDRIVER1_/g; - s/\b(?=mbedtls_|psa_|tf_psa_crypto_)/libtestdriver1_/g; - print; -} diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh deleted file mode 100755 index 9032bafa04..0000000000 --- a/tests/scripts/list-identifiers.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# -# Create a file named identifiers containing identifiers from internal header -# files, based on the --internal flag. -# Outputs the line count of the file to stdout. -# A very thin wrapper around list_internal_identifiers.py for backwards -# compatibility. -# Must be run from Mbed TLS root. -# -# Usage: list-identifiers.sh [ -i | --internal ] -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -if [ -d include/mbedtls ]; then :; else - echo "$0: Must be run from Mbed TLS root" >&2 - exit 1 -fi - -INTERNAL="" - -until [ -z "${1-}" ] -do - case "$1" in - -i|--internal) - INTERNAL="1" - ;; - *) - # print error - echo "Unknown argument: '$1'" - exit 1 - ;; - esac - shift -done - -if [ $INTERNAL ] -then - tests/scripts/list_internal_identifiers.py - wc -l identifiers -else - cat <&2 "$0: FATAL: programs/test/metatest not found" - exit 120 -fi - -LIST_ONLY= -while getopts hl OPTLET; do - case $OPTLET in - h) help; exit;; - l) LIST_ONLY=1;; - \?) help >&2; exit 120;; - esac -done -shift $((OPTIND - 1)) - -list_matches () { - while read name platform junk; do - for pattern in "$@"; do - case $platform in - $pattern) echo "$name"; break;; - esac - done - done -} - -count=0 -errors=0 -run_metatest () { - ret=0 - "$METATEST_PROGRAM" "$1" || ret=$? - if [ $ret -eq 0 ]; then - echo >&2 "$0: Unexpected success: $1" - errors=$((errors + 1)) - fi - count=$((count + 1)) -} - -# Don't pipe the output of metatest so that if it fails, this script exits -# immediately with a failure status. -full_list=$("$METATEST_PROGRAM" list) -matching_list=$(printf '%s\n' "$full_list" | list_matches "$@") - -if [ -n "$LIST_ONLY" ]; then - printf '%s\n' $matching_list - exit -fi - -for name in $matching_list; do - run_metatest "$name" -done - -if [ $errors -eq 0 ]; then - echo "Ran $count metatests, all good." - exit 0 -else - echo "Ran $count metatests, $errors unexpected successes." - exit 1 -fi diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl deleted file mode 100755 index e01d44f6e1..0000000000 --- a/tests/scripts/run-test-suites.pl +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/env perl - -# run-test-suites.pl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -=head1 SYNOPSIS - -Execute all the test suites and print a summary of the results. - - run-test-suites.pl [[-v|--verbose] [VERBOSITY]] [--skip=SUITE[...]] - -Options: - - -v|--verbose Print detailed failure information. - -v 2|--verbose=2 Print detailed failure information and summary messages. - -v 3|--verbose=3 Print detailed information about every test case. - --skip=SUITE[,SUITE...] - Skip the specified SUITE(s). This option can be used - multiple times. - -=cut - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - -use Cwd qw(getcwd); -use Getopt::Long qw(:config auto_help gnu_compat); -use Pod::Usage; - -my $verbose = 0; -my @skip_patterns = (); -GetOptions( - 'skip=s' => \@skip_patterns, - 'verbose|v:1' => \$verbose, - ) or die; - -# All test suites = executable files with a .datax file. -my @suites = (); -my @test_dirs = qw(../tf-psa-crypto/tests .); -for my $data_file (map {glob "$_/test_suite_*.datax"} @test_dirs) { - (my $base = $data_file) =~ s/\.datax$//; - push @suites, $base if -x $base; - push @suites, "$base.exe" if -e "$base.exe"; -} -die "$0: no test suite found\n" unless @suites; - -# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" -# but not "test_suite_foobar". -my $skip_re = - ( '\Atest_suite_(' . - join('|', map { - s/[ ,;]/|/g; # allow any of " ,;|" as separators - s/\./\./g; # "." in the input means ".", not "any character" - $_ - } @skip_patterns) . - ')(\z|\.)' ); - -# in case test suites are linked dynamically -$ENV{'LD_LIBRARY_PATH'} = getcwd() . "/../library"; -$ENV{'DYLD_LIBRARY_PATH'} = $ENV{'LD_LIBRARY_PATH'}; # For macOS - -my $prefix = $^O eq "MSWin32" ? '' : './'; - -my (@failed_suites, $total_tests_run, $failed, $suite_cases_passed, - $suite_cases_failed, $suite_cases_skipped, $total_cases_passed, - $total_cases_failed, $total_cases_skipped ); -my $suites_skipped = 0; - -sub pad_print_center { - my( $width, $padchar, $string ) = @_; - my $padlen = ( $width - length( $string ) - 2 ) / 2; - print $padchar x( $padlen ), " $string ", $padchar x( $padlen ), "\n"; -} - -for my $suite_path (@suites) -{ - my ($dir, $suite) = ('.', $suite_path); - if ($suite =~ m!(.*)/([^/]*)!) { - $dir = $1; - $suite = $2; - } - print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " "; - if( $suite =~ /$skip_re/o ) { - print "SKIP\n"; - ++$suites_skipped; - next; - } - - my $command = "cd $dir && $prefix$suite"; - if( $verbose ) { - $command .= ' -v'; - } - my $result = `$command`; - - $suite_cases_passed = () = $result =~ /.. PASS/g; - $suite_cases_failed = () = $result =~ /.. FAILED/g; - $suite_cases_skipped = () = $result =~ /.. ----/g; - - if( $? == 0 ) { - print "PASS\n"; - if( $verbose > 2 ) { - pad_print_center( 72, '-', "Begin $suite" ); - print $result; - pad_print_center( 72, '-', "End $suite" ); - } - } else { - push @failed_suites, $suite; - print "FAIL\n"; - if( $verbose ) { - pad_print_center( 72, '-', "Begin $suite" ); - print $result; - pad_print_center( 72, '-', "End $suite" ); - } - } - - my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/; - $total_tests_run += $tests - $skipped; - - if( $verbose > 1 ) { - print "(test cases passed:", $suite_cases_passed, - " failed:", $suite_cases_failed, - " skipped:", $suite_cases_skipped, - " of total:", ($suite_cases_passed + $suite_cases_failed + - $suite_cases_skipped), - ")\n" - } - - $total_cases_passed += $suite_cases_passed; - $total_cases_failed += $suite_cases_failed; - $total_cases_skipped += $suite_cases_skipped; -} - -print "-" x 72, "\n"; -print @failed_suites ? "FAILED" : "PASSED"; -printf( " (%d suites, %d tests run%s)\n", - scalar(@suites) - $suites_skipped, - $total_tests_run, - $suites_skipped ? ", $suites_skipped suites skipped" : "" ); - -if( $verbose && @failed_suites ) { - # the output can be very long, so provide a summary of which suites failed - print " failed suites : @failed_suites\n"; -} - -if( $verbose > 1 ) { - print " test cases passed :", $total_cases_passed, "\n"; - print " failed :", $total_cases_failed, "\n"; - print " skipped :", $total_cases_skipped, "\n"; - print " of tests executed :", ( $total_cases_passed + $total_cases_failed ), - "\n"; - print " of available tests :", - ( $total_cases_passed + $total_cases_failed + $total_cases_skipped ), - "\n"; - if( $suites_skipped != 0 ) { - print "Note: $suites_skipped suites were skipped.\n"; - } -} - -exit( @failed_suites ? 1 : 0 ); - diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py deleted file mode 100755 index f9a8100141..0000000000 --- a/tests/scripts/run_demos.py +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env python3 -"""Run the Mbed TLS demo scripts. -""" -import argparse -import glob -import subprocess -import sys - -def run_demo(demo, quiet=False): - """Run the specified demo script. Return True if it succeeds.""" - args = {} - if quiet: - args['stdout'] = subprocess.DEVNULL - args['stderr'] = subprocess.DEVNULL - returncode = subprocess.call([demo], **args) - return returncode == 0 - -def run_demos(demos, quiet=False): - """Run the specified demos and print summary information about failures. - - Return True if all demos passed and False if a demo fails. - """ - failures = [] - for demo in demos: - if not quiet: - print('#### {} ####'.format(demo)) - success = run_demo(demo, quiet=quiet) - if not success: - failures.append(demo) - if not quiet: - print('{}: FAIL'.format(demo)) - if quiet: - print('{}: {}'.format(demo, 'PASS' if success else 'FAIL')) - else: - print('') - successes = len(demos) - len(failures) - print('{}/{} demos passed'.format(successes, len(demos))) - if failures and not quiet: - print('Failures:', *failures) - return not failures - -def run_all_demos(quiet=False): - """Run all the available demos. - - Return True if all demos passed and False if a demo fails. - """ - mbedtls_demos = glob.glob('programs/*/*_demo.sh') - tf_psa_crypto_demos = glob.glob('tf-psa-crypto/programs/*/*_demo.sh') - all_demos = mbedtls_demos + tf_psa_crypto_demos - if not all_demos: - # Keep the message on one line. pylint: disable=line-too-long - raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.') - return run_demos(all_demos, quiet=quiet) - -def main(): - parser = argparse.ArgumentParser(description=__doc__) - parser.add_argument('--quiet', '-q', - action='store_true', - help="suppress the output of demos") - options = parser.parse_args() - success = run_all_demos(quiet=options.quiet) - sys.exit(0 if success else 1) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py deleted file mode 100644 index ce2afcfc36..0000000000 --- a/tests/scripts/scripts_path.py +++ /dev/null @@ -1,20 +0,0 @@ -"""Add our Python library directory to the module search path. - -Usage: - - import scripts_path # pylint: disable=unused-import -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import os -import sys - -sys.path.append(os.path.join(os.path.dirname(__file__), - os.path.pardir, os.path.pardir, - 'scripts')) -sys.path.append(os.path.join(os.path.dirname(__file__), - os.path.pardir, os.path.pardir, - 'framework', 'scripts')) diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py deleted file mode 100755 index 37152112be..0000000000 --- a/tests/scripts/set_psa_test_dependencies.py +++ /dev/null @@ -1,278 +0,0 @@ -#!/usr/bin/env python3 - -"""Edit test cases to use PSA dependencies instead of classic dependencies. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import os -import re -import sys - -CLASSIC_DEPENDENCIES = frozenset([ - # This list is manually filtered from mbedtls_config.h. - - # Mbed TLS feature support. - # Only features that affect what can be done are listed here. - # Options that control optimizations or alternative implementations - # are omitted. - 'MBEDTLS_CIPHER_MODE_CBC', - 'MBEDTLS_CIPHER_MODE_CFB', - 'MBEDTLS_CIPHER_MODE_CTR', - 'MBEDTLS_CIPHER_MODE_OFB', - 'MBEDTLS_CIPHER_MODE_XTS', - 'MBEDTLS_CIPHER_NULL_CIPHER', - 'MBEDTLS_CIPHER_PADDING_PKCS7', - 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS', - 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN', - 'MBEDTLS_CIPHER_PADDING_ZEROS', - #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP512R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_CURVE25519_ENABLED', - #curve#'MBEDTLS_ECP_DP_CURVE448_ENABLED', - 'MBEDTLS_ECDSA_DETERMINISTIC', - #'MBEDTLS_GENPRIME', #needed for RSA key generation - 'MBEDTLS_PKCS1_V15', - 'MBEDTLS_PKCS1_V21', - - # Mbed TLS modules. - # Only modules that provide cryptographic mechanisms are listed here. - # Platform, data formatting, X.509 or TLS modules are omitted. - 'MBEDTLS_AES_C', - 'MBEDTLS_BIGNUM_C', - 'MBEDTLS_CAMELLIA_C', - 'MBEDTLS_ARIA_C', - 'MBEDTLS_CCM_C', - 'MBEDTLS_CHACHA20_C', - 'MBEDTLS_CHACHAPOLY_C', - 'MBEDTLS_CMAC_C', - 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_ECDH_C', - 'MBEDTLS_ECDSA_C', - 'MBEDTLS_ECJPAKE_C', - 'MBEDTLS_ECP_C', - 'MBEDTLS_ENTROPY_C', - 'MBEDTLS_GCM_C', - 'MBEDTLS_HKDF_C', - 'MBEDTLS_HMAC_DRBG_C', - 'MBEDTLS_NIST_KW_C', - 'MBEDTLS_MD5_C', - 'MBEDTLS_PKCS5_C', - 'MBEDTLS_PKCS12_C', - 'MBEDTLS_POLY1305_C', - 'MBEDTLS_RIPEMD160_C', - 'MBEDTLS_RSA_C', - 'MBEDTLS_SHA1_C', - 'MBEDTLS_SHA256_C', - 'MBEDTLS_SHA512_C', -]) - -def is_classic_dependency(dep): - """Whether dep is a classic dependency that PSA test cases should not use.""" - if dep.startswith('!'): - dep = dep[1:] - return dep in CLASSIC_DEPENDENCIES - -def is_systematic_dependency(dep): - """Whether dep is a PSA dependency which is determined systematically.""" - if dep.startswith('PSA_WANT_ECC_'): - return False - return dep.startswith('PSA_WANT_') - -WITHOUT_SYSTEMATIC_DEPENDENCIES = frozenset([ - 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # only a modifier - 'PSA_ALG_ANY_HASH', # only meaningful in policies - 'PSA_ALG_KEY_AGREEMENT', # only a way to combine algorithms - 'PSA_ALG_TRUNCATED_MAC', # only a modifier - 'PSA_KEY_TYPE_NONE', # not a real key type - 'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise - 'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise - 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', #only a modifier - 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', #only a modifier -]) - -SPECIAL_SYSTEMATIC_DEPENDENCIES = { - 'PSA_ALG_ECDSA_ANY': frozenset(['PSA_WANT_ALG_ECDSA']), - 'PSA_ALG_RSA_PKCS1V15_SIGN_RAW': frozenset(['PSA_WANT_ALG_RSA_PKCS1V15_SIGN']), -} - -def dependencies_of_symbol(symbol): - """Return the dependencies for a symbol that designates a cryptographic mechanism.""" - if symbol in WITHOUT_SYSTEMATIC_DEPENDENCIES: - return frozenset() - if symbol in SPECIAL_SYSTEMATIC_DEPENDENCIES: - return SPECIAL_SYSTEMATIC_DEPENDENCIES[symbol] - if symbol.startswith('PSA_ALG_CATEGORY_') or \ - symbol.startswith('PSA_KEY_TYPE_CATEGORY_'): - # Categories are used in test data when an unsupported but plausible - # mechanism number needed. They have no associated dependency. - return frozenset() - return {symbol.replace('_', '_WANT_', 1)} - -def systematic_dependencies(file_name, function_name, arguments): - """List the systematically determined dependency for a test case.""" - deps = set() - - # Run key policy negative tests even if the algorithm to attempt performing - # is not supported but in the case where the test is to check an - # incompatibility between a requested algorithm for a cryptographic - # operation and a key policy. In the latter, we want to filter out the - # cases # where PSA_ERROR_NOT_SUPPORTED is returned instead of - # PSA_ERROR_NOT_PERMITTED. - if function_name.endswith('_key_policy') and \ - arguments[-1].startswith('PSA_ERROR_') and \ - arguments[-1] != ('PSA_ERROR_NOT_PERMITTED'): - arguments[-2] = '' - if function_name == 'copy_fail' and \ - arguments[-1].startswith('PSA_ERROR_'): - arguments[-2] = '' - arguments[-3] = '' - - # Storage format tests that only look at how the file is structured and - # don't care about the format of the key material don't depend on any - # cryptographic mechanisms. - if os.path.basename(file_name) == 'test_suite_psa_crypto_persistent_key.data' and \ - function_name in {'format_storage_data_check', - 'parse_storage_data_check'}: - return [] - - for arg in arguments: - for symbol in re.findall(r'PSA_(?:ALG|KEY_TYPE)_\w+', arg): - deps.update(dependencies_of_symbol(symbol)) - return sorted(deps) - -def updated_dependencies(file_name, function_name, arguments, dependencies): - """Rework the list of dependencies into PSA_WANT_xxx. - - Remove classic crypto dependencies such as MBEDTLS_RSA_C, - MBEDTLS_PKCS1_V15, etc. - - Add systematic PSA_WANT_xxx dependencies based on the called function and - its arguments, replacing existing PSA_WANT_xxx dependencies. - """ - automatic = systematic_dependencies(file_name, function_name, arguments) - manual = [dep for dep in dependencies - if not (is_systematic_dependency(dep) or - is_classic_dependency(dep))] - return automatic + manual - -def keep_manual_dependencies(file_name, function_name, arguments): - #pylint: disable=unused-argument - """Declare test functions with unusual dependencies here.""" - # If there are no arguments, we can't do any useful work. Assume that if - # there are dependencies, they are warranted. - if not arguments: - return True - # When PSA_ERROR_NOT_SUPPORTED is expected, usually, at least one of the - # constants mentioned in the test should not be supported. It isn't - # possible to determine which one in a systematic way. So let the programmer - # decide. - if arguments[-1] == 'PSA_ERROR_NOT_SUPPORTED': - return True - return False - -def process_data_stanza(stanza, file_name, test_case_number): - """Update PSA crypto dependencies in one Mbed TLS test case. - - stanza is the test case text (including the description, the dependencies, - the line with the function and arguments, and optionally comments). Return - a new stanza with an updated dependency line, preserving everything else - (description, comments, arguments, etc.). - """ - if not stanza.lstrip('\n'): - # Just blank lines - return stanza - # Expect 2 or 3 non-comment lines: description, optional dependencies, - # function-and-arguments. - content_matches = list(re.finditer(r'^[\t ]*([^\t #].*)$', stanza, re.M)) - if len(content_matches) < 2: - raise Exception('Not enough content lines in paragraph {} in {}' - .format(test_case_number, file_name)) - if len(content_matches) > 3: - raise Exception('Too many content lines in paragraph {} in {}' - .format(test_case_number, file_name)) - arguments = content_matches[-1].group(0).split(':') - function_name = arguments.pop(0) - if keep_manual_dependencies(file_name, function_name, arguments): - return stanza - if len(content_matches) == 2: - # Insert a line for the dependencies. If it turns out that there are - # no dependencies, we'll remove that empty line below. - dependencies_location = content_matches[-1].start() - text_before = stanza[:dependencies_location] - text_after = '\n' + stanza[dependencies_location:] - old_dependencies = [] - dependencies_leader = 'depends_on:' - else: - dependencies_match = content_matches[-2] - text_before = stanza[:dependencies_match.start()] - text_after = stanza[dependencies_match.end():] - old_dependencies = dependencies_match.group(0).split(':') - dependencies_leader = old_dependencies.pop(0) + ':' - if dependencies_leader != 'depends_on:': - raise Exception('Next-to-last line does not start with "depends_on:"' - ' in paragraph {} in {}' - .format(test_case_number, file_name)) - new_dependencies = updated_dependencies(file_name, function_name, arguments, - old_dependencies) - if new_dependencies: - stanza = (text_before + - dependencies_leader + ':'.join(new_dependencies) + - text_after) - else: - # The dependencies have become empty. Remove the depends_on: line. - assert text_after[0] == '\n' - stanza = text_before + text_after[1:] - return stanza - -def process_data_file(file_name, old_content): - """Update PSA crypto dependencies in an Mbed TLS test suite data file. - - Process old_content (the old content of the file) and return the new content. - """ - old_stanzas = old_content.split('\n\n') - new_stanzas = [process_data_stanza(stanza, file_name, n) - for n, stanza in enumerate(old_stanzas, start=1)] - return '\n\n'.join(new_stanzas) - -def update_file(file_name, old_content, new_content): - """Update the given file with the given new content. - - Replace the existing file. The previous version is renamed to *.bak. - Don't modify the file if the content was unchanged. - """ - if new_content == old_content: - return - backup = file_name + '.bak' - tmp = file_name + '.tmp' - with open(tmp, 'w', encoding='utf-8') as new_file: - new_file.write(new_content) - os.replace(file_name, backup) - os.replace(tmp, file_name) - -def process_file(file_name): - """Update PSA crypto dependencies in an Mbed TLS test suite data file. - - Replace the existing file. The previous version is renamed to *.bak. - Don't modify the file if the content was unchanged. - """ - old_content = open(file_name, encoding='utf-8').read() - if file_name.endswith('.data'): - new_content = process_data_file(file_name, old_content) - else: - raise Exception('File type not recognized: {}' - .format(file_name)) - update_file(file_name, old_content, new_content) - -def main(args): - for file_name in args: - process_file(file_name) - -if __name__ == '__main__': - main(sys.argv[1:]) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py deleted file mode 100755 index 2c6f6b3c81..0000000000 --- a/tests/scripts/test_config_checks.py +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/env python3 -"""Test the configuration checks generated by generate_config_checks.py. -""" - -## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import unittest - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import unittest_config_checks - - -class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): - """Mbed TLS unit tests for checks generated by config_checks_generator.""" - - #pylint: disable=invalid-name # uppercase letters make sense here - - PROJECT_CONFIG_C = 'library/mbedtls_config.c' - PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [ - 'tf-psa-crypto/include', - 'tf-psa-crypto/drivers/builtin/include', - ] - - ## Method naming convention: - ## * test_crypto_xxx when testing a tweak of crypto_config.h - ## * test_mbedtls_xxx when testing a tweak of mbedtls_config.h - - def test_crypto_config_read(self) -> None: - """Check that crypto_config.h is read in mbedtls.""" - self.bad_case('#error witness', - None, - error='witness') - - def test_mbedtls_config_read(self) -> None: - """Check that mbedtls_config.h is read in mbedtls.""" - self.bad_case('' - '#error witness', - error='witness') - - @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.") - def test_crypto_undef_MBEDTLS_FS_IO(self) -> None: - """A sample error expected from crypto's check_config.h.""" - self.bad_case('#undef MBEDTLS_FS_IO', - error='MBEDTLS_PSA_ITS_FILE_C') - - def test_mbedtls_no_session_tickets_for_early_data(self) -> None: - """An error expected from mbedtls_check_config.h based on the TLS configuration.""" - self.bad_case(None, - ''' - #define MBEDTLS_SSL_EARLY_DATA - #undef MBEDTLS_SSL_SESSION_TICKETS - ''', - error='MBEDTLS_SSL_EARLY_DATA') - - def test_crypto_mbedtls_no_ecdsa(self) -> None: - """An error expected from mbedtls_check_config.h based on crypto+TLS configuration.""" - self.bad_case(''' - #undef PSA_WANT_ALG_ECDSA - #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA - ''', - ''' - #if defined(PSA_WANT_ALG_ECDSA) - #error PSA_WANT_ALG_ECDSA unexpected - #endif - #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA) - #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected - #endif - ''', - error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED') - - def test_crypto_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Error when setting a removed option via crypto_config.h.""" - self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', - error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') - - def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Error when setting a removed option via mbedtls_config.h.""" - self.bad_case(None, - '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', - error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') - - def test_crypto_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Bypassed error when setting a removed option via crypto_config.h.""" - self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', - extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) - - def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Bypassed error when setting a removed option via mbedtls_config.h.""" - self.good_case(None, - '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', - extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) - - def test_mbedtls_define_MBEDTLS_MD5_C_redundant(self) -> None: - """Error when redundantly setting a subproject internal option.""" - self.bad_case('#define PSA_WANT_ALG_MD5 1', - '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C is an internal macro') - - def test_mbedtls_define_MBEDTLS_MD5_C_added(self) -> None: - """Error when setting a subproject internal option that was disabled.""" - self.bad_case(''' - #undef PSA_WANT_ALG_MD5 - #undef MBEDTLS_MD5_C - ''', - '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C is an internal macro') - - def test_mbedtls_define_MBEDTLS_BASE64_C_redundant(self) -> None: - """Ok to redundantly set a subproject option.""" - self.good_case(None, - '#define MBEDTLS_BASE64_C') - - def test_mbedtls_define_MBEDTLS_BASE64_C_added(self) -> None: - """Error when setting a subproject option that was disabled.""" - self.bad_case(''' - #undef MBEDTLS_BASE64_C - #undef MBEDTLS_PEM_PARSE_C - #undef MBEDTLS_PEM_WRITE_C - ''', - '#define MBEDTLS_BASE64_C', - error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') - - @unittest.skip("Checks for #undef are not implemented yet.") - def test_mbedtls_define_MBEDTLS_BASE64_C_unset(self) -> None: - """Error when unsetting a subproject option that was enabled.""" - self.bad_case(None, - '#undef MBEDTLS_BASE64_C', - error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') - - def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: - """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" - self.good_case('#define MBEDTLS_USE_PSA_CRYPTO') - - def test_mbedtls_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: - """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" - self.good_case(None, - '#define MBEDTLS_USE_PSA_CRYPTO') - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py deleted file mode 100755 index b58a3114cf..0000000000 --- a/tests/scripts/test_config_script.py +++ /dev/null @@ -1,175 +0,0 @@ -#!/usr/bin/env python3 - -"""Test helper for the Mbed TLS configuration file tool - -Run config.py with various parameters and write the results to files. - -This is a harness to help regression testing, not a functional tester. -Sample usage: - - test_config_script.py -d old - ## Modify config.py and/or mbedtls_config.h ## - test_config_script.py -d new - diff -ru old new -""" - -## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -## - -import argparse -import glob -import os -import re -import shutil -import subprocess - -OUTPUT_FILE_PREFIX = 'config-' - -def output_file_name(directory, stem, extension): - return os.path.join(directory, - '{}{}.{}'.format(OUTPUT_FILE_PREFIX, - stem, extension)) - -def cleanup_directory(directory): - """Remove old output files.""" - for extension in []: - pattern = output_file_name(directory, '*', extension) - filenames = glob.glob(pattern) - for filename in filenames: - os.remove(filename) - -def prepare_directory(directory): - """Create the output directory if it doesn't exist yet. - - If there are old output files, remove them. - """ - if os.path.exists(directory): - cleanup_directory(directory) - else: - os.makedirs(directory) - -def guess_presets_from_help(help_text): - """Figure out what presets the script supports. - - help_text should be the output from running the script with --help. - """ - # Try the output format from config.py - hits = re.findall(r'\{([-\w,]+)\}', help_text) - for hit in hits: - words = set(hit.split(',')) - if 'get' in words and 'set' in words and 'unset' in words: - words.remove('get') - words.remove('set') - words.remove('unset') - return words - # Try the output format from config.pl - hits = re.findall(r'\n +([-\w]+) +- ', help_text) - if hits: - return hits - raise Exception("Unable to figure out supported presets. Pass the '-p' option.") - -def list_presets(options): - """Return the list of presets to test. - - The list is taken from the command line if present, otherwise it is - extracted from running the config script with --help. - """ - if options.presets: - return re.split(r'[ ,]+', options.presets) - else: - help_text = subprocess.run([options.script, '--help'], - check=False, # config.pl --help returns 255 - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT).stdout - return guess_presets_from_help(help_text.decode('ascii')) - -def run_one(options, args, stem_prefix='', input_file=None): - """Run the config script with the given arguments. - - Take the original content from input_file if specified, defaulting - to options.input_file if input_file is None. - - Write the following files, where xxx contains stem_prefix followed by - a filename-friendly encoding of args: - * config-xxx.h: modified file. - * config-xxx.out: standard output. - * config-xxx.err: standard output. - * config-xxx.status: exit code. - - Return ("xxx+", "path/to/config-xxx.h") which can be used as - stem_prefix and input_file to call this function again with new args. - """ - if input_file is None: - input_file = options.input_file - stem = stem_prefix + '-'.join(args) - data_filename = output_file_name(options.output_directory, stem, 'h') - stdout_filename = output_file_name(options.output_directory, stem, 'out') - stderr_filename = output_file_name(options.output_directory, stem, 'err') - status_filename = output_file_name(options.output_directory, stem, 'status') - shutil.copy(input_file, data_filename) - # Pass only the file basename, not the full path, to avoid getting the - # directory name in error messages, which would make comparisons - # between output directories more difficult. - cmd = [os.path.abspath(options.script), - '-f', os.path.basename(data_filename)] - with open(stdout_filename, 'wb') as out: - with open(stderr_filename, 'wb') as err: - status = subprocess.call(cmd + args, - cwd=options.output_directory, - stdin=subprocess.DEVNULL, - stdout=out, stderr=err) - with open(status_filename, 'w') as status_file: - status_file.write('{}\n'.format(status)) - return stem + "+", data_filename - -### A list of symbols to test with. -### This script currently tests what happens when you change a symbol from -### having a value to not having a value or vice versa. This is not -### necessarily useful behavior, and we may not consider it a bug if -### config.py stops handling that case correctly. -TEST_SYMBOLS = [ - 'CUSTOM_SYMBOL', # does not exist - 'PSA_WANT_KEY_TYPE_AES', # set, no value - 'MBEDTLS_MPI_MAX_SIZE', # unset, has a value - 'MBEDTLS_NO_UDBL_DIVISION', # unset, in "System support" - 'MBEDTLS_PLATFORM_ZEROIZE_ALT', # unset, in "Customisation configuration options" -] - -def run_all(options): - """Run all the command lines to test.""" - presets = list_presets(options) - for preset in presets: - run_one(options, [preset]) - for symbol in TEST_SYMBOLS: - run_one(options, ['get', symbol]) - (stem, filename) = run_one(options, ['set', symbol]) - run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename) - run_one(options, ['--force', 'set', symbol]) - (stem, filename) = run_one(options, ['set', symbol, 'value']) - run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename) - run_one(options, ['--force', 'set', symbol, 'value']) - run_one(options, ['unset', symbol]) - -def main(): - """Command line entry point.""" - parser = argparse.ArgumentParser(description=__doc__, - formatter_class=argparse.RawDescriptionHelpFormatter) - parser.add_argument('-d', metavar='DIR', - dest='output_directory', required=True, - help="""Output directory.""") - parser.add_argument('-f', metavar='FILE', - dest='input_file', default='include/mbedtls/mbedtls_config.h', - help="""Config file (default: %(default)s).""") - parser.add_argument('-p', metavar='PRESET,...', - dest='presets', - help="""Presets to test (default: guessed from --help).""") - parser.add_argument('-s', metavar='FILE', - dest='script', default='scripts/config.py', - help="""Configuration script (default: %(default)s).""") - options = parser.parse_args() - prepare_directory(options.output_directory) - run_all(options) - -if __name__ == '__main__': - main() diff --git a/tests/src/certs.c b/tests/src/certs.c deleted file mode 100644 index c45f0628c0..0000000000 --- a/tests/src/certs.c +++ /dev/null @@ -1,483 +0,0 @@ -/* - * X.509 test certificates - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "tf_psa_crypto_common.h" - -#include - -#include "mbedtls/build_info.h" - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include "test/test_certs.h" - -/* - * - * Test certificates and keys as C variables - * - */ - -/* - * CA - */ - -const char mbedtls_test_ca_crt_ec_pem[] = TEST_CA_CRT_EC_PEM; -const char mbedtls_test_ca_key_ec_pem[] = TEST_CA_KEY_EC_PEM; -const char mbedtls_test_ca_pwd_ec_pem[] = TEST_CA_PWD_EC_PEM; -const char mbedtls_test_ca_key_rsa_pem[] = TEST_CA_KEY_RSA_PEM; -const char mbedtls_test_ca_pwd_rsa_pem[] = TEST_CA_PWD_RSA_PEM; -const char mbedtls_test_ca_crt_rsa_sha1_pem[] = TEST_CA_CRT_RSA_SHA1_PEM; -const char mbedtls_test_ca_crt_rsa_sha256_pem[] = TEST_CA_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_ca_crt_ec_der[] = TEST_CA_CRT_EC_DER; -const unsigned char mbedtls_test_ca_key_ec_der[] = TEST_CA_KEY_EC_DER; -const unsigned char mbedtls_test_ca_key_rsa_der[] = TEST_CA_KEY_RSA_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[] = - TEST_CA_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = - TEST_CA_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_ca_crt_ec_pem_len = - sizeof(mbedtls_test_ca_crt_ec_pem); -const size_t mbedtls_test_ca_key_ec_pem_len = - sizeof(mbedtls_test_ca_key_ec_pem); -const size_t mbedtls_test_ca_pwd_ec_pem_len = - sizeof(mbedtls_test_ca_pwd_ec_pem) - 1; -const size_t mbedtls_test_ca_key_rsa_pem_len = - sizeof(mbedtls_test_ca_key_rsa_pem); -const size_t mbedtls_test_ca_pwd_rsa_pem_len = - sizeof(mbedtls_test_ca_pwd_rsa_pem) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1_pem); -const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256_pem); - -const size_t mbedtls_test_ca_crt_ec_der_len = - sizeof(mbedtls_test_ca_crt_ec_der); -const size_t mbedtls_test_ca_key_ec_der_len = - sizeof(mbedtls_test_ca_key_ec_der); -const size_t mbedtls_test_ca_pwd_ec_der_len = 0; -const size_t mbedtls_test_ca_key_rsa_der_len = - sizeof(mbedtls_test_ca_key_rsa_der); -const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; -const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1_der); -const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256_der); - -/* - * Server - */ - -const char mbedtls_test_srv_crt_ec_pem[] = TEST_SRV_CRT_EC_PEM; -const char mbedtls_test_srv_key_ec_pem[] = TEST_SRV_KEY_EC_PEM; -const char mbedtls_test_srv_pwd_ec_pem[] = ""; -const char mbedtls_test_srv_key_rsa_pem[] = TEST_SRV_KEY_RSA_PEM; -const char mbedtls_test_srv_pwd_rsa_pem[] = ""; -const char mbedtls_test_srv_crt_rsa_sha1_pem[] = TEST_SRV_CRT_RSA_SHA1_PEM; -const char mbedtls_test_srv_crt_rsa_sha256_pem[] = TEST_SRV_CRT_RSA_SHA256_PEM; - -const unsigned char mbedtls_test_srv_crt_ec_der[] = TEST_SRV_CRT_EC_DER; -const unsigned char mbedtls_test_srv_key_ec_der[] = TEST_SRV_KEY_EC_DER; -const unsigned char mbedtls_test_srv_key_rsa_der[] = TEST_SRV_KEY_RSA_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[] = - TEST_SRV_CRT_RSA_SHA1_DER; -const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = - TEST_SRV_CRT_RSA_SHA256_DER; - -const size_t mbedtls_test_srv_crt_ec_pem_len = - sizeof(mbedtls_test_srv_crt_ec_pem); -const size_t mbedtls_test_srv_key_ec_pem_len = - sizeof(mbedtls_test_srv_key_ec_pem); -const size_t mbedtls_test_srv_pwd_ec_pem_len = - sizeof(mbedtls_test_srv_pwd_ec_pem) - 1; -const size_t mbedtls_test_srv_key_rsa_pem_len = - sizeof(mbedtls_test_srv_key_rsa_pem); -const size_t mbedtls_test_srv_pwd_rsa_pem_len = - sizeof(mbedtls_test_srv_pwd_rsa_pem) - 1; -const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1_pem); -const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256_pem); - -const size_t mbedtls_test_srv_crt_ec_der_len = - sizeof(mbedtls_test_srv_crt_ec_der); -const size_t mbedtls_test_srv_key_ec_der_len = - sizeof(mbedtls_test_srv_key_ec_der); -const size_t mbedtls_test_srv_pwd_ec_der_len = 0; -const size_t mbedtls_test_srv_key_rsa_der_len = - sizeof(mbedtls_test_srv_key_rsa_der); -const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; -const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1_der); -const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256_der); - -/* - * Client - */ - -const char mbedtls_test_cli_crt_ec_pem[] = TEST_CLI_CRT_EC_PEM; -const char mbedtls_test_cli_key_ec_pem[] = TEST_CLI_KEY_EC_PEM; -const char mbedtls_test_cli_pwd_ec_pem[] = ""; -const char mbedtls_test_cli_key_rsa_pem[] = TEST_CLI_KEY_RSA_PEM; -const char mbedtls_test_cli_pwd_rsa_pem[] = ""; -const char mbedtls_test_cli_crt_rsa_pem[] = TEST_CLI_CRT_RSA_PEM; - -const unsigned char mbedtls_test_cli_crt_ec_der[] = TEST_CLI_CRT_EC_DER; -const unsigned char mbedtls_test_cli_key_ec_der[] = TEST_CLI_KEY_EC_DER; -const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; -const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; - -const size_t mbedtls_test_cli_crt_ec_pem_len = - sizeof(mbedtls_test_cli_crt_ec_pem); -const size_t mbedtls_test_cli_key_ec_pem_len = - sizeof(mbedtls_test_cli_key_ec_pem); -const size_t mbedtls_test_cli_pwd_ec_pem_len = - sizeof(mbedtls_test_cli_pwd_ec_pem) - 1; -const size_t mbedtls_test_cli_key_rsa_pem_len = - sizeof(mbedtls_test_cli_key_rsa_pem); -const size_t mbedtls_test_cli_pwd_rsa_pem_len = - sizeof(mbedtls_test_cli_pwd_rsa_pem) - 1; -const size_t mbedtls_test_cli_crt_rsa_pem_len = - sizeof(mbedtls_test_cli_crt_rsa_pem); - -const size_t mbedtls_test_cli_crt_ec_der_len = - sizeof(mbedtls_test_cli_crt_ec_der); -const size_t mbedtls_test_cli_key_ec_der_len = - sizeof(mbedtls_test_cli_key_ec_der); -const size_t mbedtls_test_cli_key_rsa_der_len = - sizeof(mbedtls_test_cli_key_rsa_der); -const size_t mbedtls_test_cli_crt_rsa_der_len = - sizeof(mbedtls_test_cli_crt_rsa_der); - -/* - * - * Definitions of test CRTs without specification of all parameters, choosing - * them automatically according to the config. For example, mbedtls_test_ca_crt - * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}. - * - */ - -/* - * Dispatch between PEM and DER according to config - */ - -#if defined(MBEDTLS_PEM_PARSE_C) - -/* PEM encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_PEM -#define TEST_CA_PWD_RSA TEST_CA_PWD_RSA_PEM -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_PEM -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_PEM -#define TEST_CA_PWD_EC TEST_CA_PWD_EC_PEM -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_PEM - -/* PEM encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_PEM -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_PEM -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_PEM -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_PEM - -/* PEM encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_PEM -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_PEM -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_PEM -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_PEM - -#else /* MBEDTLS_PEM_PARSE_C */ - -/* DER encoded test CA certificates and keys */ - -#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_DER -#define TEST_CA_PWD_RSA "" -#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER -#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_DER -#define TEST_CA_KEY_EC TEST_CA_KEY_EC_DER -#define TEST_CA_PWD_EC "" -#define TEST_CA_CRT_EC TEST_CA_CRT_EC_DER - -/* DER encoded test server certificates and keys */ - -#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_DER -#define TEST_SRV_PWD_RSA "" -#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER -#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_DER -#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_DER -#define TEST_SRV_PWD_EC "" -#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_DER - -/* DER encoded test client certificates and keys */ - -#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_DER -#define TEST_CLI_PWD_RSA "" -#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_DER -#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_DER -#define TEST_CLI_PWD_EC "" -#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_DER - -#endif /* MBEDTLS_PEM_PARSE_C */ - -const char mbedtls_test_ca_key_rsa[] = TEST_CA_KEY_RSA; -const char mbedtls_test_ca_pwd_rsa[] = TEST_CA_PWD_RSA; -const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; -const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -const char mbedtls_test_ca_key_ec[] = TEST_CA_KEY_EC; -const char mbedtls_test_ca_pwd_ec[] = TEST_CA_PWD_EC; -const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC; - -const char mbedtls_test_srv_key_rsa[] = TEST_SRV_KEY_RSA; -const char mbedtls_test_srv_pwd_rsa[] = TEST_SRV_PWD_RSA; -const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256; -const char mbedtls_test_srv_crt_rsa_sha1[] = TEST_SRV_CRT_RSA_SHA1; -const char mbedtls_test_srv_key_ec[] = TEST_SRV_KEY_EC; -const char mbedtls_test_srv_pwd_ec[] = TEST_SRV_PWD_EC; -const char mbedtls_test_srv_crt_ec[] = TEST_SRV_CRT_EC; - -const char mbedtls_test_cli_key_rsa[] = TEST_CLI_KEY_RSA; -const char mbedtls_test_cli_pwd_rsa[] = TEST_CLI_PWD_RSA; -const char mbedtls_test_cli_crt_rsa[] = TEST_CLI_CRT_RSA; -const char mbedtls_test_cli_key_ec[] = TEST_CLI_KEY_EC; -const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; -const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; - -const size_t mbedtls_test_ca_key_rsa_len = - sizeof(mbedtls_test_ca_key_rsa); -const size_t mbedtls_test_ca_pwd_rsa_len = - sizeof(mbedtls_test_ca_pwd_rsa) - 1; -const size_t mbedtls_test_ca_crt_rsa_sha256_len = - sizeof(mbedtls_test_ca_crt_rsa_sha256); -const size_t mbedtls_test_ca_crt_rsa_sha1_len = - sizeof(mbedtls_test_ca_crt_rsa_sha1); -const size_t mbedtls_test_ca_key_ec_len = - sizeof(mbedtls_test_ca_key_ec); -const size_t mbedtls_test_ca_pwd_ec_len = - sizeof(mbedtls_test_ca_pwd_ec) - 1; -const size_t mbedtls_test_ca_crt_ec_len = - sizeof(mbedtls_test_ca_crt_ec); - -const size_t mbedtls_test_srv_key_rsa_len = - sizeof(mbedtls_test_srv_key_rsa); -const size_t mbedtls_test_srv_pwd_rsa_len = - sizeof(mbedtls_test_srv_pwd_rsa) -1; -const size_t mbedtls_test_srv_crt_rsa_sha256_len = - sizeof(mbedtls_test_srv_crt_rsa_sha256); -const size_t mbedtls_test_srv_crt_rsa_sha1_len = - sizeof(mbedtls_test_srv_crt_rsa_sha1); -const size_t mbedtls_test_srv_key_ec_len = - sizeof(mbedtls_test_srv_key_ec); -const size_t mbedtls_test_srv_pwd_ec_len = - sizeof(mbedtls_test_srv_pwd_ec) - 1; -const size_t mbedtls_test_srv_crt_ec_len = - sizeof(mbedtls_test_srv_crt_ec); - -const size_t mbedtls_test_cli_key_rsa_len = - sizeof(mbedtls_test_cli_key_rsa); -const size_t mbedtls_test_cli_pwd_rsa_len = - sizeof(mbedtls_test_cli_pwd_rsa) - 1; -const size_t mbedtls_test_cli_crt_rsa_len = - sizeof(mbedtls_test_cli_crt_rsa); -const size_t mbedtls_test_cli_key_ec_len = - sizeof(mbedtls_test_cli_key_ec); -const size_t mbedtls_test_cli_pwd_ec_len = - sizeof(mbedtls_test_cli_pwd_ec) - 1; -const size_t mbedtls_test_cli_crt_ec_len = - sizeof(mbedtls_test_cli_crt_ec); - -/* - * Dispatch between SHA-1 and SHA-256 - */ - -#if defined(PSA_WANT_ALG_SHA_256) -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 -#else -#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 -#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 -#endif /* PSA_WANT_ALG_SHA_256 */ - -const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; -const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; - -const size_t mbedtls_test_ca_crt_rsa_len = - sizeof(mbedtls_test_ca_crt_rsa); -const size_t mbedtls_test_srv_crt_rsa_len = - sizeof(mbedtls_test_srv_crt_rsa); - -/* - * Dispatch between RSA and EC - */ - -#if defined(MBEDTLS_RSA_C) - -#define TEST_CA_KEY TEST_CA_KEY_RSA -#define TEST_CA_PWD TEST_CA_PWD_RSA -#define TEST_CA_CRT TEST_CA_CRT_RSA - -#define TEST_SRV_KEY TEST_SRV_KEY_RSA -#define TEST_SRV_PWD TEST_SRV_PWD_RSA -#define TEST_SRV_CRT TEST_SRV_CRT_RSA - -#define TEST_CLI_KEY TEST_CLI_KEY_RSA -#define TEST_CLI_PWD TEST_CLI_PWD_RSA -#define TEST_CLI_CRT TEST_CLI_CRT_RSA - -#else /* no RSA, so assume ECDSA */ - -#define TEST_CA_KEY TEST_CA_KEY_EC -#define TEST_CA_PWD TEST_CA_PWD_EC -#define TEST_CA_CRT TEST_CA_CRT_EC - -#define TEST_SRV_KEY TEST_SRV_KEY_EC -#define TEST_SRV_PWD TEST_SRV_PWD_EC -#define TEST_SRV_CRT TEST_SRV_CRT_EC - -#define TEST_CLI_KEY TEST_CLI_KEY_EC -#define TEST_CLI_PWD TEST_CLI_PWD_EC -#define TEST_CLI_CRT TEST_CLI_CRT_EC -#endif /* MBEDTLS_RSA_C */ - -/* API stability forces us to declare - * mbedtls_test_{ca|srv|cli}_{key|pwd|crt} - * as pointers. */ -static const char test_ca_key[] = TEST_CA_KEY; -static const char test_ca_pwd[] = TEST_CA_PWD; -static const char test_ca_crt[] = TEST_CA_CRT; - -static const char test_srv_key[] = TEST_SRV_KEY; -static const char test_srv_pwd[] = TEST_SRV_PWD; -static const char test_srv_crt[] = TEST_SRV_CRT; - -static const char test_cli_key[] = TEST_CLI_KEY; -static const char test_cli_pwd[] = TEST_CLI_PWD; -static const char test_cli_crt[] = TEST_CLI_CRT; - -const char *mbedtls_test_ca_key = test_ca_key; -const char *mbedtls_test_ca_pwd = test_ca_pwd; -const char *mbedtls_test_ca_crt = test_ca_crt; - -const char *mbedtls_test_srv_key = test_srv_key; -const char *mbedtls_test_srv_pwd = test_srv_pwd; -const char *mbedtls_test_srv_crt = test_srv_crt; - -const char *mbedtls_test_cli_key = test_cli_key; -const char *mbedtls_test_cli_pwd = test_cli_pwd; -const char *mbedtls_test_cli_crt = test_cli_crt; - -const size_t mbedtls_test_ca_key_len = - sizeof(test_ca_key); -const size_t mbedtls_test_ca_pwd_len = - sizeof(test_ca_pwd) - 1; -const size_t mbedtls_test_ca_crt_len = - sizeof(test_ca_crt); - -const size_t mbedtls_test_srv_key_len = - sizeof(test_srv_key); -const size_t mbedtls_test_srv_pwd_len = - sizeof(test_srv_pwd) - 1; -const size_t mbedtls_test_srv_crt_len = - sizeof(test_srv_crt); - -const size_t mbedtls_test_cli_key_len = - sizeof(test_cli_key); -const size_t mbedtls_test_cli_pwd_len = - sizeof(test_cli_pwd) - 1; -const size_t mbedtls_test_cli_crt_len = - sizeof(test_cli_crt); - -/* - * - * Lists of certificates - * - */ - -/* List of CAs in PEM or DER, depending on config */ -const char *mbedtls_test_cas[] = { -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_1) - mbedtls_test_ca_crt_rsa_sha1, -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - mbedtls_test_ca_crt_rsa_sha256, -#endif -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - mbedtls_test_ca_crt_ec, -#endif - NULL -}; -const size_t mbedtls_test_cas_len[] = { -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_1) - sizeof(mbedtls_test_ca_crt_rsa_sha1), -#endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) - sizeof(mbedtls_test_ca_crt_rsa_sha256), -#endif -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - sizeof(mbedtls_test_ca_crt_ec), -#endif - 0 -}; - -/* List of all available CA certificates in DER format */ -const unsigned char *mbedtls_test_cas_der[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - mbedtls_test_ca_crt_rsa_sha256_der, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - mbedtls_test_ca_crt_rsa_sha1_der, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - mbedtls_test_ca_crt_ec_der, -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - NULL -}; - -const size_t mbedtls_test_cas_der_len[] = { -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - sizeof(mbedtls_test_ca_crt_rsa_sha256_der), -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - sizeof(mbedtls_test_ca_crt_rsa_sha1_der), -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - sizeof(mbedtls_test_ca_crt_ec_der), -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - 0 -}; - -/* Concatenation of all available CA certificates in PEM format */ -#if defined(MBEDTLS_PEM_PARSE_C) -const char mbedtls_test_cas_pem[] = -#if defined(MBEDTLS_RSA_C) -#if defined(PSA_WANT_ALG_SHA_256) - TEST_CA_CRT_RSA_SHA256_PEM -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_1) - TEST_CA_CRT_RSA_SHA1_PEM -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) - TEST_CA_CRT_EC_PEM -#endif /* PSA_HAVE_ALG_SOME_ECDSA */ - ""; -const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem); -#endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c deleted file mode 100644 index 83dac17419..0000000000 --- a/tests/src/test_helpers/ssl_helpers.c +++ /dev/null @@ -1,2613 +0,0 @@ -/** \file ssl_helpers.c - * - * \brief Helper functions to set up a TLS connection. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include "mbedtls/psa_util.h" - -#include - -#if defined(MBEDTLS_SSL_TLS_C) -int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) -{ - (void) p_rng; - for (size_t i = 0; i < output_len; i++) { - output[i] = rand(); - } - - return 0; -} - -void mbedtls_test_ssl_log_analyzer(void *ctx, int level, - const char *file, int line, - const char *str) -{ - mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; - -/* Change 0 to 1 for debugging of test cases that use this function. */ -#if 0 - const char *q, *basename; - /* Extract basename from file */ - for (q = basename = file; *q != '\0'; q++) { - if (*q == '/' || *q == '\\') { - basename = q + 1; - } - } - printf("%s:%04d: |%d| %s", - basename, line, level, str); -#else - (void) level; - (void) line; - (void) file; -#endif - - if (NULL != p && - NULL != p->pattern && - NULL != strstr(str, p->pattern)) { - p->counter++; - } -} - -void mbedtls_test_init_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - static int rng_seed = 0xBEEF; - - srand(rng_seed); - rng_seed += 0xD0; -#endif - - memset(opts, 0, sizeof(*opts)); - - opts->cipher = ""; - opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; - opts->pk_alg = MBEDTLS_PK_RSA; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; - opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; - opts->cli_msg_len = 100; - opts->srv_msg_len = 100; - opts->expected_cli_fragments = 1; - opts->expected_srv_fragments = 1; - opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->resize_buffers = 1; - opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - opts->max_early_data_size = -1; -#if defined(MBEDTLS_SSL_CACHE_C) - TEST_CALLOC(opts->cache, 1); - mbedtls_ssl_cache_init(opts->cache); -#if defined(MBEDTLS_HAVE_TIME) - TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), - MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT); -#endif -exit: - return; -#endif -} - -void mbedtls_test_free_handshake_options( - mbedtls_test_handshake_test_options *opts) -{ -#if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(opts->cache); - mbedtls_free(opts->cache); -#else - (void) opts; -#endif -} - -#if defined(MBEDTLS_TEST_HOOKS) -static void set_chk_buf_ptr_args( - mbedtls_ssl_chk_buf_ptr_args *args, - unsigned char *cur, unsigned char *end, size_t need) -{ - args->cur = cur; - args->end = end; - args->need = need; -} - -static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) -{ - memset(args, 0, sizeof(*args)); -} -#endif /* MBEDTLS_TEST_HOOKS */ - -void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) -{ - memset(buf, 0, sizeof(*buf)); -} - -int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, - size_t capacity) -{ - buf->buffer = (unsigned char *) mbedtls_calloc(capacity, - sizeof(unsigned char)); - if (NULL == buf->buffer) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - buf->capacity = capacity; - - return 0; -} - -void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) -{ - if (buf->buffer != NULL) { - mbedtls_free(buf->buffer); - } - - memset(buf, 0, sizeof(*buf)); -} - -int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, - const unsigned char *input, size_t input_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - /* Reduce input_len to a number that fits in the buffer. */ - if ((buf->content_length + input_len) > buf->capacity) { - input_len = buf->capacity - buf->content_length; - } - - if (input == NULL) { - return (input_len == 0) ? 0 : -1; - } - - /* Check if the buffer has not come full circle and free space is not in - * the middle */ - if (buf->start + buf->content_length < buf->capacity) { - - /* Calculate the number of bytes that need to be placed at lower memory - * address */ - if (buf->start + buf->content_length + input_len - > buf->capacity) { - overflow = (buf->start + buf->content_length + input_len) - % buf->capacity; - } - - memcpy(buf->buffer + buf->start + buf->content_length, input, - input_len - overflow); - memcpy(buf->buffer, input + input_len - overflow, overflow); - - } else { - /* The buffer has come full circle and free space is in the middle */ - memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, - input, input_len); - } - - buf->content_length += input_len; - return (input_len > INT_MAX) ? INT_MAX : (int) input_len; -} - -int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, - unsigned char *output, size_t output_len) -{ - size_t overflow = 0; - - if ((buf == NULL) || (buf->buffer == NULL)) { - return -1; - } - - if (output == NULL && output_len == 0) { - return 0; - } - - if (buf->content_length < output_len) { - output_len = buf->content_length; - } - - /* Calculate the number of bytes that need to be drawn from lower memory - * address */ - if (buf->start + output_len > buf->capacity) { - overflow = (buf->start + output_len) % buf->capacity; - } - - if (output != NULL) { - memcpy(output, buf->buffer + buf->start, output_len - overflow); - memcpy(output + output_len - overflow, buf->buffer, overflow); - } - - buf->content_length -= output_len; - buf->start = (buf->start + output_len) % buf->capacity; - - return (output_len > INT_MAX) ? INT_MAX : (int) output_len; -} - -int mbedtls_test_ssl_message_queue_setup( - mbedtls_test_ssl_message_queue *queue, size_t capacity) -{ - queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); - if (NULL == queue->messages) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; - queue->pos = 0; - queue->num = 0; - - return 0; -} - -void mbedtls_test_ssl_message_queue_free( - mbedtls_test_ssl_message_queue *queue) -{ - if (queue == NULL) { - return; - } - - if (queue->messages != NULL) { - mbedtls_free(queue->messages); - } - - memset(queue, 0, sizeof(*queue)); -} - -int mbedtls_test_ssl_message_queue_push_info( - mbedtls_test_ssl_message_queue *queue, size_t len) -{ - int place; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - place = (queue->pos + queue->num) % queue->capacity; - queue->messages[place] = len; - queue->num++; - return (len > INT_MAX) ? INT_MAX : (int) len; -} - -int mbedtls_test_ssl_message_queue_pop_info( - mbedtls_test_ssl_message_queue *queue, size_t buf_len) -{ - size_t message_length; - if (queue == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - message_length = queue->messages[queue->pos]; - queue->messages[queue->pos] = 0; - queue->num--; - queue->pos++; - queue->pos %= queue->capacity; - if (queue->pos < 0) { - queue->pos += queue->capacity; - } - - return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : - (message_length > buf_len) ? (int) buf_len : (int) message_length; -} - -/* - * Take a peek on the info about the next message length from the queue. - * This will be the oldest inserted message length(fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval 0, if the peek was successful. - * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is - * too small to fit the message. In this case the \p msg_len will be - * set to the full message length so that the - * caller knows what portion of the message can be dropped. - */ -static int test_ssl_message_queue_peek_info( - mbedtls_test_ssl_message_queue *queue, - size_t buf_len, size_t *msg_len) -{ - if (queue == NULL || msg_len == NULL) { - return MBEDTLS_TEST_ERROR_ARG_NULL; - } - if (queue->num == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - *msg_len = queue->messages[queue->pos]; - return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; -} - -void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket) -{ - memset(socket, 0, sizeof(*socket)); -} - -void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) -{ - if (socket == NULL) { - return; - } - - if (socket->input != NULL) { - mbedtls_test_ssl_buffer_free(socket->input); - mbedtls_free(socket->input); - } - - if (socket->output != NULL) { - mbedtls_test_ssl_buffer_free(socket->output); - mbedtls_free(socket->output); - } - - if (socket->peer != NULL) { - memset(socket->peer, 0, sizeof(*socket->peer)); - } - - memset(socket, 0, sizeof(*socket)); -} - -int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, - mbedtls_test_mock_socket *peer2, - size_t bufsize) -{ - int ret = -1; - - peer1->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer1->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer1->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { - goto exit; - } - - peer2->output = - (mbedtls_test_ssl_buffer *) mbedtls_calloc( - 1, sizeof(mbedtls_test_ssl_buffer)); - if (peer2->output == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - mbedtls_test_ssl_buffer_init(peer2->output); - if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { - goto exit; - } - - peer1->peer = peer2; - peer2->peer = peer1; - peer1->input = peer2->output; - peer2->input = peer1->output; - - peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; - ret = 0; - -exit: - - if (ret != 0) { - mbedtls_test_mock_socket_close(peer1); - mbedtls_test_mock_socket_close(peer2); - } - - return ret; -} - -int mbedtls_test_mock_tcp_send_b(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -int mbedtls_test_mock_tcp_send_nb(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->output->capacity == socket->output->content_length) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - return mbedtls_test_ssl_buffer_put(socket->output, buf, len); -} - -int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) -{ - mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; - - if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { - return -1; - } - - if (socket->input->content_length == 0) { - return MBEDTLS_ERR_SSL_WANT_READ; - } - - return mbedtls_test_ssl_buffer_get(socket->input, buf, len); -} - -void mbedtls_test_message_socket_init( - mbedtls_test_message_socket_context *ctx) -{ - ctx->queue_input = NULL; - ctx->queue_output = NULL; - ctx->socket = NULL; -} - -int mbedtls_test_message_socket_setup( - mbedtls_test_ssl_message_queue *queue_input, - mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, - mbedtls_test_mock_socket *socket, - mbedtls_test_message_socket_context *ctx) -{ - int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); - if (ret != 0) { - return ret; - } - ctx->queue_input = queue_input; - ctx->queue_output = queue_output; - ctx->socket = socket; - mbedtls_test_mock_socket_init(socket); - - return 0; -} - -void mbedtls_test_message_socket_close( - mbedtls_test_message_socket_context *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_test_ssl_message_queue_free(ctx->queue_input); - mbedtls_test_mock_socket_close(ctx->socket); - memset(ctx, 0, sizeof(*ctx)); -} - -int mbedtls_test_mock_tcp_send_msg(void *ctx, - const unsigned char *buf, size_t len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - - if (context == NULL || context->socket == NULL - || context->queue_output == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_output; - socket = context->socket; - - if (queue->num >= queue->capacity) { - return MBEDTLS_ERR_SSL_WANT_WRITE; - } - - if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { - return MBEDTLS_TEST_ERROR_SEND_FAILED; - } - - return mbedtls_test_ssl_message_queue_push_info(queue, len); -} - -int mbedtls_test_mock_tcp_recv_msg(void *ctx, - unsigned char *buf, size_t buf_len) -{ - mbedtls_test_ssl_message_queue *queue; - mbedtls_test_mock_socket *socket; - mbedtls_test_message_socket_context *context = - (mbedtls_test_message_socket_context *) ctx; - size_t drop_len = 0; - size_t msg_len; - int ret; - - if (context == NULL || context->socket == NULL - || context->queue_input == NULL) { - return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; - } - - queue = context->queue_input; - socket = context->socket; - - /* Peek first, so that in case of a socket error the data remains in - * the queue. */ - ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len); - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Calculate how much to drop */ - drop_len = msg_len - buf_len; - - /* Set the requested message len to be buffer length */ - msg_len = buf_len; - } else if (ret != 0) { - return ret; - } - - if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { - return MBEDTLS_TEST_ERROR_RECV_FAILED; - } - - if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { - /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != - (int) drop_len) { - /* Inconsistent state - part of the message was read, - * and a part couldn't. Not much we can do here, but it should not - * happen in test environment, unless forced manually. */ - } - } - ret = mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - if (ret < 0) { - return ret; - } - - return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; -} - - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_SSL_SRV_C) -static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - (void) p_info; - (void) ssl; - (void) name; - (void) name_len; - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep, - const char *cipher) -{ - if (cipher == NULL || cipher[0] == 0) { - return 1; - } - - int ok = 0; - - TEST_CALLOC(ep->ciphersuites, 2); - ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - ep->ciphersuites[1] = 0; - - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]); - - TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version); - - if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) { - ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; - } - if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) { - ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; - } - - mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites); - ok = 1; - -exit: - return ok; -} - -/* - * Deinitializes certificates from endpoint represented by \p ep. - */ -static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) -{ - if (ep->ca_chain != NULL) { - mbedtls_x509_crt_free(ep->ca_chain); - mbedtls_free(ep->ca_chain); - ep->ca_chain = NULL; - } - if (ep->cert != NULL) { - mbedtls_x509_crt_free(ep->cert); - mbedtls_free(ep->cert); - ep->cert = NULL; - } - if (ep->pkey != NULL) { - if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) { - psa_destroy_key(ep->pkey->priv_id); - } - mbedtls_pk_free(ep->pkey); - mbedtls_free(ep->pkey); - ep->pkey = NULL; - } -} - -static int load_endpoint_rsa(mbedtls_test_ssl_endpoint *ep) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_EQUAL(ret, 0); - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } else { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); - TEST_EQUAL(ret, 0); - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } - -exit: - return ret; -} - -static int load_endpoint_ecc(mbedtls_test_ssl_endpoint *ep) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); - TEST_EQUAL(ret, 0); - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } else { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); - TEST_EQUAL(ret, 0); - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } - -exit: - return ret; -} - -int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, - int pk_alg, - int opaque_alg, int opaque_alg2, - int opaque_usage) -{ - int i = 0; - int ret = -1; - int ok = 0; - mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - TEST_CALLOC(ep->ca_chain, 1); - TEST_CALLOC(ep->cert, 1); - TEST_CALLOC(ep->pkey, 1); - - mbedtls_x509_crt_init(ep->ca_chain); - mbedtls_x509_crt_init(ep->cert); - mbedtls_pk_init(ep->pkey); - - /* Load the trusted CA */ - - for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { - ret = mbedtls_x509_crt_parse_der( - ep->ca_chain, - (const unsigned char *) mbedtls_test_cas_der[i], - mbedtls_test_cas_der_len[i]); - TEST_EQUAL(ret, 0); - } - - /* Load own certificate and private key */ - - if (pk_alg == MBEDTLS_PK_RSA) { - TEST_EQUAL(load_endpoint_rsa(ep), 0); - } else { - TEST_EQUAL(load_endpoint_ecc(ep), 0); - } - - if (opaque_alg != 0) { - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH, - &key_attr), 0); - /* Then manually usage, alg and alg2 as requested by the test. */ - psa_set_key_usage_flags(&key_attr, opaque_usage); - psa_set_key_algorithm(&key_attr, opaque_alg); - if (opaque_alg2 != PSA_ALG_NONE) { - psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); - } - TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0); - mbedtls_pk_free(ep->pkey); - mbedtls_pk_init(ep->pkey); - TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0); - } - - mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, - ep->pkey); - TEST_EQUAL(ret, 0); - - ok = 1; - -exit: - if (ret == 0 && !ok) { - /* Exiting due to a test assertion that isn't ret == 0 */ - ret = -1; - } - if (ret != 0) { - test_ssl_endpoint_certificate_free(ep); - } - - return ret; -} - -int mbedtls_test_ssl_endpoint_init_conf( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options) -{ - int ret = -1; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif - - if (ep == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memset(ep, 0, sizeof(*ep)); - - ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; - - mbedtls_ssl_init(&(ep->ssl)); - mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_test_message_socket_init(&ep->dtls_context); - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); - - (void) mbedtls_test_rnd_std_rand(NULL, - (void *) &ep->user_data_cookie, - sizeof(ep->user_data_cookie)); - mbedtls_ssl_conf_set_user_data_n(&ep->conf, ep->user_data_cookie); - mbedtls_ssl_set_user_data_n(&ep->ssl, ep->user_data_cookie); - - mbedtls_test_mock_socket_init(&(ep->socket)); - - ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, - options->dtls ? - MBEDTLS_SSL_TRANSPORT_DATAGRAM : - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - TEST_EQUAL(ret, 0); - - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&(ep->conf), - options->client_min_version); - } - - if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&(ep->conf), - options->client_max_version); - } - } else { - if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&(ep->conf), - options->server_min_version); - } - - if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&(ep->conf), - options->server_max_version); - } - } - - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - TEST_ASSERT(set_ciphersuite(ep, options->cipher)); - } - - if (options->group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); - } - - if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { - mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode); - } else { - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); - } - -#if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && - (options->max_early_data_size >= 0)) { - mbedtls_ssl_conf_max_early_data_size(&(ep->conf), - options->max_early_data_size); - } -#endif - -#if defined(MBEDTLS_SSL_ALPN) - /* check that alpn_list contains at least one valid entry */ - if (options->alpn_list[0] != NULL) { - mbedtls_ssl_conf_alpn_protocols(&(ep->conf), options->alpn_list); - } -#endif -#endif - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&ep->conf, - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_legacy_renegotiation(&ep->conf, - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { - mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, - mbedtls_ssl_cache_get, - mbedtls_ssl_cache_set); - } -#endif - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&ep->conf, - (unsigned char) options->mfl), - 0); -#else - TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->dtls) { - mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); - } -#endif - -#if defined(MBEDTLS_DEBUG_C) -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && - options->srv_log_fun != NULL) { - mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, - options->srv_log_obj); - } -#endif -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && - options->cli_log_fun != NULL) { - mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, - options->cli_log_obj); - } -#endif -#endif /* MBEDTLS_DEBUG_C */ - - ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, - options->opaque_alg, - options->opaque_alg2, - options->opaque_usage); - TEST_EQUAL(ret, 0); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_EQUAL(mbedtls_ssl_conf_psk( - &ep->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); -#if defined(MBEDTLS_SSL_SRV_C) - if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { - mbedtls_ssl_conf_psk_cb(&ep->conf, psk_dummy_callback, NULL); - } -#endif - } -#endif - - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), - ep->user_data_cookie); - mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); - - return 0; - -exit: - if (ret == 0) { - /* Exiting due to a test assertion that isn't ret == 0 */ - ret = -1; - } - return ret; -} - -int mbedtls_test_ssl_endpoint_init_ssl( - mbedtls_test_ssl_endpoint *ep, - const mbedtls_test_handshake_test_options *options) -{ - int endpoint_type = mbedtls_ssl_conf_get_endpoint(&ep->conf); - int ret = -1; - - ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_EQUAL(ret, 0); - - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); - TEST_EQUAL(ret, 0); - } - - /* Non-blocking callbacks without timeout */ - if (options->dtls) { - mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_test_mock_tcp_send_nb, - mbedtls_test_mock_tcp_recv_nb, - NULL); - } - - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), ep->user_data_cookie); - mbedtls_ssl_set_user_data_p(&ep->ssl, ep); - - return 0; - -exit: - if (ret == 0) { - /* Exiting due to a test assertion that isn't ret == 0 */ - ret = -1; - } - return ret; -} - -int mbedtls_test_ssl_endpoint_init( - mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options) -{ - int ret = mbedtls_test_ssl_endpoint_init_conf(ep, endpoint_type, options); - if (ret != 0) { - return ret; - } - ret = mbedtls_test_ssl_endpoint_init_ssl(ep, options); - return ret; -} - -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep) -{ - mbedtls_ssl_free(&(ep->ssl)); - mbedtls_ssl_config_free(&(ep->conf)); - - mbedtls_free(ep->ciphersuites); - ep->ciphersuites = NULL; - test_ssl_endpoint_certificate_free(ep); - - if (ep->dtls_context.socket != NULL) { - mbedtls_test_message_socket_close(&ep->dtls_context); - } else { - mbedtls_test_mock_socket_close(&(ep->socket)); - } -} - -int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, - mbedtls_test_ssl_endpoint *server) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_test_message_socket_setup(&client->queue_input, - &server->queue_input, - 100, &(client->socket), - &client->dtls_context); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_message_socket_setup(&server->queue_input, - &client->queue_input, - 100, &(server->socket), - &server->dtls_context); - TEST_EQUAL(ret, 0); - -exit: - return ret; -} - -int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, - mbedtls_ssl_context *second_ssl, - int state) -{ - enum { BUFFSIZE = 1024 }; - int max_steps = 1000; - int ret = 0; - - if (ssl == NULL || second_ssl == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Perform communication via connected sockets */ - while ((ssl->state != state) && (--max_steps >= 0)) { - /* If /p second_ssl ends the handshake procedure before /p ssl then - * there is no need to call the next step */ - if (!mbedtls_ssl_is_handshake_over(second_ssl)) { - ret = mbedtls_ssl_handshake_step(second_ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - /* We only care about the \p ssl state and returns, so we call it last, - * to leave the iteration as soon as the state is as expected. */ - ret = mbedtls_ssl_handshake_step(ssl); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - } - - return (max_steps >= 0) ? ret : -1; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -/* - * Write application data. Increase write counter if necessary. - */ -static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *written, - const int expected_fragments) -{ - int ret; - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_EQUAL(mbedtls_ssl_write(ssl, NULL, 0), 0); - } - - ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); - if (ret > 0) { - *written += ret; - } - - if (expected_fragments == 0) { - /* Used for DTLS and the message size larger than MFL. In that case - * the message can not be fragmented and the library should return - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned - * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */ - return ret; - } else if (expected_fragments == 1) { - /* Used for TLS/DTLS and the message size lower than MFL */ - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - /* Used for TLS and the message size larger than MFL */ - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -/* - * Read application data and increase read counter and fragments counter - * if necessary. - */ -static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *read, int *fragments, - const int expected_fragments) -{ - int ret; - /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is - * a valid no-op for TLS connections. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_EQUAL(mbedtls_ssl_read(ssl, NULL, 0), 0); - } - - ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); - if (ret > 0) { - (*fragments)++; - *read += ret; - } - - if (expected_fragments == 0) { - TEST_EQUAL(ret, 0); - } else if (expected_fragments == 1) { - TEST_ASSERT(ret == buf_len || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } else { - TEST_ASSERT(expected_fragments > 1); - TEST_ASSERT((ret >= 0 && ret <= buf_len) || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - } - - return 0; - -exit: - /* Some of the tests failed */ - return -1; -} - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES) -int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, - const unsigned char *iv, - size_t iv_len, - const unsigned char *input, - size_t ilen, - unsigned char *output, - size_t *olen) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; - size_t part_len; - - status = psa_cipher_encrypt_setup(&cipher_op, - transform->psa_key_enc, - transform->psa_alg); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_set_iv(&cipher_op, iv, iv_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, - &part_len); - - if (status != PSA_SUCCESS) { - return PSA_TO_MBEDTLS_ERR(status); - } - - *olen += part_len; - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING && - PSA_WANT_KEY_TYPE_AES */ - -static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, - mbedtls_cipher_mode_t *cipher_mode, - size_t *key_bits, size_t *iv_len) -{ - switch (cipher_type) { - case MBEDTLS_CIPHER_AES_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_AES_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_ARIA_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_ARIA_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 128; - *iv_len = 16; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_CBC: - *cipher_mode = MBEDTLS_MODE_CBC; - *key_bits = 256; - *iv_len = 16; - break; - - case MBEDTLS_CIPHER_AES_128_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_192_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_256_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 256; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_192_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_CCM: - *cipher_mode = MBEDTLS_MODE_CCM; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_AES_128_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_192_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_AES_256_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 256; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_128_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 128; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_192_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 192; - *iv_len = 12; - break; - case MBEDTLS_CIPHER_CAMELLIA_256_GCM: - *cipher_mode = MBEDTLS_MODE_GCM; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_CHACHA20_POLY1305: - *cipher_mode = MBEDTLS_MODE_CHACHAPOLY; - *key_bits = 256; - *iv_len = 12; - break; - - case MBEDTLS_CIPHER_NULL: - *cipher_mode = MBEDTLS_MODE_STREAM; - *key_bits = 0; - *iv_len = 0; - break; - - default: - *cipher_mode = MBEDTLS_MODE_NONE; - *key_bits = 0; - *iv_len = 0; - } -} - -int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, - mbedtls_ssl_transform *t_out, - int cipher_type, int hash_id, - int etm, int tag_mode, - mbedtls_ssl_protocol_version tls_version, - size_t cid0_len, - size_t cid1_len) -{ - mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE; - size_t key_bits = 0; - int ret = 0; - - psa_key_type_t key_type; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t keylen, maclen, ivlen = 0; - unsigned char *key0 = NULL, *key1 = NULL; - unsigned char *md0 = NULL, *md1 = NULL; - unsigned char iv_enc[16], iv_dec[16]; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char cid0[SSL_CID_LEN_MIN]; - unsigned char cid1[SSL_CID_LEN_MIN]; - - mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); - mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); -#else - ((void) cid0_len); - ((void) cid1_len); -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - maclen = 0; - mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type, - &cipher_mode, &key_bits, &ivlen); - - /* Pick keys */ - keylen = key_bits / 8; - /* Allocate `keylen + 1` bytes to ensure that we get - * a non-NULL pointers from `mbedtls_calloc` even if - * `keylen == 0` in the case of the NULL cipher. */ - CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); - CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); - memset(key0, 0x1, keylen); - memset(key1, 0x2, keylen); - - /* Setup MAC contexts */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (cipher_mode == MBEDTLS_MODE_CBC || - cipher_mode == MBEDTLS_MODE_STREAM) { - maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); - CHK(maclen != 0); - /* Pick hash keys */ - CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); - CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); - memset(md0, 0x5, maclen); - memset(md1, 0x6, maclen); - - alg = mbedtls_md_psa_alg_from_type(hash_id); - - CHK(alg != 0); - - t_out->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_alg = PSA_ALG_HMAC(alg); - t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; - t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; - - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_in->psa_mac_enc) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_out->psa_mac_enc) == PSA_SUCCESS); - - if (cipher_mode == MBEDTLS_MODE_STREAM || - etm == MBEDTLS_SSL_ETM_DISABLED) { - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - } else { - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); - } - - CHK(psa_import_key(&attributes, - md1, maclen, - &t_in->psa_mac_dec) == PSA_SUCCESS); - - CHK(psa_import_key(&attributes, - md0, maclen, - &t_out->psa_mac_dec) == PSA_SUCCESS); - } -#else - ((void) hash_id); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - - - /* Pick IV's (regardless of whether they - * are being used by the transform). */ - memset(iv_enc, 0x3, sizeof(iv_enc)); - memset(iv_dec, 0x4, sizeof(iv_dec)); - - /* - * Setup transforms - */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - t_out->encrypt_then_mac = etm; - t_in->encrypt_then_mac = etm; -#else - ((void) etm); -#endif - - t_out->tls_version = tls_version; - t_in->tls_version = tls_version; - t_out->ivlen = ivlen; - t_in->ivlen = ivlen; - - switch (cipher_mode) { - case MBEDTLS_MODE_GCM: - case MBEDTLS_MODE_CCM: -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - { - t_out->fixed_ivlen = 4; - t_in->fixed_ivlen = 4; - } - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_CHACHAPOLY: - t_out->fixed_ivlen = 12; - t_in->fixed_ivlen = 12; - t_out->maclen = 0; - t_in->maclen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->taglen = 16; - t_in->taglen = 16; - break; - case 1: /* Partial tag */ - t_out->taglen = 8; - t_in->taglen = 8; - break; - default: - ret = 1; - goto cleanup; - } - break; - - case MBEDTLS_MODE_STREAM: - case MBEDTLS_MODE_CBC: - t_out->fixed_ivlen = 0; /* redundant, must be 0 */ - t_in->fixed_ivlen = 0; /* redundant, must be 0 */ - t_out->taglen = 0; - t_in->taglen = 0; - switch (tag_mode) { - case 0: /* Full tag */ - t_out->maclen = maclen; - t_in->maclen = maclen; - break; - default: - ret = 1; - goto cleanup; - } - break; - default: - ret = 1; - goto cleanup; - break; - } - - /* Setup IV's */ - - memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); - memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); - memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* Add CID */ - memcpy(&t_in->in_cid, cid0, cid0_len); - memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = (uint8_t) cid0_len; - t_in->out_cid_len = (uint8_t) cid1_len; - memcpy(&t_out->in_cid, cid1, cid1_len); - memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = (uint8_t) cid1_len; - t_out->out_cid_len = (uint8_t) cid0_len; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - status = mbedtls_ssl_cipher_to_psa(cipher_type, - t_in->taglen, - &alg, - &key_type, - &key_bits); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - t_in->psa_alg = alg; - t_out->psa_alg = alg; - - if (alg != MBEDTLS_SSL_NULL_CIPHER) { - psa_reset_key_attributes(&attributes); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type); - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_enc); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - - status = psa_import_key(&attributes, - key1, - PSA_BITS_TO_BYTES(key_bits), - &t_in->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - - status = psa_import_key(&attributes, - key0, - PSA_BITS_TO_BYTES(key_bits), - &t_out->psa_key_dec); - - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto cleanup; - } - } - -cleanup: - - mbedtls_free(key0); - mbedtls_free(key1); - - mbedtls_free(md0); - mbedtls_free(md1); - - return ret; -} - -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, - mbedtls_ssl_transform *transform_out) -{ - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - - /* Serialized version of record header for MAC purposes */ - unsigned char add_data[13]; - memcpy(add_data, record->ctr, 8); - add_data[8] = record->type; - add_data[9] = record->ver[0]; - add_data[10] = record->ver[1]; - add_data[11] = (record->data_len >> 8) & 0xff; - add_data[12] = (record->data_len >> 0) & 0xff; - - /* MAC with additional data */ - size_t sign_mac_length = 0; - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, - transform_out->psa_mac_enc, - transform_out->psa_mac_alg)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[PSA_HASH_MAX_SIZE]; - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, - mac, sizeof(mac), - &sign_mac_length)); - memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); - record->data_len += transform_out->maclen; - - return 0; - -exit: - psa_mac_abort(&operation); - return -1; -} -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type, - const char *crt_file) -{ - (void) ticket_len; - -#if defined(MBEDTLS_HAVE_TIME) - session->start = mbedtls_time(NULL) - 42; -#endif - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - - TEST_ASSERT(endpoint_type == MBEDTLS_SSL_IS_CLIENT || - endpoint_type == MBEDTLS_SSL_IS_SERVER); - - session->endpoint = endpoint_type; - session->ciphersuite = 0xabcd; - session->id_len = sizeof(session->id); - memset(session->id, 66, session->id_len); - memset(session->master, 17, sizeof(session->master)); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) - if (crt_file != NULL && strlen(crt_file) != 0) { - mbedtls_x509_crt tmp_crt; - int ret; - - mbedtls_x509_crt_init(&tmp_crt); - ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); - if (ret != 0) { - return ret; - } - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Move temporary CRT. */ - session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); - if (session->peer_cert == NULL) { - return -1; - } - *session->peer_cert = tmp_crt; - memset(&tmp_crt, 0, sizeof(tmp_crt)); -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Calculate digest of temporary CRT. */ - session->peer_cert_digest = - mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); - if (session->peer_cert_digest == NULL) { - return -1; - } - - psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); - size_t hash_size = 0; - psa_status_t status = psa_hash_compute( - psa_alg, tmp_crt.raw.p, - tmp_crt.raw.len, - session->peer_cert_digest, - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, - &hash_size); - ret = PSA_TO_MBEDTLS_ERR(status); - if (ret != 0) { - return ret; - } - session->peer_cert_digest_type = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; - session->peer_cert_digest_len = - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - mbedtls_x509_crt_free(&tmp_crt); - } -#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - (void) crt_file; -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ - session->verify_result = 0xdeadbeef; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_CLI_C) - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } - session->ticket_len = ticket_len; - session->ticket_lifetime = 86401; -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_HAVE_TIME) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->ticket_creation_time = mbedtls_ms_time() - 42; - } -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - session->mfl_code = 1; -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - session->encrypt_then_mac = 1; -#endif - -exit: - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, - int ticket_len, - int endpoint_type) -{ - ((void) ticket_len); - session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; - session->ciphersuite = 0xabcd; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - session->ticket_age_add = 0x87654321; - session->ticket_flags = 0x7; - session->resumption_key_len = 32; - memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); -#endif - -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); - if (ret != 0) { - return -1; - } -#endif -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_creation_time = mbedtls_ms_time() - 42; -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_reception_time = mbedtls_ms_time() - 40; -#endif - session->ticket_lifetime = 0xfedcba98; - - session->ticket_len = ticket_len; - if (ticket_len != 0) { - session->ticket = mbedtls_calloc(1, ticket_len); - if (session->ticket == NULL) { - return -1; - } - memset(session->ticket, 33, ticket_len); - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - char hostname[] = "hostname example"; - session->hostname = mbedtls_calloc(1, sizeof(hostname)); - if (session->hostname == NULL) { - return -1; - } - memcpy(session->hostname, hostname, sizeof(hostname)); -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - session->max_early_data_size = 0x87654321; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - session->record_size_limit = 2048; -#endif - - return 0; -} -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -int mbedtls_test_ssl_exchange_data( - mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2) -{ - unsigned char *msg_buf_1 = malloc(msg_len_1); - unsigned char *msg_buf_2 = malloc(msg_len_2); - unsigned char *in_buf_1 = malloc(msg_len_2); - unsigned char *in_buf_2 = malloc(msg_len_1); - int msg_type, ret = -1; - - /* Perform this test with two message types. At first use a message - * consisting of only 0x00 for the client and only 0xFF for the server. - * At the second time use message with generated data */ - for (msg_type = 0; msg_type < 2; msg_type++) { - int written_1 = 0; - int written_2 = 0; - int read_1 = 0; - int read_2 = 0; - int fragments_1 = 0; - int fragments_2 = 0; - - if (msg_type == 0) { - memset(msg_buf_1, 0x00, msg_len_1); - memset(msg_buf_2, 0xff, msg_len_2); - } else { - int i, j = 0; - for (i = 0; i < msg_len_1; i++) { - msg_buf_1[i] = j++ & 0xFF; - } - for (i = 0; i < msg_len_2; i++) { - msg_buf_2[i] = (j -= 5) & 0xFF; - } - } - - while (read_1 < msg_len_2 || read_2 < msg_len_1) { - /* ssl_1 sending */ - if (msg_len_1 > written_1) { - ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, - msg_len_1, &written_1, - expected_fragments_1); - if (expected_fragments_1 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_1 = 0; - } else { - TEST_EQUAL(ret, 0); - } - } - - /* ssl_2 sending */ - if (msg_len_2 > written_2) { - ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, - msg_len_2, &written_2, - expected_fragments_2); - if (expected_fragments_2 == 0) { - /* This error is expected when the message is too large and - * cannot be fragmented */ - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - msg_len_2 = 0; - } else { - TEST_EQUAL(ret, 0); - } - } - - /* ssl_1 reading */ - if (read_1 < msg_len_2) { - ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, - msg_len_2, &read_1, - &fragments_2, - expected_fragments_2); - TEST_EQUAL(ret, 0); - } - - /* ssl_2 reading */ - if (read_2 < msg_len_1) { - ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, - msg_len_1, &read_2, - &fragments_1, - expected_fragments_1); - TEST_EQUAL(ret, 0); - } - } - - ret = -1; - TEST_EQUAL(0, memcmp(msg_buf_1, in_buf_2, msg_len_1)); - TEST_EQUAL(0, memcmp(msg_buf_2, in_buf_1, msg_len_2)); - TEST_EQUAL(fragments_1, expected_fragments_1); - TEST_EQUAL(fragments_2, expected_fragments_2); - } - - ret = 0; - -exit: - free(msg_buf_1); - free(in_buf_1); - free(msg_buf_2); - free(in_buf_2); - - return ret; -} - -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints - * must be initialized and connected beforehand. - * - * \retval 0 on success, otherwise error code. - */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - (defined(MBEDTLS_SSL_RENEGOTIATION) || \ - defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)) -static int exchange_data(mbedtls_ssl_context *ssl_1, - mbedtls_ssl_context *ssl_2) -{ - return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1, - ssl_2, 256, 1); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - (MBEDTLS_SSL_RENEGOTIATION || - MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int check_ssl_version( - mbedtls_ssl_protocol_version expected_negotiated_version, - const mbedtls_ssl_context *client, - const mbedtls_ssl_context *server) -{ - /* First check that both sides have chosen the same version. - * If so, we can make more sanity checks just on one side. - * If not, something is deeply wrong. */ - TEST_EQUAL(client->tls_version, server->tls_version); - - /* Make further checks on the client to validate that the - * reported data about the version is correct. */ - const char *version_string = mbedtls_ssl_get_version(client); - mbedtls_ssl_protocol_version version_number = - mbedtls_ssl_get_version_number(client); - - TEST_EQUAL(client->tls_version, expected_negotiated_version); - - if (client->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_EQUAL(version_string[0], 'D'); - ++version_string; - } - - switch (expected_negotiated_version) { - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); - TEST_EQUAL(strcmp(version_string, "TLSv1.2"), 0); - break; - - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_EQUAL(strcmp(version_string, "TLSv1.3"), 0); - break; - - default: - TEST_FAIL( - "Version check not implemented for this protocol version"); - } - - return 1; - -exit: - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_ssl_do_handshake_with_endpoints( - mbedtls_test_ssl_endpoint *server_ep, - mbedtls_test_ssl_endpoint *client_ep, - mbedtls_test_handshake_test_options *options, - mbedtls_ssl_protocol_version proto) -{ - enum { BUFFSIZE = 1024 }; - - int ret = -1; - - mbedtls_platform_zeroize(server_ep, sizeof(mbedtls_test_ssl_endpoint)); - mbedtls_platform_zeroize(client_ep, sizeof(mbedtls_test_ssl_endpoint)); - - mbedtls_test_init_handshake_options(options); - options->server_min_version = proto; - options->client_min_version = proto; - options->server_max_version = proto; - options->client_max_version = proto; - - ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options); - if (ret != 0) { - return ret; - } - ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options); - if (ret != 0) { - return ret; - } - - ret = mbedtls_test_mock_socket_connect(&client_ep->socket, &server_ep->socket, BUFFSIZE); - if (ret != 0) { - return ret; - } - - ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, - &client_ep->ssl, - MBEDTLS_SSL_HANDSHAKE_OVER); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, - &server_ep->ssl, - MBEDTLS_SSL_HANDSHAKE_OVER); - if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - return ret; - } - if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || - !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { - return -1; - } - - return 0; -} -#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#if defined(MBEDTLS_SSL_RENEGOTIATION) -static int test_renegotiation(const mbedtls_test_handshake_test_options *options, - mbedtls_test_ssl_endpoint *client, - mbedtls_test_ssl_endpoint *server) -{ - int ok = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - (void) options; // only used in some configurations - - /* Start test with renegotiation */ - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - /* After calling this function for the server, it only sends a handshake - * request. All renegotiation should happen during data exchanging */ - TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - - /* After calling mbedtls_ssl_renegotiate for the client, - * all renegotiation should happen inside this function. - * However in this test, we cannot perform simultaneous communication - * between client and server so this function will return waiting error - * on the socket. All rest of renegotiation should happen - * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client->ssl)); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after renegotiation */ - if (options->resize_buffers != 0) { - TEST_EQUAL(client->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client->ssl)); - TEST_EQUAL(client->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client->ssl)); - TEST_EQUAL(server->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server->ssl)); - TEST_EQUAL(server->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server->ssl)); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - - ok = 1; - -exit: - return ok; -} -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) -static int test_serialization(const mbedtls_test_handshake_test_options *options, - mbedtls_test_ssl_endpoint *client, - mbedtls_test_ssl_endpoint *server) -{ - int ok = 0; - unsigned char *context_buf = NULL; - size_t context_buf_len; - - TEST_EQUAL(options->dtls, 1); - - TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL, - 0, &context_buf_len), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - context_buf = mbedtls_calloc(1, context_buf_len); - TEST_ASSERT(context_buf != NULL); - - TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf, - context_buf_len, - &context_buf_len), - 0); - - mbedtls_ssl_free(&(server->ssl)); - mbedtls_ssl_init(&(server->ssl)); - - TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0); - - mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - - mbedtls_ssl_set_user_data_p(&server->ssl, server); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf, - context_buf_len), 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after context deserialization */ - if (options->resize_buffers != 0) { - TEST_EQUAL(server->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server->ssl)); - TEST_EQUAL(server->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server->ssl)); - } -#endif - /* Retest writing/reading */ - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client->ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server->ssl), options->srv_msg_len, - options->expected_srv_fragments), - 0); - } - - ok = 1; - -exit: - mbedtls_free(context_buf); - return ok; -} -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -int mbedtls_test_ssl_perform_connection( - const mbedtls_test_handshake_test_options *options, - mbedtls_test_ssl_endpoint *client, - mbedtls_test_ssl_endpoint *server) -{ - enum { BUFFSIZE = 17000 }; - int expected_handshake_result = options->expected_handshake_result; - int ok = 0; - - TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client->socket), - &(server->socket), - BUFFSIZE), 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - - if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { - expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client->ssl), - &(server->ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), - expected_handshake_result); - - if (expected_handshake_result != 0) { - /* Connection will have failed by this point, skip to cleanup */ - ok = 1; - goto exit; - } - - TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client->ssl), 1); - - /* Make sure server state is moved to HANDSHAKE_OVER also. */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server->ssl), - &(client->ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), - 0); - - TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1); - - /* Check that both sides have negotiated the expected version. */ - TEST_ASSERT(check_ssl_version(options->expected_negotiated_version, - &client->ssl, - &server->ssl)); - - if (options->expected_ciphersuite != 0) { - TEST_EQUAL(server->ssl.session->ciphersuite, - options->expected_ciphersuite); - } - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* A server, when using DTLS, might delay a buffer resize to happen - * after it receives a message, so we force it. */ - TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - - TEST_EQUAL(client->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client->ssl)); - TEST_EQUAL(client->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client->ssl)); - TEST_EQUAL(server->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server->ssl)); - TEST_EQUAL(server->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server->ssl)); - } -#endif - - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - /* Start data exchanging test */ - TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client->ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server->ssl), options->srv_msg_len, - options->expected_srv_fragments), - 0); - } -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (options->serialize == 1) { - TEST_ASSERT(test_serialization(options, client, server)); - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - TEST_ASSERT(test_renegotiation(options, client, server)); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - - ok = 1; - -exit: - return ok; -} - -void mbedtls_test_ssl_perform_handshake( - const mbedtls_test_handshake_test_options *options) -{ - mbedtls_test_ssl_endpoint client_struct; - memset(&client_struct, 0, sizeof(client_struct)); - mbedtls_test_ssl_endpoint *const client = &client_struct; - mbedtls_test_ssl_endpoint server_struct; - memset(&server_struct, 0, sizeof(server_struct)); - mbedtls_test_ssl_endpoint *const server = &server_struct; - - MD_OR_USE_PSA_INIT(); - -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - } -#endif - - /* Client side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, - MBEDTLS_SSL_IS_CLIENT, - options), 0); - - /* Server side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, - MBEDTLS_SSL_IS_SERVER, - options), 0); - - if (options->dtls) { - TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); - } - - TEST_ASSERT(mbedtls_test_ssl_perform_connection(options, client, server)); - - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client->ssl) == client); - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server->conf) == server); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server->ssl) == server); - -exit: - mbedtls_test_ssl_endpoint_free(client); - mbedtls_test_ssl_endpoint_free(server); -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(0); - } -#endif - MD_OR_USE_PSA_DONE(); -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_test_tweak_tls13_certificate_msg_vector_len( - unsigned char *buf, unsigned char **end, int tweak, - int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) -{ -/* - * The definition of the tweaks assume that the certificate list contains only - * one certificate. - */ - -/* - * struct { - * opaque cert_data<1..2^24-1>; - * Extension extensions<0..2^16-1>; - * } CertificateEntry; - * - * struct { - * opaque certificate_request_context<0..2^8-1>; - * CertificateEntry certificate_list<0..2^24-1>; - * } Certificate; - */ - unsigned char *p_certificate_request_context_len = buf; - size_t certificate_request_context_len = buf[0]; - - unsigned char *p_certificate_list_len = - buf + 1 + certificate_request_context_len; - unsigned char *certificate_list = p_certificate_list_len + 3; - size_t certificate_list_len = - MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); - - unsigned char *p_cert_data_len = certificate_list; - unsigned char *cert_data = p_cert_data_len + 3; - size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); - - unsigned char *p_extensions_len = cert_data + cert_data_len; - unsigned char *extensions = p_extensions_len + 2; - size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); - - *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; - - switch (tweak) { - case 1: - /* Failure when checking if the certificate request context length - * and certificate list length can be read - */ - *end = buf + 3; - set_chk_buf_ptr_args(args, buf, *end, 4); - break; - - case 2: - /* Invalid certificate request context length. - */ - *p_certificate_request_context_len = - (unsigned char) certificate_request_context_len + 1; - reset_chk_buf_ptr_args(args); - break; - - case 3: - /* Failure when checking if certificate_list data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, certificate_list, *end, - certificate_list_len + 1); - break; - - case 4: - /* Failure when checking if the cert_data length can be read. */ - MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); - set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); - break; - - case 5: - /* Failure when checking if cert_data data can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, - p_cert_data_len, 0); - set_chk_buf_ptr_args(args, cert_data, - certificate_list + certificate_list_len, - certificate_list_len - 3 + 1); - break; - - case 6: - /* Failure when checking if the extensions length can be read. */ - MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, - p_certificate_list_len, 0); - set_chk_buf_ptr_args( - args, p_extensions_len, - certificate_list + certificate_list_len - extensions_len - 1, 2); - break; - - case 7: - /* Failure when checking if extensions data can be read. */ - MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); - - set_chk_buf_ptr_args( - args, extensions, - certificate_list + certificate_list_len, extensions_len + 1); - break; - - default: - return -1; - } - - return 0; -} -#endif /* MBEDTLS_TEST_HOOKS */ - -/* - * Functions for tests based on tickets. Implementations of the - * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. - * Basically same implementations as in ticket.c without the encryption. That - * way we can tweak easily tickets characteristics to simulate misbehaving - * peers. - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -int mbedtls_test_ticket_write( - void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *lifetime) -{ - int ret; - ((void) p_ticket); - - if ((ret = mbedtls_ssl_session_save(session, start, end - start, - tlen)) != 0) { - return ret; - } - - /* Maximum ticket lifetime as defined in RFC 8446 */ - *lifetime = 7 * 24 * 3600; - - return 0; -} - -int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len) -{ - ((void) p_ticket); - - return mbedtls_ssl_session_load(session, buf, len); -} -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -int mbedtls_test_get_tls13_ticket( - mbedtls_test_handshake_test_options *client_options, - mbedtls_test_handshake_test_options *server_options, - mbedtls_ssl_session *session) -{ - int ret = -1; - int ok = 0; - unsigned char buf[64]; - mbedtls_test_ssl_endpoint client_ep, server_ep; - - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - client_options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - server_options); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); - - do { - ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); - } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); - - ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); - TEST_EQUAL(ret, 0); - - ok = 1; - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - - if (ret == 0 && !ok) { - /* Exiting due to a test assertion that isn't ret == 0 */ - ret = -1; - } - return ret; -} -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh deleted file mode 100755 index 22377b8d04..0000000000 --- a/tests/ssl-opt.sh +++ /dev/null @@ -1,13976 +0,0 @@ -#!/bin/sh - -# ssl-opt.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Executes tests to prove various TLS/SSL options and extensions. -# -# The goal is not to cover every ciphersuite/version, but instead to cover -# specific options (max fragment length, truncated hmac, etc) or procedures -# (session resumption from cache or ticket, renego, etc). -# -# The tests assume a build with default options, with exceptions expressed -# with a dependency. The tests focus on functionality and do not consider -# performance. -# - -set -u - -# Limit the size of each log to 10 GiB, in case of failures with this script -# where it may output seemingly unlimited length error logs. -ulimit -f 20971520 - -ORIGINAL_PWD=$PWD -if ! cd "$(dirname "$0")"; then - exit 125 -fi - -DATA_FILES_PATH=../framework/data_files - -# default values, can be overridden by the environment -: ${P_SRV:=../programs/ssl/ssl_server2} -: ${P_CLI:=../programs/ssl/ssl_client2} -: ${P_PXY:=../programs/test/udp_proxy} -: ${P_QUERY:=../programs/test/query_compile_time_config} -: ${OPENSSL:=openssl} -: ${GNUTLS_CLI:=gnutls-cli} -: ${GNUTLS_SERV:=gnutls-serv} -: ${PERL:=perl} - -# The OPENSSL variable used to be OPENSSL_CMD for historical reasons. -# To help the migration, error out if the old variable is set, -# but only if it has a different value than the new one. -if [ "${OPENSSL_CMD+set}" = set ]; then - # the variable is set, we can now check its value - if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then - echo "Please use OPENSSL instead of OPENSSL_CMD." >&2 - exit 125 - fi -fi - -guess_config_name() { - if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then - echo "default" - else - echo "unknown" - fi -} -: ${MBEDTLS_TEST_OUTCOME_FILE=} -: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} -: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} -: ${EARLY_DATA_INPUT:="$DATA_FILES_PATH/tls13_early_data.txt"} - -O_SRV="$OPENSSL s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" -O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client" -G_SRV="$GNUTLS_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" -G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" - -# alternative versions of OpenSSL and GnuTLS (no default path) - -# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well. -if [ -z "${OPENSSL_NEXT:-}" ]; then - case $($OPENSSL version) in - OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;; - OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;; - esac -fi - -# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well. -if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then - case $($GNUTLS_CLI --version) in - gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; - gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; - gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; - esac -fi - -# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well. -if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then - case $($GNUTLS_SERV --version) in - gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; - gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; - gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; - esac -fi - -if [ -n "${OPENSSL_NEXT:-}" ]; then - O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" - O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" - O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " - O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" - O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" - O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" -else - O_NEXT_SRV=false - O_NEXT_SRV_NO_CERT=false - O_NEXT_SRV_EARLY_DATA=false - O_NEXT_CLI_NO_CERT=false - O_NEXT_CLI=false - O_NEXT_CLI_RENEGOTIATE=false -fi - -if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then - G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" - G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV" -else - G_NEXT_SRV=false - G_NEXT_SRV_NO_CERT=false -fi - -if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then - G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt" - G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI" -else - G_NEXT_CLI=false - G_NEXT_CLI_NO_CERT=false -fi - -TESTS=0 -FAILS=0 -SKIPS=0 - -CONFIG_H='../include/mbedtls/mbedtls_config.h' - -MEMCHECK=0 -FILTER='.*' -EXCLUDE='^$' - -SHOW_TEST_NUMBER=0 -LIST_TESTS=0 -RUN_TEST_NUMBER='' -RUN_TEST_SUITE='' - -MIN_TESTS=1 -PRESERVE_LOGS=0 - -# Pick a "unique" server port in the range 10000-19999, and a proxy -# port which is this plus 10000. Each port number may be independently -# overridden by a command line option. -SRV_PORT=$(($$ % 10000 + 10000)) -PXY_PORT=$((SRV_PORT + 10000)) - -print_usage() { - echo "Usage: $0 [options]" - printf " -h|--help\tPrint this help.\n" - printf " -m|--memcheck\tCheck memory leaks and errors.\n" - printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" - printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" - printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" - printf " -s|--show-numbers\tShow test numbers in front of test names\n" - printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" - printf " --list-test-cases\tList all potential test cases (No Execution)\n" - printf " --min \tMinimum number of non-skipped tests (default 1)\n" - printf " --outcome-file\tFile where test outcomes are written\n" - printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" - printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" - printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" - printf " --seed \tInteger seed value to use for this test run\n" - printf " --test-suite\tOnly matching test suites are executed\n" - printf " \t(comma-separated, e.g. 'ssl-opt,tls13-compat')\n\n" -} - -get_options() { - while [ $# -gt 0 ]; do - case "$1" in - -f|--filter) - shift; FILTER=$1 - ;; - -e|--exclude) - shift; EXCLUDE=$1 - ;; - -m|--memcheck) - MEMCHECK=1 - ;; - -n|--number) - shift; RUN_TEST_NUMBER=$1 - ;; - -s|--show-numbers) - SHOW_TEST_NUMBER=1 - ;; - -l|--list-test-cases) - LIST_TESTS=1 - ;; - -p|--preserve-logs) - PRESERVE_LOGS=1 - ;; - --min) - shift; MIN_TESTS=$1 - ;; - --outcome-file) - shift; MBEDTLS_TEST_OUTCOME_FILE=$1 - ;; - --port) - shift; SRV_PORT=$1 - ;; - --proxy-port) - shift; PXY_PORT=$1 - ;; - --seed) - shift; SEED="$1" - ;; - --test-suite) - shift; RUN_TEST_SUITE="$1" - ;; - -h|--help) - print_usage - exit 0 - ;; - *) - echo "Unknown argument: '$1'" - print_usage - exit 1 - ;; - esac - shift - done -} - -get_options "$@" - -# Read boolean configuration options from mbedtls_config.h for easy and quick -# testing. Skip non-boolean options (with something other than spaces -# and a comment after "#define SYMBOL"). The variable contains a -# space-separated list of symbols. The list should always be -# terminated by a single whitespace character, otherwise the last entry -# will not get matched by the parsing regex. -if [ "$LIST_TESTS" -eq 0 ];then - CONFIGS_ENABLED=" $(echo `$P_QUERY -l` ) " -else - P_QUERY=":" - CONFIGS_ENABLED="" -fi -# Skip next test; use this macro to skip tests which are legitimate -# in theory and expected to be re-introduced at some point, but -# aren't expected to succeed at the moment due to problems outside -# our control (such as bugs in other TLS implementations). -skip_next_test() { - SKIP_NEXT="YES" -} - -# Check if the required configuration ($1) is enabled -is_config_enabled() -{ - case $CONFIGS_ENABLED in - *" $1"[\ =]*) return 0;; - *) return 1;; - esac -} - -# skip next test if the flag is not enabled in mbedtls_config.h -requires_config_enabled() { - case $CONFIGS_ENABLED in - *" $1"[\ =]*) :;; - *) SKIP_NEXT="YES";; - esac -} - -# skip next test if the flag is enabled in mbedtls_config.h -requires_config_disabled() { - case $CONFIGS_ENABLED in - *" $1"[\ =]*) SKIP_NEXT="YES";; - esac -} - -requires_all_configs_enabled() { - for x in "$@"; do - if ! is_config_enabled "$x"; then - SKIP_NEXT="YES" - return - fi - done -} - -requires_all_configs_disabled() { - for x in "$@"; do - if is_config_enabled "$x"; then - SKIP_NEXT="YES" - return - fi - done -} - -requires_any_configs_enabled() { - for x in "$@"; do - if is_config_enabled "$x"; then - return - fi - done - SKIP_NEXT="YES" -} - -requires_any_configs_disabled() { - for x in "$@"; do - if ! is_config_enabled "$x"; then - return - fi - done - SKIP_NEXT="YES" -} - -TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - -TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - -requires_certificate_authentication () { - if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 - then - # TLS 1.3 is negotiated by default, so check whether it supports - # certificate-based authentication. - requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - else # Only TLS 1.2 is enabled. - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - fi -} - -get_config_value_or_default() { - # This function uses the query_config command line option to query the - # required Mbed TLS compile time configuration from the ssl_server2 - # program. The command will always return a success value if the - # configuration is defined and the value will be printed to stdout. - # - # Note that if the configuration is not defined or is defined to nothing, - # the output of this function will be an empty string. - if [ "$LIST_TESTS" -eq 0 ];then - ${P_SRV} "query_config=${1}" - else - echo "1" - fi - -} - -requires_config_value_at_least() { - VAL="$( get_config_value_or_default "$1" )" - if [ -z "$VAL" ]; then - # Should never happen - echo "Mbed TLS configuration $1 is not defined" - exit 1 - elif [ "$VAL" -lt "$2" ]; then - SKIP_NEXT="YES" - fi -} - -requires_config_value_at_most() { - VAL=$( get_config_value_or_default "$1" ) - if [ -z "$VAL" ]; then - # Should never happen - echo "Mbed TLS configuration $1 is not defined" - exit 1 - elif [ "$VAL" -gt "$2" ]; then - SKIP_NEXT="YES" - fi -} - -requires_config_value_equals() { - VAL=$( get_config_value_or_default "$1" ) - if [ -z "$VAL" ]; then - # Should never happen - echo "Mbed TLS configuration $1 is not defined" - exit 1 - elif [ "$VAL" -ne "$2" ]; then - SKIP_NEXT="YES" - fi -} - -# Require Mbed TLS to support the given protocol version. -# -# Inputs: -# * $1: protocol version in mbedtls syntax (argument to force_version=) -requires_protocol_version() { - # Support for DTLS is detected separately in detect_dtls(). - case "$1" in - tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; - tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;; - *) echo "Unknown required protocol version: $1"; exit 1;; - esac -} - -# Space-separated list of ciphersuites supported by this build of -# Mbed TLS. -P_CIPHERSUITES="" -if [ "$LIST_TESTS" -eq 0 ]; then - P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null | - grep 'TLS-\|TLS1-3' | - tr -s ' \n' ' ')" - - if [ -z "${P_CIPHERSUITES# }" ]; then - echo >&2 "$0: fatal error: no cipher suites found!" - exit 125 - fi -fi - -requires_ciphersuite_enabled() { - case $P_CIPHERSUITES in - *" $1 "*) :;; - *) SKIP_NEXT="YES";; - esac -} - -requires_cipher_enabled() { - KEY_TYPE=$1 - MODE=${2:-} - case "$KEY_TYPE" in - CHACHA20) - requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305 - requires_config_enabled PSA_WANT_KEY_TYPE_CHACHA20 - ;; - *) - requires_config_enabled PSA_WANT_ALG_${MODE} - requires_config_enabled PSA_WANT_KEY_TYPE_${KEY_TYPE} - ;; - esac -} - -# Automatically detect required features based on command line parameters. -# Parameters are: -# - $1 = command line (call to a TLS client or server program) -# - $2 = client/server -# - $3 = TLS version (TLS12 or TLS13) -# - $4 = run test options -detect_required_features() { - CMD_LINE=$1 - ROLE=$2 - TLS_VERSION=$3 - TEST_OPTIONS=${4:-} - - case "$CMD_LINE" in - *\ force_version=*) - tmp="${CMD_LINE##*\ force_version=}" - tmp="${tmp%%[!-0-9A-Z_a-z]*}" - requires_protocol_version "$tmp";; - esac - - case "$CMD_LINE" in - *\ force_ciphersuite=*) - tmp="${CMD_LINE##*\ force_ciphersuite=}" - tmp="${tmp%%[!-0-9A-Z_a-z]*}" - requires_ciphersuite_enabled "$tmp";; - esac - - case " $CMD_LINE " in - *[-_\ =]tickets=[^0]*) - requires_config_enabled MBEDTLS_SSL_TICKET_C;; - esac - case " $CMD_LINE " in - *[-_\ =]alpn=*) - requires_config_enabled MBEDTLS_SSL_ALPN;; - esac - - case " $CMD_LINE " in - *\ auth_mode=*|*[-_\ =]crt[_=]*) - # The test case involves certificates (crt), or a relevant - # aspect of it is the (certificate-based) authentication mode. - requires_certificate_authentication;; - esac - - case " $CMD_LINE " in - *\ ca_callback=1\ *) - requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;; - esac - - case " $CMD_LINE " in - *"programs/ssl/dtls_client "*|\ - *"programs/ssl/ssl_client1 "*) - requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_PSA_CRYPTO_C - requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - requires_config_enabled MBEDTLS_PEM_PARSE_C - requires_config_enabled MBEDTLS_SSL_CLI_C - requires_certificate_authentication - ;; - *"programs/ssl/dtls_server "*|\ - *"programs/ssl/ssl_fork_server "*|\ - *"programs/ssl/ssl_pthread_server "*|\ - *"programs/ssl/ssl_server "*) - requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_PSA_CRYPTO_C - requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - requires_config_enabled MBEDTLS_PEM_PARSE_C - requires_config_enabled MBEDTLS_SSL_SRV_C - requires_certificate_authentication - # The actual minimum depends on the configuration since it's - # mostly about the certificate size. - # In config-suite-b.h, for the test certificates (server5.crt), - # 1024 is not enough. - requires_config_value_at_least MBEDTLS_SSL_OUT_CONTENT_LEN 2000 - ;; - esac - - case " $CMD_LINE " in - *"programs/ssl/ssl_pthread_server "*) - requires_config_enabled MBEDTLS_THREADING_PTHREAD;; - esac - - case "$CMD_LINE" in - *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK - */server5*|\ - */server7*|\ - */dir-maxpath*) - requires_certificate_authentication - if [ "$TLS_VERSION" = "TLS13" ]; then - # In case of TLS13 the support for ECDSA is enough - requires_pk_alg "ECDSA" - else - # For TLS12 requirements are different between server and client - if [ "$ROLE" = "server" ]; then - requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - elif [ "$ROLE" = "client" ]; then - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH - requires_pk_alg "ECDSA" - fi - fi - ;; - esac - - case "$CMD_LINE" in - *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK - */server1*|\ - */server2*|\ - */server7*) - requires_certificate_authentication - # Certificates with an RSA key. The algorithm requirement is - # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature, - # PSS signature}. We can't easily tell which subset works, and - # we aren't currently running ssl-opt.sh in configurations - # where partial RSA support is a problem, so generically, we - # just require RSA and it works out for our tests so far. - requires_config_enabled "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - esac - - unset tmp -} - -adapt_cmd_for_psk () { - case "$2" in - *openssl*s_server*) s='-psk 73776f726466697368 -nocert';; - *openssl*) s='-psk 73776f726466697368';; - *gnutls-cli*) s='--pskusername=Client_identity --pskkey=73776f726466697368';; - *gnutls-serv*) s='--pskpasswd=../framework/data_files/simplepass.psk';; - *) s='psk=73776f726466697368';; - esac - eval $1='"$2 $s"' - unset s -} - -# maybe_adapt_for_psk [RUN_TEST_OPTION...] -# If running in a PSK-only build, maybe adapt the test to use a pre-shared key. -# -# If not running in a PSK-only build, do nothing. -# If the test looks like it doesn't use a pre-shared key but can run with a -# pre-shared key, pass a pre-shared key. If the test looks like it can't run -# with a pre-shared key, skip it. If the test looks like it's already using -# a pre-shared key, do nothing. -# -# This code does not consider builds with ECDHE-PSK. -# -# Inputs: -# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. -# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges). -# * "$@": options passed to run_test. -# -# Outputs: -# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments. -# * $SKIP_NEXT: set to YES if the test can't run with PSK. -maybe_adapt_for_psk() { - if [ "$PSK_ONLY" != "YES" ]; then - return - fi - if [ "$SKIP_NEXT" = "YES" ]; then - return - fi - case "$CLI_CMD $SRV_CMD" in - *[-_\ =]psk*|*[-_\ =]PSK*) - return;; - *force_ciphersuite*) - # The test case forces a non-PSK cipher suite. In some cases, a - # PSK cipher suite could be substituted, but we're not ready for - # that yet. - SKIP_NEXT="YES" - return;; - *\ auth_mode=*|*[-_\ =]crt[_=]*) - # The test case involves certificates. PSK won't do. - SKIP_NEXT="YES" - return;; - esac - adapt_cmd_for_psk CLI_CMD "$CLI_CMD" - adapt_cmd_for_psk SRV_CMD "$SRV_CMD" -} - -# PSK_PRESENT="YES" if at least one protocol versions supports at least -# one PSK key exchange mode. -PSK_PRESENT="NO" -# PSK_ONLY="YES" if all the available key exchange modes are PSK-based -# (pure-PSK or PSK-ephemeral, possibly both). -PSK_ONLY="" -for c in $CONFIGS_ENABLED; do - case $c in - MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_KEY_EXCHANGE_*_PSK_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";; - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";; - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";; - esac -done -# At this stage, $PSK_ONLY is empty if we haven't detected a non-PSK -# key exchange, i.e. if we're in a PSK-only build or a build with no -# key exchanges at all. We avoid triggering PSK-only adaptation code in -# the edge case of no key exchanges. -: ${PSK_ONLY:=$PSK_PRESENT} -unset c - -HAS_ALG_MD5="NO" -HAS_ALG_SHA_1="NO" -HAS_ALG_SHA_224="NO" -HAS_ALG_SHA_256="NO" -HAS_ALG_SHA_384="NO" -HAS_ALG_SHA_512="NO" - -check_for_hash_alg() -{ - CURR_ALG="INVALID"; - CURR_ALG=PSA_WANT_ALG_${1} - - case $CONFIGS_ENABLED in - *" $CURR_ALG"[\ =]*) - return 0 - ;; - *) :;; - esac - return 1 -} - -populate_enabled_hash_algs() -{ - for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512 MD5; do - if check_for_hash_alg "$hash_alg"; then - hash_alg_variable=HAS_ALG_${hash_alg} - eval ${hash_alg_variable}=YES - fi - done -} - -# skip next test if the given hash alg is not supported -requires_hash_alg() { - HASH_DEFINE="Invalid" - HAS_HASH_ALG="NO" - case $1 in - MD5):;; - SHA_1):;; - SHA_224):;; - SHA_256):;; - SHA_384):;; - SHA_512):;; - *) - echo "Unsupported hash alg - $1" - exit 1 - ;; - esac - - HASH_DEFINE=HAS_ALG_${1} - eval "HAS_HASH_ALG=\${${HASH_DEFINE}}" - if [ "$HAS_HASH_ALG" = "NO" ] - then - SKIP_NEXT="YES" - fi -} - -# Skip next test if the given pk alg is not enabled -requires_pk_alg() { - case $1 in - ECDSA) - requires_config_enabled PSA_WANT_ALG_ECDSA - ;; - *) - echo "Unknown/unimplemented case $1 in requires_pk_alg" - exit 1 - ;; - esac -} - -# skip next test if OpenSSL doesn't support FALLBACK_SCSV -requires_openssl_with_fallback_scsv() { - if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then - if $OPENSSL s_client -help 2>&1 | grep fallback_scsv >/dev/null - then - OPENSSL_HAS_FBSCSV="YES" - else - OPENSSL_HAS_FBSCSV="NO" - fi - fi - if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value -requires_max_content_len() { - requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1 - requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1 -} - -# skip next test if GnuTLS isn't available -requires_gnutls() { - if [ -z "${GNUTLS_AVAILABLE:-}" ]; then - if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then - GNUTLS_AVAILABLE="YES" - else - GNUTLS_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if GnuTLS-next isn't available -requires_gnutls_next() { - if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then - if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then - GNUTLS_NEXT_AVAILABLE="YES" - else - GNUTLS_NEXT_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -requires_openssl_next() { - if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then - if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then - OPENSSL_NEXT_AVAILABLE="YES" - else - OPENSSL_NEXT_AVAILABLE="NO" - fi - fi - if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if openssl version is lower than 3.0 -requires_openssl_3_x() { - requires_openssl_next - if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then - OPENSSL_3_X_AVAILABLE="NO" - fi - if [ -z "${OPENSSL_3_X_AVAILABLE:-}" ]; then - if $OPENSSL_NEXT version 2>&1 | grep "OpenSSL 3." >/dev/null - then - OPENSSL_3_X_AVAILABLE="YES" - else - OPENSSL_3_X_AVAILABLE="NO" - fi - fi - if [ "$OPENSSL_3_X_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if openssl does not support ffdh keys -requires_openssl_tls1_3_with_ffdh() { - requires_openssl_3_x -} - -# skip next test if openssl cannot handle ephemeral key exchange -requires_openssl_tls1_3_with_compatible_ephemeral() { - requires_openssl_next - - if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then - requires_openssl_tls1_3_with_ffdh - fi -} - -# skip next test if tls1_3 is not available -requires_openssl_tls1_3() { - requires_openssl_next - if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then - OPENSSL_TLS1_3_AVAILABLE="NO" - fi - if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then - if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null - then - OPENSSL_TLS1_3_AVAILABLE="YES" - else - OPENSSL_TLS1_3_AVAILABLE="NO" - fi - fi - if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# OpenSSL servers forbid client renegotiation by default since OpenSSL 3.0. -# Older versions always allow it and have no command-line option. -OPENSSL_S_SERVER_CLIENT_RENEGOTIATION= -case $($OPENSSL s_server -help 2>&1) in - *-client_renegotiation*) - OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=-client_renegotiation;; -esac - -# skip next test if tls1_3 is not available -requires_gnutls_tls1_3() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_TLS1_3_AVAILABLE="NO" - fi - if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then - if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null - then - GNUTLS_TLS1_3_AVAILABLE="YES" - else - GNUTLS_TLS1_3_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# Check %NO_TICKETS option -requires_gnutls_next_no_ticket() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_NO_TICKETS_AVAILABLE="NO" - fi - if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then - if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null - then - GNUTLS_NO_TICKETS_AVAILABLE="YES" - else - GNUTLS_NO_TICKETS_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# Check %DISABLE_TLS13_COMPAT_MODE option -requires_gnutls_next_disable_tls13_compat() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" - fi - if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then - if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null - then - GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES" - else - GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" - fi - fi - if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if GnuTLS does not support the record size limit extension -requires_gnutls_record_size_limit() { - requires_gnutls_next - if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then - GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="NO" - else - GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="YES" - fi - if [ "$GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if IPv6 isn't available on this host -requires_ipv6() { - if [ -z "${HAS_IPV6:-}" ]; then - $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & - SRV_PID=$! - sleep 1 - kill $SRV_PID >/dev/null 2>&1 - if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then - HAS_IPV6="NO" - else - HAS_IPV6="YES" - fi - rm -r $SRV_OUT - fi - - if [ "$HAS_IPV6" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - -# skip next test if it's i686 or uname is not available -requires_not_i686() { - if [ -z "${IS_I686:-}" ]; then - IS_I686="YES" - if which "uname" >/dev/null 2>&1; then - if [ -z "$(uname -a | grep i686)" ]; then - IS_I686="NO" - fi - fi - fi - if [ "$IS_I686" = "YES" ]; then - SKIP_NEXT="YES" - fi -} - -MAX_CONTENT_LEN=16384 -MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) -MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) -if [ "$LIST_TESTS" -eq 0 ];then - # Calculate the input & output maximum content lengths set in the config - - # Calculate the maximum content length that fits both - if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then - MAX_CONTENT_LEN="$MAX_IN_LEN" - fi - if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then - MAX_CONTENT_LEN="$MAX_OUT_LEN" - fi -fi -# skip the next test if the SSL output buffer is less than 16KB -requires_full_size_output_buffer() { - if [ "$MAX_OUT_LEN" -ne 16384 ]; then - SKIP_NEXT="YES" - fi -} - -# Skip the next test if called by all.sh in a component with MSan -# (which we also call MemSan) or Valgrind. -not_with_msan_or_valgrind() { - case "_${MBEDTLS_TEST_CONFIGURATION:-}_" in - *_msan_*|*_memsan_*|*_valgrind_*) SKIP_NEXT="YES";; - esac -} - -# skip the next test if valgrind is in use -not_with_valgrind() { - if [ "$MEMCHECK" -gt 0 ]; then - SKIP_NEXT="YES" - fi -} - -# skip the next test if valgrind is NOT in use -only_with_valgrind() { - if [ "$MEMCHECK" -eq 0 ]; then - SKIP_NEXT="YES" - fi -} - -# multiply the client timeout delay by the given factor for the next test -client_needs_more_time() { - CLI_DELAY_FACTOR=$1 -} - -# wait for the given seconds after the client finished in the next test -server_needs_more_time() { - SRV_DELAY_SECONDS=$1 -} - -# print_name -print_name() { - TESTS=$(( $TESTS + 1 )) - LINE="" - - if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then - LINE="$TESTS " - fi - - LINE="$LINE$1" - - printf "%s " "$LINE" - LEN=$(( 72 - `echo "$LINE" | wc -c` )) - for i in `seq 1 $LEN`; do printf '.'; done - printf ' ' - -} - -# record_outcome [] -# The test name must be in $NAME. -# Use $TEST_SUITE_NAME as the test suite name if set. -record_outcome() { - echo "$1" - if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then - printf '%s;%s;%s;%s;%s;%s\n' \ - "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ - "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \ - "$1" "${2-}" \ - >>"$MBEDTLS_TEST_OUTCOME_FILE" - fi -} -unset TEST_SUITE_NAME - -# True if the presence of the given pattern in a log definitely indicates -# that the test has failed. False if the presence is inconclusive. -# -# Inputs: -# * $1: pattern found in the logs -# * $TIMES_LEFT: >0 if retrying is an option -# -# Outputs: -# * $outcome: set to a retry reason if the pattern is inconclusive, -# unchanged otherwise. -# * Return value: 1 if the pattern is inconclusive, -# 0 if the failure is definitive. -log_pattern_presence_is_conclusive() { - # If we've run out of attempts, then don't retry no matter what. - if [ $TIMES_LEFT -eq 0 ]; then - return 0 - fi - case $1 in - "resend") - # An undesired resend may have been caused by the OS dropping or - # delaying a packet at an inopportune time. - outcome="RETRY(resend)" - return 1;; - esac -} - -# fail -fail() { - record_outcome "FAIL" "$1" - echo " ! $1" - - mv $SRV_OUT o-srv-${TESTS}.log - mv $CLI_OUT o-cli-${TESTS}.log - if [ -n "$PXY_CMD" ]; then - mv $PXY_OUT o-pxy-${TESTS}.log - fi - echo " ! outputs saved to o-XXX-${TESTS}.log" - - if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then - echo " ! server output:" - cat o-srv-${TESTS}.log - echo " ! ========================================================" - echo " ! client output:" - cat o-cli-${TESTS}.log - if [ -n "$PXY_CMD" ]; then - echo " ! ========================================================" - echo " ! proxy output:" - cat o-pxy-${TESTS}.log - fi - echo "" - fi - - FAILS=$(( $FAILS + 1 )) -} - -# is_polar -is_polar() { - case "$1" in - *ssl_client2*) true;; - *ssl_server2*) true;; - *) false;; - esac -} - -# openssl s_server doesn't have -www with DTLS -check_osrv_dtls() { - case "$SRV_CMD" in - *s_server*-dtls*) - NEEDS_INPUT=1 - SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";; - *) NEEDS_INPUT=0;; - esac -} - -# provide input to commands that need it -provide_input() { - if [ $NEEDS_INPUT -eq 0 ]; then - return - fi - - while true; do - echo "HTTP/1.0 200 OK" - sleep 1 - done -} - -# has_mem_err -has_mem_err() { - if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && - grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null - then - return 1 # false: does not have errors - else - return 0 # true: has errors - fi -} - -# Wait for process $2 named $3 to be listening on port $1. Print error to $4. -if type lsof >/dev/null 2>/dev/null; then - wait_app_start() { - newline=' -' - START_TIME=$(date +%s) - if [ "$DTLS" -eq 1 ]; then - proto=UDP - else - proto=TCP - fi - # Make a tight loop, server normally takes less than 1s to start. - while true; do - SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t) - # When we use a proxy, it will be listening on the same port we - # are checking for as well as the server and lsof will list both. - case ${newline}${SERVER_PIDS}${newline} in - *${newline}${2}${newline}*) break;; - esac - if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "$3 START TIMEOUT" - echo "$3 START TIMEOUT" >> $4 - break - fi - # Linux and *BSD support decimal arguments to sleep. On other - # OSes this may be a tight loop. - sleep 0.1 2>/dev/null || true - done - } -else - echo "Warning: lsof not available, wait_app_start = sleep" - wait_app_start() { - sleep "$START_DELAY" - } -fi - -# Wait for server process $2 to be listening on port $1. -wait_server_start() { - wait_app_start $1 $2 "SERVER" $SRV_OUT -} - -# Wait for proxy process $2 to be listening on port $1. -wait_proxy_start() { - wait_app_start $1 $2 "PROXY" $PXY_OUT -} - -# Given the client or server debug output, parse the unix timestamp that is -# included in the first 4 bytes of the random bytes and check that it's within -# acceptable bounds -check_server_hello_time() { - # Extract the time from the debug (lvl 3) output of the client - SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" - # Get the Unix timestamp for now - CUR_TIME=$(date +'%s') - THRESHOLD_IN_SECS=300 - - # Check if the ServerHello time was printed - if [ -z "$SERVER_HELLO_TIME" ]; then - return 1 - fi - - # Check the time in ServerHello is within acceptable bounds - if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minutes before now - return 1 - elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minutes later than now - return 1 - else - return 0 - fi -} - -# Extract the exported key from the output. -get_exported_key() { - OUTPUT="$1" - EXPORTED_KEY1=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT) -} - -# Check that the exported key from the output matches the one obtained in get_exported_key(). -check_exported_key() { - OUTPUT="$1" - EXPORTED_KEY2=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT) - test "$EXPORTED_KEY1" = "$EXPORTED_KEY2" -} - -# Check that the exported key from the output matches the one obtained in get_exported_key(). -check_exported_key_openssl() { - OUTPUT="$1" - EXPORTED_KEY2=0x$(sed -n '/Keying material: /s/.*: //p' $OUTPUT) - test "$EXPORTED_KEY1" = "$EXPORTED_KEY2" -} - -# Get handshake memory usage from server or client output and put it into the variable specified by the first argument -handshake_memory_get() { - OUTPUT_VARIABLE="$1" - OUTPUT_FILE="$2" - - # Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112" - MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1) - - # Check if memory usage was read - if [ -z "$MEM_USAGE" ]; then - echo "Error: Can not read the value of handshake memory usage" - return 1 - else - eval "$OUTPUT_VARIABLE=$MEM_USAGE" - return 0 - fi -} - -# Get handshake memory usage from server or client output and check if this value -# is not higher than the maximum given by the first argument -handshake_memory_check() { - MAX_MEMORY="$1" - OUTPUT_FILE="$2" - - # Get memory usage - if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then - return 1 - fi - - # Check if memory usage is below max value - if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then - echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \ - "but should be below $MAX_MEMORY bytes" - return 1 - else - return 0 - fi -} - -# wait for client to terminate and set CLI_EXIT -# must be called right after starting the client -wait_client_done() { - CLI_PID=$! - - CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) - CLI_DELAY_FACTOR=1 - - ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & - DOG_PID=$! - - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to CLI_OUT - wait $CLI_PID >> $CLI_OUT 2>&1 - CLI_EXIT=$? - - kill $DOG_PID >/dev/null 2>&1 - wait $DOG_PID >> $CLI_OUT 2>&1 - - echo "EXIT: $CLI_EXIT" >> $CLI_OUT - - sleep $SRV_DELAY_SECONDS - SRV_DELAY_SECONDS=0 -} - -# check if the given command uses dtls and sets global variable DTLS -detect_dtls() { - case "$1" in - *dtls=1*|*-dtls*|*-u*|*/dtls_*) DTLS=1;; - *) DTLS=0;; - esac -} - -# check if the given command uses gnutls and sets global variable CMD_IS_GNUTLS -is_gnutls() { - case "$1" in - *gnutls-cli*) - CMD_IS_GNUTLS=1 - ;; - *gnutls-serv*) - CMD_IS_GNUTLS=1 - ;; - *) - CMD_IS_GNUTLS=0 - ;; - esac -} - -# Generate random psk_list argument for ssl_server2 -get_srv_psk_list () -{ - case $(( TESTS % 3 )) in - 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; - 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; - 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; - esac -} - -# Determine what calc_verify trace is to be expected, if any. -# -# calc_verify is only called for two things: to calculate the -# extended master secret, and to process client authentication. -# -# Warning: the current implementation assumes that extended_ms is not -# disabled on the client or on the server. -# -# Inputs: -# * $1: the value of the server auth_mode parameter. -# 'required' if client authentication is expected, -# 'none' or absent if not. -# * $CONFIGS_ENABLED -# -# Outputs: -# * $maybe_calc_verify: set to a trace expected in the debug logs -set_maybe_calc_verify() { - maybe_calc_verify= - case $CONFIGS_ENABLED in - *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;; - *) - case ${1-} in - ''|none) return;; - required) :;; - *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;; - esac - esac - maybe_calc_verify="PSA calc verify" -} - -# Compare file content -# Usage: find_in_both pattern file1 file2 -# extract from file1 the first line matching the pattern -# check in file2 that the same line can be found -find_in_both() { - srv_pattern=$(grep -m 1 "$1" "$2"); - if [ -z "$srv_pattern" ]; then - return 1; - fi - - if grep "$srv_pattern" $3 >/dev/null; then : - return 0; - else - return 1; - fi -} - -SKIP_HANDSHAKE_CHECK="NO" -skip_handshake_stage_check() { - SKIP_HANDSHAKE_CHECK="YES" -} - -# Analyze the commands that will be used in a test. -# -# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass -# extra arguments or go through wrappers. -# -# Inputs: -# * $@: supplemental options to run_test() (after the mandatory arguments). -# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands. -# * $DTLS: 1 if DTLS, otherwise 0. -# -# Outputs: -# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked. -analyze_test_commands() { - # If the test uses DTLS, does not force a specific port, and does not - # specify a custom proxy, add a simple proxy. - # It provides timing info that's useful to debug failures. - if [ "$DTLS" -eq 1 ] && - [ "$THIS_SRV_PORT" = "$SRV_PORT" ] && - [ -z "$PXY_CMD" ] - then - PXY_CMD="$P_PXY" - case " $SRV_CMD " in - *' server_addr=::1 '*) - PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; - esac - fi - - # update CMD_IS_GNUTLS variable - is_gnutls "$SRV_CMD" - - # if the server uses gnutls but doesn't set priority, explicitly - # set the default priority - if [ "$CMD_IS_GNUTLS" -eq 1 ]; then - case "$SRV_CMD" in - *--priority*) :;; - *) SRV_CMD="$SRV_CMD --priority=NORMAL";; - esac - fi - - # update CMD_IS_GNUTLS variable - is_gnutls "$CLI_CMD" - - # if the client uses gnutls but doesn't set priority, explicitly - # set the default priority - if [ "$CMD_IS_GNUTLS" -eq 1 ]; then - case "$CLI_CMD" in - *--priority*) :;; - *) CLI_CMD="$CLI_CMD --priority=NORMAL";; - esac - fi - - # fix client port - if [ -n "$PXY_CMD" ]; then - CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) - else - CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$THIS_SRV_PORT/g ) - fi - - # If the test forces a specific port and the server is OpenSSL or - # GnuTLS, override its port specification. - if [ "$THIS_SRV_PORT" != "$SRV_PORT" ]; then - case "$SRV_CMD" in - "$G_SRV"*|"$G_NEXT_SRV"*) - SRV_CMD=$( - printf %s "$SRV_CMD " | - sed -e "s/ -p $SRV_PORT / -p $THIS_SRV_PORT /" - );; - "$O_SRV"*|"$O_NEXT_SRV"*) SRV_CMD="$SRV_CMD -accept $THIS_SRV_PORT";; - esac - fi - - # prepend valgrind to our commands if active - if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$SRV_CMD"; then - SRV_CMD="valgrind --leak-check=full $SRV_CMD" - fi - if is_polar "$CLI_CMD"; then - CLI_CMD="valgrind --leak-check=full $CLI_CMD" - fi - fi -} - -# Check for failure conditions after a test case. -# -# Inputs from run_test: -# * positional parameters: test options (see run_test documentation) -# * $CLI_EXIT: client return code -# * $CLI_EXPECT: expected client return code -# * $SRV_RET: server return code -# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs -# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed -# -# Outputs: -# * $outcome: one of PASS/RETRY*/FAIL -check_test_failure() { - outcome=FAIL - - if [ $TIMES_LEFT -gt 0 ] && - grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null - then - outcome="RETRY(client-timeout)" - return - fi - - # check if the client and server went at least to the handshake stage - # (useful to avoid tests with only negative assertions and non-zero - # expected client exit to incorrectly succeed in case of catastrophic - # failure) - if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ] - then - if is_polar "$SRV_CMD"; then - if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; - else - fail "server or client failed to reach handshake stage" - return - fi - fi - if is_polar "$CLI_CMD"; then - if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; - else - fail "server or client failed to reach handshake stage" - return - fi - fi - fi - - SKIP_HANDSHAKE_CHECK="NO" - # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't - # exit with status 0 when interrupted by a signal, and we don't really - # care anyway), in case e.g. the server reports a memory leak. - if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then - fail "Server exited with status $SRV_RET" - return - fi - - # check client exit code - if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ - \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] - then - fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" - return - fi - - # check other assertions - # lines beginning with == are added by valgrind, ignore them - # lines with 'Serious error when reading debug info', are valgrind issues as well - while [ $# -gt 0 ] - do - case $1 in - "-s") - if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the Server output" - return - fi - ;; - - "-c") - if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else - fail "pattern '$2' MUST be present in the Client output" - return - fi - ;; - - "-S") - if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - if log_pattern_presence_is_conclusive "$2"; then - fail "pattern '$2' MUST NOT be present in the Server output" - fi - return - fi - ;; - - "-C") - if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then - if log_pattern_presence_is_conclusive "$2"; then - fail "pattern '$2' MUST NOT be present in the Client output" - fi - return - fi - ;; - - # The filtering in the following two options (-u and -U) do the following - # - ignore valgrind output - # - filter out everything but lines right after the pattern occurrences - # - keep one of each non-unique line - # - count how many lines remain - # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 - # if there were no duplicates. - "-U") - if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then - fail "lines following pattern '$2' must be unique in Server output" - return - fi - ;; - - "-u") - if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then - fail "lines following pattern '$2' must be unique in Client output" - return - fi - ;; - "-F") - if ! $2 "$SRV_OUT"; then - fail "function call to '$2' failed on Server output" - return - fi - ;; - "-f") - if ! $2 "$CLI_OUT"; then - fail "function call to '$2' failed on Client output" - return - fi - ;; - "-g") - if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then - fail "function call to '$2' failed on Server and Client output" - return - fi - ;; - - *) - echo "Unknown test: $1" >&2 - exit 1 - esac - shift 2 - done - - # check valgrind's results - if [ "$MEMCHECK" -gt 0 ]; then - if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then - fail "Server has memory errors" - return - fi - if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then - fail "Client has memory errors" - return - fi - fi - - # if we're here, everything is ok - outcome=PASS -} - -# Run the current test case: start the server and if applicable the proxy, run -# the client, wait for all processes to finish or time out. -# -# Inputs: -# * $NAME: test case name -# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run -# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs -# -# Outputs: -# * $CLI_EXIT: client return code -# * $SRV_RET: server return code -do_run_test_once() { - # run the commands - if [ -n "$PXY_CMD" ]; then - printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT - $PXY_CMD >> $PXY_OUT 2>&1 & - PXY_PID=$! - wait_proxy_start "$PXY_PORT" "$PXY_PID" - fi - - check_osrv_dtls - printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT - provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & - SRV_PID=$! - wait_server_start "$THIS_SRV_PORT" "$SRV_PID" - - printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT - # The client must be a subprocess of the script in order for killing it to - # work properly, that's why the ampersand is placed inside the eval command, - # not at the end of the line: the latter approach will spawn eval as a - # subprocess, and the $CLI_CMD as a grandchild. - eval "$CLI_CMD &" >> $CLI_OUT 2>&1 - wait_client_done - - sleep 0.05 - - # terminate the server (and the proxy) - kill $SRV_PID - # For Ubuntu 22.04, `Terminated` message is outputed by wait command. - # To remove it from stdout, redirect stdout/stderr to SRV_OUT - wait $SRV_PID >> $SRV_OUT 2>&1 - SRV_RET=$? - - if [ -n "$PXY_CMD" ]; then - kill $PXY_PID >/dev/null 2>&1 - wait $PXY_PID >> $PXY_OUT 2>&1 - fi -} - -# Detect if the current test is going to use TLS 1.3 or TLS 1.2. -# $1 and $2 contain the server and client command lines, respectively. -# -# Note: this function only provides some guess about TLS version by simply -# looking at the server/client command lines. Even though this works -# for the sake of tests' filtering (especially in conjunction with the -# detect_required_features() function), it does NOT guarantee that the -# result is accurate. It does not check other conditions, such as: -# - we can force a ciphersuite which contains "WITH" in its name, meaning -# that we are going to use TLS 1.2 -# - etc etc -get_tls_version() { - # First check if the version is forced on an Mbed TLS peer - case $1 in - *tls12*) - echo "TLS12" - return;; - *tls13*) - echo "TLS13" - return;; - esac - case $2 in - *tls12*) - echo "TLS12" - return;; - *tls13*) - echo "TLS13" - return;; - esac - # Second check if the version is forced on an OpenSSL or GnuTLS peer - case $1 in - tls1_2*) - echo "TLS12" - return;; - *tls1_3) - echo "TLS13" - return;; - esac - case $2 in - *tls1_2) - echo "TLS12" - return;; - *tls1_3) - echo "TLS13" - return;; - esac - # Third if the version is not forced, if TLS 1.3 is enabled then the test - # is aimed to run a TLS 1.3 handshake. - if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 - then - echo "TLS13" - else - echo "TLS12" - fi -} - -# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] -# Options: -s pattern pattern that must be present in server output -# -c pattern pattern that must be present in client output -# -u pattern lines after pattern must be unique in client output -# -f call shell function on client output -# -S pattern pattern that must be absent in server output -# -C pattern pattern that must be absent in client output -# -U pattern lines after pattern must be unique in server output -# -F call shell function on server output -# -g call shell function on server and client output -run_test() { - NAME="$1" - shift 1 - - if is_excluded "$NAME"; then - SKIP_NEXT="NO" - # There was no request to run the test, so don't record its outcome. - return - fi - - if [ "$LIST_TESTS" -gt 0 ]; then - printf "%s\n" "${TEST_SUITE_NAME:-ssl-opt};$NAME" - return - fi - - # Use ssl-opt as default test suite name. Also see record_outcome function - if is_excluded_test_suite "${TEST_SUITE_NAME:-ssl-opt}"; then - # Do not skip next test and skip current test. - SKIP_NEXT="NO" - return - fi - - print_name "$NAME" - - # Do we only run numbered tests? - if [ -n "$RUN_TEST_NUMBER" ]; then - case ",$RUN_TEST_NUMBER," in - *",$TESTS,"*) :;; - *) SKIP_NEXT="YES";; - esac - fi - - # Does this test specify a proxy? - if [ "X$1" = "X-p" ]; then - PXY_CMD="$2" - shift 2 - else - PXY_CMD="" - fi - - # Does this test force a specific port? - if [ "$1" = "-P" ]; then - THIS_SRV_PORT="$2" - shift 2 - else - THIS_SRV_PORT="$SRV_PORT" - fi - - # get commands and client output - SRV_CMD="$1" - CLI_CMD="$2" - CLI_EXPECT="$3" - shift 3 - - # Check if test uses files - case "$SRV_CMD $CLI_CMD" in - *$DATA_FILES_PATH/*) - requires_config_enabled MBEDTLS_FS_IO;; - esac - - # Check if the test uses DTLS. - detect_dtls "$SRV_CMD" - if [ "$DTLS" -eq 1 ]; then - requires_config_enabled MBEDTLS_SSL_PROTO_DTLS - fi - - - # Guess the TLS version which is going to be used. - # Note that this detection is wrong in some cases, which causes unduly - # skipped test cases in builds with TLS 1.3 but not TLS 1.2. - # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") - - # If we're in a PSK-only build and the test can be adapted to PSK, do that. - maybe_adapt_for_psk "$@" - - # If the client or server requires certain features that can be detected - # from their command-line arguments, check whether they're enabled. - detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@" - detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@" - - # should we skip? - if [ "X$SKIP_NEXT" = "XYES" ]; then - SKIP_NEXT="NO" - record_outcome "SKIP" - SKIPS=$(( $SKIPS + 1 )) - return - fi - - analyze_test_commands "$@" - - # One regular run and two retries - TIMES_LEFT=3 - while [ $TIMES_LEFT -gt 0 ]; do - TIMES_LEFT=$(( $TIMES_LEFT - 1 )) - - do_run_test_once - - check_test_failure "$@" - case $outcome in - PASS) break;; - RETRY*) printf "$outcome ";; - FAIL) return;; - esac - done - - # If we get this far, the test case passed. - record_outcome "PASS" - if [ "$PRESERVE_LOGS" -gt 0 ]; then - mv $SRV_OUT o-srv-${TESTS}.log - mv $CLI_OUT o-cli-${TESTS}.log - if [ -n "$PXY_CMD" ]; then - mv $PXY_OUT o-pxy-${TESTS}.log - fi - fi - - rm -f $SRV_OUT $CLI_OUT $PXY_OUT -} - -run_test_psa() { - set_maybe_calc_verify none - run_test "PSA-supported ciphersuite: $1" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3 force_ciphersuite=$1" \ - 0 \ - -c "$maybe_calc_verify" \ - -c "calc PSA finished" \ - -s "$maybe_calc_verify" \ - -s "calc PSA finished" \ - -s "Protocol is TLSv1.2" \ - -c "Perform PSA-based ECDH computation."\ - -c "Perform PSA-based computation of digest of ServerKeyExchange" \ - -S "error" \ - -C "error" - unset maybe_calc_verify -} - -run_test_psa_force_curve() { - set_maybe_calc_verify none - run_test "PSA - ECDH with $1" \ - "$P_SRV debug_level=4 force_version=tls12 groups=$1" \ - "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 groups=$1" \ - 0 \ - -c "$maybe_calc_verify" \ - -c "calc PSA finished" \ - -s "$maybe_calc_verify" \ - -s "calc PSA finished" \ - -s "Protocol is TLSv1.2" \ - -c "Perform PSA-based ECDH computation."\ - -c "Perform PSA-based computation of digest of ServerKeyExchange" \ - -S "error" \ - -C "error" - unset maybe_calc_verify -} - -# Test that the server's memory usage after a handshake is reduced when a client specifies -# a maximum fragment length. -# first argument ($1) is MFL for SSL client -# second argument ($2) is memory usage for SSL client with default MFL (16k) -run_test_memory_after_handshake_with_mfl() -{ - # The test passes if the difference is around 2*(16k-MFL) - MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))" - - # Leave some margin for robustness - MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))" - - run_test "Handshake memory usage (MFL $1)" \ - "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ - "$P_CLI debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ - 0 \ - -F "handshake_memory_check $MEMORY_USAGE_LIMIT" -} - - -# Test that the server's memory usage after a handshake is reduced when a client specifies -# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes -run_tests_memory_after_handshake() -{ - # all tests in this sequence requires the same configuration (see requires_config_enabled()) - SKIP_THIS_TESTS="$SKIP_NEXT" - - # first test with default MFU is to get reference memory usage - MEMORY_USAGE_MFL_16K=0 - run_test "Handshake memory usage initial (MFL 16384 - default)" \ - "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ - "$P_CLI debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ - 0 \ - -F "handshake_memory_get MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K" - - SKIP_NEXT="$SKIP_THIS_TESTS" - run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K" -} - -run_test_export_keying_material() { - unset EXPORTED_KEY1 - unset EXPORTED_KEY2 - TLS_VERSION="$1" - - case $TLS_VERSION in - tls12) TLS_VERSION_PRINT="TLS 1.2";; - tls13) TLS_VERSION_PRINT="TLS 1.3";; - esac - - run_test "$TLS_VERSION_PRINT: Export keying material" \ - "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ - "$P_CLI debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ - 0 \ - -s "Exporting key of length 20 with label \".*\": 0x" \ - -c "Exporting key of length 20 with label \".*\": 0x" \ - -f get_exported_key \ - -F check_exported_key -} - -run_test_export_keying_material_openssl_compat() { - unset EXPORTED_KEY1 - unset EXPORTED_KEY2 - TLS_VERSION="$1" - - case $TLS_VERSION in - tls12) TLS_VERSION_PRINT="TLS 1.2"; OPENSSL_CLIENT="$O_CLI";; - tls13) TLS_VERSION_PRINT="TLS 1.3"; OPENSSL_CLIENT="$O_NEXT_CLI";; - esac - - run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \ - "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ - "$OPENSSL_CLIENT -keymatexport test-label" \ - 0 \ - -s "Exporting key of length 20 with label \".*\": 0x" \ - -c "Keying material exporter:" \ - -F get_exported_key \ - -f check_exported_key_openssl -} - -cleanup() { - rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION - rm -f context_srv.txt - rm -f context_cli.txt - test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 - test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 - test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 - test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 - exit 1 -} - -# -# MAIN -# - -# Make the outcome file path relative to the original directory, not -# to .../tests -case "$MBEDTLS_TEST_OUTCOME_FILE" in - [!/]*) - MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" - ;; -esac - -populate_enabled_hash_algs - -# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell -# patterns rather than regular expressions, use a case statement instead -# of calling grep. To keep the optimizer simple, it is incomplete and only -# detects simple cases: plain substring, everything, nothing. -# -# As an exception, the character '.' is treated as an ordinary character -# if it is the only special character in the string. This is because it's -# rare to need "any one character", but needing a literal '.' is common -# (e.g. '-f "DTLS 1.2"'). -need_grep= -case "$FILTER" in - '^$') simple_filter=;; - '.*') simple_filter='*';; - *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep - need_grep=1;; - *) # No regexp or shell-pattern special character - simple_filter="*$FILTER*";; -esac -case "$EXCLUDE" in - '^$') simple_exclude=;; - '.*') simple_exclude='*';; - *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep - need_grep=1;; - *) # No regexp or shell-pattern special character - simple_exclude="*$EXCLUDE*";; -esac -if [ -n "$need_grep" ]; then - is_excluded () { - ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE" - } -else - is_excluded () { - case "$1" in - $simple_exclude) true;; - $simple_filter) false;; - *) true;; - esac - } -fi - -# Filter tests according to TEST_SUITE_NAME -is_excluded_test_suite () { - if [ -n "$RUN_TEST_SUITE" ] - then - case ",$RUN_TEST_SUITE," in - *",$1,"*) false;; - *) true;; - esac - else - false - fi - -} - - -if [ "$LIST_TESTS" -eq 0 ];then - - # sanity checks, avoid an avalanche of errors - P_SRV_BIN="${P_SRV%%[ ]*}" - P_CLI_BIN="${P_CLI%%[ ]*}" - P_PXY_BIN="${P_PXY%%[ ]*}" - if [ ! -x "$P_SRV_BIN" ]; then - echo "Command '$P_SRV_BIN' is not an executable file" - exit 1 - fi - if [ ! -x "$P_CLI_BIN" ]; then - echo "Command '$P_CLI_BIN' is not an executable file" - exit 1 - fi - if [ ! -x "$P_PXY_BIN" ]; then - echo "Command '$P_PXY_BIN' is not an executable file" - exit 1 - fi - if [ "$MEMCHECK" -gt 0 ]; then - if which valgrind >/dev/null 2>&1; then :; else - echo "Memcheck not possible. Valgrind not found" - exit 1 - fi - fi - if which $OPENSSL >/dev/null 2>&1; then :; else - echo "Command '$OPENSSL' not found" - exit 1 - fi - - # used by watchdog - MAIN_PID="$$" - - # We use somewhat arbitrary delays for tests: - # - how long do we wait for the server to start (when lsof not available)? - # - how long do we allow for the client to finish? - # (not to check performance, just to avoid waiting indefinitely) - # Things are slower with valgrind, so give extra time here. - # - # Note: without lsof, there is a trade-off between the running time of this - # script and the risk of spurious errors because we didn't wait long enough. - # The watchdog delay on the other hand doesn't affect normal running time of - # the script, only the case where a client or server gets stuck. - if [ "$MEMCHECK" -gt 0 ]; then - START_DELAY=6 - DOG_DELAY=60 - else - START_DELAY=2 - DOG_DELAY=20 - fi - - # some particular tests need more time: - # - for the client, we multiply the usual watchdog limit by a factor - # - for the server, we sleep for a number of seconds after the client exits - # see client_need_more_time() and server_needs_more_time() - CLI_DELAY_FACTOR=1 - SRV_DELAY_SECONDS=0 - - # fix commands to use this port, force IPv4 while at it - # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later - # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many - # machines that will resolve to ::1, and we don't want ipv6 here. - P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" - P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" - P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" - O_SRV="$O_SRV -accept $SRV_PORT" - O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" - G_SRV="$G_SRV -p $SRV_PORT" - G_CLI="$G_CLI -p +SRV_PORT" - - # Newer versions of OpenSSL have a syntax to enable all "ciphers", even - # low-security ones. This covers not just cipher suites but also protocol - # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on - # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in - # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find - # a way to discover it from -help, so check the openssl version. - case $($OPENSSL version) in - "OpenSSL 0"*|"OpenSSL 1.0"*) :;; - *) - O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" - O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" - ;; - esac - - if [ -n "${OPENSSL_NEXT:-}" ]; then - O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" - O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" - O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT" - O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" - O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" - fi - - if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then - G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" - G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT" - fi - - if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then - G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" - G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost" - fi - - # Allow SHA-1, because many of our test certificates use it - P_SRV="$P_SRV allow_sha1=1" - P_CLI="$P_CLI allow_sha1=1" - -fi -# Also pick a unique name for intermediate files -SRV_OUT="srv_out.$$" -CLI_OUT="cli_out.$$" -PXY_OUT="pxy_out.$$" -SESSION="session.$$" - -SKIP_NEXT="NO" - -trap cleanup INT TERM HUP - -# Basic test - -# Checks that: -# - things work with all ciphersuites active (used with config-full in all.sh) -# - the expected parameters are selected -requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 -requires_hash_alg SHA_512 # "signature_algorithm ext: 6" -requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255 -run_test "Default, TLS 1.2" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12" \ - 0 \ - -s "Protocol is TLSv1.2" \ - -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ - -s "client hello v3, signature_algorithm ext: 6" \ - -s "ECDHE curve: x25519" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 -run_test "Default, DTLS" \ - "$P_SRV dtls=1" \ - "$P_CLI dtls=1" \ - 0 \ - -s "Protocol is DTLSv1.2" \ - -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" - -run_test "TLS client auth: required" \ - "$P_SRV auth_mode=required" \ - "$P_CLI" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" - -run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - -c "Key size is 256" - -run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - -c "Key size is 128" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. With the -# removal of the legacy cryptography configuration options, there is currently -# no way to express this dependency. This test fails if run in a configuration -# where the built-in implementation of CBC or AES is not present. -requires_hash_alg MD5 -requires_hash_alg SHA_256 -run_test "TLS: password protected client key" \ - "$P_SRV force_version=tls12 auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ - 0 - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. With the -# removal of the legacy cryptography configuration options, there is currently -# no way to express this dependency. This test fails if run in a configuration -# where the built-in implementation of CBC or AES is not present. -requires_hash_alg MD5 -requires_hash_alg SHA_256 -run_test "TLS: password protected server key" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \ - "$P_CLI force_version=tls12" \ - 0 - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. With the -# removal of the legacy cryptography configuration options, there is currently -# no way to express this dependency. This test fails if run in a configuration -# where the built-in implementation of CBC or AES is not present. -requires_hash_alg MD5 -requires_hash_alg SHA_256 -run_test "TLS: password protected server key, two certificates" \ - "$P_SRV force_version=tls12\ - key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key.enc key_pwd2=PolarSSLTest crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI" \ - 0 - -run_test "CA callback on client" \ - "$P_SRV debug_level=3" \ - "$P_CLI ca_callback=1 debug_level=3 " \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "CA callback on server" \ - "$P_SRV auth_mode=required" \ - "$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -s "Verifying peer X.509 certificate... ok" \ - -S "error" \ - -C "error" - -# Test using an EC opaque private key for client authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for client authentication: ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -# Test using a RSA opaque private key for client authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for client authentication: ECDHE-RSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -# Test using an EC opaque private key for server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDHE-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ - key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdh,none \ - crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ - key_opaque_algs2=ecdsa-sign,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server2-sha256.crt \ - key_file2=$DATA_FILES_PATH/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: no suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ - 1 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ - -c "error" \ - -s "no suitable signature algorithm" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ - 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ - -C "error" \ - -S "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \ - "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \ - 0 \ - -s "key types: Opaque, Opaque" \ - -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -C "error" \ - -S "error" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ - 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ - -C "error" \ - -S "error" \ - -# Test using a RSA opaque private key for server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDHE-RSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKCS1" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \ - "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -run_test "Opaque keys for server authentication: RSA keys with different algs" \ - "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none \ - crt_file2=$DATA_FILES_PATH/server4.crt \ - key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server4.crt \ - key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -# Test using an EC opaque private key for client/server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -requires_hash_alg SHA_256 -run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-ECDSA" \ - -S "error" \ - -C "error" - -# Test using a RSA opaque private key for client/server authentication -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -run_test "Opaque key for client/server authentication: ECDHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-ECDHE-RSA" \ - -S "error" \ - -C "error" - -# Test ciphersuites which we expect to be fully supported by PSA Crypto -# and check that we don't fall back to Mbed TLS' internal crypto primitives. -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 -run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 - -requires_config_enabled PSA_WANT_ECC_SECP_R1_521 -run_test_psa_force_curve "secp521r1" -requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_512 -run_test_psa_force_curve "brainpoolP512r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_384 -run_test_psa_force_curve "secp384r1" -requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_384 -run_test_psa_force_curve "brainpoolP384r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test_psa_force_curve "secp256r1" -requires_config_enabled PSA_WANT_ECC_SECP_K1_256 -run_test_psa_force_curve "secp256k1" -requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 -run_test_psa_force_curve "brainpoolP256r1" - -# Test current time in ServerHello -requires_config_enabled MBEDTLS_HAVE_TIME -run_test "ServerHello contains gmt_unix_time" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3" \ - 0 \ - -f "check_server_hello_time" \ - -F "check_server_hello_time" - -# Test for uniqueness of IVs in AEAD ciphersuites -run_test "Unique IV in GCM" \ - "$P_SRV exchanges=20 debug_level=4" \ - "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ - 0 \ - -u "IV used" \ - -U "IV used" - -# Test for correctness of sent single supported algorithm -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: mbedtls client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ - 0 \ - -c "Supported Signature Algorithm found: 04 03" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: openssl client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ - -key $DATA_FILES_PATH/server6.key" \ - 0 - -# Tests for certificate verification callback -run_test "Configuration-specific CRT verification callback" \ - "$P_SRV debug_level=3" \ - "$P_CLI context_crt_cb=0 debug_level=3" \ - 0 \ - -S "error" \ - -c "Verify requested for " \ - -c "Use configuration-specific verification callback" \ - -C "Use context-specific verification callback" \ - -C "error" - -run_test "Context-specific CRT verification callback" \ - "$P_SRV debug_level=3" \ - "$P_CLI context_crt_cb=1 debug_level=3" \ - 0 \ - -S "error" \ - -c "Verify requested for " \ - -c "Use context-specific verification callback" \ - -C "Use configuration-specific verification callback" \ - -C "error" - -# Tests for SHA-1 support -requires_hash_alg SHA_1 -run_test "SHA-1 forbidden by default in server certificate" \ - "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ - 1 \ - -c "The certificate is signed with an unacceptable hash" - -requires_hash_alg SHA_1 -run_test "SHA-1 explicitly allowed in server certificate" \ - "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_version=tls12 allow_sha1=1" \ - 0 - -run_test "SHA-256 allowed by default in server certificate" \ - "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2-sha256.crt" \ - "$P_CLI force_version=tls12 allow_sha1=0" \ - 0 - -requires_hash_alg SHA_1 -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -run_test "SHA-1 forbidden by default in client certificate" \ - "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ - "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ - 1 \ - -s "The certificate is signed with an unacceptable hash" - -requires_hash_alg SHA_1 -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -run_test "SHA-1 explicitly allowed in client certificate" \ - "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ - "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ - 0 - -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -run_test "SHA-256 allowed by default in client certificate" \ - "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ - "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha256.crt" \ - 0 - -# Tests for datagram packing -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, client and server" \ - "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ - 0 \ - -c "next record in same datagram" \ - -s "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, client only" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ - 0 \ - -s "next record in same datagram" \ - -C "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, server only" \ - "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -S "next record in same datagram" \ - -c "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS: multiple records in same datagram, neither client nor server" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -S "next record in same datagram" \ - -C "next record in same datagram" - -# Tests for Context serialization - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes, CCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes, GCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, client serializes, with CID" \ - "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes, CCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes, GCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, server serializes, with CID" \ - "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize, CCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize, GCM" \ - "$P_SRV dtls=1 serialize=1 exchanges=2" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, both serialize, with CID" \ - "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, client serializes, CCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, client serializes, GCM" \ - "$P_SRV dtls=1 serialize=0 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, re-init, client serializes, with CID" \ - "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -S "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, server serializes, CCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, server serializes, GCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, re-init, server serializes, with CID" \ - "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -C "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, both serialize, CCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, re-init, both serialize, GCM" \ - "$P_SRV dtls=1 serialize=2 exchanges=2" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Context serialization, re-init, both serialize, with CID" \ - "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ - 0 \ - -c "Deserializing connection..." \ - -s "Deserializing connection..." - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Saving the serialized context to a file" \ - "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \ - "$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \ - 0 \ - -s "Save serialized context to a file... ok" \ - -c "Save serialized context to a file... ok" - -requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_protocol_version tls12 -run_test_export_keying_material tls12 - -requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_protocol_version tls12 -run_test_export_keying_material_openssl_compat tls12 - -requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_protocol_version tls13 -run_test_export_keying_material tls13 - -requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_openssl_tls1_3_with_compatible_ephemeral -run_test_export_keying_material_openssl_compat tls13 - -rm -f context_srv.txt -rm -f context_cli.txt - -# Tests for DTLS Connection ID extension - -# So far, the CID API isn't implemented, so we can't -# grep for output witnessing its use. This needs to be -# changed once the CID extension is implemented. - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli enabled, Srv disabled" \ - "$P_SRV debug_level=3 dtls=1 cid=0" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - 0 \ - -s "Disable use of CID extension." \ - -s "found CID extension" \ - -s "Client sent CID extension, but CID disabled" \ - -c "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -S "server hello, adding CID extension" \ - -C "found CID extension" \ - -S "Copy CIDs into SSL transform" \ - -C "Copy CIDs into SSL transform" \ - -c "Use of Connection ID was rejected by the server" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli disabled, Srv enabled" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=0" \ - 0 \ - -c "Disable use of CID extension." \ - -C "client hello, adding CID extension" \ - -S "found CID extension" \ - -s "Enable use of CID extension." \ - -S "server hello, adding CID extension" \ - -C "found CID extension" \ - -S "Copy CIDs into SSL transform" \ - -C "Copy CIDs into SSL transform" \ - -s "Use of Connection ID was not offered by client" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ - -p "$P_PXY mtu=800" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ - -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=1" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -S "Use of Connection ID has been negotiated" \ - -C "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -S "Use of Connection ID has been negotiated" \ - -C "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 4 Bytes): de ad be ef" \ - -s "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -s "Peer CID (length 4 Bytes): de ad be ef" \ - -c "Peer CID (length 0 Bytes):" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ - "$P_SRV debug_level=3 dtls=1 cid=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -S "Use of Connection ID has been negotiated" \ - -C "Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ - -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \ - "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ - 0 \ - -S "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ - 0 \ - -S "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ - -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ - "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ - 0 \ - -S "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -c "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID was not offered by client" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -s "(after renegotiation) Use of Connection ID was not offered by client" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID was rejected by the server" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ - "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ - -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ - -C "(after renegotiation) Use of Connection ID has been negotiated" \ - -S "(after renegotiation) Use of Connection ID has been negotiated" \ - -c "(after renegotiation) Use of Connection ID was rejected by the server" \ - -c "ignoring unexpected CID" \ - -s "ignoring unexpected CID" - -# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the -# tests check that the buffer contents are reallocated when the message is -# larger than the buffer. -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH -requires_max_content_len 513 -run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ - "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ - "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -s "Reallocating in_buf" \ - -s "Reallocating out_buf" - -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH -requires_max_content_len 1025 -run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \ - "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ - "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \ - 0 \ - -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ - -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ - -s "(initial handshake) Use of Connection ID has been negotiated" \ - -c "(initial handshake) Use of Connection ID has been negotiated" \ - -s "Reallocating in_buf" \ - -s "Reallocating out_buf" - -# Tests for Encrypt-then-MAC extension - -run_test "Encrypt then MAC: default" \ - "$P_SRV debug_level=3 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ - -s "server hello, adding encrypt then mac extension" \ - -c "found encrypt_then_mac extension" \ - -c "using encrypt then mac" \ - -s "using encrypt then mac" - -run_test "Encrypt then MAC: client enabled, server disabled" \ - "$P_SRV debug_level=3 etm=0 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - "$P_CLI debug_level=3 etm=1" \ - 0 \ - -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ - -S "server hello, adding encrypt then mac extension" \ - -C "found encrypt_then_mac extension" \ - -C "using encrypt then mac" \ - -S "using encrypt then mac" - -run_test "Encrypt then MAC: client enabled, aead cipher" \ - "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" \ - "$P_CLI debug_level=3 etm=1" \ - 0 \ - -c "client hello, adding encrypt_then_mac extension" \ - -s "found encrypt then mac extension" \ - -S "server hello, adding encrypt then mac extension" \ - -C "found encrypt_then_mac extension" \ - -C "using encrypt then mac" \ - -S "using encrypt then mac" - -run_test "Encrypt then MAC: client disabled, server enabled" \ - "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - "$P_CLI debug_level=3 etm=0" \ - 0 \ - -C "client hello, adding encrypt_then_mac extension" \ - -S "found encrypt then mac extension" \ - -S "server hello, adding encrypt then mac extension" \ - -C "found encrypt_then_mac extension" \ - -C "using encrypt then mac" \ - -S "using encrypt then mac" - -# Tests for Extended Master Secret extension - -requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET -run_test "Extended Master Secret: default" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3" \ - 0 \ - -c "client hello, adding extended_master_secret extension" \ - -s "found extended master secret extension" \ - -s "server hello, adding extended master secret extension" \ - -c "found extended_master_secret extension" \ - -c "session hash for extended master secret" \ - -s "session hash for extended master secret" - -requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET -run_test "Extended Master Secret: client enabled, server disabled" \ - "$P_SRV debug_level=3 extended_ms=0" \ - "$P_CLI force_version=tls12 debug_level=3 extended_ms=1" \ - 0 \ - -c "client hello, adding extended_master_secret extension" \ - -s "found extended master secret extension" \ - -S "server hello, adding extended master secret extension" \ - -C "found extended_master_secret extension" \ - -C "session hash for extended master secret" \ - -S "session hash for extended master secret" - -requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET -run_test "Extended Master Secret: client disabled, server enabled" \ - "$P_SRV force_version=tls12 debug_level=3 extended_ms=1" \ - "$P_CLI debug_level=3 extended_ms=0" \ - 0 \ - -C "client hello, adding extended_master_secret extension" \ - -S "found extended master secret extension" \ - -S "server hello, adding extended master secret extension" \ - -C "found extended_master_secret extension" \ - -C "session hash for extended master secret" \ - -S "session hash for extended master secret" - -# Test sending and receiving empty application data records - -run_test "Encrypt then MAC: empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=1" \ - "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Encrypt then MAC: disabled, empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=0" \ - "$P_CLI auth_mode=none etm=0 request_size=0" \ - 0 \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -run_test "Encrypt then MAC, DTLS: empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ - "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ - 0 \ - -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ - "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ - "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ - 0 \ - -s "dumping 'input payload after decrypt' (0 bytes)" \ - -c "0 bytes written in 1 fragments" - -# Tests for CBC 1/n-1 record splitting - -run_test "CBC Record splitting: TLS 1.2, no splitting" \ - "$P_SRV force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ - request_size=123" \ - 0 \ - -s "Read from client: 123 bytes read" \ - -S "Read from client: 1 bytes read" \ - -S "122 bytes read" - -# Tests for Session Tickets - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: basic" \ - "$P_SRV debug_level=3 tickets=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: manual rotation" \ - "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: cache disabled" \ - "$P_SRV debug_level=3 tickets=1 cache_max=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: timeout" \ - "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: session copy" \ - "$P_SRV debug_level=3 tickets=1 cache_max=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: openssl server" \ - "$O_SRV -tls1_2" \ - "$P_CLI debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: openssl client" \ - "$P_SRV force_version=tls12 debug_level=3 tickets=1" \ - "( $O_CLI -sess_out $SESSION; \ - $O_CLI -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" - -requires_cipher_enabled "AES" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-128-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-192-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-128-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-192-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "AES" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: AES-256-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CAMELLIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CAMELLIA-128-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CAMELLIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CAMELLIA-192-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CAMELLIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CAMELLIA-256-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-128-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-192-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "GCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-256-GCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-128-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-192-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "ARIA" "CCM" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: ARIA-256-CCM" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_cipher_enabled "CHACHA20" -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets: CHACHA20-POLY1305" \ - "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -# Tests for Session Tickets with DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: basic" \ - "$P_SRV debug_level=3 dtls=1 tickets=1" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: cache disabled" \ - "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: timeout" \ - "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: session copy" \ - "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ - "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: openssl server" \ - "$O_SRV -dtls" \ - "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -c "found session_ticket extension" \ - -c "parse new session ticket" \ - -c "a session has been resumed" - -# For reasons that aren't fully understood, this test randomly fails with high -# probability with OpenSSL 1.0.2g on the CI, see #5012. -requires_openssl_next -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using tickets, DTLS: openssl client" \ - "$P_SRV dtls=1 debug_level=3 tickets=1" \ - "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ - $O_NEXT_CLI -dtls -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -s "server hello, adding session ticket extension" \ - -S "session successfully restored from cache" \ - -s "session successfully restored from ticket" \ - -s "a session has been resumed" - -# Tests for Session Resume based on session-ID and cache - -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache: tickets enabled on client" \ - "$P_SRV debug_level=3 tickets=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache: tickets enabled on server" \ - "$P_SRV debug_level=3 tickets=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "client hello, adding session ticket extension" \ - -S "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: cache_max=0" \ - "$P_SRV debug_level=3 tickets=0 cache_max=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: cache_max=1" \ - "$P_SRV debug_level=3 tickets=0 cache_max=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: cache removed" \ - "$P_SRV debug_level=3 tickets=0 cache_remove=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "client hello, adding session ticket extension" \ - -S "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: timeout > delay" \ - "$P_SRV debug_level=3 tickets=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: timeout < delay" \ - "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: no timeout" \ - "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: session copy" \ - "$P_SRV debug_level=3 tickets=0" \ - "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache: openssl client" \ - "$P_SRV force_version=tls12 debug_level=3 tickets=0" \ - "( $O_CLI -sess_out $SESSION; \ - $O_CLI -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache: openssl server" \ - "$O_SRV -tls1_2" \ - "$P_CLI debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -c "a session has been resumed" - -# Tests for Session resume and extensions - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID -run_test "Session resume and connection ID" \ - "$P_SRV debug_level=3 cid=1 cid_val=dead dtls=1 tickets=0" \ - "$P_CLI debug_level=3 cid=1 cid_val=beef dtls=1 tickets=0 reconnect=1" \ - 0 \ - -c "Enable use of CID extension." \ - -s "Enable use of CID extension." \ - -c "client hello, adding CID extension" \ - -s "found CID extension" \ - -s "Use of CID extension negotiated" \ - -s "server hello, adding CID extension" \ - -c "found CID extension" \ - -c "Use of CID extension negotiated" \ - -s "Copy CIDs into SSL transform" \ - -c "Copy CIDs into SSL transform" \ - -c "Peer CID (length 2 Bytes): de ad" \ - -s "Peer CID (length 2 Bytes): be ef" \ - -s "Use of Connection ID has been negotiated" \ - -c "Use of Connection ID has been negotiated" - -# Tests for Session Resume based on session-ID and cache, DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache, DTLS: tickets enabled on client" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "client hello, adding session ticket extension" \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache, DTLS: tickets enabled on server" \ - "$P_SRV dtls=1 debug_level=3 tickets=1" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -C "client hello, adding session ticket extension" \ - -S "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: cache_max=0" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: cache_max=1" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: timeout > delay" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: timeout < delay" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ - 0 \ - -S "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -S "a session has been resumed" \ - -C "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: no timeout" \ - "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: session copy" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ - 0 \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" \ - -c "a session has been resumed" - -# For reasons that aren't fully understood, this test randomly fails with high -# probability with OpenSSL 1.0.2g on the CI, see #5012. -requires_openssl_next -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Session resume using cache, DTLS: openssl client" \ - "$P_SRV dtls=1 debug_level=3 tickets=0" \ - "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ - $O_NEXT_CLI -dtls -sess_in $SESSION; \ - rm -f $SESSION )" \ - 0 \ - -s "found session ticket extension" \ - -S "server hello, adding session ticket extension" \ - -s "session successfully restored from cache" \ - -S "session successfully restored from ticket" \ - -s "a session has been resumed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "Session resume using cache, DTLS: openssl server" \ - "$O_SRV -dtls" \ - "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ - 0 \ - -C "found session_ticket extension" \ - -C "parse new session ticket" \ - -c "a session has been resumed" - -# Tests for Max Fragment Length extension - -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: enabled, default" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" - -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: enabled, default, larger message" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 0 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" \ - -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ - -s "$MAX_CONTENT_LEN bytes read" \ - -s "1 bytes read" - -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length, DTLS: enabled, default, larger message" \ - "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 1 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" \ - -c "fragment larger than.*maximum " - -# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled -# (session fragment length will be 16384 regardless of mbedtls -# content length configuration.) - -requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: disabled, larger message" \ - "$P_SRV debug_level=3 force_version=tls12" \ - "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 0 \ - -C "Maximum incoming record payload length is 16384" \ - -C "Maximum outgoing record payload length is 16384" \ - -S "Maximum incoming record payload length is 16384" \ - -S "Maximum outgoing record payload length is 16384" \ - -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ - -s "$MAX_CONTENT_LEN bytes read" \ - -s "1 bytes read" - -requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length, DTLS: disabled, larger message" \ - "$P_SRV debug_level=3 dtls=1 force_version=tls12" \ - "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ - 1 \ - -C "Maximum incoming record payload length is 16384" \ - -C "Maximum outgoing record payload length is 16384" \ - -S "Maximum incoming record payload length is 16384" \ - -S "Maximum outgoing record payload length is 16384" \ - -c "fragment larger than.*maximum " - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: used by client" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 4096" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 1024 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 512, server 1024" \ - "$P_SRV debug_level=3 max_frag_len=1024" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ - 0 \ - -c "Maximum incoming record payload length is 512" \ - -c "Maximum outgoing record payload length is 512" \ - -s "Maximum incoming record payload length is 512" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 512, server 2048" \ - "$P_SRV debug_level=3 max_frag_len=2048" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ - 0 \ - -c "Maximum incoming record payload length is 512" \ - -c "Maximum outgoing record payload length is 512" \ - -s "Maximum incoming record payload length is 512" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 512, server 4096" \ - "$P_SRV debug_level=3 max_frag_len=4096" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ - 0 \ - -c "Maximum incoming record payload length is 512" \ - -c "Maximum outgoing record payload length is 512" \ - -s "Maximum incoming record payload length is 512" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 1024 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 1024, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ - "$P_CLI debug_level=3 max_frag_len=1024" \ - 0 \ - -c "Maximum incoming record payload length is 1024" \ - -c "Maximum outgoing record payload length is 1024" \ - -s "Maximum incoming record payload length is 1024" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 1024, server 2048" \ - "$P_SRV debug_level=3 max_frag_len=2048" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ - 0 \ - -c "Maximum incoming record payload length is 1024" \ - -c "Maximum outgoing record payload length is 1024" \ - -s "Maximum incoming record payload length is 1024" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 1024, server 4096" \ - "$P_SRV debug_level=3 max_frag_len=4096" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ - 0 \ - -c "Maximum incoming record payload length is 1024" \ - -c "Maximum outgoing record payload length is 1024" \ - -s "Maximum incoming record payload length is 1024" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 2048, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ - "$P_CLI debug_level=3 max_frag_len=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 2048, server 1024" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ - "$P_CLI debug_level=3 max_frag_len=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 2048, server 4096" \ - "$P_SRV debug_level=3 max_frag_len=4096" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 4096, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 4096, server 1024" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 1024" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client 4096, server 2048" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=2048" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -s "Maximum incoming record payload length is 4096" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: used by server" \ - "$P_SRV force_version=tls12 debug_level=3 max_frag_len=4096" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ - -s "Maximum outgoing record payload length is 4096" \ - -C "client hello, adding max_fragment_length extension" \ - -S "found max fragment length extension" \ - -S "server hello, max_fragment_length extension" \ - -C "found max_fragment_length extension" - -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: gnutls server" \ - "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - "$P_CLI debug_level=3 max_frag_len=4096" \ - 0 \ - -c "Maximum incoming record payload length is 4096" \ - -c "Maximum outgoing record payload length is 4096" \ - -c "client hello, adding max_fragment_length extension" \ - -c "found max_fragment_length extension" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client, message just fits" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2048" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "2048 bytes written in 1 fragments" \ - -s "2048 bytes read" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -run_test "Max fragment length: client, larger message" \ - "$P_SRV debug_level=3" \ - "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2345" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "2345 bytes written in 2 fragments" \ - -s "2048 bytes read" \ - -s "297 bytes read" - -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Max fragment length: DTLS client, larger message" \ - "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ - 1 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 2048" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "fragment larger than.*maximum" - -# Tests for Record Size Limit extension - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ - "$P_SRV debug_level=3 force_version=tls13" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ - 0 \ - -s "RecordSizeLimit: 16385 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 16383" \ - -s "bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \ - "$P_CLI debug_level=4 force_version=tls13" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "EncryptedExtensions: record_size_limit(28) extension received." \ - -c "RecordSizeLimit: 16385 Bytes" \ - -# In the following tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the -# maximum record size using gnutls_record_set_max_size() -# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size). -# There is currently a lower limit of 512, caused by gnutls_record_set_max_size() -# not respecting the "%ALLOW_SMALL_RECORDS" priority string and not using the -# more recent function gnutls_record_set_max_recv_size() -# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size). -# There is currently an upper limit of 4096, caused by the cli arg parser: -# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. -# Thus, these tests are currently limited to the value range 512-4096. -# Also, the value sent in the extension will be one larger than the value -# set at the command line: -# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 - -# Currently test certificates being used do not fit in 513 record size limit -# so for 513 record size limit tests we use preshared key to avoid sending -# the certificate. - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ - "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ - psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ - response_size=256" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "256 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ - psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ - response_size=768" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "768 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ - psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ - response_size=1280" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ - 0 \ - -s "RecordSizeLimit: 513 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 511" \ - -s "1280 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ - 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 1023" \ - -s "512 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ - 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 1023" \ - -s "1536 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ - 0 \ - -s "RecordSizeLimit: 1024 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 1023" \ - -s "2560 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ - 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 4095" \ - -s "2048 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ - 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 4095" \ - -s "6144 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ - "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ - 0 \ - -s "RecordSizeLimit: 4096 Bytes" \ - -s "ClientHello: record_size_limit(28) extension exists." \ - -s "Sent RecordSizeLimit: 16384 Bytes" \ - -s "EncryptedExtensions: record_size_limit(28) extension exists." \ - -s "Maximum outgoing record payload length is 4095" \ - -s "10240 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=256" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 511" \ - -c "256 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=768" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 511" \ - -c "768 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 513 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 511" \ - -c "1280 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=512" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 1023" \ - -c "512 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 1023" \ - -c "1536 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 1024 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 1023" \ - -c "2560 bytes written in 3 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 4095" \ - -c "2048 bytes written in 1 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 4095" \ - -c "6144 bytes written in 2 fragments" - -requires_gnutls_tls1_3 -requires_gnutls_record_size_limit -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \ - "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \ - 0 \ - -c "Sent RecordSizeLimit: 16384 Bytes" \ - -c "ClientHello: record_size_limit(28) extension exists." \ - -c "RecordSizeLimit: 4096 Bytes" \ - -c "EncryptedExtensions: record_size_limit(28) extension exists." \ - -c "Maximum outgoing record payload length is 4095" \ - -c "10240 bytes written in 3 fragments" - -# TODO: For time being, we send fixed value of RecordSizeLimit defined by -# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of -# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test. -requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384 -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \ - "$P_SRV debug_level=4 force_version=tls13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -c "RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -s "RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \ - -s "Maximum outgoing record payload length is 16383" \ - -s "Maximum incoming record payload length is 16384" - -# End of Record size limit tests - -# Tests for renegotiation - -# G_NEXT_SRV is used in renegotiation tests becuase of the increased -# extensions limit since we exceed the limit in G_SRV when we send -# TLS 1.3 extensions in the initial handshake. - -# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION -run_test "Renegotiation: none, for reference" \ - "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: client-initiated" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that -# the server did not parse the Signature Algorithm extension. This test is valid only if an MD -# algorithm stronger than SHA-1 is enabled in mbedtls_config.h -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" \ - -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? - -# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that -# the server did not parse the Signature Algorithm extension. This test is valid only if an MD -# algorithm stronger than SHA-1 is enabled in mbedtls_config.h -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: double" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -run_test "Renegotiation with max fragment length: client 2048, server 512" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 \ - -c "Maximum incoming record payload length is 2048" \ - -c "Maximum outgoing record payload length is 2048" \ - -s "Maximum incoming record payload length is 2048" \ - -s "Maximum outgoing record payload length is 512" \ - -c "client hello, adding max_fragment_length extension" \ - -s "found max fragment length extension" \ - -s "server hello, max_fragment_length extension" \ - -c "found max_fragment_length extension" \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: client-initiated, server-rejected" \ - "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ - 1 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" \ - -c "SSL - Unexpected message at ServerHello in renegotiation" \ - -c "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, default" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=-1 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -# delay 2 for 1 alert record + 1 application data record -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=2 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=0 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -s "write hello request" \ - -s "SSL - An unexpected message was received from our peer" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ - renego_delay=0 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, just below period" \ - "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -S "record counter limit reached: renegotiate" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -# one extra exchange to be able to complete renego -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, just above period" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -s "record counter limit reached: renegotiate" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, two times period" \ - "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 exchanges=7 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -s "record counter limit reached: renegotiate" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: periodic, above period, disabled" \ - "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ - "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ - 0 \ - -C "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -S "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -S "record counter limit reached: renegotiate" \ - -C "=> renegotiate" \ - -S "=> renegotiate" \ - -S "write hello request" \ - -S "SSL - An unexpected message was received from our peer" \ - -S "failed" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: nbio, client-initiated" \ - "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ - "$P_CLI force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Renegotiation: nbio, server-initiated" \ - "$P_SRV force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ - "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: openssl server, client-initiated" \ - "$O_SRV -www $OPENSSL_S_SERVER_CLIENT_RENEGOTIATION -tls1_2" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "ssl_handshake() returned" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server strict, client-initiated" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "ssl_handshake() returned" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ - 1 \ - -c "client hello, adding renegotiation extension" \ - -C "found renegotiation extension" \ - -c "=> renegotiate" \ - -c "mbedtls_ssl_handshake() returned" \ - -c "error" \ - -C "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ - allow_legacy=0" \ - 1 \ - -c "client hello, adding renegotiation extension" \ - -C "found renegotiation extension" \ - -c "=> renegotiate" \ - -c "mbedtls_ssl_handshake() returned" \ - -c "error" \ - -C "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ - allow_legacy=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -C "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "ssl_handshake() returned" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, client-initiated" \ - "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ - "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -S "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, server-initiated" \ - "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ - "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ - read_timeout=1000 max_resend=2" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, renego_period overflow" \ - "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ - "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -s "record counter limit reached: renegotiate" \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "write hello request" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ - "$G_NEXT_SRV -u --mtu 4096" \ - "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "mbedtls_ssl_handshake returned" \ - -C "error" \ - -s "Extra-header:" - -# Test for the "secure renegotiation" extension only (no actual renegotiation) - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls server strict, client default" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "found renegotiation extension" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls server unsafe, client default" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "found renegotiation extension" \ - -C "error" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls server unsafe, client break legacy" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ - "$P_CLI debug_level=3 allow_legacy=-1" \ - 1 \ - -C "found renegotiation extension" \ - -c "error" \ - -C "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls client strict, server default" \ - "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \ - 0 \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ - -s "server hello, secure renegotiation extension" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls client unsafe, server default" \ - "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 0 \ - -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ - -S "server hello, secure renegotiation extension" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Renego ext: gnutls client unsafe, server break legacy" \ - "$P_SRV debug_level=3 allow_legacy=-1" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 1 \ - -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ - -S "server hello, secure renegotiation extension" - -# Tests for silently dropping trailing extra bytes in .der certificates - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: no trailing bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der0.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with a trailing zero byte" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1a.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with a trailing random byte" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1b.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 2 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der2.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 4 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der4.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 8 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der8.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DER format: with 9 trailing random bytes" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-der9.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$G_CLI localhost" \ - 0 \ - -c "Handshake was completed" \ - -# Tests for auth_mode, there are duplicated tests using ca callback for authentication -# When updating these tests, modify the matching authentication tests accordingly - -# The next 4 cases test the 3 auth modes with a badly signed server cert. -run_test "Authentication: server badcert, client required" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 auth_mode=required" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" - # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA -# We don't check that the server receives the alert because it might -# detect that its write end of the connection is closed and abort -# before reading the alert message. - -run_test "Authentication: server badcert, client required (1.2)" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=required" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" - # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA - -run_test "Authentication: server badcert, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls13 debug_level=3 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server badcert, client optional (1.2)" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server badcert, client none" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 auth_mode=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server badcert, client none (1.2)" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: server goodcert, client required, no trusted CA" \ - "$P_SRV" \ - "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -c "! mbedtls_ssl_handshake returned" \ - -c "SSL - No CA Chain is set, but required to operate" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: server goodcert, client required, no trusted CA (1.2)" \ - "$P_SRV force_version=tls12" \ - "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ - 1 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -c "! mbedtls_ssl_handshake returned" \ - -c "SSL - No CA Chain is set, but required to operate" - -run_test "Authentication: server goodcert, client optional, no trusted CA" \ - "$P_SRV" \ - "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: server goodcert, client optional, no trusted CA (1.2)" \ - "$P_SRV" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ - 0 \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -run_test "Authentication: server goodcert, client none, no trusted CA" \ - "$P_SRV" \ - "$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" \ - "$P_SRV" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=none ca_file=none ca_path=none" \ - 0 \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! Certificate verification flags"\ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ - -C "SSL - No CA Chain is set, but required to operate" - -# The next few tests check what happens if the server has a valid certificate -# that does not match its name (impersonation). - -run_test "Authentication: hostname match, client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required server_name=localhost debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname match, client required, CA callback" \ - "$P_SRV" \ - "$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -c "use CA callback for X.509 CRT verification" \ - -C "x509_verify_cert() returned -" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname mismatch (wrong), client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \ - 1 \ - -c "does not match with the expected CN" \ - -c "x509_verify_cert() returned -" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -run_test "Authentication: hostname mismatch (empty), client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required server_name= debug_level=1" \ - 1 \ - -c "does not match with the expected CN" \ - -c "x509_verify_cert() returned -" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -run_test "Authentication: hostname mismatch (truncated), client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required server_name=localhos debug_level=1" \ - 1 \ - -c "does not match with the expected CN" \ - -c "x509_verify_cert() returned -" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -run_test "Authentication: hostname mismatch (last char), client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required server_name=localhoss debug_level=1" \ - 1 \ - -c "does not match with the expected CN" \ - -c "x509_verify_cert() returned -" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -run_test "Authentication: hostname mismatch (trailing), client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required server_name=localhostt debug_level=1" \ - 1 \ - -c "does not match with the expected CN" \ - -c "x509_verify_cert() returned -" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -run_test "Authentication: hostname mismatch, client optional" \ - "$P_SRV" \ - "$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \ - 0 \ - -c "does not match with the expected CN" \ - -c "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname mismatch, client none" \ - "$P_SRV" \ - "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname null, client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname null, client optional" \ - "$P_SRV" \ - "$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname null, client none" \ - "$P_SRV" \ - "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname unset, client required" \ - "$P_SRV" \ - "$P_CLI auth_mode=required set_hostname=no debug_level=2" \ - 1 \ - -C "does not match with the expected CN" \ - -c "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -c "get_hostname_for_verification() returned -" \ - -C "x509_verify_cert() returned -" \ - -c "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname unset, client required, CA callback" \ - "$P_SRV" \ - "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \ - 1 \ - -C "does not match with the expected CN" \ - -c "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -c "get_hostname_for_verification() returned -" \ - -C "use CA callback for X.509 CRT verification" \ - -C "x509_verify_cert() returned -" \ - -c "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname unset, client optional" \ - "$P_SRV" \ - "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -c "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname unset, client none" \ - "$P_SRV" \ - "$P_CLI auth_mode=none set_hostname=no debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ - "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 1 \ - -C "does not match with the expected CN" \ - -c "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -c "get_hostname_for_verification() returned -" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ - "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 1 \ - -C "does not match with the expected CN" \ - -c "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -c "get_hostname_for_verification() returned -" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ - "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ - "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 0 \ - -C "does not match with the expected CN" \ - -C "Certificate verification without having set hostname" \ - -C "Certificate verification without CN verification" \ - -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: client SHA256, server required" \ - "$P_SRV auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ - 0 \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: client SHA384, server required" \ - "$P_SRV auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -run_test "Authentication: client has no cert, server required (TLS)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=none \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -c "= write certificate$" \ - -C "skip write certificate$" \ - -S "x509_verify_cert() returned" \ - -s "peer has no certificate" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "No client certification received from the client, but required by the authentication mode" - -run_test "Authentication: client badcert, server required" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" -# We don't check that the client receives the alert because it might -# detect that its write end of the connection is closed and abort -# before reading the alert message. - -run_test "Authentication: client cert self-signed and trusted, server required" \ - "$P_SRV debug_level=3 auth_mode=required ca_file=$DATA_FILES_PATH/server5-selfsigned.crt" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed" \ - -S "X509 - Certificate verification failed" - -run_test "Authentication: client cert not trusted, server required" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" - -run_test "Authentication: client badcert, server optional" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -run_test "Authentication: client badcert, server none" \ - "$P_SRV debug_level=3 auth_mode=none" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got no certificate request" \ - -c "skip write certificate" \ - -c "skip write certificate verify" \ - -s "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -run_test "Authentication: client no cert, server optional" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate$" \ - -C "got no certificate to send" \ - -c "skip write certificate verify" \ - -s "skip parse certificate verify" \ - -s "! Certificate was missing" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -run_test "Authentication: openssl client no cert, server optional" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -no_middlebox" \ - 0 \ - -S "skip write certificate request" \ - -s "skip parse certificate verify" \ - -s "! Certificate was missing" \ - -S "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Authentication: client no cert, openssl server optional" \ - "$O_SRV -verify 10 -tls1_2" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 0 \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate$" \ - -c "skip write certificate verify" \ - -C "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Authentication: client no cert, openssl server required" \ - "$O_SRV -Verify 10 -tls1_2" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 1 \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate$" \ - -c "skip write certificate verify" \ - -c "! mbedtls_ssl_handshake returned" - -# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default -# value, defined here as MAX_IM_CA. Some test cases will be skipped if the -# library is configured with a different value. - -MAX_IM_CA='8' - -# The tests for the max_int tests can pass with any number higher than MAX_IM_CA -# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1 -# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions -# are in place so that the semantics are consistent with the test description. -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - "$P_CLI server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 0 \ - -C "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int+1 chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 1 \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int+1 chain, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ - auth_mode=optional" \ - 1 \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: server max_int+1 chain, client none" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ - auth_mode=none" \ - 0 \ - -C "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int+1 chain, server default" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 0 \ - -S "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int+1 chain, server optional" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int+1 chain, server required" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication: client max_int chain, server required" \ - "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - 0 \ - -S "X509 - A fatal error occurred" - -# Tests for CA list in CertificateRequest messages - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send CA list in CertificateRequest (default)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -s "requested DN" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: do not send CA list in CertificateRequest" \ - "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ - "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -S "requested DN" - -run_test "Authentication: send CA list in CertificateRequest, client self signed" \ - "$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -S "requested DN" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -c "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send alt conf DN hints in CertificateRequest" \ - "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ - crt_file2=$DATA_FILES_PATH/server1.crt \ - key_file2=$DATA_FILES_PATH/server1.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \ - "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ - crt_file2=$DATA_FILES_PATH/server2.crt \ - key_file2=$DATA_FILES_PATH/server2.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -c "DN hint: C=NL, O=PolarSSL, CN=localhost" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication: send alt hs DN hints in CertificateRequest" \ - "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \ - crt_file2=$DATA_FILES_PATH/server1.crt \ - key_file2=$DATA_FILES_PATH/server1.key" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests -# When updating these tests, modify the matching authentication tests accordingly - -run_test "Authentication, CA callback: server badcert, client required" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -run_test "Authentication, CA callback: server badcert, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -c "x509_verify_cert() returned" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -run_test "Authentication, CA callback: server badcert, client none" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI ca_callback=1 debug_level=3 auth_mode=none" \ - 0 \ - -C "use CA callback for X.509 CRT verification" \ - -C "x509_verify_cert() returned" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication, CA callback: client SHA384, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Authentication, CA callback: client SHA256, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ - key_file=$DATA_FILES_PATH/server6.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -c "Supported Signature Algorithm found: 04 " \ - -c "Supported Signature Algorithm found: 05 " - -run_test "Authentication, CA callback: client badcert, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" -# We don't check that the client receives the alert because it might -# detect that its write end of the connection is closed and abort -# before reading the alert message. - -run_test "Authentication, CA callback: client cert not trusted, server required" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" - -run_test "Authentication, CA callback: client badcert, server optional" \ - "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "! mbedtls_ssl_handshake returned" \ - -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication, CA callback: server max_int chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 0 \ - -c "use CA callback for X.509 CRT verification" \ - -C "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication, CA callback: server max_int+1 chain, client default" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ - "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - "$P_CLI ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ - debug_level=3 auth_mode=optional" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ - "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication, CA callback: client max_int+1 chain, server required" \ - "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ - 1 \ - -s "use CA callback for X.509 CRT verification" \ - -s "X509 - A fatal error occurred" - -requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA -requires_full_size_output_buffer -run_test "Authentication, CA callback: client max_int chain, server required" \ - "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ - "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ - key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ - 0 \ - -s "use CA callback for X.509 CRT verification" \ - -S "X509 - A fatal error occurred" - -# Tests for certificate selection based on SHA version - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ - "$P_SRV force_version=tls12 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key \ - crt_file2=$DATA_FILES_PATH/server5-sha1.crt \ - key_file2=$DATA_FILES_PATH/server5.key" \ - "$P_CLI" \ - 0 \ - -c "signed using.*ECDSA with SHA256" \ - -C "signed using.*ECDSA with SHA1" - -# tests for SNI - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: no SNI callback" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI server_name=localhost" \ - 0 \ - -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: matching cert 1" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=localhost" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: matching cert 2" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=polarssl.example" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SNI: no matching cert" \ - "$P_SRV debug_level=3 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=nonesuch.example" \ - 1 \ - -s "parse ServerName extension" \ - -s "ssl_sni_wrapper() returned" \ - -s "mbedtls_ssl_handshake returned" \ - -c "mbedtls_ssl_handshake returned" \ - -c "SSL - A fatal alert message was received from our peer" - -run_test "SNI: client auth no override: optional" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ - "$P_CLI debug_level=3 server_name=localhost" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -run_test "SNI: client auth override: none -> optional" \ - "$P_SRV debug_level=3 auth_mode=none \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ - "$P_CLI debug_level=3 server_name=localhost" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -run_test "SNI: client auth override: optional -> none" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ - "$P_CLI debug_level=3 server_name=localhost" \ - 0 \ - -s "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got no certificate request" \ - -c "skip write certificate" - -run_test "SNI: CA no override" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ - "$P_CLI debug_level=3 server_name=localhost \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -run_test "SNI: CA override" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ - "$P_CLI debug_level=3 server_name=localhost \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -run_test "SNI: CA override with CRL" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ - "$P_CLI debug_level=3 server_name=localhost \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -s "send alert level=2 message=44" \ - -s "The certificate has been revoked (is on a CRL)" - # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED - -# Tests for SNI and DTLS - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, no SNI callback" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI server_name=localhost dtls=1" \ - 0 \ - -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, matching cert 1" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=localhost dtls=1" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=localhost" - -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, matching cert 2" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=polarssl.example dtls=1" \ - 0 \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, no matching cert" \ - "$P_SRV debug_level=3 dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=nonesuch.example dtls=1" \ - 1 \ - -s "parse ServerName extension" \ - -s "ssl_sni_wrapper() returned" \ - -s "mbedtls_ssl_handshake returned" \ - -c "mbedtls_ssl_handshake returned" \ - -c "SSL - A fatal alert message was received from our peer" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, client auth no override: optional" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, client auth override: none -> optional" \ - "$P_SRV debug_level=3 auth_mode=none dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, client auth override: optional -> none" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1" \ - 0 \ - -s "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got no certificate request" \ - -c "skip write certificate" \ - -c "skip write certificate verify" \ - -s "skip parse certificate verify" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, CA no override" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -s "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, CA override" \ - "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 0 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -S "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -S "The certificate has been revoked (is on a CRL)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "SNI: DTLS, CA override with CRL" \ - "$P_SRV debug_level=3 auth_mode=optional \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key dtls=1 \ - ca_file=$DATA_FILES_PATH/test-ca.crt \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \ - "$P_CLI debug_level=3 server_name=localhost dtls=1 \ - crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \ - 1 \ - -S "skip write certificate request" \ - -C "skip parse certificate request" \ - -c "got a certificate request" \ - -C "skip write certificate" \ - -C "skip write certificate verify" \ - -S "skip parse certificate verify" \ - -s "x509_verify_cert() returned" \ - -S "! The certificate is not correctly signed by the trusted CA" \ - -s "send alert level=2 message=44" \ - -s "The certificate has been revoked (is on a CRL)" - # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED - -# Tests for non-blocking I/O: exercise a variety of handshake flows - -run_test "Non-blocking I/O: basic handshake" \ - "$P_SRV nbio=2 tickets=0 auth_mode=none" \ - "$P_CLI nbio=2 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -run_test "Non-blocking I/O: client auth" \ - "$P_SRV nbio=2 tickets=0 auth_mode=required" \ - "$P_CLI nbio=2 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: ticket" \ - "$P_SRV nbio=2 tickets=1 auth_mode=none" \ - "$P_CLI nbio=2 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: ticket + client auth" \ - "$P_SRV nbio=2 tickets=1 auth_mode=required" \ - "$P_CLI nbio=2 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=required" \ - "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=required" \ - "$P_CLI nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=none" \ - "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \ - "$P_SRV nbio=2 tickets=1 auth_mode=none" \ - "$P_CLI nbio=2 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Non-blocking I/O: session-id resume" \ - "$P_SRV nbio=2 tickets=0 auth_mode=none" \ - "$P_CLI force_version=tls12 nbio=2 tickets=0 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -# Tests for event-driven I/O: exercise a variety of handshake flows - -run_test "Event-driven I/O: basic handshake" \ - "$P_SRV event=1 tickets=0 auth_mode=none" \ - "$P_CLI event=1 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -run_test "Event-driven I/O: client auth" \ - "$P_SRV event=1 tickets=0 auth_mode=required" \ - "$P_CLI event=1 tickets=0" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: ticket" \ - "$P_SRV event=1 tickets=1 auth_mode=none" \ - "$P_CLI event=1 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: ticket + client auth" \ - "$P_SRV event=1 tickets=1 auth_mode=required" \ - "$P_CLI event=1 tickets=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=required" \ - "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=required" \ - "$P_CLI event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=none" \ - "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \ - "$P_SRV event=1 tickets=1 auth_mode=none" \ - "$P_CLI event=1 tickets=1 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Event-driven I/O: session-id resume" \ - "$P_SRV event=1 tickets=0 auth_mode=none" \ - "$P_CLI force_version=tls12 event=1 tickets=0 reconnect=1" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: basic handshake" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=0" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: client auth" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=0" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket + client auth" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "Event-driven I/O, DTLS: ticket + resume" \ - "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: session-id resume" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -# This test demonstrates the need for the mbedtls_ssl_check_pending function. -# During session resumption, the client will send its ApplicationData record -# within the same datagram as the Finished messages. In this situation, the -# server MUST NOT idle on the underlying transport after handshake completion, -# because the ApplicationData request has already been queued internally. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ - -p "$P_PXY pack=50" \ - "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ - 0 \ - -c "Read from server: .* bytes read" - -# Tests for version negotiation. Some information to ease the understanding -# of the version negotiation test titles below: -# . 1.2/1.3 means that only TLS 1.2/TLS 1.3 is enabled. -# . 1.2+1.3 means that both TLS 1.2 and TLS 1.3 are enabled. -# . 1.2+(1.3)/(1.2)+1.3 means that TLS 1.2/1.3 is enabled and that -# TLS 1.3/1.2 may be enabled or not. -# . max=1.2 means that both TLS 1.2 and TLS 1.3 are enabled at build time but -# TLS 1.3 is disabled at runtime (maximum negotiable version is TLS 1.2). -# . min=1.3 means that both TLS 1.2 and TLS 1.3 are enabled at build time but -# TLS 1.2 is disabled at runtime (minimum negotiable version is TLS 1.3). - -# Tests for version negotiation, MbedTLS client and server - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli 1.2, srv 1.2 -> 1.2" \ - "$P_SRV" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli max=1.2, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$P_CLI max_version=tls12" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Version nego m->m: cli 1.3, srv 1.3 -> 1.3" \ - "$P_SRV" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli min=1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$P_CLI min_version=tls13" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli 1.2+1.3, srv 1.2+1.3 -> 1.3" \ - "$P_SRV" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$P_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Version nego m->m: cli max=1.2, srv 1.2+1.3 -> 1.2" \ - "$P_SRV" \ - "$P_CLI max_version=tls12" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" \ - -c "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Version nego m->m: cli min=1.3, srv 1.2+1.3 -> 1.3" \ - "$P_SRV" \ - "$P_CLI min_version=tls13" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -C "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version m->m: cli max=1.2, srv min=1.3" \ - "$P_SRV min_version=tls13" \ - "$P_CLI max_version=tls12" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" \ - -C "Protocol is TLSv1.2" \ - -S "Protocol is TLSv1.3" \ - -C "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version m->m: cli min=1.3, srv max=1.2" \ - "$P_SRV max_version=tls12" \ - "$P_CLI min_version=tls13" \ - 1 \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.2" \ - -C "Protocol is TLSv1.2" \ - -S "Protocol is TLSv1.3" \ - -C "Protocol is TLSv1.3" - -# Tests of version negotiation on server side against GnuTLS client - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:%DISABLE_TLS13_COMPAT_MODE" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -# GnuTLS can be setup to send a ClientHello containing a supported versions -# extension proposing TLS 1.2 (preferred) and then TLS 1.3. In that case, -# a TLS 1.3 and TLS 1.2 capable server is supposed to negotiate TLS 1.2 and -# to indicate in the ServerHello that it downgrades from TLS 1.3. The GnuTLS -# client then detects the downgrade indication and aborts the handshake even -# if TLS 1.2 was its preferred version. Keeping the test even if the -# handshake fails eventually as it exercices parts of the Mbed TLS -# implementation that are otherwise not exercised. -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server version nego G->m: cli 1.2+1.3 (1.2 preferred!), srv 1.2+1.3 -> 1.2" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \ - 1 \ - -c "Detected downgrade to TLS 1.2 from TLS 1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego G->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2+1.3, srv 1.2 -> 1.2" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego G->m: cli 1.2+1.3, max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$G_NEXT_CLI localhost --priority=NORMAL" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version G->m: cli 1.0, (1.2)+(1.3)" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version G->m: cli 1.1, (1.2)+(1.3)" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version G->m: cli 1.2, srv 1.3" \ - "$P_SRV" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version G->m: cli 1.3, srv 1.2" \ - "$P_SRV" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version G->m: cli 1.2, srv min=1.3" \ - "$P_SRV min_version=tls13" \ - "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version G->m: cli 1.3, srv max=1.2" \ - "$P_SRV max_version=tls12" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -# Tests of version negotiation on server side against OpenSSL client - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$O_NEXT_CLI -tls1_2" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$O_NEXT_CLI -tls1_3" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI -no_middlebox" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Server version nego O->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \ - "$P_SRV min_version=tls13" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2+1.3, srv 1.2 -> 1.2" \ - "$P_SRV" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Server version nego O->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \ - "$P_SRV max_version=tls12" \ - "$O_NEXT_CLI" \ - 0 \ - -S "mbedtls_ssl_handshake returned" \ - -s "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version O->m: cli 1.0, srv (1.2)+(1.3)" \ - "$P_SRV" \ - "$O_CLI -tls1" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_SRV_C -run_test "Not supported version O->m: cli 1.1, srv (1.2)+(1.3)" \ - "$P_SRV" \ - "$O_CLI -tls1_1" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version O->m: cli 1.2, srv 1.3" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version O->m: cli 1.3, srv 1.2" \ - "$P_SRV" \ - "$O_NEXT_CLI -tls1_3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version O->m: cli 1.2, srv min=1.3" \ - "$P_SRV min_version=tls13" \ - "$O_NEXT_CLI -tls1_2" \ - 1 \ - -s "Handshake protocol not within min/max boundaries" \ - -S "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Not supported version O->m: cli 1.3, srv max=1.2" \ - "$P_SRV max_version=tls12" \ - "$O_NEXT_CLI -tls1_3" \ - 1 \ - -S "Handshake protocol not within min/max boundaries" \ - -s "The handshake negotiation failed" \ - -S "Protocol is TLSv1.3" - -# Tests of version negotiation on client side against GnuTLS and OpenSSL server - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version: srv max TLS 1.0" \ - "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ - "$P_CLI" \ - 1 \ - -s "Error in protocol version" \ - -c "Handshake protocol not within min/max boundaries" \ - -S "Version: TLS1.0" \ - -C "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Not supported version: srv max TLS 1.1" \ - "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ - "$P_CLI" \ - 1 \ - -s "Error in protocol version" \ - -c "Handshake protocol not within min/max boundaries" \ - -S "Version: TLS1.1" \ - -C "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_gnutls_tls1_3 -run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.0" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "Client's version: 3.3" \ - -S "Version: TLS1.0" \ - -C "Protocol is TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_gnutls_tls1_3 -run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.1" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "Client's version: 3.3" \ - -S "Version: TLS1.1" \ - -C "Protocol is TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_gnutls_tls1_3 -run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.2" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \ - "$P_CLI force_version=tls13 debug_level=4" \ - 1 \ - -s "Client's version: 3.3" \ - -c "is a fatal alert message (msg 40)" \ - -S "Version: TLS1.2" \ - -C "Protocol is TLSv1.2" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_openssl_next -run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.0" \ - "$O_NEXT_SRV -msg -tls1" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "fatal protocol_version" \ - -c "is a fatal alert message (msg 70)" \ - -S "Version: TLS1.0" \ - -C "Protocol : TLSv1.0" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_openssl_next -run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.1" \ - "$O_NEXT_SRV -msg -tls1_1" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "fatal protocol_version" \ - -c "is a fatal alert message (msg 70)" \ - -S "Version: TLS1.1" \ - -C "Protocol : TLSv1.1" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -skip_handshake_stage_check -requires_openssl_next -run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.2" \ - "$O_NEXT_SRV -msg -tls1_2" \ - "$P_CLI force_version=tls13 debug_level=4" \ - 1 \ - -s "fatal protocol_version" \ - -c "is a fatal alert message (msg 70)" \ - -S "Version: TLS1.2" \ - -C "Protocol : TLSv1.2" - -# Tests for ALPN extension - -run_test "ALPN: none" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "client hello, adding alpn extension" \ - -S "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension " \ - -C "Application Layer Protocol is" \ - -S "Application Layer Protocol is" - -run_test "ALPN: client only" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 alpn=abc,1234" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension " \ - -c "Application Layer Protocol is (none)" \ - -S "Application Layer Protocol is" - -run_test "ALPN: server only" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "client hello, adding alpn extension" \ - -S "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension " \ - -C "Application Layer Protocol is" \ - -s "Application Layer Protocol is (none)" - -run_test "ALPN: both, common cli1-srv1" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3 alpn=abc,1234" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -s "server side, adding alpn extension" \ - -c "found alpn extension" \ - -c "Application Layer Protocol is abc" \ - -s "Application Layer Protocol is abc" - -run_test "ALPN: both, common cli2-srv1" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3 alpn=1234,abc" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -s "server side, adding alpn extension" \ - -c "found alpn extension" \ - -c "Application Layer Protocol is abc" \ - -s "Application Layer Protocol is abc" - -run_test "ALPN: both, common cli1-srv2" \ - "$P_SRV debug_level=3 alpn=abc,1234" \ - "$P_CLI debug_level=3 alpn=1234,abcde" \ - 0 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -C "got an alert message, type: \\[2:120]" \ - -s "server side, adding alpn extension" \ - -c "found alpn extension" \ - -c "Application Layer Protocol is 1234" \ - -s "Application Layer Protocol is 1234" - -run_test "ALPN: both, no common" \ - "$P_SRV debug_level=3 alpn=abc,123" \ - "$P_CLI debug_level=3 alpn=1234,abcde" \ - 1 \ - -c "client hello, adding alpn extension" \ - -s "found alpn extension" \ - -c "got an alert message, type: \\[2:120]" \ - -S "server side, adding alpn extension" \ - -C "found alpn extension" \ - -C "Application Layer Protocol is 1234" \ - -S "Application Layer Protocol is 1234" - - -# Tests for keyUsage in leaf certificates, part 1: -# server-side certificate/suite selection -# -# This is only about 1.2 (for 1.3, all key exchanges use signatures). -# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use -# signatures too, following the removal of RSA #8170 and static ECDH #9201. - -run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-ECDHE-RSA-WITH-" - -run_test "keyUsage srv 1.2: RSA, keyEncipherment -> fail" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI" \ - 1 \ - -C "Ciphersuite is " - -run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \ - "$P_CLI" \ - 1 \ - -C "Ciphersuite is " - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" - -run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ - "$P_CLI" \ - 1 \ - -C "Ciphersuite is " - -# Tests for keyUsage in leaf certificates, part 2: -# client-side checking of server cert - -run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (hard)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=3 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (soft)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=3 auth_mode=optional \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" \ - -C "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - -run_test "keyUsage cli 1.2: DigitalSignature, ECDHE-RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ke.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for keyUsage in leaf certificates, part 3: -# server-side checking of client cert -# -# Here, both 1.2 and 1.3 only use signatures. - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$P_CLI key_file=$DATA_FILES_PATH/server2.key \ - crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "Processing of the Certificate handshake message failed" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "! mbedtls_ssl_handshake returned" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ds.crt" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.ku-ka.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -s "! Usage does not match the keyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "Processing of the Certificate handshake message failed" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the keyUsage extension" \ - -s "! mbedtls_ssl_handshake returned" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection - -run_test "extKeyUsage srv: serverAuth -> OK" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI" \ - 0 - -run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI" \ - 0 - -run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-cs_any.crt" \ - "$P_CLI" \ - 0 - -run_test "extKeyUsage srv: codeSign -> fail" \ - "$P_SRV key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-cli.crt" \ - "$P_CLI" \ - 1 - -# Tests for extendedKeyUsage, part 2: client-side checking of server cert - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: serverAuth -> OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=3 auth_mode=optional" \ - 0 \ - -c "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" \ - -C "send alert level=2 message=43" \ - -c "! Usage does not match the extendedKeyUsage extension" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the extendedKeyUsage extension" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - "$P_CLI debug_level=1" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \ - "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - "$P_CLI debug_level=3" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the extendedKeyUsage extension" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for extendedKeyUsage, part 3: server-side checking of client cert - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \ - "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \ - "$P_SRV debug_level=3 auth_mode=optional" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -S "Processing of the Certificate handshake message failed" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \ - "$P_SRV debug_level=3 auth_mode=required" \ - "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ - "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ - 0 \ - -S "bad certificate (usage extensions)" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \ - "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ - -cert $DATA_FILES_PATH/server5.eku-cs.crt" \ - 0 \ - -s "bad certificate (usage extensions)" \ - -S "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -S "Processing of the Certificate handshake message failed" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \ - "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \ - "$P_CLI key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \ - 1 \ - -s "bad certificate (usage extensions)" \ - -s "send alert level=2 message=43" \ - -s "! Usage does not match the extendedKeyUsage extension" \ - -s "Processing of the Certificate handshake message failed" - # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -# Tests for PSK callback - -run_test "PSK callback: psk, no callback" \ - "$P_SRV psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 1 \ - -s "SSL - Verification of the message MAC failed" - -run_test "PSK callback: no psk, no callback" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 1 \ - -s "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: callback overrides other settings" \ - "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 1 \ - -S "SSL - The handshake negotiation failed" \ - -s "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: first id matches" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead" \ - 0 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: second id matches" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: no match" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=ghi psk=beef" \ - 1 \ - -S "SSL - The handshake negotiation failed" \ - -s "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: wrong key" \ - "$P_SRV psk_list=abc,dead,def,beef" \ - "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=beef" \ - 1 \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -s "SSL - Verification of the message MAC failed" - -# Tests for EC J-PAKE - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "ECJPAKE: client not configured" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3" \ - 0 \ - -C "add ciphersuite: 0xc0ff" \ - -C "adding ecjpake_kkpp extension" \ - -S "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -S "server hello, ecjpake kkpp extension" \ - -C "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: server not configured" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -s "found ecjpake kkpp extension" \ - -s "skip ecjpake kkpp extension" \ - -s "ciphersuite mismatch: ecjpake not configured" \ - -S "server hello, ecjpake kkpp extension" \ - -C "found ecjpake_kkpp extension" \ - -s "SSL - The handshake negotiation failed" - -# Note: if the name of this test is changed, then please adjust the corresponding -# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: opaque password client+server, working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ - "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -c "using opaque password" \ - -s "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -# Note: if the name of this test is changed, then please adjust the corresponding -# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: opaque password client only, working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -c "using opaque password" \ - -S "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -# Note: if the name of this test is changed, then please adjust the corresponding -# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: opaque password server only, working, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ - "$P_CLI debug_level=3 ecjpake_pw=bla\ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "add ciphersuite: c0ff" \ - -c "adding ecjpake_kkpp extension" \ - -C "using opaque password" \ - -s "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "found ecjpake kkpp extension" \ - -S "skip ecjpake kkpp extension" \ - -S "ciphersuite mismatch: ecjpake not configured" \ - -s "server hello, ecjpake kkpp extension" \ - -c "found ecjpake_kkpp extension" \ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Verification of the message MAC failed" - -server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: password mismatch, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 ecjpake_pw=bad \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -C "re-using cached ecjpake parameters" \ - -s "SSL - Verification of the message MAC failed" - -server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE_OPAQUE_PW: opaque password mismatch, TLS" \ - "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ - "$P_CLI debug_level=3 ecjpake_pw=bad ecjpake_pw_opaque=1 \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -c "using opaque password" \ - -s "using opaque password" \ - -C "re-using cached ecjpake parameters" \ - -s "SSL - Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, DTLS" \ - "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -c "re-using cached ecjpake parameters" \ - -S "SSL - Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, DTLS, no cookie" \ - "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ - "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 \ - -C "re-using cached ecjpake parameters" \ - -S "SSL - Verification of the message MAC failed" - -server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: password mismatch, DTLS" \ - "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ - "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 1 \ - -c "re-using cached ecjpake parameters" \ - -s "SSL - Verification of the message MAC failed" - -# for tests with configs/config-thread.h -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -run_test "ECJPAKE: working, DTLS, nolog" \ - "$P_SRV dtls=1 ecjpake_pw=bla" \ - "$P_CLI dtls=1 ecjpake_pw=bla \ - force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ - 0 - -# Test for ClientHello without extensions - -requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -requires_gnutls -run_test "ClientHello without extensions: PSK" \ - "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \ - "$G_CLI --priority=NORMAL:+PSK:-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \ - 0 \ - -s "Ciphersuite is .*-PSK-.*" \ - -S "Ciphersuite is .*-EC.*" \ - -s "dumping 'client hello extensions' (0 bytes)" - -# Tests for mbedtls_ssl_get_bytes_avail() - -# The server first reads buffer_size-1 bytes, then reads the remainder. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ - "$P_SRV buffer_size=100" \ - "$P_CLI request_size=100" \ - 0 \ - -s "Read from client: 100 bytes read$" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \ - "$P_SRV buffer_size=100" \ - "$P_CLI request_size=101" \ - 0 \ - -s "Read from client: 101 bytes read (100 + 1)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_max_content_len 200 -run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ - "$P_SRV buffer_size=100" \ - "$P_CLI request_size=200" \ - 0 \ - -s "Read from client: 200 bytes read (100 + 100)" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ - "$P_SRV buffer_size=100 force_version=tls12" \ - "$P_CLI request_size=$MAX_CONTENT_LEN" \ - 0 \ - -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" - -# Tests for small client packets - -run_test "Small client packet TLS 1.2 BlockCipher" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 AEAD" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 0 \ - -s "Read from client: 1 bytes read" - -run_test "Small client packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small client packet TLS 1.3 AEAD" \ - "$P_SRV" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small client packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV" \ - "$P_CLI request_size=1 \ - force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -s "Read from client: 1 bytes read" - -# Tests for small client packets in DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small client packet DTLS 1.2" \ - "$P_SRV dtls=1 force_version=dtls12" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small client packet DTLS 1.2, without EtM" \ - "$P_SRV dtls=1 force_version=dtls12 etm=0" \ - "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: 1 bytes read" - -# Tests for small server packets - -run_test "Small server packet TLS 1.2 BlockCipher" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 AEAD" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 0 \ - -c "Read from server: 1 bytes read" - -run_test "Small server packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small server packet TLS 1.3 AEAD" \ - "$P_SRV response_size=1" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Small server packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV response_size=1" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -c "Read from server: 1 bytes read" - -# Tests for small server packets in DTLS - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small server packet DTLS 1.2" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 1 bytes read" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -run_test "Small server packet DTLS 1.2, without EtM" \ - "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ - "$P_CLI dtls=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 1 bytes read" - -# Test for large client packets - -# How many fragments do we expect to write $1 bytes? -fragments_for_write() { - echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" -} - -run_test "Large client packet TLS 1.2 BlockCipher" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 etm=0 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 AEAD" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -run_test "Large client packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV force_version=tls12" \ - "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ - 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large client packet TLS 1.3 AEAD" \ - "$P_SRV" \ - "$P_CLI request_size=16383 \ - force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ - -s "Read from client: 16383 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large client packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV" \ - "$P_CLI request_size=16383 \ - force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ - -s "Read from client: 16383 bytes read" - -# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. -run_test "Large server packet TLS 1.2 BlockCipher" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI etm=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ - 0 \ - -s "16384 bytes written in 1 fragments" \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ - 0 \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ - "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ - 0 \ - -s "16384 bytes written in 1 fragments" \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 AEAD" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ - 0 \ - -c "Read from server: 16384 bytes read" - -run_test "Large server packet TLS 1.2 AEAD shorter tag" \ - "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ - 0 \ - -c "Read from server: 16384 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large server packet TLS 1.3 AEAD" \ - "$P_SRV response_size=16383" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ - 0 \ - -c "Read from server: 16383 bytes read" - -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "Large server packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV response_size=16383" \ - "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ - 0 \ - -c "Read from server: 16383 bytes read" - -# Tests for restartable ECC - -# Force the use of a curve that supports restartable ECC (secp256r1). - -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, default" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1" \ - 0 \ - -C "x509_verify_cert.*\(4b00\|-248\)" \ - -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -C "mbedtls_pk_sign.*\(4b00\|-248\)" - -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=0" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=0" \ - 0 \ - -C "x509_verify_cert.*\(4b00\|-248\)" \ - -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -C "mbedtls_pk_sign.*\(4b00\|-248\)" - -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=65535" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=65535" \ - 0 \ - -C "x509_verify_cert.*\(4b00\|-248\)" \ - -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -C "mbedtls_pk_sign.*\(4b00\|-248\)" - -# The following test cases for restartable ECDH come in two variants: -# * The "(USE_PSA)" variant expects the current behavior, which is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. This tests -# the partial implementation where ECDH in TLS is not actually restartable. -# * The "(no USE_PSA)" variant expects the desired behavior. These test -# cases cannot currently pass because the implementation of restartable ECC -# in TLS is partial: ECDH is not actually restartable. This is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. -# -# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, -# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test -# cases. - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -skip_next_test -run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" - -# This works the same with & without USE_PSA as we never get to ECDH: -# we abort as soon as we determined the cert is bad. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, badsign" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 1 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -C "mbedtls_pk_sign.*\(4b00\|-248\)" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=optional" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ - -c "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=none" \ - 0 \ - -C "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server5-badsign.crt \ - key_file=$DATA_FILES_PATH/server5.key" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000 auth_mode=none" \ - 0 \ - -C "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ - -C "! The certificate is not correctly signed by the trusted CA" \ - -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -skip_next_test -run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - dtls=1 debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ - "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - dtls=1 debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -c "mbedtls_pk_sign.*\(4b00\|-248\)" - -# With USE_PSA disabled we expect full restartable behaviour. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -skip_next_test -run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ - "$P_SRV groups=secp256r1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -C "mbedtls_pk_sign.*\(4b00\|-248\)" - - -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ - "$P_SRV groups=secp256r1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -c "x509_verify_cert.*\(4b00\|-248\)" \ - -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -C "mbedtls_pk_sign.*\(4b00\|-248\)" - -# Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no -# restartable behaviour at all (not even client auth). -# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA, -# and all 4 assertions negated. -requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ - "$P_SRV groups=secp256r1 auth_mode=required" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - debug_level=1 ec_max_ops=1000" \ - 0 \ - -C "x509_verify_cert.*\(4b00\|-248\)" \ - -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ - -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ - -C "mbedtls_pk_sign.*\(4b00\|-248\)" - -# Tests of asynchronous private key support in SSL - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, delay=0" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, delay=1" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, delay=2" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=2 async_private_delay2=2" \ - "$P_CLI" \ - 0 \ - -s "Async sign callback: using key slot " \ - -U "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): call 1 more times." \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "SSL async private: sign, SNI" \ - "$P_SRV force_version=tls12 debug_level=3 \ - async_operations=s async_private_delay1=0 async_private_delay2=0 \ - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI server_name=polarssl.example" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" \ - -s "parse ServerName extension" \ - -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ - -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" - -# key1: ECDSA, key2: RSA; use key1 from slot 0 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: slot 0 used with key1" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 0," \ - -s "Async resume (slot 0): call 0 more times." \ - -s "Async resume (slot 0): sign done, status=0" - -# key1: ECDSA, key2: RSA; use key2 from slot 0 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: slot 0 used with key2" \ - "$P_SRV \ - async_operations=s async_private_delay2=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 0," \ - -s "Async resume (slot 0): call 0 more times." \ - -s "Async resume (slot 0): sign done, status=0" - -# key1: ECDSA, key2: RSA; use key2 from slot 1 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: slot 1 used with key2" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 1," \ - -s "Async resume (slot 1): call 0 more times." \ - -s "Async resume (slot 1): sign done, status=0" - -# key1: ECDSA, key2: RSA; use key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: fall back to transparent key" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt " \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: no key matches this certificate." - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, error in start" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=1" \ - "$P_CLI" \ - 1 \ - -s "Async sign callback: injected error" \ - -S "Async resume" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, cancel after start" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=2" \ - "$P_CLI" \ - 1 \ - -s "Async sign callback: using key slot " \ - -S "Async resume" \ - -s "Async cancel" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign, error in resume" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=3" \ - "$P_CLI" \ - 1 \ - -s "Async sign callback: using key slot " \ - -s "Async resume callback: sign done but injected error" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: cancel after start then operate correctly" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=-2" \ - "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ - 0 \ - -s "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async resume" \ - -s "Successful connection" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: error in resume then operate correctly" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - async_private_error=-3" \ - "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ - 0 \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async resume" \ - -s "Successful connection" - -# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -# Note: the function "detect_required_features()" is not able to detect more than -# one "force_ciphersuite" per client/server and it only picks the 2nd one. -# Therefore the 1st one is added explicitly here -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "SSL async private: cancel after start then fall back to transparent key" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 async_private_error=-2 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; - [ \$? -eq 1 ] && - $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async sign callback: using key slot 0" \ - -S "Async resume" \ - -s "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async sign callback: no key matches this certificate." \ - -s "Successful connection" - -# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -# Note: the function "detect_required_features()" is not able to detect more than -# one "force_ciphersuite" per client/server and it only picks the 2nd one. -# Therefore the 1st one is added explicitly here -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "SSL async private: sign, error in resume then fall back to transparent key" \ - "$P_SRV \ - async_operations=s async_private_delay1=1 async_private_error=-3 \ - key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ - key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; - [ \$? -eq 1 ] && - $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -s "Async resume" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "Async sign callback: no key matches this certificate." \ - -s "Successful connection" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: client-initiated, sign" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1" \ - "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: server-initiated, sign" \ - "$P_SRV force_version=tls12 \ - async_operations=s async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1 renegotiate=1" \ - "$P_CLI exchanges=2 renegotiation=1" \ - 0 \ - -s "Async sign callback: using key slot " \ - -s "Async resume (slot [0-9]): sign done, status=0" - -# Tests for ECC extensions (rfc 4492) - -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -run_test "Force a non ECC ciphersuite in the client side" \ - "$P_SRV debug_level=3 psk=73776f726466697368" \ - "$P_CLI debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \ - 0 \ - -C "client hello, adding supported_groups extension" \ - -C "client hello, adding supported_point_formats extension" \ - -S "found supported elliptic curves extension" \ - -S "found supported point formats extension" - -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -run_test "Force a non ECC ciphersuite in the server side" \ - "$P_SRV debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \ - "$P_CLI debug_level=3 psk=73776f726466697368" \ - 0 \ - -C "found supported_point_formats extension" \ - -S "server hello, supported_point_formats extension" - -requires_hash_alg SHA_256 -run_test "Force an ECC ciphersuite in the client side" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 \ - -c "client hello, adding supported_groups extension" \ - -c "client hello, adding supported_point_formats extension" \ - -s "found supported elliptic curves extension" \ - -s "found supported point formats extension" - -requires_hash_alg SHA_256 -run_test "Force an ECC ciphersuite in the server side" \ - "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "found supported_point_formats extension" \ - -s "server hello, supported_point_formats extension" - -# Tests for DTLS HelloVerifyRequest - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: enabled" \ - "$P_SRV dtls=1 debug_level=2" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -s "cookie verification failed" \ - -s "cookie verification passed" \ - -S "cookie verification skipped" \ - -c "received hello verify request" \ - -s "hello verification requested" \ - -S "SSL - The requested feature is not available" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: disabled" \ - "$P_SRV dtls=1 debug_level=2 cookies=0" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -S "cookie verification failed" \ - -S "cookie verification passed" \ - -s "cookie verification skipped" \ - -C "received hello verify request" \ - -S "hello verification requested" \ - -S "SSL - The requested feature is not available" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: default (failing)" \ - "$P_SRV dtls=1 debug_level=2 cookies=-1" \ - "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ - 1 \ - -s "cookie verification failed" \ - -S "cookie verification passed" \ - -S "cookie verification skipped" \ - -C "received hello verify request" \ - -S "hello verification requested" \ - -s "SSL - The requested feature is not available" - -requires_ipv6 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: enabled, IPv6" \ - "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ - "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ - 0 \ - -s "cookie verification failed" \ - -s "cookie verification passed" \ - -S "cookie verification skipped" \ - -c "received hello verify request" \ - -s "hello verification requested" \ - -S "SSL - The requested feature is not available" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS cookie: enabled, nbio" \ - "$P_SRV dtls=1 nbio=2 debug_level=2" \ - "$P_CLI dtls=1 nbio=2 debug_level=2" \ - 0 \ - -s "cookie verification failed" \ - -s "cookie verification passed" \ - -S "cookie verification skipped" \ - -c "received hello verify request" \ - -s "hello verification requested" \ - -S "SSL - The requested feature is not available" - -# Tests for client reconnecting from the same port with DTLS - -not_with_valgrind # spurious resend -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reference" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ - 0 \ - -C "resend" \ - -S "The operation timed out" \ - -S "Client initiated reconnection from same port" - -not_with_valgrind # spurious resend -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reconnect" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ - 0 \ - -C "resend" \ - -S "The operation timed out" \ - -s "Client initiated reconnection from same port" - -not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ - 0 \ - -S "The operation timed out" \ - -s "Client initiated reconnection from same port" - -only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ - 0 \ - -S "The operation timed out" \ - -s "Client initiated reconnection from same port" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: no cookies" \ - "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ - "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ - 0 \ - -s "The operation timed out" \ - -S "Client initiated reconnection from same port" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client reconnect from same port: attacker-injected" \ - -p "$P_PXY inject_clihlo=1" \ - "$P_SRV dtls=1 exchanges=2 debug_level=1" \ - "$P_CLI dtls=1 exchanges=2" \ - 0 \ - -s "possible client reconnect from the same port" \ - -S "Client initiated reconnection from same port" - -# Tests for various cases of client authentication with DTLS -# (focused on handshake flows and message parsing) - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client auth: required" \ - "$P_SRV dtls=1 auth_mode=required" \ - "$P_CLI dtls=1" \ - 0 \ - -s "Verifying peer X.509 certificate... ok" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client auth: optional, client has no cert" \ - "$P_SRV dtls=1 auth_mode=optional" \ - "$P_CLI dtls=1 crt_file=none key_file=none" \ - 0 \ - -s "! Certificate was missing" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS client auth: none, client has no cert" \ - "$P_SRV dtls=1 auth_mode=none" \ - "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ - 0 \ - -c "skip write certificate$" \ - -s "! Certificate verification was skipped" - -run_test "DTLS wrong PSK: badmac alert" \ - "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ - "$P_CLI dtls=1 psk=73776f726466697374" \ - 1 \ - -s "SSL - Verification of the message MAC failed" \ - -c "SSL - A fatal alert message was received from our peer" - -# Tests for receiving fragmented handshake messages with DTLS - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: no fragmentation (gnutls server)" \ - "$G_SRV -u --mtu 2048 -a" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: some fragmentation (gnutls server)" \ - "$G_SRV -u --mtu 512" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation (gnutls server)" \ - "$G_SRV -u --mtu 128" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ - "$G_SRV -u --mtu 128" \ - "$P_CLI dtls=1 nbio=2 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ - "$G_SRV -u --mtu 256" \ - "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "mbedtls_ssl_handshake returned" \ - -C "error" \ - -s "Extra-header:" - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ - "$G_SRV -u --mtu 256" \ - "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" \ - -C "mbedtls_ssl_handshake returned" \ - -C "error" \ - -s "Extra-header:" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: no fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 2048" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: some fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 nbio=2 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Tests for sending fragmented handshake messages with DTLS -# -# Use client auth when we need the client to send large messages, -# and use large cert chains on both sides too (the long chains we have all use -# both RSA and ECDSA, but ideally we should have long chains with either). -# Sizes reached (UDP payload): -# - 2037B for server certificate -# - 1542B for client certificate -# - 1013B for newsessionticket -# - all others below 512B -# All those tests assume MAX_CONTENT_LEN is at least 2048 - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: none (for reference)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=4096" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=4096" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: server only (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# With the MFL extension, the server has no way of forcing -# the client to not exceed a certain MTU; hence, the following -# test can't be replicated with an MTU proxy such as the one -# `client-initiated, server only (max_frag_len)` below. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=4096" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=none \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# While not required by the standard defining the MFL extension -# (according to which it only applies to records, not to datagrams), -# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, -# as otherwise there wouldn't be any means to communicate MTU restrictions -# to the peer. -# The next test checks that no datagrams significantly larger than the -# negotiated MFL are sent. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1110" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=none \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# While not required by the standard defining the MFL extension -# (according to which it only applies to records, not to datagrams), -# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, -# as otherwise there wouldn't be any means to communicate MTU restrictions -# to the peer. -# The next test checks that no datagrams significantly larger than the -# negotiated MFL are sent. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ - -p "$P_PXY mtu=1110" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - max_frag_len=2048" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - max_frag_len=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: none (for reference) (MTU)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=4096" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - mtu=4096" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 4096 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: client (MTU)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=3500-60000 \ - mtu=4096" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=3500-60000 \ - mtu=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -C "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: server (MTU)" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - mtu=2048" \ - 0 \ - -S "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: both (MTU=1024)" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=2500-60000 \ - mtu=1024" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_max_content_len 2048 -run_test "DTLS fragmenting: both (MTU=512)" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=2500-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=2500-60000 \ - mtu=512" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Test for automatic MTU reduction on repeated resend. -# Forcing ciphersuite for this test to fit the MTU of 508 with full config. -# The ratio of max/min timeout should ideally equal 4 to accept two -# retransmissions, but in some cases (like both the server and client using -# fragmentation and auto-reduction) an extra retransmission might occur, -# hence the ratio of 8. -not_with_valgrind -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ - -p "$P_PXY mtu=508" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=400-3200" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=400-3200" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 508 with full config. -only_with_valgrind -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ - -p "$P_PXY mtu=508" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-10000" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=250-10000" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend -# OTOH the client might resend if the server is to slow to reset after sending -# a HelloVerifyRequest, so only check for no retransmission server-side -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend -# OTOH the client might resend if the server is to slow to reset after sending -# a HelloVerifyRequest, so only check for no retransmission server-side -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=1024 nbio=2" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=10000-60000 \ - mtu=1024 nbio=2" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=512 nbio=2" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512 nbio=2" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. -# This ensures things still work after session_reset(). -# It also exercises the "resumed handshake" flow. -# Since we don't support reading fragmented ClientHello yet, -# up the MTU to 1450 (larger than ClientHello with session ticket, -# but still smaller than client's Certificate to ensure fragmentation). -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -# reco_delay avoids races where the client reconnects before the server has -# resumed listening, which would result in a spurious autoreduction. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ - -p "$P_PXY mtu=1450" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=10000-60000 \ - mtu=1450" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=10000-60000 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - hs_timeout=10000-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ - -p "$P_PXY mtu=512" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - hs_timeout=10000-60000 \ - mtu=512" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=10000-60000 \ - mtu=512" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# An autoreduction on the client-side might happen if the server is -# slow to reset, therefore omitting '-C "autoreduction"' below. -not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ - -p "$P_PXY mtu=1024" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - exchanges=2 renegotiation=1 renegotiate=1 \ - hs_timeout=10000-60000 \ - mtu=1024" \ - 0 \ - -S "autoreduction" \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -client_needs_more_time 2 -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU + 3d" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ - "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-10000 mtu=512" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=250-10000 mtu=512" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -client_needs_more_time 2 -requires_max_content_len 2048 -run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ - -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 auth_mode=required \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-10000 mtu=512 nbio=2" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - hs_timeout=250-10000 mtu=512 nbio=2" \ - 0 \ - -s "found fragmented DTLS handshake message" \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -# interop tests for DTLS fragmentating with reliable connection -# -# here and below we just want to test that the we fragment in a way that -# pleases other implementations, so we don't need the peer to fragment -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_gnutls -requires_max_content_len 2048 -run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ - "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -# We use --insecure for the GnuTLS client because it expects -# the hostname / IP it connects to to be the name used in the -# certificate obtained from the server. Here, however, it -# connects to 127.0.0.1 while our test certificates use 'localhost' -# as the server name in the certificate. This will make the -# certificate validation fail, but passing --insecure makes -# GnuTLS continue the connection nonetheless. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_gnutls -requires_not_i686 -requires_max_content_len 2048 -run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - mtu=512 force_version=dtls12" \ - "$G_CLI -u --insecure 127.0.0.1" \ - 0 \ - -s "fragmenting handshake message" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ - "$O_SRV -dtls1_2 -verify 10" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 -run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - mtu=512 force_version=dtls12" \ - "$O_CLI -dtls1_2" \ - 0 \ - -s "fragmenting handshake message" - -# interop tests for DTLS fragmentating with unreliable connection -# -# again we just want to test that the we fragment in a way that -# pleases other implementations, so we don't need the peer to fragment -requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$G_NEXT_SRV -u" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - "$G_NEXT_CLI -u --insecure 127.0.0.1" \ - 0 \ - -s "fragmenting handshake message" - -## The test below requires 1.1.1a or higher version of openssl, otherwise -## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) -requires_openssl_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$O_NEXT_SRV -dtls1_2 -verify 10" \ - "$P_CLI dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ - key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - 0 \ - -c "fragmenting handshake message" \ - -C "error" - -## the test below will time out with certain seed. -## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -client_needs_more_time 4 -requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ - -p "$P_PXY drop=8 delay=8 duplicate=8" \ - "$P_SRV dtls=1 debug_level=2 \ - crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ - key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ - "$O_CLI -dtls1_2" \ - 0 \ - -s "fragmenting handshake message" - -# Tests for DTLS-SRTP (RFC 5764) -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported" \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -S "selected srtp profile" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension." \ - "$P_SRV dtls=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. mki used" \ - "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "dumping 'using mki' (8 bytes)" \ - -s "DTLS-SRTP key material is"\ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "dumping 'sending mki' (8 bytes)" \ - -c "dumping 'received mki' (8 bytes)" \ - -c "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -s "DTLS-SRTP no mki value negotiated"\ - -S "dumping 'using mki' (8 bytes)" \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP no mki value negotiated"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "dumping 'sending mki' (8 bytes)" \ - -C "dumping 'received mki' (8 bytes)" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ - -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -S "selected srtp profile" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP Extension negotiated, profile" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ - "$P_SRV dtls=1 debug_level=3" \ - "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - 0 \ - -s "found use_srtp extension" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP Extension negotiated, profile" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. openssl server" \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ - "$O_SRV -dtls" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ - "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP no mki value negotiated"\ - -c "dumping 'sending mki' (8 bytes)" \ - -C "dumping 'received mki' (8 bytes)" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_NULL_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -s "selected srtp profile" \ - -s "server hello, adding use_srtp extension" \ - -s "DTLS-SRTP key material is"\ - -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -s "found srtp profile" \ - -S "selected srtp profile" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP profile:" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ - "$P_SRV dtls=1 debug_level=3" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ - 0 \ - -s "found use_srtp extension" \ - -S "server hello, adding use_srtp extension" \ - -S "DTLS-SRTP key material is"\ - -C "SRTP profile:" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. gnutls server" \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ - "$G_SRV -u" \ - "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -C "found use_srtp extension" \ - -C "found srtp profile" \ - -C "selected srtp profile" \ - -C "DTLS-SRTP key material is"\ - -C "error" - -requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -requires_gnutls -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ - "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ - 0 \ - -c "client hello, adding use_srtp extension" \ - -c "found use_srtp extension" \ - -c "found srtp profile" \ - -c "selected srtp profile" \ - -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP mki value:"\ - -c "dumping 'sending mki' (8 bytes)" \ - -c "dumping 'received mki' (8 bytes)" \ - -C "error" - -# Tests for specific things with "unreliable" UDP connection - -not_with_valgrind # spurious resend due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: reference" \ - -p "$P_PXY" \ - "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ - 0 \ - -C "replayed record" \ - -S "replayed record" \ - -C "Buffer record from epoch" \ - -S "Buffer record from epoch" \ - -C "ssl_buffer_message" \ - -S "ssl_buffer_message" \ - -C "discarding invalid record" \ - -S "discarding invalid record" \ - -S "resend" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -not_with_valgrind # spurious resend due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: duplicate every packet" \ - -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ - 0 \ - -c "replayed record" \ - -s "replayed record" \ - -c "record from another epoch" \ - -s "record from another epoch" \ - -S "resend" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ - -p "$P_PXY duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -c "replayed record" \ - -S "replayed record" \ - -c "record from another epoch" \ - -s "record from another epoch" \ - -c "resend" \ - -s "resend" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: multiple records in same datagram" \ - -p "$P_PXY pack=50" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -c "next record in same datagram" \ - -s "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ - -p "$P_PXY pack=50 duplicate=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ - 0 \ - -c "next record in same datagram" \ - -s "next record in same datagram" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ - 0 \ - -c "discarding invalid record (mac)" \ - -s "discarding invalid record (mac)" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" \ - -S "too many records with bad MAC" \ - -S "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ - 1 \ - -C "discarding invalid record (mac)" \ - -S "discarding invalid record (mac)" \ - -S "Extra-header:" \ - -C "HTTP/1.0 200 OK" \ - -s "too many records with bad MAC" \ - -s "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ - 0 \ - -c "discarding invalid record (mac)" \ - -s "discarding invalid record (mac)" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" \ - -S "too many records with bad MAC" \ - -S "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ - -p "$P_PXY bad_ad=1" \ - "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ - "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ - 1 \ - -c "discarding invalid record (mac)" \ - -s "discarding invalid record (mac)" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" \ - -s "too many records with bad MAC" \ - -s "Verification of the message MAC failed" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: delay ChangeCipherSpec" \ - -p "$P_PXY delay_ccs=1" \ - "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ - "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ - 0 \ - -c "record from another epoch" \ - -s "record from another epoch" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -# Tests for reordering support with DTLS - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ - -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ - -p "$P_PXY delay_srv=ServerHello" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "found fragmented DTLS handshake message"\ - -c "Next handshake message 1 not or only partially buffered" \ - -c "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -# The client buffers the ServerKeyExchange before receiving the fragmented -# Certificate message; at the time of writing, together these are aroudn 1200b -# in size, so that the bound below ensures that the certificate can be reassembled -# while keeping the ServerKeyExchange. -requires_certificate_authentication -requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ - -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ - -C "attempt to make space by freeing buffered messages" \ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -# The size constraints ensure that the delayed certificate message can't -# be reassembled while keeping the ServerKeyExchange message, but it can -# when dropping it first. -requires_certificate_authentication -requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 -requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ - -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ - "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -c "Buffering HS message" \ - -c "attempt to make space by freeing buffered future messages" \ - -c "Enough space available after freeing buffered HS messages" \ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ - -p "$P_PXY delay_cli=Certificate" \ - "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ - -s "Buffering HS message" \ - -s "Next handshake message has been buffered - load" \ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ - -p "$P_PXY delay_srv=NewSessionTicket" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ - -c "Injecting buffered CCS message" \ - -c "Remember CCS message" \ - -S "Injecting buffered CCS message" \ - -S "Remember CCS message" - -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ - -p "$P_PXY delay_cli=ClientKeyExchange" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ - -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ - -C "Injecting buffered CCS message" \ - -C "Remember CCS message" \ - -s "Injecting buffered CCS message" \ - -s "Remember CCS message" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reordering: Buffer encrypted Finished message" \ - -p "$P_PXY delay_ccs=1" \ - "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ - hs_timeout=2500-60000" \ - 0 \ - -s "Buffer record from epoch 1" \ - -s "Found buffered record from current epoch - load" \ - -c "Buffer record from epoch 1" \ - -c "Found buffered record from current epoch - load" - -# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec -# from the server are delayed, so that the encrypted Finished message -# is received and buffered. When the fragmented NewSessionTicket comes -# in afterwards, the encrypted Finished message must be freed in order -# to make space for the NewSessionTicket to be reassembled. -# This works only in very particular circumstances: -# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering -# of the NewSessionTicket, but small enough to also allow buffering of -# the encrypted Finished message. -# - The MTU setting on the server must be so small that the NewSessionTicket -# needs to be fragmented. -# - All messages sent by the server must be small enough to be either sent -# without fragmentation or be reassembled within the bounds of -# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based -# handshake, omitting CRTs. -requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 -requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 -run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ - -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ - "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ - 0 \ - -s "Buffer record from epoch 1" \ - -s "Found buffered record from current epoch - load" \ - -c "Buffer record from epoch 1" \ - -C "Found buffered record from current epoch - load" \ - -c "Enough space available after freeing future epoch record" - -# Tests for "randomly unreliable connection": try a variety of flows and peers - -client_needs_more_time 2 -run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ - psk=73776f726466697368" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -run_test "DTLS proxy: 3d, \"short\" ECDHE-RSA handshake" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, FS, client auth" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS proxy: 3d, FS, ticket" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS -run_test "DTLS proxy: 3d, max handshake, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ - auth_mode=required" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ - 0 \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "DTLS proxy: 3d, min handshake, resumption" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 debug_level=3" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -s "a session has been resumed" \ - -c "a session has been resumed" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_CACHE_C -run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 debug_level=3 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ - 0 \ - -s "a session has been resumed" \ - -c "a session has been resumed" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiate=1 debug_level=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiate=1 debug_level=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ - debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiation=1 exchanges=4 debug_level=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -client_needs_more_time 4 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ - debug_level=2 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ - renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ - force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ - 0 \ - -c "=> renegotiate" \ - -s "=> renegotiate" \ - -s "Extra-header:" \ - -c "HTTP/1.0 200 OK" - -## The three tests below require 1.1.1a or higher version of openssl, otherwise -## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) -## Besides, openssl should use dtls1_2 or dtls, otherwise it will cause "SSL alert number 70" error -requires_openssl_next -client_needs_more_time 6 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, openssl server" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 2048" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ - 0 \ - -c "HTTP/1.0 200 OK" - -requires_openssl_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, openssl server, fragmentation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ - 0 \ - -c "HTTP/1.0 200 OK" - -requires_openssl_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ - 0 \ - -c "HTTP/1.0 200 OK" - -requires_gnutls -client_needs_more_time 6 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, gnutls server" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_SRV -u --mtu 2048 -a" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ - 0 \ - -s "Extra-header:" \ - -c "Extra-header:" - -requires_gnutls_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ - 0 \ - -s "Extra-header:" \ - -c "Extra-header:" - -requires_gnutls_next -client_needs_more_time 8 -not_with_valgrind # risk of non-mbedtls peer timing out -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ - -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ - 0 \ - -s "Extra-header:" \ - -c "Extra-header:" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "export keys functionality" \ - "$P_SRV eap_tls=1 debug_level=3" \ - "$P_CLI force_version=tls12 eap_tls=1 debug_level=3" \ - 0 \ - -c "EAP-TLS key material is:"\ - -s "EAP-TLS key material is:"\ - -c "EAP-TLS IV is:" \ - -s "EAP-TLS IV is:" - -# openssl feature tests: check if tls1.3 exists. -requires_openssl_tls1_3 -run_test "TLS 1.3: Test openssl tls1_3 feature" \ - "$O_NEXT_SRV -tls1_3 -msg" \ - "$O_NEXT_CLI -tls1_3 -msg" \ - 0 \ - -c "TLS 1.3" \ - -s "TLS 1.3" - -# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options. -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3: Test gnutls tls1_3 feature" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Version: TLS1.3" \ - -c "Version: TLS1.3" - -# TLS1.3 test cases -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256 -requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255" -requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256" -run_test "TLS 1.3: Default" \ - "$P_SRV allow_sha1=0 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key force_version=tls13" \ - "$P_CLI allow_sha1=0" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "Ciphersuite is TLS1-3-CHACHA20-POLY1305-SHA256" \ - -s "ECDH/FFDH group: " \ - -s "selected signature algorithm ecdsa_secp256r1_sha256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Establish TLS 1.2 then TLS 1.3 session" \ - "$P_SRV" \ - "( $P_CLI force_version=tls12; \ - $P_CLI force_version=tls13 )" \ - 0 \ - -s "Protocol is TLSv1.2" \ - -s "Protocol is TLSv1.3" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -run_test "Establish TLS 1.3 then TLS 1.2 session" \ - "$P_SRV" \ - "( $P_CLI force_version=tls13; \ - $P_CLI force_version=tls12 )" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "Protocol is TLSv1.2" \ - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: minimal feature sets - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=3" \ - 0 \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: minimal feature sets - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=3" \ - 0 \ - -s "SERVER HELLO was queued" \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: alpn - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ - "$P_CLI debug_level=3 alpn=h2" \ - 0 \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" \ - -c "Application Layer Protocol is h2" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: alpn - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ - "$P_CLI debug_level=3 alpn=h2" \ - 0 \ - -s "SERVER HELLO was queued" \ - -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ - -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ - -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "<= ssl_tls13_process_server_hello" \ - -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ - -c "DHE group name: " \ - -c "=> ssl_tls13_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" \ - -c "Application Layer Protocol is h2" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: server alpn - openssl" \ - "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ - "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ - 0 \ - -s "found alpn extension" \ - -s "server side, adding alpn extension" \ - -s "Protocol is TLSv1.3" \ - -s "HTTP/1.0 200 OK" \ - -s "Application Layer Protocol is h2" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_ALPN -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: server alpn - gnutls" \ - "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ - 0 \ - -s "found alpn extension" \ - -s "server side, adding alpn extension" \ - -s "Protocol is TLSv1.3" \ - -s "HTTP/1.0 200 OK" \ - -s "Application Layer Protocol is h2" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ - "$P_CLI debug_level=4 crt_file=none key_file=none" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -s "TLS 1.3" \ - -c "HTTP/1.0 200 ok" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ - -s "Version: TLS1.3" \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" - - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ - key_file=$DATA_FILES_PATH/cli2.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 - -sigalgs ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -# Test using an opaque private key for client authentication -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \ - key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \ - key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ - 0 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "Protocol is TLSv1.3" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 - -sigalgs ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ - "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \ - key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ - 1 \ - -c "got a certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ - "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ - "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 ok" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ - "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ - "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ - -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ - -c "Protocol is TLSv1.3" \ - -c "HTTP/1.0 200 OK" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - openssl" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - openssl with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3 -no_middlebox" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "=> write certificate request" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - gnutls" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - gnutls with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost -d 4 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "=> write certificate request" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ - -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ - -c "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "=> write certificate request" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4 crt_file=none key_file=none" \ - 1 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "=> write certificate request" \ - -s "SSL - No client certification received from the client, but required by the authentication mode" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ - "$P_SRV debug_level=4 auth_mode=optional crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$P_CLI debug_level=4 crt_file=none key_file=none" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "=> write certificate request" \ - -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ - -s "=> parse client hello" \ - -s "<= parse client hello" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH -run_test "TLS 1.3: server: HRR check - mbedtls" \ - "$P_SRV debug_level=4 groups=secp384r1" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ - -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ - -s "selected_group: secp384r1" \ - -s "=> write hello retry request" \ - -s "<= write hello retry request" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check, no server certificate available" \ - "$P_SRV debug_level=4 crt_file=none key_file=none" \ - "$P_CLI debug_level=4" \ - 1 \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -s "No certificate available." - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - openssl with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ - sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$O_NEXT_CLI -msg -debug -servername localhost -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3" \ - 0 \ - -s "parse ServerName extension" \ - -s "HTTP/1.0 200 OK" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - gnutls with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ - sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \ - 0 \ - -s "parse ServerName extension" \ - -s "HTTP/1.0 200 OK" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Server side check - mbedtls with sni" \ - "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \ - sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \ - 0 \ - -s "parse ServerName extension" \ - -s "HTTP/1.0 200 OK" - -for i in opt-testcases/*.sh -do - TEST_SUITE_NAME=${i##*/} - TEST_SUITE_NAME=${TEST_SUITE_NAME%.*} - . "$i" -done -unset TEST_SUITE_NAME - -# Test 1.3 compatibility mode -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 tickets=0" \ - "$P_CLI debug_level=4" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m both with middlebox compat support" \ - "$P_SRV debug_level=4 tickets=0" \ - "$P_CLI debug_level=4" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ - "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O both with middlebox compat support" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G both with middlebox compat support" \ - "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -C "14 03 03 00 01" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$O_NEXT_CLI -msg -debug" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "14 03 03 00 01" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -C "SSL 3.3 ChangeCipherSpec packet received" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "SSL 3.3 ChangeCipherSpec packet received" \ - -c "discarding change cipher spec in TLS1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ - -c "SSL 3.3 ChangeCipherSpec packet received" - -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -c "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ - "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "received HelloRetryRequest message" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ - "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ - "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ - "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "received HelloRetryRequest message" \ - -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ - -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ - "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "received HelloRetryRequest message" \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ - "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ - "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -C "14 03 03 00 01" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "14 03 03 00 01" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -C "SSL 3.3 ChangeCipherSpec packet received" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "SSL 3.3 ChangeCipherSpec packet received" \ - -c "discarding change cipher spec in TLS1.3" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ALG_ECDH -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ - "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \ - "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ - -c "SSL 3.3 ChangeCipherSpec packet received" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key - -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache - -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key - -d 4 - --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, m->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 0 \ - -c "Protocol is TLSv1.3" \ - -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, O->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ - -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ - -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ - 0 \ - -c "TLSv1.3" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check signature algorithm order, G->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ - --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ - --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \ - 0 \ - -c "Negotiated version: 3.4" \ - -c "HTTP/1.0 200 [Oo][Kk]" \ - -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ - -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ - --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \ - --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ - 1 \ - -S "ssl_tls13_pick_key_cert:check signature algorithm" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ - -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \ - -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ - 1 \ - -S "ssl_tls13_pick_key_cert:check signature algorithm" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ - "$P_CLI allow_sha1=0 debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ - 1 \ - -S "ssl_tls13_pick_key_cert:check signature algorithm" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable certificate, G->m" \ - "$P_SRV debug_level=4 - crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \ - --priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \ - 1 \ - -s "ssl_tls13_pick_key_cert:no suitable certificate found" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable certificate, O->m" \ - "$P_SRV debug_level=4 - crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \ - -sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \ - 1 \ - -s "ssl_tls13_pick_key_cert:no suitable certificate found" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check server no suitable certificate, m->m" \ - "$P_SRV debug_level=4 - crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ - "$P_CLI allow_sha1=0 debug_level=4 \ - sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \ - 1 \ - -s "ssl_tls13_pick_key_cert:no suitable certificate found" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check client no signature algorithm, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key - -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache - -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 1 \ - -c "no suitable signature algorithm" - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check client no signature algorithm, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key - -d 4 - --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 1 \ - -c "no suitable signature algorithm" - -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: Check client no signature algorithm, m->m" \ - "$P_SRV debug_level=4 auth_mode=required - crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key - crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \ - sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ - 1 \ - -c "no suitable signature algorithm" - -requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \ - "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key - -msg -tls1_2 - -Verify 10 " \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 - min_version=tls12 max_version=tls13 " \ - 0 \ - -c "Protocol is TLSv1.2" \ - -c "HTTP/1.0 200 [Oo][Kk]" - - -requires_gnutls_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ - "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key - -d 4 - --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ - "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key - sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 - min_version=tls12 max_version=tls13 " \ - 0 \ - -c "Protocol is TLSv1.2" \ - -c "HTTP/1.0 200 [Oo][Kk]" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_3072 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe3072(0101)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_3072 -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe3072 ( 101 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_4096 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe4096(0102)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_4096 -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe4096 ( 102 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_6144 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -# Tests using FFDH with a large prime take a long time to run with a memory -# sanitizer. GnuTLS <=3.8.1 has a hard-coded timeout and gives up after -# 30s (since 3.8.1, it can be configured with --timeout). We've observed -# 8192-bit FFDH test cases failing intermittently on heavily loaded CI -# executors (https://github.com/Mbed-TLS/mbedtls/issues/9742), -# when using MSan. As a workaround, skip them. -# Also skip 6144-bit FFDH to have a bit of safety margin. -not_with_msan_or_valgrind -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe6144(0103)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_6144 -not_with_msan_or_valgrind -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe6144 ( 103 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_8192 -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -not_with_msan_or_valgrind -client_needs_more_time 4 -run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ - "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - 0 \ - -s "Protocol is TLSv1.3" \ - -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ - -s "received signature algorithm: 0x804" \ - -s "got named group: ffdhe8192(0104)" \ - -s "Certificate verification was skipped" \ - -C "received HelloRetryRequest message" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_enabled PSA_WANT_ALG_FFDH -requires_config_enabled PSA_WANT_DH_RFC7919_8192 -not_with_msan_or_valgrind -client_needs_more_time 4 -run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ - "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ - "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \ - 0 \ - -c "HTTP/1.0 200 OK" \ - -c "Protocol is TLSv1.3" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "NamedGroup: ffdhe8192 ( 104 )" \ - -c "Verifying peer X.509 certificate... ok" \ - -C "received HelloRetryRequest message" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ - "$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ - "$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \ - 0 \ - -C "received HelloRetryRequest message" \ - -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" - -# Legacy_compression_methods testing - -requires_gnutls -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "TLS 1.2 ClientHello indicating support for deflate compression method" \ - "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \ - 0 \ - -c "Handshake was completed" \ - -s "dumping .client hello, compression. (2 bytes)" - -# Handshake defragmentation testing - -# Most test cases are in opt-testcases/handshake-generated.sh - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \ - "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "The SSL configuration is tls12 only" \ - -s "bad client hello message" \ - -s "SSL - A message could not be parsed due to a syntactic error" - -# Test server-side buffer resizing with fragmented handshake on TLS1.2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH -requires_max_content_len 1025 -run_test "Handshake defragmentation on server: len=256, buffer resizing with MFL=1024" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -maxfraglen 1024 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "Reallocating in_buf" \ - -s "Reallocating out_buf" \ - -s "reassembled record" \ - -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/" \ - -s "Consume: waiting for more handshake fragments 256/" - -# Test client-initiated renegotiation with fragmented handshake on TLS1.2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=512, client-initiated renegotiation" \ - "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -connect 127.0.0.1:+$SRV_PORT" \ - 0 \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -s "=> renegotiate" \ - -S "write hello request" \ - -s "reassembled record" \ - -s "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 512/" \ - -s "Consume: waiting for more handshake fragments 512/" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=256, client-initiated renegotiation" \ - "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -connect 127.0.0.1:+$SRV_PORT" \ - 0 \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -s "=> renegotiate" \ - -S "write hello request" \ - -s "reassembled record" \ - -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/" \ - -s "Consume: waiting for more handshake fragments 256/" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=128, client-initiated renegotiation" \ - "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -connect 127.0.0.1:+$SRV_PORT" \ - 0 \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -s "=> renegotiate" \ - -S "write hello request" \ - -s "reassembled record" \ - -s "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 128/" \ - -s "Consume: waiting for more handshake fragments 128/" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=4, client-initiated renegotiation" \ - "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ - 0 \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "found renegotiation extension" \ - -s "server hello, secure renegotiation extension" \ - -s "=> renegotiate" \ - -S "write hello request" \ - -s "reassembled record" \ - -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 4/" \ - -s "Consume: waiting for more handshake fragments 4/" \ - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotiation" \ - "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ - 1 \ - -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ - -s "refusing renegotiation, sending alert" \ - -s "server hello, secure renegotiation extension" \ - -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 4/" \ - -s "Consume: waiting for more handshake fragments 4/" \ - -# Test server-initiated renegotiation with fragmented handshake on TLS1.2 - -# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server -# to initiate a handshake renegotiation. -# Note: Adjusting the renegotiation delay beyond the library's default -# value of 16 is necessary. This parameter defines the maximum -# number of records received before renegotiation is completed. -# By fragmenting records and thereby increasing their quantity, -# the default threshold can be reached more quickly. -# Setting it to -1 disables that policy's enforment. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=512, server-initiated renegotiation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 512/" \ - -c "Consume: waiting for more handshake fragments 512/" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=256, server-initiated renegotiation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 256/" \ - -c "Consume: waiting for more handshake fragments 256/" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=128, server-initiated renegotiation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 128/" \ - -c "Consume: waiting for more handshake fragments 128/" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=4, server-initiated renegotiation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 4/" \ - -c "Consume: waiting for more handshake fragments 4/" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - -# Test heap memory usage after handshake -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_MEMORY_DEBUG -requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C -requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -requires_max_content_len 16384 -run_tests_memory_after_handshake - -if [ "$LIST_TESTS" -eq 0 ]; then - - # Final report - - echo "------------------------------------------------------------------------" - - if [ $FAILS = 0 ]; then - printf "PASSED" - else - printf "FAILED" - fi - PASSES=$(( $TESTS - $FAILS )) - echo " ($PASSES / $TESTS tests ($SKIPS skipped))" - - if [ $((TESTS - SKIPS)) -lt $MIN_TESTS ]; then - cat < -#include -#include -#include "mbedtls/psa_util.h" -#include - -#include -/* END_HEADER */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */ -void ssl_cf_hmac(int hash) -{ - /* - * Test the function mbedtls_ct_hmac() against a reference - * implementation. - */ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - size_t out_len, block_size; - size_t min_in_len, in_len, max_in_len, i; - /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ - unsigned char add_data[13]; - unsigned char ref_out[MBEDTLS_MD_MAX_SIZE]; - unsigned char *data = NULL; - unsigned char *out = NULL; - unsigned char rec_num = 0; - - USE_PSA_INIT(); - - alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); - - out_len = PSA_HASH_LENGTH(alg); - block_size = PSA_HASH_BLOCK_LENGTH(alg); - - /* mbedtls_ct_hmac() requires the key to be exportable */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - /* Use allocated out buffer to catch overwrites */ - TEST_CALLOC(out, out_len); - - /* Set up dummy key */ - memset(ref_out, 42, sizeof(ref_out)); - TEST_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, - ref_out, out_len, - &key)); - /* - * Test all possible lengths up to a point. The difference between - * max_in_len and min_in_len is at most 255, and make sure they both vary - * by at least one block size. - */ - for (max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++) { - mbedtls_test_set_step(max_in_len * 10000); - - /* Use allocated in buffer to catch overreads */ - TEST_CALLOC(data, max_in_len); - - min_in_len = max_in_len > 255 ? max_in_len - 255 : 0; - for (in_len = min_in_len; in_len <= max_in_len; in_len++) { - mbedtls_test_set_step(max_in_len * 10000 + in_len); - - /* Set up dummy data and add_data */ - rec_num++; - memset(add_data, rec_num, sizeof(add_data)); - for (i = 0; i < in_len; i++) { - data[i] = (i & 0xff) ^ rec_num; - } - - /* Get the function's result */ - TEST_CF_SECRET(&in_len, sizeof(in_len)); - TEST_EQUAL(0, mbedtls_ct_hmac(key, PSA_ALG_HMAC(alg), - add_data, sizeof(add_data), - data, in_len, - min_in_len, max_in_len, - out)); - TEST_CF_PUBLIC(&in_len, sizeof(in_len)); - TEST_CF_PUBLIC(out, out_len); - - TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_setup(&operation, - key, alg)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, - sizeof(add_data))); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, - data, in_len)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_finish(&operation, - out, out_len)); - } - - mbedtls_free(data); - data = NULL; - } - -exit: - psa_mac_abort(&operation); - psa_destroy_key(key); - - mbedtls_free(data); - mbedtls_free(out); - - USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data deleted file mode 100644 index 0989e61089..0000000000 --- a/tests/suites/test_suite_debug.data +++ /dev/null @@ -1,76 +0,0 @@ -printf "%" MBEDTLS_PRINTF_SIZET, 0 -printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" - -printf "%" MBEDTLS_PRINTF_LONGLONG, 0 -printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" - -printf "%" MBEDTLS_PRINTF_MS_TIME, 0 -printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" - -Debug print msg (threshold 1, level 0) -debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" - -Debug print msg (threshold 1, level 1) -debug_print_msg_threshold:1:1:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" - -Debug print msg (threshold 1, level 2) -debug_print_msg_threshold:1:2:"MyFile":999:"" - -Debug print msg (threshold 0, level 1) -debug_print_msg_threshold:0:1:"MyFile":999:"" - -Debug print msg (threshold 0, level 5) -debug_print_msg_threshold:0:5:"MyFile":999:"" - -Debug print return value #1 -mbedtls_debug_print_ret:"MyFile":999:"Test return value":0:"MyFile(0999)\: Test return value() returned 0 (-0x0000)\n" - -Debug print return value #2 -mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0x1000:"MyFile(0999)\: Test return value() returned -4096 (-0x1000)\n" - -Debug print return value #3 -mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0xFFFF:"MyFile(0999)\: Test return value() returned -65535 (-0xffff)\n" - -Debug print buffer #1 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n" - -Debug print buffer #2 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n" - -Debug print buffer #3 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n" - -Debug print buffer #4 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n" - -Debug print buffer #5 -mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" - -Debug print mbedtls_mpi: 0 (empty representation) -mbedtls_debug_print_mpi:"":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n" - -Debug print mbedtls_mpi: 0 (non-empty representation) -mbedtls_debug_print_mpi:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n" - -Debug print mbedtls_mpi #2: 3 bits -mbedtls_debug_print_mpi:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n" - -Debug print mbedtls_mpi: 49 bits -mbedtls_debug_print_mpi:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n" - -Debug print mbedtls_mpi: 759 bits -mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print mbedtls_mpi: 764 bits #1 -mbedtls_debug_print_mpi:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print mbedtls_mpi: 764 bits #2 -mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print certificate #1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" - -Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function deleted file mode 100644 index 1d37137416..0000000000 --- a/tests/suites/test_suite_debug.function +++ /dev/null @@ -1,324 +0,0 @@ -/* BEGIN_HEADER */ -#include "debug_internal.h" -#include "string.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include - -#if defined(_WIN32) -# include -# include -#endif - -// Dummy type for builds without MBEDTLS_HAVE_TIME -#if !defined(MBEDTLS_HAVE_TIME) -typedef int64_t mbedtls_ms_time_t; -#endif - -typedef enum { - PRINTF_SIZET, - PRINTF_LONGLONG, - PRINTF_MS_TIME, -} printf_format_indicator_t; - -const char *const printf_formats[] = { - [PRINTF_SIZET] = "%" MBEDTLS_PRINTF_SIZET, - [PRINTF_LONGLONG] = "%" MBEDTLS_PRINTF_LONGLONG, - [PRINTF_MS_TIME] = "%" MBEDTLS_PRINTF_MS_TIME, -}; - -struct buffer_data { - char buf[2000]; - char *ptr; -}; - -#if defined(MBEDTLS_SSL_TLS_C) -static void string_debug(void *data, int level, const char *file, int line, const char *str) -{ - struct buffer_data *buffer = (struct buffer_data *) data; - char *p = buffer->ptr; - ((void) level); - - memcpy(p, file, strlen(file)); - p += strlen(file); - - *p++ = '('; - *p++ = '0' + (line / 1000) % 10; - *p++ = '0' + (line / 100) % 10; - *p++ = '0' + (line / 10) % 10; - *p++ = '0' + (line / 1) % 10; - *p++ = ')'; - *p++ = ':'; - *p++ = ' '; - -#if defined(MBEDTLS_THREADING_C) - /* Skip "thread ID" (up to the first space) as it is not predictable */ - while (*str++ != ' ') { - ; - } -#endif - - memcpy(p, str, strlen(str)); - p += strlen(str); - - /* Detect if debug messages output partial lines and mark them */ - if (p[-1] != '\n') { - *p++ = '*'; - } - - buffer->ptr = p; -} -#endif /* MBEDTLS_SSL_TLS_C */ - -#if defined(_WIN32) -static void noop_invalid_parameter_handler( - const wchar_t *expression, - const wchar_t *function, - const wchar_t *file, - unsigned int line, - uintptr_t pReserved) -{ - (void) expression; - (void) function; - (void) file; - (void) line; - (void) pReserved; -} -#endif /* _WIN32 */ - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_DEBUG_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char *result) -{ -#if defined(_WIN32) - /* Windows treats any invalid format specifiers passsed to the CRT as fatal assertion failures. - Disable this behaviour temporarily, so the rest of the test cases can complete. */ - _invalid_parameter_handler saved_handler = - _set_invalid_parameter_handler(noop_invalid_parameter_handler); - - // Disable assertion pop-up window in Debug builds - int saved_report_mode = _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_REPORT_MODE); - _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_DEBUG); -#endif - - const char *format = printf_formats[format_indicator]; - char *output = NULL; - const size_t n = strlen(result); - - /* Nominal case: buffer just large enough */ - TEST_CALLOC(output, n + 1); - if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x)); - } else if (sizeof_x == sizeof(long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x)); - } else if (sizeof_x == sizeof(long long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x)); - } else { - TEST_FAIL( - "sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)"); - } - TEST_MEMORY_COMPARE(result, n + 1, output, n + 1); - -exit: - mbedtls_free(output); - output = NULL; - -#if defined(_WIN32) - // Restore default Windows behaviour - _set_invalid_parameter_handler(saved_handler); - _CrtSetReportMode(_CRT_ASSERT, saved_report_mode); - (void) saved_report_mode; -#endif -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ -void debug_print_msg_threshold(int threshold, int level, char *file, - int line, char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - mbedtls_debug_set_threshold(threshold); - - mbedtls_debug_print_msg(&ssl, level, file, line, - "Text message, 2 == %d", 2); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ -void mbedtls_debug_print_ret(char *file, int line, char *text, int value, - char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - mbedtls_debug_print_ret(&ssl, 0, file, line, text, value); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ -void mbedtls_debug_print_buf(char *file, int line, char *text, - data_t *data, char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - mbedtls_debug_print_buf(&ssl, 0, file, line, text, data->x, data->len); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_debug_print_crt(char *crt_file, char *file, int line, - char *prefix, char *result_str) -{ - mbedtls_x509_crt crt; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&crt); - MD_OR_USE_PSA_INIT(); - - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0); - mbedtls_debug_print_crt(&ssl, 0, file, line, prefix, &crt); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_BIGNUM_C */ -void mbedtls_debug_print_mpi(char *value, char *file, int line, - char *prefix, char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - mbedtls_mpi val; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_mpi_init(&val); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(mbedtls_test_read_mpi(&val, value) == 0); - - mbedtls_debug_print_mpi(&ssl, 0, file, line, prefix, &val); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_mpi_free(&val); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data deleted file mode 100644 index 8565098286..0000000000 --- a/tests/suites/test_suite_error.data +++ /dev/null @@ -1,17 +0,0 @@ -Single low error -depends_on:MBEDTLS_AES_C -error_strerror:-0x0020:"AES - Invalid key length" - -Single high error -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_X509_CRT_PARSE_C -error_strerror:-0x2280:"X509 - The serial tag or value is invalid" - -Non existing high error -error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)" - -Non existing low error -error_strerror:-0x007F:"UNKNOWN ERROR CODE (007F)" - -Non existing low and high error -error_strerror:-0x88FF:"UNKNOWN ERROR CODE (8880) \: UNKNOWN ERROR CODE (007F)" - diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function deleted file mode 100644 index 4c38ab05f2..0000000000 --- a/tests/suites/test_suite_error.function +++ /dev/null @@ -1,21 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/error.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ERROR_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void error_strerror(int code, char *result_str) -{ - char buf[500]; - - memset(buf, 0, sizeof(buf)); - - mbedtls_strerror(code, buf, 500); - - TEST_ASSERT(strcmp(buf, result_str) == 0); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_mps.data b/tests/suites/test_suite_mps.data deleted file mode 100644 index 442f32188d..0000000000 --- a/tests/suites/test_suite_mps.data +++ /dev/null @@ -1,125 +0,0 @@ -MPS Reader: Single step, single round, pausing disabled -mbedtls_mps_reader_no_pausing_single_step_single_round:0 - -MPS Reader: Single step, single round, pausing enabled but unused -mbedtls_mps_reader_no_pausing_single_step_single_round:1 - -MPS Reader: Single step, multiple rounds, pausing disabled -mbedtls_mps_reader_no_pausing_single_step_multiple_rounds:0 - -MPS Reader: Single step, multiple rounds, pausing enabled but unused -mbedtls_mps_reader_no_pausing_single_step_multiple_rounds:1 - -MPS Reader: Multiple steps, single round, pausing disabled -mbedtls_mps_reader_no_pausing_multiple_steps_single_round:0 - -MPS Reader: Multiple steps, single round, pausing enabled but unused -mbedtls_mps_reader_no_pausing_multiple_steps_single_round:1 - -MPS Reader: Multiple steps, multiple rounds, pausing disabled -mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds:0 - -MPS Reader: Multiple steps, multiple rounds, pausing enabled but unused -mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds:1 - -MPS Reader: Pausing needed but disabled -mbedtls_mps_reader_pausing_needed_disabled: - -MPS Reader: Pausing needed + enabled, but buffer too small -mbedtls_mps_reader_pausing_needed_buffer_too_small: - -MPS Reader: Pausing, repeat single call without commit -mbedtls_mps_reader_pausing:0 - -MPS Reader: Pausing, repeat single call with commit -mbedtls_mps_reader_pausing:1 - -MPS Reader: Pausing, repeat multiple calls without commit -mbedtls_mps_reader_pausing:2 - -MPS Reader: Pausing, repeat multiple calls with commit #0 -mbedtls_mps_reader_pausing:3 - -MPS Reader: Pausing, repeat multiple calls with commit #1 -mbedtls_mps_reader_pausing:4 - -MPS Reader: Pausing, repeat multiple calls with commit #2 -mbedtls_mps_reader_pausing:5 - -MPS Reader: Pausing, feed 50 bytes in 10b + 10b + 80b -mbedtls_mps_reader_pausing_multiple_feeds:0 - -MPS Reader: Pausing, feed 50 bytes in 50x1b -mbedtls_mps_reader_pausing_multiple_feeds:1 - -MPS Reader: Pausing, feed 50 bytes in 49x1b + 51b -mbedtls_mps_reader_pausing_multiple_feeds:2 - -MPS Reader: Reclaim with data remaining #0 -mbedtls_mps_reader_reclaim_data_left:0 - -MPS Reader: Reclaim with data remaining #1 -mbedtls_mps_reader_reclaim_data_left:1 - -MPS Reader: Reclaim with data remaining #2 -mbedtls_mps_reader_reclaim_data_left:2 - -MPS Reader: Reclaim with data remaining, continue fetching -mbedtls_mps_reader_reclaim_data_left_retry: - -MPS Reader: Pausing several times, #0 -mbedtls_mps_reader_multiple_pausing:0 - -MPS Reader: Pausing several times, #1 -mbedtls_mps_reader_multiple_pausing:1 - -MPS Reader: Pausing several times, #2 -mbedtls_mps_reader_multiple_pausing:2 - -MPS Reader: Pausing several times, #3 -mbedtls_mps_reader_multiple_pausing:3 - -MPS Reader: Random usage, 20 rds, feed 100, get 200, acc 50 -mbedtls_mps_reader_random_usage:20:100:200:50 - -MPS Reader: Random usage, 1000 rds, feed 10, get 100, acc 80 -mbedtls_mps_reader_random_usage:1000:10:100:80 - -MPS Reader: Random usage, 10000 rds, feed 1, get 100, acc 80 -mbedtls_mps_reader_random_usage:10000:1:100:80 - -MPS Reader: Random usage, 100 rds, feed 100, get 1000, acc 500 -mbedtls_mps_reader_random_usage:100:100:1000:500 - -MPS Reader: Pausing, inconsistent continuation, #0 -mbedtls_reader_inconsistent_usage:0 - -MPS Reader: Pausing, inconsistent continuation, #1 -mbedtls_reader_inconsistent_usage:1 - -MPS Reader: Pausing, inconsistent continuation, #2 -mbedtls_reader_inconsistent_usage:2 - -MPS Reader: Pausing, inconsistent continuation, #3 -mbedtls_reader_inconsistent_usage:3 - -MPS Reader: Pausing, inconsistent continuation, #4 -mbedtls_reader_inconsistent_usage:4 - -MPS Reader: Pausing, inconsistent continuation, #5 -mbedtls_reader_inconsistent_usage:5 - -MPS Reader: Pausing, inconsistent continuation, #6 -mbedtls_reader_inconsistent_usage:6 - -MPS Reader: Pausing, inconsistent continuation, #7 -mbedtls_reader_inconsistent_usage:7 - -MPS Reader: Pausing, inconsistent continuation, #8 -mbedtls_reader_inconsistent_usage:8 - -MPS Reader: Feed with invalid buffer (NULL) -mbedtls_mps_reader_feed_empty: - -MPS Reader: Excess request leading to integer overflow -mbedtls_mps_reader_reclaim_overflow: diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function deleted file mode 100644 index 6751136582..0000000000 --- a/tests/suites/test_suite_mps.function +++ /dev/null @@ -1,1164 +0,0 @@ -/* BEGIN_HEADER */ - -#include - -#include "mps_reader.h" - -/* - * Compile-time configuration for test suite. - */ - -/* Comment/Uncomment this to disable/enable the - * testing of the various MPS layers. - * This can be useful for time-consuming instrumentation - * tasks such as the conversion of E-ACSL annotations - * into runtime assertions. */ -#define TEST_SUITE_MPS_READER - -/* End of compile-time configuration. */ - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_SSL_PROTO_TLS1_3 - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_single_step_single_round(int with_acc) -{ - /* This test exercises the most basic use of the MPS reader: - * - The 'producing' layer provides a buffer - * - The 'consuming' layer fetches it in a single go. - * - After processing, the consuming layer commits the data - * and the reader is moved back to producing mode. - * - * Parameters: - * - with_acc: 0 if the reader should be initialized without accumulator. - * 1 if the reader should be initialized with accumulator. - * - * Whether the accumulator is present or not should not matter, - * since the consumer's request can be fulfilled from the data - * that the producer has provided. - */ - unsigned char bufA[100]; - unsigned char acc[10]; - unsigned char *tmp; - int paused; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - /* Consume exactly what's available */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufA, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0); - TEST_ASSERT(paused == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_single_step_multiple_rounds(int with_acc) -{ - /* This test exercises multiple rounds of the basic use of the MPS reader: - * - The 'producing' layer provides a buffer - * - The 'consuming' layer fetches it in a single go. - * - After processing, the consuming layer commits the data - * and the reader is moved back to producing mode. - * - * Parameters: - * - with_acc: 0 if the reader should be initialized without accumulator. - * 1 if the reader should be initialized with accumulator. - * - * Whether the accumulator is present or not should not matter, - * since the consumer's request can be fulfilled from the data - * that the producer has provided. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - /* Consume exactly what's available */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufA, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufB, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_multiple_steps_single_round(int with_acc) -{ - /* This test exercises one round of the following: - * - The 'producing' layer provides a buffer - * - The 'consuming' layer fetches it in multiple calls - * to `mbedtls_mps_reader_get()`, without committing in between. - * - After processing, the consuming layer commits the data - * and the reader is moved back to producing mode. - * - * Parameters: - * - with_acc: 0 if the reader should be initialized without accumulator. - * 1 if the reader should be initialized with accumulator. - * - * Whether the accumulator is present or not should not matter, - * since the consumer's requests can be fulfilled from the data - * that the producer has provided. - */ - - /* Lower layer provides data that the upper layer fully consumes - * through multiple `get` calls. */ - unsigned char buf[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_size_t tmp_len; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, buf, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 70, buf + 10, 70); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 80, 20); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_no_pausing_multiple_steps_multiple_rounds(int with_acc) -{ - /* This test exercises one round of fetching a buffer in multiple chunks - * and passing it back to the producer afterwards, followed by another - * single-step sequence of feed-fetch-commit-reclaim. - */ - unsigned char bufA[100], bufB[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_size_t tmp_len; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - if (with_acc == 0) { - mbedtls_mps_reader_init(&rd, NULL, 0); - } else { - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 70, bufA + 10, 70); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 20); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, bufB, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing_needed_disabled() -{ - /* This test exercises the behaviour of the MPS reader when a read request - * of the consumer exceeds what has been provided by the producer, and when - * no accumulator is available in the reader. - * - * In this case, we expect the reader to fail. - */ - - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing_needed_buffer_too_small() -{ - /* This test exercises the behaviour of the MPS reader with accumulator - * in the situation where a read request goes beyond the bounds of the - * current read buffer, _and_ the reader's accumulator is too small to - * hold the requested amount of data. - * - * In this case, we expect mbedtls_mps_reader_reclaim() to fail, - * but it should be possible to continue fetching data as if - * there had been no excess request via mbedtls_mps_reader_get() - * and the call to mbedtls_mps_reader_reclaim() had been rejected - * because of data remaining. - */ - - unsigned char buf[100]; - unsigned char acc[10]; - unsigned char *tmp; - mbedtls_mps_reader rd; - mbedtls_mps_size_t tmp_len; - - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, buf + 50, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 50, 50); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_reclaim_overflow() -{ - /* This test exercises the behaviour of the MPS reader with accumulator - * in the situation where upon calling mbedtls_mps_reader_reclaim(), the - * uncommitted data together with the excess data missing in the last - * call to mbedtls_mps_reader_get() exceeds the bounds of the type - * holding the buffer length. - */ - - unsigned char buf[100]; - unsigned char acc[50]; - unsigned char *tmp; - mbedtls_mps_reader rd; - - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - /* Excess request */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Wrapup (lower layer) */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing(int option) -{ - /* This test exercises the behaviour of the reader when the - * accumulator is used to fulfill a consumer's request. - * - * More detailed: - * - The producer feeds some data. - * - The consumer asks for more data than what's available. - * - The reader remembers the request and goes back to - * producing mode, waiting for more data from the producer. - * - The producer provides another chunk of data which is - * sufficient to fulfill the original read request. - * - The consumer retries the original read request, which - * should now succeed. - * - * This test comes in multiple variants controlled by the - * `option` parameter and documented below. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char *tmp; - unsigned char acc[40]; - int paused; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - - /* Consumption (upper layer) */ - /* Ask for more than what's available. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - switch (option) { - case 0: /* Single uncommitted fetch at pausing */ - case 1: - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - default: /* Multiple uncommitted fetches at pausing */ - break; - } - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0); - TEST_ASSERT(paused == 1); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - - /* Consumption */ - switch (option) { - case 0: /* Single fetch at pausing, re-fetch with commit. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - - case 1: /* Single fetch at pausing, re-fetch without commit. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - break; - - case 2: /* Multiple fetches at pausing, repeat without commit. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - break; - - case 3: /* Multiple fetches at pausing, repeat with commit 1. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - break; - - case 4: /* Multiple fetches at pausing, repeat with commit 2. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - - case 5: /* Multiple fetches at pausing, repeat with commit 3. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - break; - - default: - TEST_ASSERT(0); - } - - /* In all cases, fetch the rest of the second buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_pausing_multiple_feeds(int option) -{ - /* This test exercises the behaviour of the MPS reader - * in the following situation: - * - The consumer has asked for more than what's available, so the - * reader pauses and waits for further input data via - * `mbedtls_mps_reader_feed()` - * - Multiple such calls to `mbedtls_mps_reader_feed()` are necessary - * to fulfill the original request, and the reader needs to do - * the necessary bookkeeping under the hood. - * - * This test comes in a few variants differing in the number and - * size of feed calls that the producer issues while the reader is - * accumulating the necessary data - see the comments below. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char *tmp; - unsigned char acc[70]; - mbedtls_mps_reader rd; - mbedtls_mps_size_t fetch_len; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - - /* Consumption (upper layer) */ - /* Ask for more than what's available. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* 20 left, ask for 70 -> 50 overhead */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - switch (option) { - case 0: /* 10 + 10 + 80 byte feed */ - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, 10) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 10, 10) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 20, 80) == 0); - break; - - case 1: /* 50 x 1byte */ - for (size_t num_feed = 0; num_feed < 49; num_feed++) { - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + num_feed, 1) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 49, 1) == 0); - break; - - case 2: /* 49 x 1byte + 51bytes */ - for (size_t num_feed = 0; num_feed < 49; num_feed++) { - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + num_feed, 1) == - MBEDTLS_ERR_MPS_READER_NEED_MORE); - } - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB + 49, 51) == 0); - break; - - default: - TEST_ASSERT(0); - break; - } - - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 50, bufB, 50); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 1000, &tmp, &fetch_len) == 0); - switch (option) { - case 0: - TEST_ASSERT(fetch_len == 50); - break; - - case 1: - TEST_ASSERT(fetch_len == 0); - break; - - case 2: - TEST_ASSERT(fetch_len == 50); - break; - - default: - TEST_ASSERT(0); - break; - } - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_reclaim_data_left(int option) -{ - /* This test exercises the behaviour of the MPS reader when a - * call to mbedtls_mps_reader_reclaim() is made before all data - * provided by the producer has been fetched and committed. */ - - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - - /* Consumption (upper layer) */ - switch (option) { - case 0: - /* Fetch (but not commit) the entire buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf), &tmp, NULL) - == 0); - TEST_MEMORY_COMPARE(tmp, 100, buf, 100); - break; - - case 1: - /* Fetch (but not commit) parts of the buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, - &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); - break; - - case 2: - /* Fetch and commit parts of the buffer, then - * fetch but not commit the rest of the buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, - &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2, - &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, - buf + sizeof(buf) / 2, - sizeof(buf) / 2); - break; - - default: - TEST_ASSERT(0); - break; - } - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_DATA_LEFT); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_reclaim_data_left_retry() -{ - /* This test exercises the behaviour of the MPS reader when an attempt - * by the producer to reclaim the reader fails because of more data pending - * to be processed, and the consumer subsequently fetches more data. */ - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_DATA_LEFT); - /* Consumption */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_multiple_pausing(int option) -{ - /* This test exercises the behaviour of the MPS reader - * in the following situation: - * - A read request via `mbedtls_mps_reader_get()` can't - * be served and the reader is paused to accumulate - * the desired amount of data from the producer. - * - Once enough data is available, the consumer successfully - * reads the data from the reader, but afterwards exceeds - * the available data again - pausing is necessary for a - * second time. - */ - - unsigned char bufA[100], bufB[20], bufC[10]; - unsigned char *tmp; - unsigned char acc[50]; - mbedtls_mps_size_t tmp_len; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - for (size_t i = 0; (unsigned) i < sizeof(bufC); i++) { - bufC[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - - /* Consumption (upper layer) */ - /* Ask for more than what's available. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 80, bufA, 80); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - - switch (option) { - case 0: /* Fetch same chunks, commit afterwards, and - * then exceed bounds of new buffer; accumulator - * large enough. */ - - /* Consume */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, &tmp_len) == 0); - TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufC, sizeof(bufC)) == 0);; - - /* Consume */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufB + 10, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufC, 10); - break; - - case 1: /* Fetch same chunks, commit afterwards, and - * then exceed bounds of new buffer; accumulator - * not large enough. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 51, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - break; - - case 2: /* Fetch same chunks, don't commit afterwards, and - * then exceed bounds of new buffer; accumulator - * large enough. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufC, sizeof(bufC)) == 0);; - - /* Consume */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 20, bufB, 20); - TEST_MEMORY_COMPARE(tmp + 40, 10, bufC, 10); - break; - - case 3: /* Fetch same chunks, don't commit afterwards, and - * then exceed bounds of new buffer; accumulator - * not large enough. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10); - TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 21, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - - /* Prepare */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == - MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL); - break; - - default: - TEST_ASSERT(0); - break; - } - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER:MBEDTLS_MPS_STATE_VALIDATION */ -void mbedtls_mps_reader_random_usage(int num_out_chunks, - int max_chunk_size, - int max_request, - int acc_size) - -{ - /* Randomly pass a reader object back and forth between lower and - * upper layer and let each of them call the respective reader API - * functions in a random fashion. - * - * On the lower layer, we're tracking and concatenating - * the data passed to successful feed calls. - * - * For the upper layer, we track and concatenate buffers - * obtained from successful get calls. - * - * As long as the lower layer calls reclaim at least once, (resetting the - * fetched but not-yet-committed data), this should always lead to the same - * stream of outgoing/incoming data for the lower/upper layers, even if - * most of the random calls fail. - * - * NOTE: This test uses rand() for random data, which is not optimal. - * Instead, it would be better to get the random data from a - * static buffer. This both eases reproducibility and allows - * simple conversion to a fuzz target. - */ - int ret; - unsigned char *acc = NULL; - unsigned char *outgoing = NULL, *incoming = NULL; - unsigned char *cur_chunk = NULL; - size_t cur_out_chunk, out_pos, in_commit, in_fetch; - int rand_op; /* Lower layer: - * - Reclaim (0) - * - Feed (1) - * Upper layer: - * - Get, do tolerate smaller output (0) - * - Get, don't tolerate smaller output (1) - * - Commit (2) */ - int mode = 0; /* Lower layer (0) or Upper layer (1) */ - int reclaimed = 1; /* Have to call reclaim at least once before - * returning the reader to the upper layer. */ - mbedtls_mps_reader rd; - - if (acc_size > 0) { - TEST_CALLOC(acc, acc_size); - } - - /* This probably needs to be changed because we want - * our tests to be deterministic. */ - // srand( time( NULL ) ); - - TEST_CALLOC(outgoing, num_out_chunks * max_chunk_size); - TEST_CALLOC(incoming, num_out_chunks * max_chunk_size); - - mbedtls_mps_reader_init(&rd, acc, acc_size); - - cur_out_chunk = 0; - in_commit = 0; - in_fetch = 0; - out_pos = 0; - while (cur_out_chunk < (unsigned) num_out_chunks) { - if (mode == 0) { - /* Choose randomly between reclaim and feed */ - rand_op = rand() % 2; - - if (rand_op == 0) { - /* Reclaim */ - ret = mbedtls_mps_reader_reclaim(&rd, NULL); - - if (ret == 0) { - TEST_ASSERT(cur_chunk != NULL); - mbedtls_free(cur_chunk); - cur_chunk = NULL; - } - reclaimed = 1; - } else { - /* Feed reader with a random chunk */ - unsigned char *tmp = NULL; - size_t tmp_size; - if (cur_out_chunk == (unsigned) num_out_chunks) { - continue; - } - - tmp_size = (rand() % max_chunk_size) + 1; - TEST_CALLOC(tmp, tmp_size); - - TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, tmp, tmp_size) == 0); - ret = mbedtls_mps_reader_feed(&rd, tmp, tmp_size); - - if (ret == 0 || ret == MBEDTLS_ERR_MPS_READER_NEED_MORE) { - cur_out_chunk++; - memcpy(outgoing + out_pos, tmp, tmp_size); - out_pos += tmp_size; - } - - if (ret == 0) { - TEST_ASSERT(cur_chunk == NULL); - cur_chunk = tmp; - } else { - mbedtls_free(tmp); - } - - } - - /* Randomly switch to consumption mode if reclaim - * was called at least once. */ - if (reclaimed == 1 && rand() % 3 == 0) { - in_fetch = 0; - mode = 1; - } - } else { - /* Choose randomly between get tolerating fewer data, - * get not tolerating fewer data, and commit. */ - rand_op = rand() % 3; - if (rand_op == 0 || rand_op == 1) { - mbedtls_mps_size_t get_size, real_size; - unsigned char *chunk_get; - get_size = (rand() % max_request) + 1; - if (rand_op == 0) { - ret = mbedtls_mps_reader_get(&rd, get_size, &chunk_get, - &real_size); - } else { - real_size = get_size; - ret = mbedtls_mps_reader_get(&rd, get_size, &chunk_get, NULL); - } - - /* Check if output is in accordance with what was written */ - if (ret == 0) { - memcpy(incoming + in_commit + in_fetch, - chunk_get, real_size); - TEST_ASSERT(memcmp(incoming + in_commit + in_fetch, - outgoing + in_commit + in_fetch, - real_size) == 0); - in_fetch += real_size; - } - } else if (rand_op == 2) { /* Commit */ - ret = mbedtls_mps_reader_commit(&rd); - if (ret == 0) { - in_commit += in_fetch; - in_fetch = 0; - } - } - - /* Randomly switch back to preparation */ - if (rand() % 3 == 0) { - reclaimed = 0; - mode = 0; - } - } - } - -exit: - /* Cleanup */ - mbedtls_mps_reader_free(&rd); - mbedtls_free(incoming); - mbedtls_free(outgoing); - mbedtls_free(acc); - mbedtls_free(cur_chunk); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_reader_inconsistent_usage(int option) -{ - /* This test exercises the behaviour of the MPS reader - * in the following situation: - * - The consumer asks for more data than what's available - * - The reader is paused and receives more data from the - * producer until the original read request can be fulfilled. - * - The consumer does not repeat the original request but - * requests data in a different way. - * - * The reader does not guarantee that inconsistent read requests - * after pausing will succeed, and this test triggers some cases - * where the request fails. - */ - - unsigned char bufA[100], bufB[100]; - unsigned char *tmp; - unsigned char acc[40]; - mbedtls_mps_reader rd; - int success = 0; - for (size_t i = 0; (unsigned) i < sizeof(bufA); i++) { - bufA[i] = (unsigned char) i; - } - for (size_t i = 0; (unsigned) i < sizeof(bufB); i++) { - bufB[i] = ~((unsigned char) i); - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, acc, sizeof(acc)); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0); - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_OUT_OF_DATA); - /* Preparation */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0); - /* Consumption */ - switch (option) { - case 0: - /* Ask for buffered data in a single chunk, no commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10); - success = 1; - break; - - case 1: - /* Ask for buffered data in a single chunk, with commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20); - TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - success = 1; - break; - - case 2: - /* Ask for more than was requested when pausing, #1 */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 31, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - break; - - case 3: - /* Ask for more than was requested when pausing #2 */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - break; - - case 4: - /* Asking for buffered data in different - * chunks than before CAN fail. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == - MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS); - break; - - case 5: - /* Asking for buffered data different chunks - * than before NEED NOT fail - no commits */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - success = 1; - break; - - case 6: - /* Asking for buffered data different chunks - * than before NEED NOT fail - intermediate commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - success = 1; - break; - - case 7: - /* Asking for buffered data different chunks - * than before NEED NOT fail - end commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - success = 1; - break; - - case 8: - /* Asking for buffered data different chunks - * than before NEED NOT fail - intermediate & end commit */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15); - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5); - TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - success = 1; - break; - - default: - TEST_ASSERT(0); - break; - } - - if (success == 1) { - /* In all succeeding cases, fetch the rest of the second buffer. */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - } - -exit: - /* Wrapup */ - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ -void mbedtls_mps_reader_feed_empty() -{ - /* This test exercises the behaviour of the reader when it is - * fed with a NULL buffer. */ - unsigned char buf[100]; - unsigned char *tmp; - mbedtls_mps_reader rd; - for (size_t i = 0; (unsigned) i < sizeof(buf); i++) { - buf[i] = (unsigned char) i; - } - - /* Preparation (lower layer) */ - mbedtls_mps_reader_init(&rd, NULL, 0); - - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, NULL, sizeof(buf)) == - MBEDTLS_ERR_MPS_READER_INVALID_ARG); - - /* Subsequent feed-calls should still succeed. */ - TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0); - - /* Consumption (upper layer) */ - TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0); - TEST_MEMORY_COMPARE(tmp, 100, buf, 100); - TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0); - - /* Wrapup */ - TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0); - -exit: - mbedtls_mps_reader_free(&rd); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_net.data b/tests/suites/test_suite_net.data deleted file mode 100644 index 4f516c8b61..0000000000 --- a/tests/suites/test_suite_net.data +++ /dev/null @@ -1,8 +0,0 @@ -Context init-free-free -context_init_free:0 - -Context init-free-init-free -context_init_free:1 - -net_poll beyond FD_SETSIZE -poll_beyond_fd_setsize: diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function deleted file mode 100644 index fa09f5a64f..0000000000 --- a/tests/suites/test_suite_net.function +++ /dev/null @@ -1,137 +0,0 @@ -/* BEGIN_HEADER */ - -#include "mbedtls/net_sockets.h" - -#if defined(unix) || defined(__unix__) || defined(__unix) || \ - defined(__APPLE__) || defined(__QNXNTO__) || \ - defined(__HAIKU__) || defined(__midipix__) -#define MBEDTLS_PLATFORM_IS_UNIXLIKE -#endif - -#if defined(MBEDTLS_PLATFORM_IS_UNIXLIKE) -#include -#include -#include -#include -#include -#include -#endif - - -#if defined(MBEDTLS_PLATFORM_IS_UNIXLIKE) -/** Open a file on the given file descriptor. - * - * This is disruptive if there is already something open on that descriptor. - * Caller beware. - * - * \param ctx An initialized, but unopened socket context. - * On success, it refers to the opened file (\p wanted_fd). - * \param wanted_fd The desired file descriptor. - * - * \return \c 0 on success, a negative error code on error. - */ -static int open_file_on_fd(mbedtls_net_context *ctx, int wanted_fd) -{ - int got_fd = open("/dev/null", O_RDONLY); - TEST_ASSERT(got_fd >= 0); - if (got_fd != wanted_fd) { - TEST_ASSERT(dup2(got_fd, wanted_fd) >= 0); - TEST_ASSERT(close(got_fd) >= 0); - } - ctx->fd = wanted_fd; - return 0; -exit: - return -1; -} -#endif /* MBEDTLS_PLATFORM_IS_UNIXLIKE */ - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_NET_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void context_init_free(int reinit) -{ - mbedtls_net_context ctx; - - mbedtls_net_init(&ctx); - mbedtls_net_free(&ctx); - - if (reinit) { - mbedtls_net_init(&ctx); - } - mbedtls_net_free(&ctx); - - /* This test case always succeeds, functionally speaking. A plausible - * bug might trigger an invalid pointer dereference or a memory leak. */ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PLATFORM_IS_UNIXLIKE */ -void poll_beyond_fd_setsize() -{ - /* Test that mbedtls_net_poll does not misbehave when given a file - * descriptor greater or equal to FD_SETSIZE. This code is specific to - * platforms with a Unix-like select() function, which is where - * FD_SETSIZE is a concern. */ - - struct rlimit rlim_nofile; - int restore_rlim_nofile = 0; - int ret; - mbedtls_net_context ctx; - uint8_t buf[1]; - - mbedtls_net_init(&ctx); - - /* On many systems, by default, the maximum permitted file descriptor - * number is less than FD_SETSIZE. If so, raise the limit if - * possible. - * - * If the limit can't be raised, a file descriptor opened by the - * net_sockets module will be less than FD_SETSIZE, so the test - * is not necessary and we mark it as skipped. - * A file descriptor could still be higher than FD_SETSIZE if it was - * opened before the limit was lowered (which is something an application - * might do); but we don't do such things in our test code, so the unit - * test will run if it can. - */ - TEST_ASSERT(getrlimit(RLIMIT_NOFILE, &rlim_nofile) == 0); - if (rlim_nofile.rlim_cur < FD_SETSIZE + 1) { - rlim_t old_rlim_cur = rlim_nofile.rlim_cur; - rlim_nofile.rlim_cur = FD_SETSIZE + 1; - TEST_ASSUME(setrlimit(RLIMIT_NOFILE, &rlim_nofile) == 0); - rlim_nofile.rlim_cur = old_rlim_cur; - restore_rlim_nofile = 1; - } - - TEST_ASSERT(open_file_on_fd(&ctx, FD_SETSIZE) == 0); - - /* In principle, mbedtls_net_poll() with valid arguments should succeed. - * However, we know that on Unix-like platforms (and others), this function - * is implemented on top of select() and fd_set, which do not support - * file descriptors greater or equal to FD_SETSIZE. So we expect to hit - * this platform limitation. - * - * If mbedtls_net_poll() does not proprely check that ctx.fd is in range, - * it may still happen to return the expected failure code, but if this - * is problematic on the particular platform where the code is running, - * a memory sanitizer such as UBSan should catch it. - */ - ret = mbedtls_net_poll(&ctx, MBEDTLS_NET_POLL_READ, 0); - TEST_EQUAL(ret, MBEDTLS_ERR_NET_POLL_FAILED); - - /* mbedtls_net_recv_timeout() uses select() and fd_set in the same way. */ - ret = mbedtls_net_recv_timeout(&ctx, buf, sizeof(buf), 0); - TEST_EQUAL(ret, MBEDTLS_ERR_NET_POLL_FAILED); - -exit: - mbedtls_net_free(&ctx); - if (restore_rlim_nofile) { - setrlimit(RLIMIT_NOFILE, &rlim_nofile); - } -} -/* END_CASE */ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data deleted file mode 100644 index a9b23af368..0000000000 --- a/tests/suites/test_suite_pkcs7.data +++ /dev/null @@ -1,3257 +0,0 @@ -PKCS7 Signed Data Parse Pass SHA256 #1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse Pass SHA1 #2 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha1.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse Pass Without CERT #3 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse with zero signers -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_no_signers.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Parse Fail with multiple certs #4 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE - -PKCS7 Signed Data Parse Fail with corrupted cert #5.0 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badcert.der":MBEDTLS_ERR_PKCS7_INVALID_CERT - -PKCS7 Signed Data Parse Fail with disabled alg #5.1 -depends_on:MBEDTLS_RSA_C:!PSA_WANT_ALG_SHA_512 -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha512.der":MBEDTLS_ERR_PKCS7_INVALID_ALG - -PKCS7 Parse Fail with Inlined Content Info #5.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_with_signature.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE - -PKCS7 Signed Data Parse Fail with no RSA #5.3 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_ERR_PKCS7_INVALID_CERT - -PKCS7 Signed Data Parse Fail with corrupted signer info #6 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail with corrupted signer info[1] invalid size #6.1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail with corrupted signer info[2] invalid size #6.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail with corrupted signer info[1] unexpected tag #6.3 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail with corrupted signer info[2] unexpected tag #6.4 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail with corrupted signer info[1] fuzz bad #6.5 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail with corrupted signer info[2] fuzz bad #6.6 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail Version other than 1 #7 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION - -PKCS7 Signed Data Parse Fail Encrypted Content #8 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_encrypted.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE - -PKCS7 Signed Data Verification Pass zero-len data -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_zerolendata_detached.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_zerolendata.bin":0:0 - -PKCS7 Signed Data Verification Fail zero-len data -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_zerolendata_detached.der":"../framework/data_files/pkcs7-rsa-sha256-2.der":"../framework/data_files/pkcs7_zerolendata.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Verification Pass SHA256 #9 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verification Pass SHA256 #9.1 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 - -PKCS7 Signed Data Verification Pass SHA1 #10 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha1.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verification Pass SHA512 #11 -depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha512.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verification Fail because of different certificate #12 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-2.der":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Verification Fail because of different data hash #13 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_issuer_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Signed Data Parse Fail Corrupt signerInfos[2] (6213931373035520) -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_2_invalid_tag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -PKCS7 Signed Data Parse Fail Corrupt signerInfos[1].issuerAndSerialNumber.serialNumber, after multi-element .name (4541044530479104) -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO - -PKCS7 Only Signed Data Parse Pass #15 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA - -PKCS7 Signed Data Verify with multiple(2) signers #16.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verify with multiple(3) signers #16.1 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_MEMORY_BUFFER_ALLOC_C -pkcs7_verify:"../framework/data_files/pkcs7_data_3_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt ../framework/data_files/pkcs7-rsa-sha256-3.crt":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Hash Verify with multiple signers #17 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 - -PKCS7 Signed Data Hash Verify Fail with multiple signers #18 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_512 -pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL - -PKCS7 Signed Data Verify Pass Expired Cert #19 no TIME_DATE -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE -pkcs7_verify:"../framework/data_files/pkcs7_data_rsa_expired.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:0 - -PKCS7 Signed Data Verify Fail Expired Cert #19 have DATE_TIME -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID - -PKCS7 Signed Data Verify Fail Expired Cert #19 no DATE_TIME 1 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Signed Data Verify Fail Expired Cert #19 no TIME_DATE 2 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C -pkcs7_verify:"../framework/data_files/pkcs7_data_rsa_expired.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED - -PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"003082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Add null byte to end #21.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #22.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"0282050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1280 to 1281 #23.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050106092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #24.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050106092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #25.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050002092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #26.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"30820500060a2a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #27.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006082a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #28.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702028204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1265 to 1266 #29.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f2308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #30.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f2308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1265 to 1264 #31.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f0308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #32.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1028204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1261 to 1262 #33.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ee020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #34.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ee020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1261 to 1260 #35.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ec020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #36.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed040101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #37.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020201310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #38.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020001310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #39.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101020f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 16 #40.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed0201013110300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #41.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed0201013110300d0609608648016503040201050000300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 14 #42.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310e300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #43.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f020d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #44.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300e06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #45.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300e0609608648016503040201050000300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #46.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300c06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #47.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d02096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #48.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d060a6086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #49.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06086086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #50.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010200300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #51.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010501300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #52.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500020b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #53.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300c06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #54.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300c06092a864886f70d01070100a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #55.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300a06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #56.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b02092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #57.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b060a2a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #58.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06082a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #59.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d0107010282034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 845 to 846 #60.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034e3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #61.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034e3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d97273003182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 845 to 844 #62.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034c3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #63.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d0282034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 841 to 842 #64.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034a30820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #65.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034a30820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d97273003182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 841 to 840 #66.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034830820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #67.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034902820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 561 to 562 #68.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820232a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #69.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820232a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff00300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 561 to 560 #70.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820230a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #71.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231020302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #72.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00402010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #73.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a0040201020002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #74.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00202010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #75.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00304010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #76.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302020202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #77.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302000202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #78.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010204147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #79.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #80.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #81.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #82.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #83.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06092a864886f70d01010b0500003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #84.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #85.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #86.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a2a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #87.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06082a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #88.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b02003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #89.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05013034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #90.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05000234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #91.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #92.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203100301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #93.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #94.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #95.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #96.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #97.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #98.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #99.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #100.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #101.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #102.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #103.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #104.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #105.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #106.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #107.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #108.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #109.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #110.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #111.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #112.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #113.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #114.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #115.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #116.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #117.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #118.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #119.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #120.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #121.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #122.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #123.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #124.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203100301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #125.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #126.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #127.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #128.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203100301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #129.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #130.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #131.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #132.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #133.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #134.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #135.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #136.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031021e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 30 to 31 #137.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301f170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #138.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301f170d3232313032383136313035365a170d3233313032383136313035365a003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 30 to 29 #139.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301d170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 17 to 02 #140.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e020d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #141.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170e3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #142.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170c3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 17 to 02 #143.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a020d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #144.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170e3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #145.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170c3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #146.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #147.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #148.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310030820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #149.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #150.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #151.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #152.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #153.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #154.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #155.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #156.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #157.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #158.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #159.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #160.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #161.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #162.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #163.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #164.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #165.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #166.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #167.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #168.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #169.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #170.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #171.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #172.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #173.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #174.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #175.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #176.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #177.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #178.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #179.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #180.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310030820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #181.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #182.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #183.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #184.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310030820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #185.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #186.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #187.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #188.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #189.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #190.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #191.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #192.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 290 to 291 #193.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820123300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #194.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820123300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf08353020301000100a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 290 to 289 #195.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820121300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #196.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122020d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #197.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300e06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #198.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300e06092a864886f70d0101010500000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #199.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300c06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #200.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d02092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #201.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d060a2a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #202.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06082a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #203.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010102000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #204.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105010382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 03 to 02 #205.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000282010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 271 to 272 #206.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d010101050003820110003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 271 to 270 #207.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010e003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag a3 to 02 #208.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf08353020301000102533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 83 to 84 #209.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3543051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 83 to 82 #210.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3523051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #211.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff020d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #212.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300e06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #213.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300e06092a864886f70d01010b0500000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #214.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300c06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #215.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d02092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #216.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d060a2a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #217.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06082a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #218.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b02000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #219.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05010382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 03 to 02 #220.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000282010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 257 to 258 #221.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010200821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 257 to 256 #222.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010000821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #223.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972730282017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 375 to 376 #224.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017830820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #225.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017830820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 375 to 374 #226.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017630820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #227.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017702820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #228.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #229.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #230.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #231.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #232.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #233.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #234.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #235.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #236.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf00300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #237.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #238.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #239.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #240.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #241.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #242.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #243.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #244.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #245.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #246.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #247.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #248.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #249.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #250.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #251.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #252.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #253.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #254.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #255.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #256.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #257.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #258.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #259.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #260.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #261.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #262.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #263.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #264.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #265.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #266.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #267.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #268.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #269.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #270.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #271.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #272.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #273.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #274.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #275.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #276.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #277.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #278.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #279.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #280.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #281.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #282.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #283.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #284.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203104147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #285.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #286.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #287.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #288.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #289.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e0609608648016503040201050000300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #290.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #291.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #292.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a6086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #293.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06086086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #294.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010200300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #295.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010501300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #296.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500020d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #297.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #298.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d010101050000048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #299.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300c06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #300.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d02092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #301.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d060a2a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #302.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06082a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #303.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010200048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #304.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010501048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #305.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500028201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #306.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201015becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" - - -PKCS7 Parse Failure Invalid ASN1: Add null byte to start #307.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"003082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Add null byte to end #308.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #309.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"0282032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 806 to 807 #310.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032706092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #311.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032706092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 806 to 805 #312.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032506092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #313.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032602092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #314.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"30820326060a2a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #315.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606082a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #316.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d0107020282031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 791 to 792 #317.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031830820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #318.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031830820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 791 to 790 #319.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031630820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #320.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031702820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 787 to 788 #321.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820314020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #322.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820314020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 787 to 786 #323.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820312020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #324.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313040101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #325.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020201310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #326.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020001310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #327.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101020f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 16 #328.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a0820317308203130201013110300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #329.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a0820317308203130201013110300d0609608648016503040201050000300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 14 #330.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310e300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #331.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f020d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #332.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300e06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #333.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300e0609608648016503040201050000300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #334.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300c06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #335.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d02096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #336.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d060a6086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #337.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06086086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #338.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010200300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #339.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010501300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #340.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500020b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #341.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300c06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #342.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300c06092a864886f70d01070100318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #343.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300a06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #344.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b02092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #345.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b060a2a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #346.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06082a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #347.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701028202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 750 to 751 #348.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ef30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #349.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ef30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 750 to 749 #350.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ed30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #351.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee02820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #352.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #353.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd00030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #354.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #355.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #356.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #357.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #358.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #359.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #360.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf00300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #361.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #362.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #363.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #364.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #365.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #366.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #367.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #368.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #369.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #370.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #371.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #372.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #373.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #374.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #375.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #376.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #377.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #378.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #379.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #380.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #381.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #382.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #383.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #384.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #385.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #386.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #387.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #388.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #389.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #390.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #391.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #392.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #393.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #394.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #395.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #396.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #397.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #398.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #399.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #400.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #401.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #402.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #403.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #404.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #405.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #406.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #407.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #408.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203104147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #409.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #410.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #411.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #412.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #413.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e0609608648016503040201050000300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #414.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #415.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #416.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a6086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #417.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06086086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #418.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010200300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #419.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010501300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #420.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500020d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #421.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #422.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d010101050000048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #423.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300c06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #424.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d02092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #425.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d060a2a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #426.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06082a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #427.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010200048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #428.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010501048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #429.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500028201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #430.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201015becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #431.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd002820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #432.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #433.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #434.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #435.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #436.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #437.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #438.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #439.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #440.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c00300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #441.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #442.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #443.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #444.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #445.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #446.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #447.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #448.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #449.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #450.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #451.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #452.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #453.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #454.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #455.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #456.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #457.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #458.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #459.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #460.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #461.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #462.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #463.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #464.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #465.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #466.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #467.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #468.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #469.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #470.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #471.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #472.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #473.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #474.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #475.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #476.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #477.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #478.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #479.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #480.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #481.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #482.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #483.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #484.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #485.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #486.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #487.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #488.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320414564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #489.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320215564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #490.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320213564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #491.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c020d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #492.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #493.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e0609608648016503040201050000300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #494.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300c06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #495.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d02096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #496.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d060a6086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #497.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06086086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #498.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010200300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #499.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010501300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #500.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500020d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #501.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #502.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d01010105000004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #503.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300c06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #504.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d02092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #505.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d060a2a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #506.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06082a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #507.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101020004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #508.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050104820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #509.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050002820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #510.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082032606092a864886f70d010702a082031730820313020101310f300d06096086480165030402010500300b06092a864886f70d010701318202ee30820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820101046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a6400" - - -PKCS7 Parse Failure Invalid ASN1: Add null byte to start #511.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"003082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Add null byte to end #512.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #513.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"0282049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1181 to 1182 #514.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049e06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #515.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049e06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1181 to 1180 #516.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049c06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #517.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d02092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #518.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d060a2a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #519.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06082a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag a0 to 02 #520.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d0107020282048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1166 to 1167 #521.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048f3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag a0 to contain one unaccounted extra byte #522.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048f3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1166 to 1165 #523.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048d3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #524.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e0282048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1162 to 1163 #525.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048b020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #526.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048b020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1162 to 1161 #527.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e30820489020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #528.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a040101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #529.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020201310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #530.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020001310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #531.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101020f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 16 #532.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a0201013110300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #533.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a0201013110300d0609608648016503040201050000300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 15 to 14 #534.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310e300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #535.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f020d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #536.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300e06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #537.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300e0609608648016503040201050000300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #538.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300c06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #539.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d02096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #540.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d060a6086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #541.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06086086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #542.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010200300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #543.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010501300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #544.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500020b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #545.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300c06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #546.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300c06092a864886f70d010701003182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #547.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300a06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #548.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b02092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #549.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b060a2a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #550.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06082a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #551.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107010282046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1125 to 1126 #552.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046630820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #553.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046630820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1125 to 1124 #554.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046430820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #555.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046502820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #556.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #557.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd00030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #558.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #559.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #560.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #561.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #562.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #563.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #564.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf00300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #565.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #566.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #567.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #568.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #569.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #570.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #571.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #572.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #573.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #574.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #575.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #576.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #577.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #578.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #579.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #580.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #581.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #582.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #583.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #584.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #585.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #586.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #587.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #588.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #589.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #590.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #591.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #592.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #593.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #594.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #595.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #596.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #597.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #598.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #599.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #600.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #601.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #602.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #603.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #604.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420310002147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #605.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #606.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #607.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #608.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #609.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #610.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #611.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #612.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203104147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #613.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102157bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #614.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102137bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #615.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf020d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #616.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #617.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300e0609608648016503040201050000300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #618.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300c06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #619.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d02096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #620.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d060a6086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #621.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06086086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #622.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010200300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #623.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010501300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #624.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500020d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #625.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #626.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300e06092a864886f70d010101050000048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #627.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300c06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #628.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d02092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #629.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d060a2a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #630.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06082a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #631.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010200048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #632.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010501048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #633.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500028201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #634.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201015becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #635.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd002820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #636.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #637.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a64000030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #638.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #639.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #640.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #641.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #642.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #643.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #644.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c00300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #645.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #646.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #647.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #648.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #649.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #650.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #651.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #652.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #653.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #654.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #655.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #656.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #657.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #658.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #659.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #660.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #661.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #662.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #663.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #664.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #665.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #666.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #667.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #668.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #669.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #670.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #671.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #672.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #673.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #674.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #675.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #676.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #677.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #678.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #679.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #680.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #681.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #682.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #683.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #684.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742032000214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #685.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #686.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #687.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #688.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #689.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #690.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #691.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #692.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320414564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #693.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320215564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #694.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320213564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #695.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c020d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #696.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #697.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300e0609608648016503040201050000300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #698.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300c06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #699.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d02096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #700.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d060a6086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #701.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06086086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #702.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010200300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #703.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010501300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #704.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500020d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #705.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #706.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300e06092a864886f70d01010105000004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #707.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300c06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #708.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d02092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #709.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d060a2a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #710.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06082a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #711.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101020004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #712.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050104820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #713.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050002820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #714.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820101046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #715.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640002820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 372 #716.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #717.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820174020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae88000" - -PKCS7 Parse Failure Invalid ASN1: Change length from 371 to 370 #718.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820172020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #719.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173040101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 2 #720.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020201304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 1 to 0 #721.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020001304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #722.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101024c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 77 #723.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #724.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304d3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb00300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 76 to 75 #725.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304b3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #726.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c0234310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 53 #727.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #728.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3035310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203300021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 52 to 51 #729.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3033310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #730.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034020b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 12 #731.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310c3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #732.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310c3009060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 11 to 10 #733.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310a3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #734.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b0209060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #735.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b300a060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #736.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b300a060355040613024e4c00310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #737.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3008060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #738.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009020355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #739.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060455040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #740.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060255040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 13 to 02 #741.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040602024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 3 #742.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613034e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 2 to 1 #743.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613014e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #744.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c020e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 15 #745.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #746.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310f300c060355040a0c05504b435337003115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 14 to 13 #747.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310d300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #748.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e020c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #749.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #750.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300d060355040a0c05504b435337003115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #751.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300b060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #752.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c020355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #753.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060455040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #754.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060255040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #755.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0205504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 6 #756.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c06504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 5 to 4 #757.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c04504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 31 to 02 #758.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353370215301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 22 #759.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 31 to contain one unaccounted extra byte #760.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373116301306035504030c0c504b4353372043657274203300021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 21 to 20 #761.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373114301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #762.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115021306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 20 #763.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #764.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301406035504030c0c504b4353372043657274203300021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 19 to 18 #765.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301206035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #766.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301302035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 4 #767.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306045504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 3 to 2 #768.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306025504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 0c to 02 #769.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b435337311530130603550403020c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 13 #770.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0d504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 12 to 11 #771.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0b504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 02 to 04 #772.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033041462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 21 #773.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021562477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 20 to 19 #774.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021362477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #775.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb020d06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #776.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300e06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #777.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300e0609608648016503040201050000300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #778.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300c06096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #779.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d02096086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #780.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d060a6086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #781.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06086086480165030402010500300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #782.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010200300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #783.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010501300d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 30 to 02 #784.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500020d06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 14 #785.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300e06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change contents of tag 30 to contain one unaccounted extra byte #786.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300e06092a864886f70d010101050000048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 13 to 12 #787.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300c06092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 06 to 02 #788.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d02092a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 10 #789.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d060a2a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 9 to 8 #790.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06082a864886f70d0101010500048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 05 to 02 #791.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010200048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 0 to 1 #792.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010501048201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change tag 04 to 02 #793.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500028201006d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" - -PKCS7 Parse Failure Invalid ASN1: Change length from 256 to 257 #794.0 -depends_on:PSA_WANT_ALG_SHA_256 -pkcs7_asn1_fail:"3082049d06092a864886f70d010702a082048e3082048a020101310f300d06096086480165030402010500300b06092a864886f70d0107013182046530820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b435337204365727420320214564d554025af599e327079b2720ef00df37cfb7c300d06096086480165030402010500300d06092a864886f70d010101050004820100046098dc5f2b99e3bc2ed6642d7f0a61efabc15c38c76333bccceeee369a4f4a5bdda8ea59264124e429f08632683ddba17bbf262d82b6befa3b4e1480376a8c7f3c7d7e2a6779bbf18262aa857de8c20a12b6a2ce8e4d7f31dd1b195392cf6185afce34afe05896057b36e9b171b6c67ed7c2286cbfa83ff8a167c7bc7109aee7d7e1909bd384fbfc61938efca51c8993c71db317730f16e7e776867ae4fdc562d6f15de585e7b94ef496a3676367a2cbaab7b636648b0076bad5cdf1e09740ec6a451bff534efa21509f3ba77b8101b91ea7e55ddbfe1401517067d7b01a2a0879f0885c894a87cfb68c4d7ee890604881aeb97c22d1f337ef923e035a640030820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742033021462477298759e8e04718ae563155f3523cfb84cdb300d06096086480165030402010500300d06092a864886f70d0101010500048201016d2cbb37fd12957e5a7480ce0435e8ef6077def08ff270844de2516a4742f211d8c74690bc0948e08a296abba9285f6bb305b95b7f9408ce44e83880c719444672ec99746ba78cc4bde475319d01bde77c49d58d16d3b2e91c2e61e8303ca3d7eda3797fd8b35ca72bb14b15a24b56bb70dc13484565808110ff5db58c56f7a0435607e3c352fbf4f55106f2980fd3cd42397dbf7137ee7f1e32cd80a3b7ab12b46c169220278d7717b78a3c45d6395a130a8b58841cbc290e4f817de3a4fe16ecd077ca33a0aa25e235cc7f6655a80ba8aeec87905bb2a75459b7bcc5a133f2993493b41ffcf63cd7a391e3e6f78094ca442c80144403cb0a5f00bfc61ae880" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function deleted file mode 100644 index 91e0e46ae3..0000000000 --- a/tests/suites/test_suite_pkcs7.function +++ /dev/null @@ -1,185 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/private/bignum.h" -#include "mbedtls/pkcs7.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#include "x509_internal.h" -#include "mbedtls/oid.h" -#include "sys/types.h" -#include "sys/stat.h" -#include "mbedtls/private/rsa.h" -#include "mbedtls/error.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PKCS7_C - * END_DEPENDENCIES - */ -/* BEGIN_SUITE_HELPERS */ -static int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) -{ - int res; - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init(&pkcs7); - res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); - mbedtls_pkcs7_free(&pkcs7); - return res; -} -/* END_SUITE_HELPERS */ - -/* BEGIN_CASE */ -void pkcs7_asn1_fail(data_t *pkcs7_buf) -{ - int res; - - /* PKCS7 uses X509 which itself relies on PK under the hood and the latter - * can use PSA to store keys and perform operations so psa_crypto_init() - * must be called before. */ - USE_PSA_INIT(); - - res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len); - TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA); - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse(char *pkcs7_file, int res_expect) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - /* PKCS7 uses X509 which itself relies on PK under the hood and the latter - * can use PSA to store keys and perform operations so psa_crypto_init() - * must be called before. */ - USE_PSA_INIT(); - - res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); - TEST_EQUAL(res, 0); - - res = pkcs7_parse_buffer(pkcs7_buf, buflen); - TEST_EQUAL(res, res_expect); - -exit: - mbedtls_free(pkcs7_buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify(char *pkcs7_file, - char *crt_files, - char *filetobesigned, - int do_hash_alg, - int res_expect) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen, i, k, cnt = 0, n_crts = 1; - unsigned char *data = NULL; - char **crt_files_arr = NULL; - unsigned char *hash = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - const mbedtls_md_info_t *md_info; - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt **crts = NULL; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init(&pkcs7); - - /* crt_files are space seprated list */ - for (i = 0; i < strlen(crt_files); i++) { - if (crt_files[i] == ' ') { - n_crts++; - } - } - - TEST_CALLOC(crts, n_crts); - TEST_CALLOC(crt_files_arr, n_crts); - - for (i = 0; i < strlen(crt_files); i++) { - for (k = i; k < strlen(crt_files); k++) { - if (crt_files[k] == ' ') { - break; - } - } - TEST_CALLOC(crt_files_arr[cnt], (k-i)+1); - crt_files_arr[cnt][k-i] = '\0'; - memcpy(crt_files_arr[cnt++], crt_files + i, k-i); - i = k; - } - - for (i = 0; i < n_crts; i++) { - TEST_CALLOC(crts[i], 1); - mbedtls_x509_crt_init(crts[i]); - } - - res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); - TEST_EQUAL(res, 0); - - res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen); - TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA); - - TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts); - - for (i = 0; i < n_crts; i++) { - res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]); - TEST_EQUAL(res, 0); - } - - res = stat(filetobesigned, &st); - TEST_EQUAL(res, 0); - - file = fopen(filetobesigned, "rb"); - TEST_ASSERT(file != NULL); - - datalen = st.st_size; - /* Special-case for zero-length input so that data will be non-NULL */ - TEST_CALLOC(data, datalen == 0 ? 1 : datalen); - buflen = fread((void *) data, sizeof(unsigned char), datalen, file); - TEST_EQUAL(buflen, datalen); - - fclose(file); - - if (do_hash_alg) { - md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg); - TEST_CALLOC(hash, mbedtls_md_get_size(md_info)); - res = mbedtls_md(md_info, data, datalen, hash); - TEST_EQUAL(res, 0); - - for (i = 0; i < n_crts; i++) { - res = - mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash, - mbedtls_md_get_size(md_info)); - TEST_EQUAL(res, res_expect); - } - } else { - for (i = 0; i < n_crts; i++) { - res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen); - TEST_EQUAL(res, res_expect); - } - } - -exit: - for (i = 0; i < n_crts; i++) { - mbedtls_x509_crt_free(crts[i]); - mbedtls_free(crts[i]); - mbedtls_free(crt_files_arr[i]); - } - mbedtls_free(hash); - mbedtls_pkcs7_free(&pkcs7); - mbedtls_free(crt_files_arr); - mbedtls_free(crts); - mbedtls_free(data); - mbedtls_free(pkcs7_buf); - USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data deleted file mode 100644 index fa61b0f435..0000000000 --- a/tests/suites/test_suite_ssl.data +++ /dev/null @@ -1,3366 +0,0 @@ -Attempt to register multiple PSKs -test_multiple_psks: - -Attempt to register multiple PSKS, incl. opaque PSK, #0 -test_multiple_psks_opaque:0 - -Attempt to register multiple PSKs, incl. opaque PSK, #1 -test_multiple_psks_opaque:1 - -Attempt to register multiple PSKs, incl. opaque PSK, #2 -test_multiple_psks_opaque:2 - -Test callback buffer sanity -test_callback_buffer_sanity: - -Callback buffer test: Exercise simple write/read -test_callback_buffer:50:25:25:25:25:0:0:0:0 - -Callback buffer test: Filling up the buffer -test_callback_buffer:50:50:50:50:50:0:0:0:0 - -Callback buffer test: Filling up the buffer in two steps -test_callback_buffer:50:20:20:0:0:30:30:50:50 - -Callback buffer test: Reading out the buffer in two steps -test_callback_buffer:50:50:50:30:30:0:0:20:20 - -Callback buffer test: Data wraps in buffer -test_callback_buffer:50:45:45:10:10:10:10:45:45 - -Callback buffer test: Data starts at the end -test_callback_buffer:50:50:50:49:49:10:10:11:11 - -Callback buffer test: Can write less than requested -test_callback_buffer:50:75:50:30:30:25:25:45:45 - -Callback buffer test: Can read less than requested -test_callback_buffer:50:25:25:30:25:5:5:5:5 - -Callback buffer test: Writing to full buffer -test_callback_buffer:50:50:50:0:0:10:0:60:50 - -Callback buffer test: Reading from empty buffer -test_callback_buffer:50:0:0:10:0:0:0:0:0 - -Test mock socket sanity -ssl_mock_sanity: - -Test mock blocking TCP connection -ssl_mock_tcp:1 - -Test mock non-blocking TCP connection -ssl_mock_tcp:0 - -Test mock blocking TCP connection (interleaving) -ssl_mock_tcp_interleaving:1 - -Test mock non-blocking TCP connection (interleaving) -ssl_mock_tcp_interleaving:0 - -Message queue - sanity -ssl_message_queue_sanity: - -Message queue - basic test -ssl_message_queue_basic: - -Message queue - overflow/underflow -ssl_message_queue_overflow_underflow: - -Message queue - interleaved -ssl_message_queue_interleaved: - -Message queue - insufficient buffer -ssl_message_queue_insufficient_buffer: - -Message transport mock - uninitialized structures -ssl_message_mock_uninitialized: - -Message transport mock - basic test -ssl_message_mock_basic: - -Message transport mock - queue overflow/underflow -ssl_message_mock_queue_overflow_underflow: - -Message transport mock - socket overflow -ssl_message_mock_socket_overflow: - -Message transport mock - truncated message -ssl_message_mock_truncated: - -Message transport mock - socket read error -ssl_message_mock_socket_read_error: - -Message transport mock - one-way interleaved sends/reads -ssl_message_mock_interleaved_one_way: - -Message transport mock - two-way interleaved sends/reads -ssl_message_mock_interleaved_two_ways: - -Test mbedtls_endpoint sanity for the client -mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_CLIENT - -Test mbedtls_endpoint sanity for the server -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER - -TLS 1.2:Move client handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.2:Move client handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.2:Move client handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.2:Move client handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.2:Move client handshake to SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 - -TLS 1.2:Move client handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.2:Move client handshake to SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO_DONE:1 - -TLS 1.2:Move client handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.2:Move client handshake to CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 - -TLS 1.2:Move client handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.2:Move client handshake to CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move client handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.2:Move client handshake to SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move client handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.2:Move client handshake to FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_FLUSH_BUFFERS:1 - -TLS 1.2:Move client handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.2:Move client handshake to HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_OVER:1 - -TLS 1.3:Move client handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.3:Move client handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.3:Move client handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.3:Move client handshake to ENCRYPTED_EXTENSIONS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 - -TLS 1.3:Move client handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.3:Move client handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.3:Move client handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.3:Move client handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.3:Move client handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.3:Move client handshake to CLIENT_CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 - -TLS 1.3:Move client handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.3:Move client handshake to FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_FLUSH_BUFFERS:1 - -TLS 1.3:Move client handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.3:Move client handshake to CLIENT_CCS_AFTER_SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:1 - -TLS 1.2:Move server handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.2:Move server handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.2:Move server handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.2:Move server handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.2:Move server handshake to SERVER_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 - -TLS 1.2:Move server handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.2:Move server handshake to SERVER_HELLO_DONE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO_DONE:1 - -TLS 1.2:Move server handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.2:Move server handshake to CLIENT_KEY_EXCHANGE -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 - -TLS 1.2:Move server handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.2:Move server handshake to CLIENT_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move server handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.2:Move server handshake to SERVER_CHANGE_CIPHER_SPEC -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 - -TLS 1.2:Move server handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.2:Move server handshake to FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_FLUSH_BUFFERS:1 - -TLS 1.2:Move server handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.2:Move server handshake to HANDSHAKE_OVER -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_HANDSHAKE_OVER:1 - -TLS 1.3:Move server handshake to HELLO_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HELLO_REQUEST:1 - -TLS 1.3:Move server handshake to CLIENT_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_HELLO:1 - -TLS 1.3:Move server handshake to SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_HELLO:1 - -TLS 1.3:Move server handshake to ENCRYPTED_EXTENSIONS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:1 - -TLS 1.3:Move server handshake to CERTIFICATE_REQUEST -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 - -TLS 1.3:Move server handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CERTIFICATE:1 - -TLS 1.3:Move server handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 - -TLS 1.3:Move server handshake to SERVER_CCS_AFTER_SERVER_HELLO -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:1 - -TLS 1.3:Move server handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_FINISHED:1 - -TLS 1.3:Move server handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_FINISHED:1 - -TLS 1.3:Move server handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 - -TLS 1.3:Move server handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 - -TLS 1.3:Move server handshake to CLIENT_CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 - -TLS 1.2:Negative test moving clients ssl to state: VERIFY_REQUEST_SENT -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:0 - -TLS 1.2:Negative test moving servers ssl to state: NEW_SESSION_TICKET -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_NEW_SESSION_TICKET:0 - -Handshake, tls1_2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 - -Handshake, tls1_3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 - -Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 - -Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:0 - -Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:0 - -Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 - -Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 - -DTLS Handshake, tls1_2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 - -DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 - -DTLS Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:1 - -DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:1 - -DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 - -DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 - -DTLS Handshake with serialization, tls1_2 -handshake_serialization - -DTLS Handshake fragmentation, MFL=512 -depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1 - -DTLS Handshake fragmentation, MFL=1024 -depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1 - -Handshake min/max version check, all -> 1.2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2 - -Handshake min/max version check, all -> 1.3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT -handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Sending app data via TLS, MFL=512 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 - -Sending app data via TLS, MFL=512 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:2:3 - -Sending app data via TLS, MFL=1024 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 - -Sending app data via TLS, MFL=1024 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:2:5 - -Sending app data via TLS, MFL=2048 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 - -Sending app data via TLS, MFL=2048 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:2:4 - -Sending app data via TLS, MFL=4096 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 - -Sending app data via TLS, MFL=4096 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:2:3 - -Sending app data via TLS without MFL and without fragmentation -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 - -Sending app data via TLS without MFL and with fragmentation -app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:2:7 - -Sending app data via DTLS, MFL=512 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 - -Sending app data via DTLS, MFL=512 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_512:513:1536:0:0 - -Sending app data via DTLS, MFL=1024 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1000:1024:1:1 - -Sending app data via DTLS, MFL=1024 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_1024:1025:5120:0:0 - -Sending app data via DTLS, MFL=2048 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2000:2048:1:1 - -Sending app data via DTLS, MFL=2048 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_2048:2049:8192:0:0 - -Sending app data via DTLS, MFL=4096 without fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4000:4096:1:1 - -Sending app data via DTLS, MFL=4096 with fragmentation -depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_4096:4097:12288:0:0 - -Sending app data via DTLS, without MFL and without fragmentation -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16001:16384:1:1 - -Sending app data via DTLS, without MFL and with fragmentation -app_data_dtls:MBEDTLS_SSL_MAX_FRAG_LEN_NONE:16385:100000:0:0 - -DTLS renegotiation: no legacy renegotiation -renegotiation:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION - -DTLS renegotiation: legacy renegotiation -renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION - -DTLS renegotiation: legacy break handshake -renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE - -DTLS serialization with MFL=512 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512 - -DTLS serialization with MFL=1024 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024 - -DTLS serialization with MFL=2048 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048 - -DTLS serialization with MFL=4096 -resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096 - -DTLS no legacy renegotiation with MFL=512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS no legacy renegotiation with MFL=1024 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS no legacy renegotiation with MFL=2048 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS no legacy renegotiation with MFL=4096 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=1024 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=2048 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy allow renegotiation with MFL=4096 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" - -DTLS legacy break handshake renegotiation with MFL=512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS legacy break handshake renegotiation with MFL=1024 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS legacy break handshake renegotiation with MFL=2048 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS legacy break handshake renegotiation with MFL=4096 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" - -DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" - -DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" - -SSL DTLS replay: initial state, seqnum 0 -ssl_dtls_replay:"":"000000000000":0 - -SSL DTLS replay: 0 seen, 1 arriving -ssl_dtls_replay:"000000000000":"000000000001":0 - -SSL DTLS replay: 0 seen, 0 replayed -ssl_dtls_replay:"000000000000":"000000000000":-1 - -SSL DTLS replay: 0-1 seen, 2 arriving -ssl_dtls_replay:"000000000000000000000001":"000000000002":0 - -SSL DTLS replay: 0-1 seen, 1 replayed -ssl_dtls_replay:"000000000000000000000001":"000000000001":-1 - -SSL DTLS replay: 0-1 seen, 0 replayed -ssl_dtls_replay:"000000000000000000000001":"000000000000":-1 - -SSL DTLS replay: new -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0 - -SSL DTLS replay: way new -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0 - -SSL DTLS replay: delayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0 - -SSL DTLS replay: last replayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1 - -SSL DTLS replay: older replayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1 - -SSL DTLS replay: most recent in window, replayed -ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1 - -SSL DTLS replay: oldest in window, replayed -ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1 - -SSL DTLS replay: oldest in window, not replayed -ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0 - -SSL DTLS replay: just out of the window -ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1 - -SSL DTLS replay: way out of the window -ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1 - -SSL DTLS replay: big jump then replay -ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1 - -SSL DTLS replay: big jump then new -ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0 - -SSL DTLS replay: big jump then just delayed -ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0 - -SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice -ssl_set_hostname_twice:"server0":"server1" - -SSL session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:1:0:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2 - -SSL session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:1:0:0:0:MBEDTLS_SSL_VERSION_TLS1_2 - -SSL session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:1:0:0:MBEDTLS_SSL_VERSION_TLS1_2 - -SSL session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_serialize_version_check:0:0:0:1:0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS -ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Test Session id & Ciphersuite accessors TLS 1.2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_session_id_accessors_check:MBEDTLS_SSL_VERSION_TLS1_2 - -Test Session id & Ciphersuite accessors TLS 1.3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_session_id_accessors_check:MBEDTLS_SSL_VERSION_TLS1_3 - -Record crypt, AES-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-192-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-192-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, AES-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, AES-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, CAMELLIA-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ChachaPoly -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, ChachaPoly, 1.3 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, ChachaPoly -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ChachaPoly, 1.3 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, ChachaPoly, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ChachaPoly, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_ALG_CHACHA20_POLY1305:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-192-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-GCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-192-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CCM, 1.3 -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 - -Record crypt, little space, AES-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, AES-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 - -Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM -ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -Record crypt, little space, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 - -SSL TLS 1.3 Key schedule: Secret evolution #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Initial secret to Early Secret -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_key_evolution:PSA_ALG_SHA_256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a" - -SSL TLS 1.3 Key schedule: Secret evolution #2 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Early secret to Handshake Secret -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_key_evolution:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a" - -SSL TLS 1.3 Key schedule: Secret evolution #3 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Handshake secret to Master Secret -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_key_evolution:PSA_ALG_SHA_256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Server handshake traffic secret -> Server traffic key -# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #2 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Server handshake traffic secret -> Server traffic IV -# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #3 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Client handshake traffic secret -> Client traffic key -# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #4 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Client handshake traffic secret -> Client traffic IV -# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) -# Vector from RFC 8448 -# Server handshake traffic secret -> Server traffic IV -# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) -# Vector from RFC 8448 -# Server handshake traffic secret -> Server traffic Key -# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) -# Vector from RFC 8448 -# Client handshake traffic secret -> Client traffic IV -# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) -# Vector from RFC 8448 -# Client handshake traffic secret -> Client traffic Key -# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448) -# Calculation of finished_key -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e" - -SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448) -# Calculation of resumption key -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_hkdf_expand_label:PSA_ALG_SHA_256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3" - -SSL TLS 1.3 Key schedule: Traffic key generation #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" - -SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448) -# Vector RFC 8448 -# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_traffic_key_generation:PSA_ALG_SHA_256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Derive-Secret( Early-Secret, "derived", "") -# Tests the case where context isn't yet hashed (empty string here, -# but still needs to be hashed) -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1 -# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) -# Derive-Secret( MasterSecret, "s ap traffic", hash) -# Tests the case where context is already hashed -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2 -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" - -SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" - -SSL TLS 1.3 Exporter -# Based on the "exp master" key from RFC 8448, expected result calculated with a HMAC-SHA256 calculator. -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_exporter:PSA_ALG_SHA_256:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4":"test":"context value":32:"83d0fac39f87c1b4fbcd261369f31149c535391a9199bd4c5daf89fe259c2e94" - -SSL TLS 1.3 Exporter, 0-byte label and context -# Expected output taken from OpenSSL. -depends_on:PSA_WANT_ALG_SHA_384 -ssl_tls13_exporter:PSA_ALG_SHA_384:"9f355772f34017927ecc81d16e653c7408f945e7f62dc632d3f59e6310ef49401e62a2e3be886e3f930d4bf6300ce30a":"":"":20:"18268580D7C6769194794A84B7A3EE35317DB88A" - -SSL TLS 1.3 Exporter, 249-byte label and 0-byte context -# Expected output taken from OpenSSL. -depends_on:PSA_WANT_ALG_SHA_384 -ssl_tls13_exporter:PSA_ALG_SHA_384:"c453aeae318ebae00617c430a0066cf586593a4b0150219107420798933cf9e6e4434337cccc2cae5429dc4f77401e39":"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678":"":20:"259531766AAA10FBAB6BF2D11D23264B321743D9" - -SSL TLS 1.3 Key schedule: Early secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_early_secrets:PSA_ALG_SHA_256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" - -SSL TLS 1.3 Key schedule: Handshake secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_handshake_secrets:PSA_ALG_SHA_256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" - -SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 -# - Server App Key: 0b6d22c8ff68097ea871c672073773bf -# - Server App IV: 1b13dd9f8d8f17091d34b349 -# - Client App Key: 49134b95328f279f0183860589ac6707 -# - Client App IV: bc4dd5f7b98acff85466261d -# - App data payload: 70696e67 -# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5 -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5" - -SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 -# - Server App Key: 0b6d22c8ff68097ea871c672073773bf -# - Server App IV: 1b13dd9f8d8f17091d34b349 -# - Client App Key: 49134b95328f279f0183860589ac6707 -# - Client App IV: bc4dd5f7b98acff85466261d -# - App data payload: 706f6e67 -# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7 -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7" - -SSL TLS 1.3 Record Encryption RFC 8448 Example #1 -# Application Data record sent by Client in 1-RTT example of RFC 8448, Section 3 -# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56 -# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84 -# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51 -# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9 -# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f -# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f -# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f -# 30 31 -# - Complete record: 17 03 03 00 43 a2 3f 70 54 b6 2c 94 d0 af fa fe -# 82 28 ba 55 cb ef ac ea 42 f9 14 aa 66 bc ab 3f -# 2b 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b -# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6 -# 3a ee bb 21 69 49 15 e4 -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4" - -SSL TLS 1.3 Record Encryption RFC 8448 Example #2 -# Application Data record sent by Server in 1-RTT example of RFC 8448, Section 3 -# - Server App Key: 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac 92 e3 56 -# - Server App IV: cf 78 2b 88 dd 83 54 9a ad f1 e9 84 -# - Client App Key: 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6 3f 50 51 -# - Client App IV: 5b 78 92 3d ee 08 57 90 33 e5 23 d9 -# - App data payload: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f -# 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f -# 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f -# 30 31 -# - Complete record: 17 03 03 00 43 2e 93 7e 11 ef 4a c7 40 e5 38 ad -# 36 00 5f c4 a4 69 32 fc 32 25 d0 5f 82 aa 1b 36 -# e3 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8 -# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54 -# 0d d0 32 e1 67 c2 95 5d -# - Padding used: No (== granularity 1) -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256 -ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d" - -SSL TLS 1.3 Key schedule: Application secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" - -SSL TLS 1.3 Key schedule: Resumption secrets derivation helper -# Vector from RFC 8448 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_tls13_derive_resumption_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" - -SSL TLS 1.3 Key schedule: PSK binder -# Vector from RFC 8448 -# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"' -# For all other data, see Section 4, 'construct a ClientHello handshake message:' -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_MONTGOMERY_255 -ssl_tls13_create_psk_binder:PSA_ALG_SHA_256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d" - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0 - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0 - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled -depends_on:!PSA_WANT_ALG_SHA_384 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled -depends_on:!PSA_WANT_ALG_SHA_256 -ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Session serialization, save-load: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: small ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save-load: large ticket, cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_load:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, save-load: no ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save-load: small ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save-load: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, save-load: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_load:1023:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Session serialization, load-save: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_save:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: small ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_save:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load-save: large ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_save:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, load-save: no ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load-save: small ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load-save: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, load-save -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_load_save:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Session serialization, save buffer size: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: small ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: large ticket, no cert -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: no ticket, cert -depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_save_buf_size:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: small ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_save_buf_size:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, save buffer size: large ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_save_buf_size:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, save buffer size: no ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save buffer size: small ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, save buffer size: large ticket -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, save buffer size -depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_serialize_session_save_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Session serialization, load buffer size: no ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_serialize_session_load_buf_size:0:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: small ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:42:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: large ticket, no cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:1023:"":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: no ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:0:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: small ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:42:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -Session serialization, load buffer size: large ticket, cert -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_FS_IO -ssl_serialize_session_load_buf_size:1023:"../framework/data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.3: CLI: Session serialization, load buffer size: no ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load buffer size: small ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:42:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: CLI: Session serialization, load buffer size: large ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C -ssl_serialize_session_load_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3: SRV: Session serialization, load buffer size -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C -ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 - -Test configuration of EC groups through mbedtls_ssl_conf_groups() -conf_group: - -Version config: valid client TLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: valid client DTLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: valid server TLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: valid server DTLS 1.2 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 - -Version config: invalid client TLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid client DTLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server TLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server DTLS 1.2 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid client TLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported client DTLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: valid server TLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported server DTLS 1.3 only -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: invalid client TLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid client DTLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server TLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid server DTLS 1.3 only -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid client hybrid TLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported client hybrid DTLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: valid server hybrid TLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:0 - -Version config: unsupported server hybrid DTLS 1.2/3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE - -Version config: valid client hybrid TLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid server hybrid TLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.2 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_2 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid client hybrid TLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported client hybrid DTLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: valid server hybrid TLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: unsupported server hybrid DTLS 1.2/3, no TLS 1.3 -depends_on:!MBEDTLS_SSL_PROTO_TLS1_3 -conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid minimum version -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:770:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_ERR_SSL_BAD_CONFIG - -Version config: invalid maximum version -conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:773:MBEDTLS_ERR_SSL_BAD_CONFIG - -Test accessor into timing_delay_context -timing_final_delay_accessor - -Sanity test cid functions -cid_sanity: - -Raw key agreement: nominal -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -raw_key_agreement_fail:0 - -Raw key agreement: bad server key -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -raw_key_agreement_fail:1 - -Force a bad session id length -force_bad_session_id_len - -Cookie parsing: nominal run -cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d00200000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_SSL_INTERNAL_ERROR - -Cookie parsing: cookie_len overflow -cookie_parsing:"16fefd000000000000000000ea010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727db97b7373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737373737db963":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: non-zero fragment offset -cookie_parsing:"16fefd00000000000000000032010000de000072000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d01730143":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: sid_len overflow -cookie_parsing:"16fefd00000000000000000032010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF730143":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: record too short -cookie_parsing:"16fefd0000000000000000002f010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727dFF":MBEDTLS_ERR_SSL_DECODE_ERROR - -Cookie parsing: one byte overread -cookie_parsing:"16fefd0000000000000000002F010000de000000000000011efefd7b7272727272727272727272727272727272727272727272727272727272727d0001":MBEDTLS_ERR_SSL_DECODE_ERROR - -TLS 1.3 srv Certificate msg - wrong vector lengths -tls13_server_certificate_msg_invalid_vector_len - -EC-JPAKE set password -depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -ssl_ecjpake_set_password:0 - -EC-JPAKE set opaque password -depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -ssl_ecjpake_set_password:1 - -Test Elliptic curves' info parsing -elliptic_curve_get_properties - -TLS 1.3 resume session with ticket -tls13_resume_session_with_ticket - -TLS 1.3 read early data, early data accepted -tls13_read_early_data:TEST_EARLY_DATA_ACCEPTED - -TLS 1.3 read early data, no early data indication -tls13_read_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT - -TLS 1.3 read early data, server rejects early data -tls13_read_early_data:TEST_EARLY_DATA_SERVER_REJECTS - -TLS 1.3 read early data, discard after HRR -tls13_read_early_data:TEST_EARLY_DATA_HRR - -TLS 1.3 cli, early data, same ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_SAME_ALPN - -TLS 1.3 cli, early data, different ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_DIFF_ALPN - -TLS 1.3 cli, early data, no initial ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_NO_INITIAL_ALPN - -TLS 1.3 cli, early data, no later ALPN -depends_on:MBEDTLS_SSL_ALPN -tls13_read_early_data:TEST_EARLY_DATA_NO_LATER_ALPN - -TLS 1.3 cli, early data state, early data accepted -tls13_cli_early_data_state:TEST_EARLY_DATA_ACCEPTED - -TLS 1.3 cli, early data state, no early data indication -tls13_cli_early_data_state:TEST_EARLY_DATA_NO_INDICATION_SENT - -TLS 1.3 cli, early data state, server rejects early data -tls13_cli_early_data_state:TEST_EARLY_DATA_SERVER_REJECTS - -TLS 1.3 cli, early data state, hello retry request -tls13_cli_early_data_state:TEST_EARLY_DATA_HRR - -TLS 1.3 write early data, early data accepted -tls13_write_early_data:TEST_EARLY_DATA_ACCEPTED - -TLS 1.3 write early data, no early data indication -tls13_write_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT - -TLS 1.3 write early data, server rejects early data -tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS - -TLS 1.3 write early data, hello retry request -tls13_write_early_data:TEST_EARLY_DATA_HRR - -TLS 1.3 cli, maximum early data size, default size -tls13_cli_max_early_data_size:-1 - -TLS 1.3 cli, maximum early data size, zero -tls13_cli_max_early_data_size:0 - -TLS 1.3 cli, maximum early data size, very small but not 0 -tls13_cli_max_early_data_size:3 - -TLS 1.3 cli, maximum early data size, 93 -tls13_cli_max_early_data_size:93 - -TLS 1.3 srv, max early data size, dflt, wsz=96 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:96 - -TLS 1.3 srv, max early data size, dflt, wsz=128 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:128 - -TLS 1.3 srv, max early data size, 3, wsz=2 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:2 - -TLS 1.3 srv, max early data size, 3, wsz=3 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:3 - -TLS 1.3 srv, max early data size, 98, wsz=23 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:23 - -TLS 1.3 srv, max early data size, 98, wsz=49 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:49 - -TLS 1.3 srv, max early data size, server rejects, dflt, wsz=128 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:-1:128 - -TLS 1.3 srv, max early data size, server rejects, 3, wsz=3 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3:3 - -TLS 1.3 srv, max early data size, server rejects, 98, wsz=49 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:98:49 - -TLS 1.3 srv, max early data size, HRR, dflt, wsz=128 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1:128 - -TLS 1.3 srv, max early data size, HRR, 3, wsz=3 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 - -TLS 1.3 srv, max early data size, HRR, 98, wsz=49 -tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 - -TLS 1.2 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:0 - -TLS 1.2 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 - -TLS 1.2 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:255 * 32:0 - -TLS 1.2 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.2 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_2 - -TLS 1.2 Keying Material Exporter: Context too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_2:24:251:UINT16_MAX + 1 - -TLS 1.2 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_2:1:MBEDTLS_SSL_SERVER_CERTIFICATE - -TLS 1.3 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:0 - -TLS 1.3 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 - -TLS 1.3 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 - -TLS 1.3 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_3 - -TLS 1.3 Keying Material Exporter: Uses length -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls13_exporter_uses_length - -TLS 1.3 Keying Material Exporter: Exported key too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1:20:20 - -TLS 1.3 Keying Material Exporter: Label too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10 - -TLS 1.3 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT -ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function deleted file mode 100644 index 5b6500898e..0000000000 --- a/tests/suites/test_suite_ssl.function +++ /dev/null @@ -1,5938 +0,0 @@ -/* BEGIN_HEADER */ -#include -#include -#include -#include -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include -#include -#include - -#include -#include - -#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } - -/* Mnemonics for the early data test scenarios */ -#define TEST_EARLY_DATA_ACCEPTED 0 -#define TEST_EARLY_DATA_NO_INDICATION_SENT 1 -#define TEST_EARLY_DATA_SERVER_REJECTS 2 -#define TEST_EARLY_DATA_HRR 3 -#define TEST_EARLY_DATA_SAME_ALPN 4 -#define TEST_EARLY_DATA_DIFF_ALPN 5 -#define TEST_EARLY_DATA_NO_INITIAL_ALPN 6 -#define TEST_EARLY_DATA_NO_LATER_ALPN 7 - -#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ - defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \ - defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) && \ - defined(PSA_HAVE_ALG_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS) -/* - * Test function to write early data for negative tests where - * mbedtls_ssl_write_early_data() cannot be used. - */ -static int write_early_data(mbedtls_ssl_context *ssl, - unsigned char *buf, size_t len) -{ - int ret = mbedtls_ssl_get_max_out_record_payload(ssl); - - TEST_ASSERT(ret > 0); - TEST_LE_U(len, (size_t) ret); - - ret = mbedtls_ssl_flush_output(ssl); - TEST_EQUAL(ret, 0); - TEST_EQUAL(ssl->out_left, 0); - - ssl->out_msglen = len; - ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; - if (len > 0) { - memcpy(ssl->out_msg, buf, len); - } - - ret = mbedtls_ssl_write_record(ssl, 1); - TEST_EQUAL(ret, 0); - - ret = len; - -exit: - return ret; -} -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(PSA_WANT_ECC_SECP_R1_384) && \ - defined(PSA_WANT_ALG_SHA_256) -/* - * Test function to perform a handshake using the mfl extension and with - * setting the resize buffer option. - */ -static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, - int serialize, int dtls, char *cipher) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.mfl = mfl; - options.cipher = cipher; - options.renegotiate = renegotiation; - options.legacy_renegotiation = legacy_renegotiation; - options.serialize = serialize; - options.dtls = dtls; - if (dtls) { - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - options.resize_buffers = 1; - - const mbedtls_ssl_ciphersuite_t *ciphersuite = - mbedtls_ssl_ciphersuite_from_string(cipher); - if (ciphersuite != NULL) { - options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); - } - - mbedtls_test_ssl_perform_handshake(&options); - - mbedtls_test_free_handshake_options(&options); -} - -#endif - -#if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305) -#define TEST_GCM_OR_CHACHAPOLY_ENABLED -#endif - -typedef enum { - RECOMBINE_NOMINAL, /* param: ignored */ - RECOMBINE_SPLIT_FIRST, /* param: offset of split (<=0 means from end) */ - RECOMBINE_TRUNCATE_FIRST, /* param: offset of truncation (<=0 means from end) */ - RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ - RECOMBINE_INSERT_RECORD, /* param: record type */ - RECOMBINE_COALESCE, /* param: number of records (INT_MAX=all) */ - RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ - RECOMBINE_COALESCE_SPLIT_BOTH_ENDS, /* param: offset, must be >0 */ -} recombine_records_instruction_t; - -/* Keep this in sync with the recombine_server_first_flight() - * See comment there. */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) && \ - defined(PSA_WANT_ECC_SECP_R1_384) && \ - defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \ - defined(PSA_WANT_ALG_ECDSA_ANY) - -/* Split the first record into two pieces of lengths offset and - * record_length-offset. If offset is zero or negative, count from the end of - * the record. */ -static int recombine_split_first_record(mbedtls_test_ssl_buffer *buf, - int offset) -{ - const size_t header_length = 5; - TEST_LE_U(header_length, buf->content_length); - size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); - - if (offset > 0) { - TEST_LE_S(offset, record_length); - } else { - TEST_LE_S(-offset, record_length); - offset = record_length + offset; - } - - /* Check that we have room to insert a record header */ - TEST_LE_U(buf->content_length + header_length, buf->capacity); - - /* Make room for a record header */ - size_t new_record_start = header_length + offset; - size_t new_content_start = new_record_start + header_length; - memmove(buf->buffer + new_content_start, - buf->buffer + new_record_start, - buf->content_length - new_record_start); - buf->content_length += header_length; - - /* Construct a header for the new record based on the existing one */ - memcpy(buf->buffer + new_record_start, buf->buffer, header_length); - MBEDTLS_PUT_UINT16_BE(record_length - offset, - buf->buffer, new_content_start - 2); - - /* Adjust the length of the first record */ - MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); - - return 0; - -exit: - return -1; -} - -/* Truncate the first record, keeping only the first offset bytes. - * If offset is zero or negative, count from the end of the record. - * Remove the subsequent records. - */ -static int recombine_truncate_first_record(mbedtls_test_ssl_buffer *buf, - int offset) -{ - const size_t header_length = 5; - TEST_LE_U(header_length, buf->content_length); - size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); - - if (offset > 0) { - TEST_LE_S(offset, record_length); - } else { - TEST_LE_S(-offset, record_length); - offset = record_length + offset; - } - - /* Adjust the length of the first record */ - MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); - - /* Wipe the rest */ - size_t truncated_end = header_length + offset; - memset(buf->buffer + truncated_end, '!', - buf->content_length - truncated_end); - buf->content_length = truncated_end; - - return 0; - -exit: - return -1; -} - -/* Insert a (dummy) record at the given offset. If offset is negative, - * count from the end of the first record. */ -static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, - int offset, - uint8_t inserted_record_type) -{ - const size_t header_length = 5; - TEST_LE_U(header_length, buf->content_length); - size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); - - if (offset >= 0) { - TEST_LE_S(offset, record_length); - } else { - TEST_LE_S(-offset, record_length); - offset = record_length + offset; - } - - uint8_t inserted_content[42] = { 0 }; - size_t inserted_content_length = 0; - switch (inserted_record_type) { - case MBEDTLS_SSL_MSG_ALERT: - inserted_content[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; - inserted_content[1] = MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION; - inserted_content_length = 2; - break; - case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: - inserted_content[0] = 0x01; - inserted_content_length = 1; - break; - case MBEDTLS_SSL_MSG_APPLICATION_DATA: - inserted_content_length = sizeof(inserted_content); - break; - default: - /* Leave the content empty */ - break; - } - - /* Check that we have room to insert two record headers plus the new - * content. */ - TEST_LE_U(buf->content_length + 2 * header_length + inserted_content_length, - buf->capacity); - - /* Make room for the inserted record and a record header for the fragment */ - size_t inserted_record_start = header_length + offset; - size_t inserted_content_start = inserted_record_start + header_length; - size_t tail_record_start = inserted_content_start + inserted_content_length; - size_t tail_content_start = tail_record_start + header_length; - memmove(buf->buffer + tail_content_start, - buf->buffer + inserted_record_start, - buf->content_length - inserted_record_start); - buf->content_length += 2 * header_length; - - /* Construct the inserted record based on the existing one */ - memcpy(buf->buffer + inserted_record_start, buf->buffer, header_length); - buf->buffer[inserted_record_start] = inserted_record_type; - MBEDTLS_PUT_UINT16_BE(inserted_content_length, - buf->buffer, inserted_content_start - 2); - memcpy(buf->buffer + inserted_content_start, - inserted_content, inserted_content_length); - - /* Construct header for the last fragment based on the existing one */ - memcpy(buf->buffer + tail_record_start, buf->buffer, header_length); - MBEDTLS_PUT_UINT16_BE(record_length - offset, - buf->buffer, tail_content_start - 2); - - /* Adjust the length of the first record */ - MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); - - return 0; - -exit: - return -1; -} - -/* Coalesce TLS handshake records. - * DTLS is not supported. - * Encrypted or authenticated handshake records are not supported. - * Assume the buffer content is a valid sequence of records. - * - * Coalesce only the first max records, or all the records if there are - * fewer than max. - * Return the number of coalesced records, or -1 on error. - */ -static int recombine_coalesce_handshake_records(mbedtls_test_ssl_buffer *buf, - int max) -{ - const size_t header_length = 5; - TEST_LE_U(header_length, buf->content_length); - if (buf->buffer[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { - return 0; - } - - size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); - TEST_LE_U(header_length + record_length, buf->content_length); - - int count; - for (count = 1; count < max; count++) { - size_t next_start = header_length + record_length; - if (next_start >= buf->content_length) { - /* We've already reached the last record. */ - break; - } - - TEST_LE_U(next_start + header_length, buf->content_length); - if (buf->buffer[next_start] != MBEDTLS_SSL_MSG_HANDSHAKE) { - /* There's another record, but it isn't a handshake record. */ - break; - } - size_t next_length = - MBEDTLS_GET_UINT16_BE(buf->buffer, next_start + header_length - 2); - TEST_LE_U(next_start + header_length + next_length, buf->content_length); - - /* Erase the next record header */ - memmove(buf->buffer + next_start, - buf->buffer + next_start + header_length, - buf->content_length - next_start); - buf->content_length -= header_length; - /* Update the first record length */ - record_length += next_length; - TEST_LE_U(record_length, 0xffff); - MBEDTLS_PUT_UINT16_BE(record_length, buf->buffer, header_length - 2); - } - - return count; - -exit: - return -1; -} - -static int recombine_records(mbedtls_test_ssl_endpoint *server, - recombine_records_instruction_t instruction, - int param) -{ - mbedtls_test_ssl_buffer *buf = server->socket.output; - int ret; - - /* buf is a circular buffer. For simplicity, this code assumes that - * the data is located at the beginning. This should be ok since - * this function is only meant to be used on the first flight - * emitted by a server. */ - TEST_EQUAL(buf->start, 0); - - switch (instruction) { - case RECOMBINE_NOMINAL: - break; - - case RECOMBINE_SPLIT_FIRST: - ret = recombine_split_first_record(buf, param); - TEST_LE_S(0, ret); - break; - - case RECOMBINE_TRUNCATE_FIRST: - ret = recombine_truncate_first_record(buf, param); - TEST_LE_S(0, ret); - break; - - case RECOMBINE_INSERT_EMPTY: - /* Insert an empty handshake record. */ - ret = recombine_insert_record(buf, param, MBEDTLS_SSL_MSG_HANDSHAKE); - TEST_LE_S(0, ret); - break; - - case RECOMBINE_INSERT_RECORD: - /* Insert an extra record at a position where splitting - * would be ok. */ - ret = recombine_insert_record(buf, 5, param); - TEST_LE_S(0, ret); - break; - - case RECOMBINE_COALESCE: - ret = recombine_coalesce_handshake_records(buf, param); - /* If param != INT_MAX, enforce that there were that many - * records to coalesce. In particular, 1 < param < INT_MAX - * ensures that library will see some coalesced records. */ - if (param == INT_MAX) { - TEST_LE_S(1, ret); - } else { - TEST_EQUAL(ret, param); - } - break; - - case RECOMBINE_COALESCE_SPLIT_ONCE: - ret = recombine_coalesce_handshake_records(buf, INT_MAX); - /* Require at least two coalesced records, otherwise this - * doesn't lead to a meaningful test (use - * RECOMBINE_SPLIT_FIRST instead). */ - TEST_LE_S(2, ret); - ret = recombine_split_first_record(buf, param); - TEST_LE_S(0, ret); - break; - - case RECOMBINE_COALESCE_SPLIT_BOTH_ENDS: - ret = recombine_coalesce_handshake_records(buf, INT_MAX); - /* Accept a single record, which will be split at both ends */ - TEST_LE_S(1, ret); - TEST_LE_S(1, param); - ret = recombine_split_first_record(buf, -param); - TEST_LE_S(0, ret); - ret = recombine_split_first_record(buf, param); - TEST_LE_S(0, ret); - break; - - default: - TEST_FAIL("Instructions not understood"); - } - - return 1; - -exit: - return 0; -} - -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED etc */ - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_SSL_TLS_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void test_callback_buffer_sanity() -{ - enum { MSGLEN = 10 }; - mbedtls_test_ssl_buffer buf; - mbedtls_test_ssl_buffer_init(&buf); - unsigned char input[MSGLEN]; - unsigned char output[MSGLEN]; - - USE_PSA_INIT(); - memset(input, 0, sizeof(input)); - - /* Make sure calling put and get on NULL buffer results in error. */ - TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)), -1); - TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)), -1); - TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)), -1); - - TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, 0), -1); - TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, NULL, 0), -1); - - /* Make sure calling put and get on a buffer that hasn't been set up results - * in error. */ - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), -1); - TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)), -1); - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1); - - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), -1); - TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), -1); - - /* Make sure calling put and get on NULL input only results in - * error if the length is not zero, and that a NULL output is valid for data - * dropping. - */ - - TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)), 0); - - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1); - TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)), 0); - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), 0); - TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), 0); - - /* Make sure calling put several times in the row is safe */ - - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), sizeof(input)); - TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, 2), 2); - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 1); - TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 0); - - -exit: - mbedtls_test_ssl_buffer_free(&buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is - * correct and works as expected. - * - * That is - * - If we try to put in \p put1 bytes then we can put in \p put1_ret bytes. - * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. - * - Next, if we try to put in \p put1 bytes then we can put in \p put1_ret - * bytes. - * - Afterwards if we try to get \p get1 bytes then we can get \get1_ret bytes. - * - All of the bytes we got match the bytes we put in in a FIFO manner. - */ - -/* BEGIN_CASE */ -void test_callback_buffer(int size, int put1, int put1_ret, - int get1, int get1_ret, int put2, int put2_ret, - int get2, int get2_ret) -{ - enum { ROUNDS = 2 }; - size_t put[ROUNDS]; - int put_ret[ROUNDS]; - size_t get[ROUNDS]; - int get_ret[ROUNDS]; - mbedtls_test_ssl_buffer buf; - unsigned char *input = NULL; - size_t input_len; - unsigned char *output = NULL; - size_t output_len; - size_t i, j, written, read; - - mbedtls_test_ssl_buffer_init(&buf); - USE_PSA_INIT(); - TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, size), 0); - - /* Check the sanity of input parameters and initialise local variables. That - * is, ensure that the amount of data is not negative and that we are not - * expecting more to put or get than we actually asked for. */ - TEST_ASSERT(put1 >= 0); - put[0] = put1; - put_ret[0] = put1_ret; - TEST_ASSERT(put1_ret <= put1); - TEST_ASSERT(put2 >= 0); - put[1] = put2; - put_ret[1] = put2_ret; - TEST_ASSERT(put2_ret <= put2); - - TEST_ASSERT(get1 >= 0); - get[0] = get1; - get_ret[0] = get1_ret; - TEST_ASSERT(get1_ret <= get1); - TEST_ASSERT(get2 >= 0); - get[1] = get2; - get_ret[1] = get2_ret; - TEST_ASSERT(get2_ret <= get2); - - input_len = 0; - /* Calculate actual input and output lengths */ - for (j = 0; j < ROUNDS; j++) { - if (put_ret[j] > 0) { - input_len += put_ret[j]; - } - } - /* In order to always have a valid pointer we always allocate at least 1 - * byte. */ - if (input_len == 0) { - input_len = 1; - } - TEST_CALLOC(input, input_len); - - output_len = 0; - for (j = 0; j < ROUNDS; j++) { - if (get_ret[j] > 0) { - output_len += get_ret[j]; - } - } - TEST_ASSERT(output_len <= input_len); - /* In order to always have a valid pointer we always allocate at least 1 - * byte. */ - if (output_len == 0) { - output_len = 1; - } - TEST_CALLOC(output, output_len); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < input_len; i++) { - input[i] = i & 0xFF; - } - - written = read = 0; - for (j = 0; j < ROUNDS; j++) { - TEST_EQUAL(put_ret[j], mbedtls_test_ssl_buffer_put(&buf, - input + written, put[j])); - written += put_ret[j]; - TEST_EQUAL(get_ret[j], mbedtls_test_ssl_buffer_get(&buf, - output + read, get[j])); - read += get_ret[j]; - TEST_ASSERT(read <= written); - if (get_ret[j] > 0) { - TEST_EQUAL(memcmp(output + read - get_ret[j], - input + read - get_ret[j], get_ret[j]), 0); - } - } - -exit: - mbedtls_free(input); - mbedtls_free(output); - mbedtls_test_ssl_buffer_free(&buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_mock_socket` related - * I/O functions is correct and works as expected on unconnected sockets. - */ - -/* BEGIN_CASE */ -void ssl_mock_sanity() -{ - enum { MSGLEN = 105 }; - unsigned char message[MSGLEN] = { 0 }; - unsigned char received[MSGLEN] = { 0 }; - mbedtls_test_mock_socket socket; - - mbedtls_test_mock_socket_init(&socket); - USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - mbedtls_test_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - - mbedtls_test_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - mbedtls_test_mock_socket_init(&socket); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0); - mbedtls_test_mock_socket_close(&socket); - -exit: - mbedtls_test_mock_socket_close(&socket); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_mock_socket` related functions - * can send a single message from the client to the server. - */ - -/* BEGIN_CASE */ -void ssl_mock_tcp(int blocking) -{ - enum { MSGLEN = 105 }; - enum { BUFLEN = MSGLEN / 5 }; - unsigned char message[MSGLEN]; - unsigned char received[MSGLEN]; - mbedtls_test_mock_socket client; - mbedtls_test_mock_socket server; - size_t written, read; - int send_ret, recv_ret; - mbedtls_ssl_send_t *send; - mbedtls_ssl_recv_t *recv; - unsigned i; - - if (blocking == 0) { - send = mbedtls_test_mock_tcp_send_nb; - recv = mbedtls_test_mock_tcp_recv_nb; - } else { - send = mbedtls_test_mock_tcp_send_b; - recv = mbedtls_test_mock_tcp_recv_b; - } - - mbedtls_test_mock_socket_init(&client); - mbedtls_test_mock_socket_init(&server); - USE_PSA_INIT(); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - - /* Make sure that sending a message takes a few iterations. */ - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); - - /* Send the message to the server */ - send_ret = recv_ret = 1; - written = read = 0; - while (send_ret != 0 || recv_ret != 0) { - send_ret = send(&client, message + written, MSGLEN - written); - - TEST_ASSERT(send_ret >= 0); - TEST_ASSERT(send_ret <= BUFLEN); - written += send_ret; - - /* If the buffer is full we can test blocking and non-blocking send */ - if (send_ret == BUFLEN) { - int blocking_ret = send(&client, message, 1); - if (blocking) { - TEST_EQUAL(blocking_ret, 0); - } else { - TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE); - } - } - - recv_ret = recv(&server, received + read, MSGLEN - read); - - /* The result depends on whether any data was sent */ - if (send_ret > 0) { - TEST_ASSERT(recv_ret > 0); - TEST_ASSERT(recv_ret <= BUFLEN); - read += recv_ret; - } else if (blocking) { - TEST_EQUAL(recv_ret, 0); - } else { - TEST_EQUAL(recv_ret, MBEDTLS_ERR_SSL_WANT_READ); - recv_ret = 0; - } - - /* If the buffer is empty we can test blocking and non-blocking read */ - if (recv_ret == BUFLEN) { - int blocking_ret = recv(&server, received, 1); - if (blocking) { - TEST_EQUAL(blocking_ret, 0); - } else { - TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ); - } - } - } - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - -exit: - mbedtls_test_mock_socket_close(&client); - mbedtls_test_mock_socket_close(&server); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* - * Test if the implementation of `mbedtls_test_mock_socket` related functions - * can send messages in both direction at the same time (with the I/O calls - * interleaving). - */ - -/* BEGIN_CASE */ -void ssl_mock_tcp_interleaving(int blocking) -{ - enum { ROUNDS = 2 }; - enum { MSGLEN = 105 }; - enum { BUFLEN = MSGLEN / 5 }; - unsigned char message[ROUNDS][MSGLEN]; - unsigned char received[ROUNDS][MSGLEN]; - mbedtls_test_mock_socket client; - mbedtls_test_mock_socket server; - size_t written[ROUNDS]; - size_t read[ROUNDS]; - int send_ret[ROUNDS]; - int recv_ret[ROUNDS]; - unsigned i, j, progress; - mbedtls_ssl_send_t *send; - mbedtls_ssl_recv_t *recv; - - if (blocking == 0) { - send = mbedtls_test_mock_tcp_send_nb; - recv = mbedtls_test_mock_tcp_recv_nb; - } else { - send = mbedtls_test_mock_tcp_send_b; - recv = mbedtls_test_mock_tcp_recv_b; - } - - mbedtls_test_mock_socket_init(&client); - mbedtls_test_mock_socket_init(&server); - USE_PSA_INIT(); - - /* Fill up the buffers with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < ROUNDS; i++) { - for (j = 0; j < MSGLEN; j++) { - message[i][j] = (i * MSGLEN + j) & 0xFF; - } - } - - /* Make sure that sending a message takes a few iterations. */ - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); - - /* Send the message from both sides, interleaving. */ - progress = 1; - for (i = 0; i < ROUNDS; i++) { - written[i] = 0; - read[i] = 0; - } - /* This loop does not stop as long as there was a successful write or read - * of at least one byte on either side. */ - while (progress != 0) { - mbedtls_test_mock_socket *socket; - - for (i = 0; i < ROUNDS; i++) { - /* First sending is from the client */ - socket = (i % 2 == 0) ? (&client) : (&server); - - send_ret[i] = send(socket, message[i] + written[i], - MSGLEN - written[i]); - TEST_ASSERT(send_ret[i] >= 0); - TEST_ASSERT(send_ret[i] <= BUFLEN); - written[i] += send_ret[i]; - - /* If the buffer is full we can test blocking and non-blocking - * send */ - if (send_ret[i] == BUFLEN) { - int blocking_ret = send(socket, message[i], 1); - if (blocking) { - TEST_EQUAL(blocking_ret, 0); - } else { - TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE); - } - } - } - - for (i = 0; i < ROUNDS; i++) { - /* First receiving is from the server */ - socket = (i % 2 == 0) ? (&server) : (&client); - - recv_ret[i] = recv(socket, received[i] + read[i], - MSGLEN - read[i]); - - /* The result depends on whether any data was sent */ - if (send_ret[i] > 0) { - TEST_ASSERT(recv_ret[i] > 0); - TEST_ASSERT(recv_ret[i] <= BUFLEN); - read[i] += recv_ret[i]; - } else if (blocking) { - TEST_EQUAL(recv_ret[i], 0); - } else { - TEST_EQUAL(recv_ret[i], MBEDTLS_ERR_SSL_WANT_READ); - recv_ret[i] = 0; - } - - /* If the buffer is empty we can test blocking and non-blocking - * read */ - if (recv_ret[i] == BUFLEN) { - int blocking_ret = recv(socket, received[i], 1); - if (blocking) { - TEST_EQUAL(blocking_ret, 0); - } else { - TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ); - } - } - } - - progress = 0; - for (i = 0; i < ROUNDS; i++) { - progress += send_ret[i] + recv_ret[i]; - } - } - - for (i = 0; i < ROUNDS; i++) { - TEST_EQUAL(memcmp(message[i], received[i], MSGLEN), 0); - } - -exit: - mbedtls_test_mock_socket_close(&client); - mbedtls_test_mock_socket_close(&server); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_sanity() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - /* Trying to push/pull to an empty queue */ - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(NULL, 1), - MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(NULL, 1), - MBEDTLS_TEST_ERROR_ARG_NULL); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); - TEST_EQUAL(queue.capacity, 3); - TEST_EQUAL(queue.num, 0); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_basic() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); - - /* Sanity test - 3 pushes and 3 pops with sufficient space */ - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - TEST_EQUAL(queue.capacity, 3); - TEST_EQUAL(queue.num, 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - TEST_EQUAL(queue.capacity, 3); - TEST_EQUAL(queue.num, 2); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); - TEST_EQUAL(queue.capacity, 3); - TEST_EQUAL(queue.num, 3); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_overflow_underflow() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); - - /* 4 pushes (last one with an error), 4 pops (last one with an error) */ - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3), - MBEDTLS_ERR_SSL_WANT_WRITE); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), - MBEDTLS_ERR_SSL_WANT_READ); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_interleaved() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - - USE_PSA_INIT(); - TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); - - /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops - * (to wrap around the buffer) */ - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3), 3); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 5), 5); - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 8), 8); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 3), 3); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 5), 5); - - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 8), 8); - -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_queue_insufficient_buffer() -{ - mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; - size_t message_len = 10; - size_t buffer_len = 5; - - USE_PSA_INIT(); - TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 1), 0); - - /* Popping without a sufficient buffer */ - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, message_len), - (int) message_len); - TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len), - (int) buffer_len); -exit: - mbedtls_test_ssl_message_queue_free(&queue); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_uninitialized() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN] = { 0 }, received[MSGLEN]; - mbedtls_test_mock_socket client, server; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - - USE_PSA_INIT(); - /* Send with a NULL context */ - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN), - MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN), - MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context), 0); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), - MBEDTLS_TEST_ERROR_SEND_FAILED); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MBEDTLS_ERR_SSL_WANT_READ); - - /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&server_queue, - MSGLEN), - MSGLEN); - - /* Test if there's an error when trying to read from a disconnected - * socket */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MBEDTLS_TEST_ERROR_RECV_FAILED); -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_basic() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context), 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); - - /* Send the message to the server */ - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), MSGLEN); - - /* Read from the server */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - memset(received, 0, MSGLEN); - - /* Send the message to the client */ - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN), - MSGLEN); - - /* Read from the client */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN), - MSGLEN); - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_queue_overflow_underflow() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context), 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*2)); - - /* Send three message to the server, last one with an error */ - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1), - MSGLEN - 1); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), - MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), - MBEDTLS_ERR_SSL_WANT_WRITE); - - /* Read three messages from the server, last one with an error */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1), - MSGLEN - 1); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MBEDTLS_ERR_SSL_WANT_READ); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_socket_overflow() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context), 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); - - /* Send two message to the server, second one with an error */ - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), - MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), - MBEDTLS_TEST_ERROR_SEND_FAILED); - - /* Read the only message from the server */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_truncated() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context), 0); - - memset(received, 0, MSGLEN); - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - 2 * MSGLEN)); - - /* Send two messages to the server, the second one small enough to fit in the - * receiver's buffer. */ - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), - MSGLEN); - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2), - MSGLEN / 2); - /* Read a truncated message from the server */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2), - MSGLEN/2); - - /* Test that the first half of the message is valid, and second one isn't */ - TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0); - TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2) - != 0); - memset(received, 0, MSGLEN); - - /* Read a full message from the server */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2), - MSGLEN / 2); - - /* Test that the first half of the message is valid */ - TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_socket_read_error() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context), 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), - MSGLEN); - - /* Force a read error by disconnecting the socket by hand */ - server.status = 0; - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MBEDTLS_TEST_ERROR_RECV_FAILED); - /* Return to a valid state */ - server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; - - memset(received, 0, sizeof(received)); - - /* Test that even though the server tried to read once disconnected, the - * continuity is preserved */ - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_interleaved_one_way() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context), 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); - - /* Interleaved test - [2 sends, 1 read] twice, and then two reads - * (to wrap around the buffer) */ - for (i = 0; i < 2; i++) { - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), MSGLEN); - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - memset(received, 0, sizeof(received)); - } - - for (i = 0; i < 2; i++) { - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - } - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MBEDTLS_ERR_SSL_WANT_READ); -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_message_mock_interleaved_two_ways() -{ - enum { MSGLEN = 10 }; - unsigned char message[MSGLEN], received[MSGLEN]; - mbedtls_test_mock_socket client, server; - unsigned i; - mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context), 0); - - TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context), 0); - - /* Fill up the buffer with structured data so that unwanted changes - * can be detected */ - for (i = 0; i < MSGLEN; i++) { - message[i] = i & 0xFF; - } - TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); - - /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads - * (to wrap around the buffer) both ways. */ - for (i = 0; i < 2; i++) { - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN), MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN), MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN), MSGLEN); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - - memset(received, 0, sizeof(received)); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN), MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - - memset(received, 0, sizeof(received)); - } - - for (i = 0; i < 2; i++) { - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - memset(received, 0, sizeof(received)); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN), MSGLEN); - - TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - memset(received, 0, sizeof(received)); - } - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN), - MBEDTLS_ERR_SSL_WANT_READ); - - TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN), - MBEDTLS_ERR_SSL_WANT_READ); -exit: - mbedtls_test_message_socket_close(&server_context); - mbedtls_test_message_socket_close(&client_context); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */ -void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) -{ - uint32_t len = 0; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT), 0); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); - - /* Read previous record numbers */ - for (len = 0; len < prevs->len; len += 6) { - memcpy(ssl.in_ctr + 2, prevs->x + len, 6); - mbedtls_ssl_dtls_replay_update(&ssl); - } - - /* Check new number */ - memcpy(ssl.in_ctr + 2, new->x, 6); - TEST_EQUAL(mbedtls_ssl_dtls_replay_check(&ssl), ret); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -void ssl_set_hostname_twice(char *input_hostname0, char *input_hostname1) -{ - const char *output_hostname; - mbedtls_ssl_context ssl; - - mbedtls_ssl_init(&ssl); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname0), 0); - output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_EQUAL(strcmp(input_hostname0, output_hostname), 0); - - TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname1), 0); - output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_EQUAL(strcmp(input_hostname1, output_hostname), 0); - -exit: - mbedtls_ssl_free(&ssl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_crypt_record(int cipher_type, int hash_id, - int etm, int tag_mode, int ver, - int cid0_len, int cid1_len) -{ - /* - * Test several record encryptions and decryptions - * with plenty of space before and after the data - * within the record buffer. - */ - - int ret; - int num_records = 16; - mbedtls_ssl_context ssl; /* ONLY for debugging */ - - mbedtls_ssl_transform t0, t1; - unsigned char *buf = NULL; - size_t const buflen = 512; - mbedtls_record rec, rec_backup; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len); - - TEST_EQUAL(ret, 0); - - TEST_CALLOC(buf, buflen); - - while (num_records-- > 0) { - mbedtls_ssl_transform *t_dec, *t_enc; - /* Take turns in who's sending and who's receiving. */ - if (num_records % 3 == 0) { - t_dec = &t0; - t_enc = &t1; - } else { - t_dec = &t1; - t_enc = &t0; - } - - /* - * The record header affects the transformation in two ways: - * 1) It determines the AEAD additional data - * 2) The record counter sometimes determines the IV. - * - * Apart from that, the fields don't have influence. - * In particular, it is currently not the responsibility - * of ssl_encrypt/decrypt_buf to check if the transform - * version matches the record version, or that the - * type is sensible. - */ - - memset(rec.ctr, num_records, sizeof(rec.ctr)); - rec.type = 42; - rec.ver[0] = num_records; - rec.ver[1] = num_records; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - rec.buf = buf; - rec.buf_len = buflen; - rec.data_offset = 16; - /* Make sure to vary the length to exercise different - * paddings. */ - rec.data_len = 1 + num_records; - - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Make a copy for later comparison */ - rec_backup = rec; - - /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - if (ret != 0) { - continue; - } - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec.cid_len != 0) { - /* DTLS 1.2 + CID hides the real content type and - * uses a special CID content type in the protected - * record. Double-check this. */ - TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* TLS 1.3 hides the real content type and - * always uses Application Data as the content type - * for protected records. Double-check this. */ - TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* Decrypt record with t_dec */ - ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec); - TEST_EQUAL(ret, 0); - - /* Compare results */ - TEST_EQUAL(rec.type, rec_backup.type); - TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0); - TEST_EQUAL(rec.ver[0], rec_backup.ver[0]); - TEST_EQUAL(rec.ver[1], rec_backup.ver[1]); - TEST_EQUAL(rec.data_len, rec_backup.data_len); - TEST_EQUAL(rec.data_offset, rec_backup.data_offset); - TEST_EQUAL(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len), 0); - } - -exit: - - /* Cleanup */ - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - - mbedtls_free(buf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_crypt_record_small(int cipher_type, int hash_id, - int etm, int tag_mode, int ver, - int cid0_len, int cid1_len) -{ - /* - * Test pairs of encryption and decryption with an increasing - * amount of space in the record buffer - in more detail: - * 1) Try to encrypt with 0, 1, 2, ... bytes available - * in front of the plaintext, and expect the encryption - * to succeed starting from some offset. Always keep - * enough space in the end of the buffer. - * 2) Try to encrypt with 0, 1, 2, ... bytes available - * at the end of the plaintext, and expect the encryption - * to succeed starting from some offset. Always keep - * enough space at the beginning of the buffer. - * 3) Try to encrypt with 0, 1, 2, ... bytes available - * both at the front and end of the plaintext, - * and expect the encryption to succeed starting from - * some offset. - * - * If encryption succeeds, check that decryption succeeds - * and yields the original record. - */ - - mbedtls_ssl_context ssl; /* ONLY for debugging */ - - mbedtls_ssl_transform t0, t1; - unsigned char *buf = NULL; - size_t const buflen = 256; - mbedtls_record rec, rec_backup; - - int ret; - int mode; /* Mode 1, 2 or 3 as explained above */ - size_t offset; /* Available space at beginning/end/both */ - size_t threshold = 96; /* Maximum offset to test against */ - - size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */ - size_t default_post_padding = 128; /* Post-padding to use in mode 1 */ - - int seen_success; /* Indicates if in the current mode we've - * already seen a successful test. */ - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - etm, tag_mode, ver, - (size_t) cid0_len, - (size_t) cid1_len); - - TEST_EQUAL(ret, 0); - - TEST_CALLOC(buf, buflen); - - for (mode = 1; mode <= 3; mode++) { - seen_success = 0; - for (offset = 0; offset <= threshold; offset++) { - mbedtls_ssl_transform *t_dec, *t_enc; - t_dec = &t0; - t_enc = &t1; - - memset(rec.ctr, offset, sizeof(rec.ctr)); - rec.type = 42; - rec.ver[0] = offset; - rec.ver[1] = offset; - rec.buf = buf; - rec.buf_len = buflen; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - switch (mode) { - case 1: /* Space in the beginning */ - rec.data_offset = offset; - rec.data_len = buflen - offset - default_post_padding; - break; - - case 2: /* Space in the end */ - rec.data_offset = default_pre_padding; - rec.data_len = buflen - default_pre_padding - offset; - break; - - case 3: /* Space in the beginning and end */ - rec.data_offset = offset; - rec.data_len = buflen - 2 * offset; - break; - - default: - TEST_ASSERT(0); - break; - } - - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Make a copy for later comparison */ - rec_backup = rec; - - /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); - - if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { - /* It's ok if the output buffer is too small. We do insist - * on at least one mode succeeding; this is tracked by - * seen_success. */ - continue; - } - - TEST_EQUAL(ret, 0); - seen_success = 1; - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec.cid_len != 0) { - /* DTLS 1.2 + CID hides the real content type and - * uses a special CID content type in the protected - * record. Double-check this. */ - TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (t_enc->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* TLS 1.3 hides the real content type and - * always uses Application Data as the content type - * for protected records. Double-check this. */ - TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - - /* Decrypt record with t_dec */ - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec), 0); - - /* Compare results */ - TEST_EQUAL(rec.type, rec_backup.type); - TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0); - TEST_EQUAL(rec.ver[0], rec_backup.ver[0]); - TEST_EQUAL(rec.ver[1], rec_backup.ver[1]); - TEST_EQUAL(rec.data_len, rec_backup.data_len); - TEST_EQUAL(rec.data_offset, rec_backup.data_offset); - TEST_EQUAL(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len), 0); - } - - TEST_EQUAL(seen_success, 1); - } - -exit: - - /* Cleanup */ - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - - mbedtls_free(buf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_hkdf_expand_label(int hash_alg, - data_t *secret, - int label_idx, - data_t *ctx, - int desired_length, - data_t *expected) -{ - unsigned char dst[100]; - - unsigned char const *lbl = NULL; - size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - if (label_idx == (int) tls13_label_ ## name) \ - { \ - lbl = mbedtls_ssl_tls13_labels.name; \ - lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ - } - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL - TEST_ASSERT(lbl != NULL); - - /* Check sanity of test parameters. */ - TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_EQUAL((size_t) desired_length, expected->len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_hkdf_expand_label( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - dst, desired_length), 0); - - TEST_MEMORY_COMPARE(dst, (size_t) desired_length, - expected->x, (size_t) expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_traffic_key_generation(int hash_alg, - data_t *server_secret, - data_t *client_secret, - int desired_iv_len, - int desired_key_len, - data_t *expected_server_write_key, - data_t *expected_server_write_iv, - data_t *expected_client_write_key, - data_t *expected_client_write_iv) -{ - mbedtls_ssl_key_set keys; - - /* Check sanity of test parameters. */ - TEST_EQUAL(client_secret->len, server_secret->len); - TEST_ASSERT( - expected_client_write_iv->len == expected_server_write_iv->len && - expected_client_write_iv->len == (size_t) desired_iv_len); - TEST_ASSERT( - expected_client_write_key->len == expected_server_write_key->len && - expected_client_write_key->len == (size_t) desired_key_len); - - PSA_INIT(); - - TEST_ASSERT(mbedtls_ssl_tls13_make_traffic_keys( - (psa_algorithm_t) hash_alg, - client_secret->x, - server_secret->x, - client_secret->len /* == server_secret->len */, - desired_key_len, desired_iv_len, - &keys) == 0); - - TEST_MEMORY_COMPARE(keys.client_write_key, - keys.key_len, - expected_client_write_key->x, - (size_t) desired_key_len); - TEST_MEMORY_COMPARE(keys.server_write_key, - keys.key_len, - expected_server_write_key->x, - (size_t) desired_key_len); - TEST_MEMORY_COMPARE(keys.client_write_iv, - keys.iv_len, - expected_client_write_iv->x, - (size_t) desired_iv_len); - TEST_MEMORY_COMPARE(keys.server_write_iv, - keys.iv_len, - expected_server_write_iv->x, - (size_t) desired_iv_len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_secret(int hash_alg, - data_t *secret, - int label_idx, - data_t *ctx, - int desired_length, - int already_hashed, - data_t *expected) -{ - unsigned char dst[100]; - - unsigned char const *lbl = NULL; - size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - if (label_idx == (int) tls13_label_ ## name) \ - { \ - lbl = mbedtls_ssl_tls13_labels.name; \ - lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ - } - MBEDTLS_SSL_TLS1_3_LABEL_LIST -#undef MBEDTLS_SSL_TLS1_3_LABEL - TEST_ASSERT(lbl != NULL); - - /* Check sanity of test parameters. */ - TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_EQUAL((size_t) desired_length, expected->len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_derive_secret( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - already_hashed, - dst, desired_length), 0); - - TEST_MEMORY_COMPARE(dst, desired_length, - expected->x, desired_length); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ -void ssl_tls13_exporter(int hash_alg, - data_t *secret, - char *label, - char *context_value, - int desired_length, - data_t *expected) -{ - unsigned char dst[100]; - - /* Check sanity of test parameters. */ - TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_EQUAL((size_t) desired_length, expected->len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_exporter( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - (unsigned char *) label, strlen(label), - (unsigned char *) context_value, strlen(context_value), - dst, desired_length), 0); - - TEST_MEMORY_COMPARE(dst, desired_length, - expected->x, desired_length); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_early_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *traffic_expected, - data_t *exporter_expected) -{ - mbedtls_ssl_tls13_early_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - traffic_expected->len == hash_len && - exporter_expected->len == hash_len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_derive_early_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets), 0); - - TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len, - traffic_expected->x, traffic_expected->len); - TEST_MEMORY_COMPARE(secrets.early_exporter_master_secret, hash_len, - exporter_expected->x, exporter_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_handshake_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *client_expected, - data_t *server_expected) -{ - mbedtls_ssl_tls13_handshake_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - client_expected->len == hash_len && - server_expected->len == hash_len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_derive_handshake_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets), 0); - - TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len, - client_expected->x, client_expected->len); - TEST_MEMORY_COMPARE(secrets.server_handshake_traffic_secret, hash_len, - server_expected->x, server_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_application_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *client_expected, - data_t *server_expected, - data_t *exporter_expected) -{ - mbedtls_ssl_tls13_application_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - client_expected->len == hash_len && - server_expected->len == hash_len && - exporter_expected->len == hash_len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_derive_application_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets), 0); - - TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len, - client_expected->x, client_expected->len); - TEST_MEMORY_COMPARE(secrets.server_application_traffic_secret_N, hash_len, - server_expected->x, server_expected->len); - TEST_MEMORY_COMPARE(secrets.exporter_master_secret, hash_len, - exporter_expected->x, exporter_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_derive_resumption_secrets(int hash_alg, - data_t *secret, - data_t *transcript, - data_t *resumption_expected) -{ - mbedtls_ssl_tls13_application_secrets secrets; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - secret->len == hash_len && - transcript->len == hash_len && - resumption_expected->len == hash_len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_derive_resumption_master_secret( - alg, secret->x, transcript->x, transcript->len, - &secrets), 0); - - TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len, - resumption_expected->x, resumption_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_create_psk_binder(int hash_alg, - data_t *psk, - int psk_type, - data_t *transcript, - data_t *binder_expected) -{ - unsigned char binder[MBEDTLS_MD_MAX_SIZE]; - - /* Double-check that we've passed sane parameters. */ - psa_algorithm_t alg = (psa_algorithm_t) hash_alg; - size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && - transcript->len == hash_len && - binder_expected->len == hash_len); - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_create_psk_binder( - NULL, /* SSL context for debugging only */ - alg, - psk->x, psk->len, - psk_type, - transcript->x, - binder), 0); - - TEST_MEMORY_COMPARE(binder, hash_len, - binder_expected->x, binder_expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_record_protection(int ciphersuite, - int endpoint, - int ctr, - int padding_used, - data_t *server_write_key, - data_t *server_write_iv, - data_t *client_write_key, - data_t *client_write_iv, - data_t *plaintext, - data_t *ciphertext) -{ - mbedtls_ssl_key_set keys; - mbedtls_ssl_transform transform_send; - mbedtls_ssl_transform_init(&transform_send); - mbedtls_ssl_transform transform_recv; - mbedtls_ssl_transform_init(&transform_recv); - mbedtls_record rec; - unsigned char *buf = NULL; - size_t buf_len; - int other_endpoint; - - TEST_ASSERT(endpoint == MBEDTLS_SSL_IS_CLIENT || - endpoint == MBEDTLS_SSL_IS_SERVER); - - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - other_endpoint = MBEDTLS_SSL_IS_CLIENT; - } - if (endpoint == MBEDTLS_SSL_IS_CLIENT) { - other_endpoint = MBEDTLS_SSL_IS_SERVER; - } - - TEST_EQUAL(server_write_key->len, client_write_key->len); - TEST_EQUAL(server_write_iv->len, client_write_iv->len); - - memcpy(keys.client_write_key, - client_write_key->x, client_write_key->len); - memcpy(keys.client_write_iv, - client_write_iv->x, client_write_iv->len); - memcpy(keys.server_write_key, - server_write_key->x, server_write_key->len); - memcpy(keys.server_write_iv, - server_write_iv->x, server_write_iv->len); - - keys.key_len = server_write_key->len; - keys.iv_len = server_write_iv->len; - - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_populate_transform( - &transform_send, endpoint, - ciphersuite, &keys, NULL), 0); - TEST_EQUAL(mbedtls_ssl_tls13_populate_transform( - &transform_recv, other_endpoint, - ciphersuite, &keys, NULL), 0); - - /* Make sure we have enough space in the buffer even if - * we use more padding than the KAT. */ - buf_len = ciphertext->len + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; - TEST_CALLOC(buf, buf_len); - rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - - /* TLS 1.3 uses the version identifier from TLS 1.2 on the wire. */ - mbedtls_ssl_write_version(rec.ver, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); - - /* Copy plaintext into record structure */ - rec.buf = buf; - rec.buf_len = buf_len; - rec.data_offset = 0; - TEST_ASSERT(plaintext->len <= ciphertext->len); - memcpy(rec.buf + rec.data_offset, plaintext->x, plaintext->len); - rec.data_len = plaintext->len; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - memset(&rec.ctr[0], 0, 8); - rec.ctr[7] = ctr; - - TEST_EQUAL(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec), 0); - - if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { - TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, - ciphertext->x, ciphertext->len); - } - - TEST_EQUAL(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec), 0); - TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, - plaintext->x, plaintext->len); - -exit: - mbedtls_free(buf); - mbedtls_ssl_transform_free(&transform_send); - mbedtls_ssl_transform_free(&transform_recv); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ -void ssl_tls13_key_evolution(int hash_alg, - data_t *secret, - data_t *input, - data_t *expected) -{ - unsigned char secret_new[MBEDTLS_MD_MAX_SIZE]; - - PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls13_evolve_secret( - (psa_algorithm_t) hash_alg, - secret->len ? secret->x : NULL, - input->len ? input->x : NULL, input->len, - secret_new), 0); - - TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, - expected->x, (size_t) expected->len); - -exit: - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */ -void ssl_tls_prf(int type, data_t *secret, data_t *random, - char *label, data_t *result_str, int exp_ret) -{ - unsigned char *output; - - output = mbedtls_calloc(1, result_str->len); - if (output == NULL) { - goto exit; - } - - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_tls_prf(type, secret->x, secret->len, - label, random->x, random->len, - output, result_str->len), exp_ret); - - if (exp_ret == 0) { - TEST_EQUAL(mbedtls_test_hexcmp(output, result_str->x, - result_str->len, result_str->len), 0); - } -exit: - - mbedtls_free(output); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_save_load(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session original, restored; - unsigned char *buf = NULL; - size_t len; - - /* - * Test that a save-load pair is the identity - */ - mbedtls_ssl_session_init(&original); - mbedtls_ssl_session_init(&restored); - USE_PSA_INIT(); - - /* Prepare a dummy session to work on */ - ((void) tls_version); - ((void) ticket_len); - ((void) crt_file); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( - &original, 0, endpoint_type), 0); - } -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( - &original, ticket_len, endpoint_type, crt_file), 0); - } -#endif - - /* Serialize it */ - TEST_EQUAL(mbedtls_ssl_session_save(&original, NULL, 0, &len), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_CALLOC(buf, len); - TEST_EQUAL(mbedtls_ssl_session_save(&original, buf, len, &len), - 0); - - /* Restore session from serialized data */ - TEST_EQUAL(mbedtls_ssl_session_load(&restored, buf, len), 0); - - /* - * Make sure both session structures are identical - */ -#if defined(MBEDTLS_HAVE_TIME) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_EQUAL(original.start, restored.start); - } -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) - TEST_EQUAL(original.ticket_creation_time, restored.ticket_creation_time); -#endif -#endif /* MBEDTLS_HAVE_TIME */ - - TEST_EQUAL(original.tls_version, restored.tls_version); - TEST_EQUAL(original.endpoint, restored.endpoint); - TEST_EQUAL(original.ciphersuite, restored.ciphersuite); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_EQUAL(original.id_len, restored.id_len); - TEST_EQUAL(memcmp(original.id, - restored.id, sizeof(original.id)), 0); - TEST_EQUAL(memcmp(original.master, - restored.master, sizeof(original.master)), 0); - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - TEST_ASSERT((original.peer_cert == NULL) == - (restored.peer_cert == NULL)); - if (original.peer_cert != NULL) { - TEST_EQUAL(original.peer_cert->raw.len, - restored.peer_cert->raw.len); - TEST_EQUAL(memcmp(original.peer_cert->raw.p, - restored.peer_cert->raw.p, - original.peer_cert->raw.len), 0); - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - TEST_EQUAL(original.peer_cert_digest_type, - restored.peer_cert_digest_type); - TEST_EQUAL(original.peer_cert_digest_len, - restored.peer_cert_digest_len); - TEST_ASSERT((original.peer_cert_digest == NULL) == - (restored.peer_cert_digest == NULL)); - if (original.peer_cert_digest != NULL) { - TEST_EQUAL(memcmp(original.peer_cert_digest, - restored.peer_cert_digest, - original.peer_cert_digest_len), 0); - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - TEST_EQUAL(original.verify_result, restored.verify_result); - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(original.mfl_code, restored.mfl_code); -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - TEST_EQUAL(original.encrypt_then_mac, restored.encrypt_then_mac); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - TEST_EQUAL(original.ticket_len, restored.ticket_len); - if (original.ticket_len != 0) { - TEST_ASSERT(original.ticket != NULL); - TEST_ASSERT(restored.ticket != NULL); - TEST_EQUAL(memcmp(original.ticket, - restored.ticket, original.ticket_len), 0); - } - TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime); -#endif - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - TEST_EQUAL(original.ticket_age_add, restored.ticket_age_add); - TEST_EQUAL(original.ticket_flags, restored.ticket_flags); - TEST_EQUAL(original.resumption_key_len, restored.resumption_key_len); - if (original.resumption_key_len != 0) { - TEST_ASSERT(original.resumption_key != NULL); - TEST_ASSERT(restored.resumption_key != NULL); - TEST_EQUAL(memcmp(original.resumption_key, - restored.resumption_key, - original.resumption_key_len), 0); - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) - TEST_ASSERT(original.ticket_alpn != NULL); - TEST_ASSERT(restored.ticket_alpn != NULL); - TEST_MEMORY_COMPARE(original.ticket_alpn, strlen(original.ticket_alpn), - restored.ticket_alpn, strlen(restored.ticket_alpn)); -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -#if defined(MBEDTLS_HAVE_TIME) - TEST_EQUAL(original.ticket_reception_time, restored.ticket_reception_time); -#endif - TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime); - TEST_EQUAL(original.ticket_len, restored.ticket_len); - if (original.ticket_len != 0) { - TEST_ASSERT(original.ticket != NULL); - TEST_ASSERT(restored.ticket != NULL); - TEST_EQUAL(memcmp(original.ticket, - restored.ticket, - original.ticket_len), 0); - } -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - TEST_ASSERT(original.hostname != NULL); - TEST_ASSERT(restored.hostname != NULL); - TEST_MEMORY_COMPARE(original.hostname, strlen(original.hostname), - restored.hostname, strlen(restored.hostname)); -#endif -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - TEST_EQUAL( - original.max_early_data_size, restored.max_early_data_size); -#endif - -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - TEST_EQUAL(original.record_size_limit, restored.record_size_limit); -#endif - -exit: - mbedtls_ssl_session_free(&original); - mbedtls_ssl_session_free(&restored); - mbedtls_free(buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_load_save(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session session; - unsigned char *buf1 = NULL, *buf2 = NULL; - size_t len0, len1, len2; - - /* - * Test that a load-save pair is the identity - */ - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - /* Prepare a dummy session to work on */ - ((void) ticket_len); - ((void) crt_file); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type), 0); - break; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file), 0); - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - /* Get desired buffer size for serializing */ - TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &len0), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - /* Allocate first buffer */ - buf1 = mbedtls_calloc(1, len0); - TEST_ASSERT(buf1 != NULL); - - /* Serialize to buffer and free live session */ - TEST_EQUAL(mbedtls_ssl_session_save(&session, buf1, len0, &len1), - 0); - TEST_EQUAL(len0, len1); - mbedtls_ssl_session_free(&session); - - /* Restore session from serialized data */ - TEST_EQUAL(mbedtls_ssl_session_load(&session, buf1, len1), 0); - - /* Allocate second buffer and serialize to it */ - buf2 = mbedtls_calloc(1, len0); - TEST_ASSERT(buf2 != NULL); - TEST_EQUAL(mbedtls_ssl_session_save(&session, buf2, len0, &len2), - 0); - - /* Make sure both serialized versions are identical */ - TEST_EQUAL(len1, len2); - TEST_EQUAL(memcmp(buf1, buf2, len1), 0); - -exit: - mbedtls_ssl_session_free(&session); - mbedtls_free(buf1); - mbedtls_free(buf2); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session session; - unsigned char *buf = NULL; - size_t good_len, bad_len, test_len; - - /* - * Test that session_save() fails cleanly on small buffers - */ - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - /* Prepare dummy session and get serialized size */ - ((void) ticket_len); - ((void) crt_file); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type), 0); - break; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file), 0); - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - /* Try all possible bad lengths */ - for (bad_len = 1; bad_len < good_len; bad_len++) { - /* Allocate exact size so that asan/valgrind can detect any overwrite */ - mbedtls_free(buf); - buf = NULL; - TEST_CALLOC(buf, bad_len); - TEST_EQUAL(mbedtls_ssl_session_save(&session, buf, bad_len, - &test_len), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_EQUAL(test_len, good_len); - } - -exit: - mbedtls_ssl_session_free(&session); - mbedtls_free(buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, - int endpoint_type, int tls_version) -{ - mbedtls_ssl_session session; - unsigned char *good_buf = NULL, *bad_buf = NULL; - size_t good_len, bad_len; - - /* - * Test that session_load() fails cleanly on small buffers - */ - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - /* Prepare serialized session data */ - ((void) ticket_len); - ((void) crt_file); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type), 0); - break; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file), 0); - break; -#endif - - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_CALLOC(good_buf, good_len); - TEST_EQUAL(mbedtls_ssl_session_save(&session, good_buf, good_len, - &good_len), 0); - mbedtls_ssl_session_free(&session); - - /* Try all possible bad lengths */ - for (bad_len = 0; bad_len < good_len; bad_len++) { - /* Allocate exact size so that asan/valgrind can detect any overread */ - mbedtls_free(bad_buf); - bad_buf = NULL; - TEST_CALLOC_NONNULL(bad_buf, bad_len); - memcpy(bad_buf, good_buf, bad_len); - - TEST_EQUAL(mbedtls_ssl_session_load(&session, bad_buf, bad_len), - MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - } - -exit: - mbedtls_ssl_session_free(&session); - mbedtls_free(good_buf); - mbedtls_free(bad_buf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_session_serialize_version_check(int corrupt_major, - int corrupt_minor, - int corrupt_patch, - int corrupt_config, - int endpoint_type, - int tls_version) -{ - unsigned char serialized_session[2048]; - size_t serialized_session_len; - unsigned cur_byte; - mbedtls_ssl_session session; - uint8_t should_corrupt_byte[] = { corrupt_major == 1, - corrupt_minor == 1, - corrupt_patch == 1, - corrupt_config == 1, - corrupt_config == 1 }; - - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type), 0); - break; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( - &session, 0, endpoint_type, NULL), 0); - - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - /* Infer length of serialized session. */ - TEST_EQUAL(mbedtls_ssl_session_save(&session, - serialized_session, - sizeof(serialized_session), - &serialized_session_len), 0); - - mbedtls_ssl_session_free(&session); - - /* Without any modification, we should be able to successfully - * de-serialize the session - double-check that. */ - TEST_EQUAL(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len), 0); - mbedtls_ssl_session_free(&session); - - /* Go through the bytes in the serialized session header and - * corrupt them bit-by-bit. */ - for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) { - int cur_bit; - unsigned char *const byte = &serialized_session[cur_byte]; - - if (should_corrupt_byte[cur_byte] == 0) { - continue; - } - - for (cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++) { - unsigned char const corrupted_bit = 0x1u << cur_bit; - /* Modify a single bit in the serialized session. */ - *byte ^= corrupted_bit; - - /* Attempt to deserialize */ - TEST_EQUAL(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len), - MBEDTLS_ERR_SSL_VERSION_MISMATCH); - - /* Undo the change */ - *byte ^= corrupted_bit; - } - } -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void ssl_session_id_accessors_check(int tls_version) -{ - mbedtls_ssl_session session; - int ciphersuite_id; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - mbedtls_ssl_session_init(&session); - USE_PSA_INIT(); - - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - case MBEDTLS_SSL_VERSION_TLS1_3: - ciphersuite_id = MBEDTLS_TLS1_3_AES_128_GCM_SHA256; - TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER), 0); - break; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - ciphersuite_id = MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256; - TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER, NULL), 0); - - break; -#endif - default: - /* should never happen */ - TEST_ASSERT(0); - break; - } - - /* We expect pointers to the same strings, not just strings with - * the same content. */ - TEST_ASSERT(*mbedtls_ssl_session_get_id(&session) == session.id); - TEST_EQUAL(mbedtls_ssl_session_get_id_len(&session), session.id_len); - /* mbedtls_test_ssl_tls1x_populate_session sets a mock suite-id of 0xabcd */ - TEST_EQUAL(mbedtls_ssl_session_get_ciphersuite_id(&session), 0xabcd); - - /* Test setting a reference id for tls1.3 and tls1.2 */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if (ciphersuite_info != NULL) { - TEST_EQUAL(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info), ciphersuite_id); - } - -exit: - mbedtls_ssl_session_free(&session); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ -void mbedtls_endpoint_sanity(int endpoint_type) -{ - enum { BUFFSIZE = 1024 }; - mbedtls_test_ssl_endpoint ep; - memset(&ep, 0, sizeof(ep)); - int ret = -1; - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - options.pk_alg = MBEDTLS_PK_RSA; - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options); - TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); - - ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, - 0, 0, 0); - TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); - - ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options); - TEST_EQUAL(ret, 0); - -exit: - mbedtls_test_ssl_endpoint_free(&ep); - mbedtls_test_free_handshake_options(&options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass) -{ - enum { BUFFSIZE = 1024 }; - mbedtls_test_ssl_endpoint base_ep, second_ep; - memset(&base_ep, 0, sizeof(base_ep)); - memset(&second_ep, 0, sizeof(second_ep)); - int ret = -1; - (void) tls_version; - - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.pk_alg = MBEDTLS_PK_RSA; - - /* - * If both TLS 1.2 and 1.3 are enabled and we want to do a TLS 1.2 - * handshake, force the TLS 1.2 version on endpoint under test. - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) { - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } else { - options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - } -#endif - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init( - &second_ep, - (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options); - - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), - &(second_ep.socket), - BUFFSIZE); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), - &(second_ep.ssl), - state); - if (need_pass) { - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_EQUAL(base_ep.ssl.state, state); - } else { - TEST_ASSERT(ret != 0 && - ret != MBEDTLS_ERR_SSL_WANT_READ && - ret != MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(base_ep.ssl.state != state); - } - -exit: - mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&base_ep); - mbedtls_test_ssl_endpoint_free(&second_ep); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void handshake_version(int dtls, int client_min_version, int client_max_version, - int server_min_version, int server_max_version, - int expected_negotiated_version) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.client_min_version = client_min_version; - options.client_max_version = client_max_version; - options.server_min_version = server_min_version; - options.server_max_version = server_max_version; - options.expected_negotiated_version = expected_negotiated_version; - - options.dtls = dtls; - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ -void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.cipher = cipher; - options.dtls = dtls; - options.psk_str = psk_str; - options.pk_alg = pk_alg; - - options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ -void handshake_cipher(char *cipher, int pk_alg, int dtls) -{ - test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ -void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, - int psa_alg, int psa_alg2, int psa_usage, - int expected_handshake_result, - int expected_ciphersuite) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.cipher = cipher; - options.psk_str = psk_str; - options.pk_alg = pk_alg; - options.opaque_alg = psa_alg; - options.opaque_alg2 = psa_alg2; - options.opaque_usage = psa_usage; - options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - options.expected_handshake_result = expected_handshake_result; - options.expected_ciphersuite = expected_ciphersuite; - - options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void app_data(int mfl, int cli_msg_len, int srv_msg_len, - int expected_cli_fragments, - int expected_srv_fragments, int dtls) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.mfl = mfl; - options.cli_msg_len = cli_msg_len; - options.srv_msg_len = srv_msg_len; - options.expected_cli_fragments = expected_cli_fragments; - options.expected_srv_fragments = expected_srv_fragments; - options.dtls = dtls; - - options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, - int expected_cli_fragments, - int expected_srv_fragments) -{ - test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, - expected_srv_fragments, 0); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, - int expected_cli_fragments, - int expected_srv_fragments) -{ - test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments, - expected_srv_fragments, 1); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:TEST_GCM_OR_CHACHAPOLY_ENABLED */ -void handshake_serialization() -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.serialize = 1; - options.dtls = 1; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - mbedtls_test_ssl_perform_handshake(&options); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -void handshake_fragmentation(int mfl, - int expected_srv_hs_fragmentation, - int expected_cli_hs_fragmentation) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; - - srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake"; - srv_pattern.counter = 0; - cli_pattern.counter = 0; - - mbedtls_test_init_handshake_options(&options); - options.dtls = 1; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.mfl = mfl; - /* Set cipher to one using CBC so that record splitting can be tested */ - options.cipher = "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"; - options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; - options.srv_log_obj = &srv_pattern; - options.cli_log_obj = &cli_pattern; - options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - options.cli_log_fun = mbedtls_test_ssl_log_analyzer; - - mbedtls_test_ssl_perform_handshake(&options); - - /* Test if the server received a fragmented handshake */ - if (expected_srv_hs_fragmentation) { - TEST_ASSERT(srv_pattern.counter >= 1); - } - /* Test if the client received a fragmented handshake */ - if (expected_cli_hs_fragmentation) { - TEST_ASSERT(cli_pattern.counter >= 1); - } - -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* This test case doesn't actually depend on certificates, - * but our helper code for mbedtls_test_ssl_endpoint does. - * Also, it needs specific hashes, algs and curves for the - * hardcoded test certificates. In principle both RSA and ECDSA - * can be used, but we hardcode ECDSA in order to avoid having - * to express dependencies like "RSA or ECDSA with those curves". */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ -void recombine_server_first_flight(int version, - int instruction, int param, - char *client_log, char *server_log, - int goal_state, int expected_ret) -{ - /* Make sure we have a buffer that's large enough for the longest - * data that the library might ever send, plus a bit extra so that - * we can inject more content. The library won't ever send more than - * 2^14 bytes of handshake messages, so we round that up. In practice - * we could surely get away with a much smaller buffer. The main - * variable part is the server certificate. */ - enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client; - memset(&client, 0, sizeof(client)); - mbedtls_test_ssl_endpoint server; - memset(&server, 0, sizeof(server)); - mbedtls_test_handshake_test_options client_options; - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_handshake_test_options server_options; - mbedtls_test_init_handshake_options(&server_options); -#if defined(MBEDTLS_DEBUG_C) - mbedtls_test_ssl_log_pattern cli_pattern = { .pattern = client_log }; - mbedtls_test_ssl_log_pattern srv_pattern = { .pattern = server_log }; -#else - (void) client_log; - (void) server_log; -#endif - int ret = 0; - - MD_OR_USE_PSA_INIT(); -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(3); -#endif - - // Does't really matter but we want to know to declare dependencies. - client_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - - client_options.client_min_version = version; - client_options.client_max_version = version; -#if defined(MBEDTLS_DEBUG_C) - client_options.cli_log_obj = &cli_pattern; - client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer; -#endif - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &client_options), 0); - - server_options.server_min_version = version; - server_options.server_max_version = version; -#if defined(MBEDTLS_DEBUG_C) - server_options.srv_log_obj = &srv_pattern; - server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; -#endif - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &server_options), 0); - - TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket, - &server.socket, - BUFFSIZE), 0); - - /* Client: emit the first flight from the client */ - while (ret == 0) { - mbedtls_test_set_step(client.ssl.state); - ret = mbedtls_ssl_handshake_step(&client.ssl); - } - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - ret = 0; - TEST_EQUAL(client.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - - /* Server: parse the first flight from the client - * and emit the first flight from the server */ - while (ret == 0) { - mbedtls_test_set_step(1000 + server.ssl.state); - ret = mbedtls_ssl_handshake_step(&server.ssl); - } - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - ret = 0; - TEST_EQUAL(server.ssl.state, MBEDTLS_SSL_SERVER_HELLO_DONE + 1); - - /* Recombine the first flight from the server */ - TEST_ASSERT(recombine_records(&server, instruction, param)); - - /* Client: parse the first flight from the server - * and emit the second flight from the client */ - while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) { - mbedtls_test_set_step(client.ssl.state); - ret = mbedtls_ssl_handshake_step(&client.ssl); - if (client.ssl.state == goal_state && ret != 0) { - TEST_EQUAL(ret, expected_ret); - goto goal_reached; - } - } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - /* A default TLS 1.3 handshake has only 1 flight from the server, - * while the default (non-resumption) 1.2 handshake has two. */ - if (version >= MBEDTLS_SSL_VERSION_TLS1_3 && - goal_state >= MBEDTLS_SSL_HANDSHAKE_OVER) { - TEST_EQUAL(ret, 0); - } else -#endif - { - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - } - ret = 0; - - /* Server: parse the first flight from the client - * and emit the second flight from the server */ - if (instruction == RECOMBINE_TRUNCATE_FIRST) { - /* Close without a notification. The case of closing with a - * notification is tested via RECOMBINE_INSERT_RECORD to insert - * an alert record (which we reject, making the client SSL - * context become invalid). */ - mbedtls_test_mock_socket_close(&server.socket); - goto goal_reached; - } - while (ret == 0 && !mbedtls_ssl_is_handshake_over(&server.ssl)) { - mbedtls_test_set_step(1000 + server.ssl.state); - ret = mbedtls_ssl_handshake_step(&server.ssl); - } - TEST_EQUAL(ret, 0); - - /* Client: parse the second flight from the server */ - while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) { - mbedtls_test_set_step(client.ssl.state); - ret = mbedtls_ssl_handshake_step(&client.ssl); - } - if (client.ssl.state == goal_state) { - TEST_EQUAL(ret, expected_ret); - } else { - TEST_EQUAL(ret, 0); - } - -goal_reached: -#if defined(MBEDTLS_DEBUG_C) - TEST_ASSERT(cli_pattern.counter >= 1); - TEST_ASSERT(srv_pattern.counter >= 1); -#endif - -exit: - mbedtls_test_ssl_endpoint_free(&client); - mbedtls_test_ssl_endpoint_free(&server); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - MD_OR_USE_PSA_DONE(); -#if defined(MBEDTLS_DEBUG_C) - mbedtls_debug_set_threshold(0); -#endif -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ -void renegotiation(int legacy_renegotiation) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.renegotiate = 1; - options.legacy_renegotiation = legacy_renegotiation; - options.dtls = 1; - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ -void resize_buffers_serialize_mfl(int mfl) -{ - /* Choose an AEAD ciphersuite */ - const int *ciphersuites = mbedtls_ssl_list_ciphersuites(); - const mbedtls_ssl_ciphersuite_t *ciphersuite = NULL; - int i = 0; - while (ciphersuites[i] != 0) { - ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuites[i]); - - if (ciphersuite->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - const mbedtls_ssl_mode_t mode = -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) - mbedtls_ssl_get_mode_from_ciphersuite(0, ciphersuite); -#else - mbedtls_ssl_get_mode_from_ciphersuite(ciphersuite); -#endif - if (mode == MBEDTLS_SSL_MODE_AEAD) { - break; - } - } - - i++; - } - - TEST_ASSERT(ciphersuite != NULL); - - resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, - (char *) ciphersuite->name); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, - char *cipher) -{ - resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -void test_multiple_psks() -{ - unsigned char psk0[10] = { 0 }; - unsigned char psk0_identity[] = { 'f', 'o', 'o' }; - - unsigned char psk1[10] = { 0 }; - unsigned char psk1_identity[] = { 'b', 'a', 'r' }; - - mbedtls_ssl_config conf; - - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, - psk0, sizeof(psk0), - psk0_identity, sizeof(psk0_identity)), 0); - TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, - psk1, sizeof(psk1), - psk1_identity, sizeof(psk1_identity)), - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - -exit: - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -void test_multiple_psks_opaque(int mode) -{ - /* - * Mode 0: Raw PSK, then opaque PSK - * Mode 1: Opaque PSK, then raw PSK - * Mode 2: 2x opaque PSK - */ - - unsigned char psk0_raw[10] = { 0 }; - unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' }; - - mbedtls_svc_key_id_t psk0_opaque = mbedtls_svc_key_id_make(0x1, (psa_key_id_t) 1); - - unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' }; - - unsigned char psk1_raw[10] = { 0 }; - unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' }; - - mbedtls_svc_key_id_t psk1_opaque = mbedtls_svc_key_id_make(0x1, (psa_key_id_t) 2); - - unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' }; - - mbedtls_ssl_config conf; - - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - switch (mode) { - case 0: - - TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, - psk0_raw, sizeof(psk0_raw), - psk0_raw_identity, sizeof(psk0_raw_identity)), - 0); - TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)), - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - break; - - case 1: - - TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)), - 0); - TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, - psk1_raw, sizeof(psk1_raw), - psk1_raw_identity, sizeof(psk1_raw_identity)), - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - - break; - - case 2: - - TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)), - 0); - TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)), - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); - - break; - - default: - TEST_ASSERT(0); - break; - } - -exit: - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); - -} -/* END_CASE */ - -/* BEGIN_CASE */ -void conf_version(int endpoint, int transport, - int min_tls_version, int max_tls_version, - int expected_ssl_setup_result) -{ - mbedtls_ssl_config conf; - mbedtls_ssl_context ssl; - - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - mbedtls_ssl_conf_endpoint(&conf, endpoint); - mbedtls_ssl_conf_transport(&conf, transport); - mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); - mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), expected_ssl_setup_result); - TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( - mbedtls_ssl_context_get_config(&ssl)), endpoint); - - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - -exit: - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void conf_group() -{ - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - - mbedtls_ssl_config conf; - mbedtls_ssl_config_init(&conf); - - mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - - mbedtls_ssl_conf_groups(&conf, iana_tls_group_list); - - mbedtls_ssl_context ssl; - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); - - TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL); - - TEST_EQUAL(ssl.conf-> - group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], - MBEDTLS_SSL_IANA_TLS_GROUP_NONE); - - for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { - TEST_EQUAL(iana_tls_group_list[i], ssl.conf->group_list[i]); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ -void force_bad_session_id_len() -{ - enum { BUFFSIZE = 1024 }; - mbedtls_test_handshake_test_options options; - mbedtls_test_ssl_endpoint client, server; - memset(&client, 0, sizeof(client)); - memset(&server, 0, sizeof(server)); - mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; - mbedtls_test_message_socket_context server_context, client_context; - - srv_pattern.pattern = cli_pattern.pattern = "cache did not store session"; - srv_pattern.counter = 0; - mbedtls_test_init_handshake_options(&options); - - options.srv_log_obj = &srv_pattern; - options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options), 0); - - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options), 0); - - mbedtls_debug_set_threshold(1); - mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, - options.srv_log_obj); - - TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE), 0); - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP), - 0); - /* Force a bad session_id_len that will be read by the server in - * mbedtls_ssl_cache_set. */ - server.ssl.session_negotiate->id_len = 33; - if (options.cli_msg_len != 0 || options.srv_msg_len != 0) { - /* Start data exchanging test */ - TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client.ssl), options.cli_msg_len, - options.expected_cli_fragments, - &(server.ssl), options.srv_msg_len, - options.expected_srv_fragments), - 0); - } - - /* Make sure that the cache did not store the session */ - TEST_EQUAL(srv_pattern.counter, 1); -exit: - mbedtls_test_ssl_endpoint_free(&client); - mbedtls_test_ssl_endpoint_free(&server); - mbedtls_test_free_handshake_options(&options); - mbedtls_debug_set_threshold(0); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE:MBEDTLS_TEST_HOOKS */ -void cookie_parsing(data_t *cookie, int exp_ret) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - size_t len; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); - TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, - ssl.cli_id_len, - cookie->x, cookie->len, - ssl.out_buf, - MBEDTLS_SSL_OUT_CONTENT_LEN, - &len), - exp_ret); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */ -void timing_final_delay_accessor() -{ - mbedtls_timing_delay_context delay_context; - - USE_PSA_INIT(); - mbedtls_timing_set_delay(&delay_context, 50, 100); - - TEST_EQUAL(mbedtls_timing_get_final_delay(&delay_context), 100); - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID */ -void cid_sanity() -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - - unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - unsigned char test_cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; - int cid_enabled; - size_t own_cid_len; - - mbedtls_test_rnd_std_rand(NULL, own_cid, sizeof(own_cid)); - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); - - /* Can't use CID functions with stream transport. */ - TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)), - MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len), - MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - - /* Attempt to set config cid size too big. */ - TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE), - MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid), - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE), - 0); - - /* Attempt to set CID length not matching config. */ - TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - MBEDTLS_SSL_CID_IN_LEN_MAX - 1), - MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)), - 0); - - /* Test we get back what we put in. */ - TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len), - 0); - - TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED); - TEST_MEMORY_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len); - - /* Test disabling works. */ - TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, - 0), - 0); - - TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len), - 0); - - TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_DISABLED); - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ -void raw_key_agreement_fail(int bad_server_ecdhe_key) -{ - enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; - memset(&client, 0, sizeof(client)); - memset(&server, 0, sizeof(server)); - mbedtls_psa_stats_t stats; - size_t free_slots_before = -1; - mbedtls_test_handshake_test_options client_options, server_options; - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - MD_OR_USE_PSA_INIT(); - - /* Client side, force SECP256R1 to make one key bitflip fail - * the raw key agreement. Flipping the first byte makes the - * required 0x04 identifier invalid. */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.group_list = iana_tls_group_list; - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &client_options), 0); - - /* Server side */ - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &server_options), 0); - - TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE), 0); - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), - MBEDTLS_SSL_CLIENT_KEY_EXCHANGE), 0); - - mbedtls_psa_get_stats(&stats); - /* Save the number of slots in use up to this point. - * With PSA, one can be used for the ECDH private key. */ - free_slots_before = stats.empty_slots; - - if (bad_server_ecdhe_key) { - /* Force a simulated bitflip in the server key. to make the - * raw key agreement in ssl_write_client_key_exchange fail. */ - (client.ssl).handshake->xxdh_psa_peerkey[0] ^= 0x02; - } - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), - bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0); - - mbedtls_psa_get_stats(&stats); - - /* Make sure that the key slot is already destroyed in case of failure, - * without waiting to close the connection. */ - if (bad_server_ecdhe_key) { - TEST_EQUAL(free_slots_before, stats.empty_slots); - } - -exit: - mbedtls_test_ssl_endpoint_free(&client); - mbedtls_test_ssl_endpoint_free(&server); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384 */ -void tls13_server_certificate_msg_invalid_vector_len() -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - unsigned char *buf, *end; - size_t buf_len; - int step = 0; - int expected_result; - mbedtls_ssl_chk_buf_ptr_args expected_chk_buf_ptr_args; - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - - /* - * Test set-up - */ - - mbedtls_test_init_handshake_options(&client_options); - MD_OR_USE_PSA_INIT(); - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options); - TEST_EQUAL(ret, 0); - - mbedtls_test_init_handshake_options(&server_options); - server_options.pk_alg = MBEDTLS_PK_ECDSA; - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - while (1) { - mbedtls_test_set_step(++step); - - ret = mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_CERTIFICATE_VERIFY); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_flush_output(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_CERTIFICATE); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_tls13_fetch_handshake_msg(&(client_ep.ssl), - MBEDTLS_SSL_HS_CERTIFICATE, - &buf, &buf_len); - TEST_EQUAL(ret, 0); - - end = buf + buf_len; - - /* - * Tweak server Certificate message and parse it. - */ - - ret = mbedtls_test_tweak_tls13_certificate_msg_vector_len( - buf, &end, step, &expected_result, &expected_chk_buf_ptr_args); - - if (ret != 0) { - break; - } - - ret = mbedtls_ssl_tls13_parse_certificate(&(client_ep.ssl), buf, end); - TEST_EQUAL(ret, expected_result); - - TEST_EQUAL(mbedtls_ssl_cmp_chk_buf_ptr_fail_args( - &expected_chk_buf_ptr_args), 0); - - mbedtls_ssl_reset_chk_buf_ptr_fail_args(); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - } - -exit: - mbedtls_ssl_reset_chk_buf_ptr_fail_args(); - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -void ssl_ecjpake_set_password(int use_opaque_arg) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_svc_key_id_t pwd_slot = MBEDTLS_SVC_KEY_ID_INIT; - unsigned char pwd_string[sizeof(ECJPAKE_TEST_PWD)] = ""; - size_t pwd_len = 0; - int ret; - - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - /* test with uninitalized SSL context */ - ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - mbedtls_ssl_config_init(&conf); - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), 0); - - TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); - - /* test with empty password or unitialized password key (depending on use_opaque_arg) */ - ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - - pwd_len = strlen(ECJPAKE_TEST_PWD); - memcpy(pwd_string, ECJPAKE_TEST_PWD, pwd_len); - - if (use_opaque_arg) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - - /* First try with an invalid usage */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); - - PSA_ASSERT(psa_import_key(&attributes, pwd_string, - pwd_len, &pwd_slot)); - - ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); - - /* check that the opaque key is still valid after failure */ - TEST_EQUAL(psa_get_key_attributes(pwd_slot, &check_attributes), - PSA_SUCCESS); - - psa_destroy_key(pwd_slot); - - /* Then set the correct usage */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - - PSA_ASSERT(psa_import_key(&attributes, pwd_string, - pwd_len, &pwd_slot)); - } - - /* final check which should work without errors */ - ECJPAKE_TEST_SET_PASSWORD(0); - - if (use_opaque_arg) { - psa_destroy_key(pwd_slot); - } - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void elliptic_curve_get_properties() -{ - psa_key_type_t psa_type = PSA_KEY_TYPE_NONE; - size_t psa_bits; - - MD_OR_USE_PSA_INIT(); - -#if defined(PSA_WANT_ECC_SECP_R1_521) - TEST_AVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); -#else - TEST_UNAVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - TEST_AVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512); -#else - TEST_UNAVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512); -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - TEST_AVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); -#else - TEST_UNAVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - TEST_AVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384); -#else - TEST_UNAVAILABLE_ECC(27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384); -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - TEST_AVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256); -#else - TEST_UNAVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256); -#endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - TEST_AVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); -#else - TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - TEST_AVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); -#else - TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); -#else - TEST_UNAVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - TEST_AVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448); -#else - TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448); -#endif - goto exit; -exit: - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_resume_session_with_ticket() -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Handshake with ticket. - * - * Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not - * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks - * below. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0); - - TEST_EQUAL(server_ep.ssl.handshake->resume, 1); - TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1); - TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - PSA_DONE(); -} -/* END_CASE */ - -/* - * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_read_early_data() below is - * a temporary workaround to not run the test in Windows-2013 where there is - * an issue with mbedtls_vsnprintf(). - */ -/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_read_early_data(int scenario) -{ - int ret = -1; - unsigned char buf[64]; - const char *early_data = "This is early data."; - size_t early_data_len = strlen(early_data); - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 }; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.group_list = group_list; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.group_list = group_list; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - -#if defined(MBEDTLS_SSL_ALPN) - switch (scenario) { - case TEST_EARLY_DATA_SAME_ALPN: - case TEST_EARLY_DATA_DIFF_ALPN: - case TEST_EARLY_DATA_NO_LATER_ALPN: - client_options.alpn_list[0] = "ALPNExample"; - client_options.alpn_list[1] = NULL; - server_options.alpn_list[0] = "ALPNExample"; - server_options.alpn_list[1] = NULL; - break; - } -#endif - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: deprotect and discard app data records."; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_HRR: - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: Ignore application message before 2nd ClientHello"; - server_options.group_list = group_list + 1; - break; -#if defined(MBEDTLS_SSL_ALPN) - case TEST_EARLY_DATA_SAME_ALPN: - client_options.alpn_list[0] = "ALPNExample"; - client_options.alpn_list[1] = NULL; - server_options.alpn_list[0] = "ALPNExample"; - server_options.alpn_list[1] = NULL; - break; - case TEST_EARLY_DATA_DIFF_ALPN: - case TEST_EARLY_DATA_NO_INITIAL_ALPN: - client_options.alpn_list[0] = "ALPNExample2"; - client_options.alpn_list[1] = NULL; - server_options.alpn_list[0] = "ALPNExample2"; - server_options.alpn_list[1] = NULL; - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: rejected, the selected ALPN is different " - "from the one associated with the pre-shared key."; - break; - case TEST_EARLY_DATA_NO_LATER_ALPN: - client_options.alpn_list[0] = NULL; - server_options.alpn_list[0] = NULL; - mbedtls_debug_set_threshold(3); - server_pattern.pattern = - "EarlyData: rejected, the selected ALPN is different " - "from the one associated with the pre-shared key."; - break; -#endif - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options); - TEST_EQUAL(ret, 0); - - server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - server_options.srv_log_obj = &server_pattern; - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Handshake with ticket and send early data. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO), 0); - - ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), - (unsigned char *) early_data, - early_data_len); - - if (client_ep.ssl.early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT) { - TEST_EQUAL(ret, early_data_len); - } else { - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - } - - ret = mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_WRAPUP); - - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: -#if defined(MBEDTLS_SSL_ALPN) - case TEST_EARLY_DATA_SAME_ALPN: -#endif - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1); - TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl), - buf, sizeof(buf)), early_data_len); - TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(ret, 0); - TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: -#if defined(MBEDTLS_SSL_ALPN) - case TEST_EARLY_DATA_DIFF_ALPN: - case TEST_EARLY_DATA_NO_INITIAL_ALPN: - case TEST_EARLY_DATA_NO_LATER_ALPN: -#endif - TEST_EQUAL(ret, 0); - TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); - TEST_EQUAL(server_pattern.counter, 1); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - mbedtls_debug_set_threshold(0); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_cli_early_data_state(int scenario) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - if (scenario == TEST_EARLY_DATA_HRR) { - client_options.group_list = group_list; - server_options.group_list = group_list; - } - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_HRR: - server_options.group_list = group_list + 1; - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Go through the handshake sequence, state by state, checking the early - * data status each time. - */ - do { - int state = client_ep.ssl.state; - - /* Progress the handshake from at least one state */ - while (client_ep.ssl.state == state) { - ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - if (client_ep.ssl.state != state) { - break; - } - ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - } - - if (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { - TEST_EQUAL(mbedtls_ssl_get_early_data_status(&(client_ep.ssl)), - MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - } - - switch (client_ep.ssl.state) { - case MBEDTLS_SSL_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_NO_INDICATION_SENT: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_IDLE); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_IDLE); - } else { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - memcpy(client_random, - client_ep.ssl.handshake->randbytes, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - } else { - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - TEST_MEMORY_COMPARE(client_random, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN, - client_ep.ssl.handshake->randbytes, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_ACCEPTED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_END_OF_EARLY_DATA: - TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_CLIENT_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_IND_SENT); - break; - - default: - TEST_FAIL("Unexpected or unknown scenario."); - } - break; - - case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR); - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unexpected or unknown scenario."); - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_OVER: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_SERVER_FINISHED_RECEIVED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - default: - TEST_FAIL("Unexpected state."); - } - } while (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER); - - ret = mbedtls_ssl_get_early_data_status(&(client_ep.ssl)); - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_ssl_get_early_data_status(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - TEST_EQUAL(client_ep.ssl.handshake->ccs_sent, 1); -#endif - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_write_early_data(int scenario) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - int beyond_first_hello = 0; - - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - - /* - * Run first handshake to get a ticket from the server. - */ - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - if (scenario == TEST_EARLY_DATA_HRR) { - client_options.group_list = group_list; - server_options.group_list = group_list; - } - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_NO_INDICATION_SENT: - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - break; - - case TEST_EARLY_DATA_HRR: - /* - * Remove server support for the group negotiated in - * mbedtls_test_get_tls13_ticket() forcing a HelloRetryRequest. - */ - server_options.group_list = group_list + 1; - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Run handshakes going one state further in the handshake sequence at each - * loop up to the point where we reach the MBEDTLS_SSL_HANDSHAKE_OVER - * state. For each reached handshake state, check the result of the call - * to mbedtls_ssl_write_early_data(), make sure we can complete the - * handshake successfully and then reset the connection to restart the - * handshake from scratch. - */ - do { - int client_state = client_ep.ssl.state; - int previous_client_state; - const char *early_data_string = "This is early data."; - const unsigned char *early_data = (const unsigned char *) early_data_string; - size_t early_data_len = strlen(early_data_string); - int write_early_data_ret, read_early_data_ret; - unsigned char read_buf[64]; - - write_early_data_ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), - early_data, - early_data_len); - - if (scenario == TEST_EARLY_DATA_NO_INDICATION_SENT) { - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, client_state); - goto complete_handshake; - } - - switch (client_state) { - case MBEDTLS_SSL_HELLO_REQUEST: /* Intentional fallthrough */ - case MBEDTLS_SSL_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - } else { - beyond_first_hello = 1; - TEST_EQUAL(write_early_data_ret, - MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - break; - - case TEST_EARLY_DATA_HRR: - if (!client_ep.ssl.handshake->hello_retry_request_flag) { - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - } else { - TEST_EQUAL(write_early_data_ret, - MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - } - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - break; - - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); - break; - - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_END_OF_EARLY_DATA: - TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_END_OF_EARLY_DATA); - break; - -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, early_data_len); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); - break; - default: - TEST_FAIL("Unknown scenario."); - } - break; - - case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR); - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO); - break; - - case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - switch (scenario) { - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, - MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, - MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED); - break; - default: - TEST_FAIL("Unexpected or unknown scenario."); - } - break; -#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ - - case MBEDTLS_SSL_CLIENT_CERTIFICATE: /* Intentional fallthrough */ - case MBEDTLS_SSL_CLIENT_FINISHED: /* Intentional fallthrough */ - case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ - case MBEDTLS_SSL_HANDSHAKE_OVER: - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.state, client_state); - break; - default: - TEST_FAIL("Unknown scenario."); - } - break; - - default: - TEST_FAIL("Unexpected state."); - } - -complete_handshake: - do { - ret = mbedtls_test_move_handshake_to_state( - &(server_ep.ssl), &(client_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER); - - if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { - read_early_data_ret = mbedtls_ssl_read_early_data( - &(server_ep.ssl), read_buf, sizeof(read_buf)); - - TEST_EQUAL(read_early_data_ret, early_data_len); - } - } while (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - - TEST_EQUAL(ret, 0); - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER), 0); - - mbedtls_test_mock_socket_close(&(client_ep.socket)); - mbedtls_test_mock_socket_close(&(server_ep.socket)); - - ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - previous_client_state = client_state; - if (previous_client_state == MBEDTLS_SSL_HANDSHAKE_OVER) { - break; - } - - /* In case of HRR scenario, once we have been through it, move over - * the first ClientHello and ServerHello otherwise we just keep playing - * this first part of the handshake with HRR. - */ - if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) { - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO), 0); - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_CLIENT_HELLO), 0); - } - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - previous_client_state), 0); - - /* Progress the handshake from at least one state */ - while (client_ep.ssl.state == previous_client_state) { - ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - if (client_ep.ssl.state != previous_client_state) { - break; - } - ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); - TEST_ASSERT((ret == 0) || - (ret == MBEDTLS_ERR_SSL_WANT_READ) || - (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); - } - } while (1); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_cli_max_early_data_size(int max_early_data_size_arg) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - unsigned char *buf = NULL; - uint32_t buf_size = 64; - uint32_t max_early_data_size; - uint32_t written_early_data_size = 0; - uint32_t read_early_data_size = 0; - - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - - PSA_INIT(); - TEST_CALLOC(buf, buf_size); - - /* - * Run first handshake to get a ticket from the server. - */ - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.max_early_data_size = max_early_data_size_arg; - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - max_early_data_size = saved_session.max_early_data_size; - /* - * (max_early_data_size + 1024) for the size of the socket buffers for the - * server one to be able to contain the maximum number of early data bytes - * plus the first flight of client messages. Needed because we cannot - * initiate the handshake on server side before doing all the calls to - * mbedtls_ssl_write_early_data() we want to test. See below for more - * information. - */ - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), - max_early_data_size + 1024); - TEST_EQUAL(ret, 0); - - /* If our server is configured with max_early_data_size equal to zero, it - * does not set the MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA flag for - * the tickets it creates. To be able to test early data with a ticket - * allowing early data in its flags but with max_early_data_size equal to - * zero (case supported by our client) tweak the ticket flags here. - */ - if (max_early_data_size == 0) { - saved_session.ticket_flags |= MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA; - } - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - while (written_early_data_size < max_early_data_size) { - uint32_t remaining = max_early_data_size - written_early_data_size; - - for (size_t i = 0; i < buf_size; i++) { - buf[i] = (unsigned char) (written_early_data_size + i); - } - - ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), - buf, - buf_size); - - if (buf_size <= remaining) { - TEST_EQUAL(ret, buf_size); - } else { - TEST_EQUAL(ret, remaining); - } - written_early_data_size += buf_size; - } - TEST_EQUAL(client_ep.ssl.total_early_data_size, max_early_data_size); - - ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), buf, 1); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); - TEST_EQUAL(client_ep.ssl.total_early_data_size, max_early_data_size); - TEST_EQUAL(client_ep.ssl.early_data_state, - MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE); - - /* - * Now, check data on server side. It is not done in the previous loop as - * in the first call to mbedtls_ssl_handshake(), the server ends up sending - * its Finished message and then in the following call to - * mbedtls_ssl_write_early_data() we go past the early data writing window - * and we cannot test multiple calls to the API is this writing window. - */ - while (read_early_data_size < max_early_data_size) { - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - - ret = mbedtls_ssl_read_early_data(&(server_ep.ssl), - buf, - buf_size); - TEST_ASSERT(ret > 0); - - for (size_t i = 0; i < (size_t) ret; i++) { - TEST_EQUAL(buf[i], (unsigned char) (read_early_data_size + i)); - } - - read_early_data_size += ret; - } - TEST_EQUAL(read_early_data_size, max_early_data_size); - - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), - 0); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - mbedtls_free(buf); - PSA_DONE(); -} -/* END_CASE */ - -/* - * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_early_data() below is - * a temporary workaround to not run the test in Windows-2013 where there is - * an issue with mbedtls_vsnprintf(). - */ -/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ -void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, int write_size_arg) -{ - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options client_options; - mbedtls_test_handshake_test_options server_options; - mbedtls_ssl_session saved_session; - mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 }; - uint16_t group_list[3] = { - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE - }; - char pattern[128]; - unsigned char *buf_write = NULL; - uint32_t write_size = (uint32_t) write_size_arg; - unsigned char *buf_read = NULL; - uint32_t read_size; - uint32_t expanded_early_data_chunk_size = 0; - uint32_t written_early_data_size = 0; - uint32_t max_early_data_size; - - mbedtls_test_init_handshake_options(&client_options); - mbedtls_test_init_handshake_options(&server_options); - mbedtls_ssl_session_init(&saved_session); - PSA_INIT(); - - TEST_CALLOC(buf_write, write_size); - - /* - * Allocate a smaller buffer for early data reading to exercise the reading - * of data in one record in multiple calls. - */ - read_size = (write_size / 2) + 1; - TEST_CALLOC(buf_read, read_size); - - /* - * Run first handshake to get a ticket from the server. - */ - - client_options.pk_alg = MBEDTLS_PK_ECDSA; - client_options.group_list = group_list; - client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.pk_alg = MBEDTLS_PK_ECDSA; - server_options.group_list = group_list; - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; - server_options.max_early_data_size = max_early_data_size_arg; - - ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, - &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Prepare for handshake with the ticket. - */ - server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - server_options.srv_log_obj = &server_pattern; - server_pattern.pattern = pattern; - - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: - server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; - ret = mbedtls_snprintf(pattern, sizeof(pattern), - "EarlyData: deprotect and discard app data records."); - TEST_ASSERT(ret < (int) sizeof(pattern)); - mbedtls_debug_set_threshold(3); - break; - - case TEST_EARLY_DATA_HRR: - /* - * Remove server support for the group negotiated in - * mbedtls_test_get_tls13_ticket() forcing an HelloRetryRequest. - */ - server_options.group_list = group_list + 1; - ret = mbedtls_snprintf( - pattern, sizeof(pattern), - "EarlyData: Ignore application message before 2nd ClientHello"); - TEST_ASSERT(ret < (int) sizeof(pattern)); - mbedtls_debug_set_threshold(3); - break; - - default: - TEST_FAIL("Unknown scenario."); - } - - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options); - TEST_EQUAL(ret, 0); - - mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, - mbedtls_test_ticket_write, - mbedtls_test_ticket_parse, - NULL); - - ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), - &(server_ep.socket), 1024); - TEST_EQUAL(ret, 0); - - max_early_data_size = saved_session.max_early_data_size; - - ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); - TEST_EQUAL(ret, 0); - - /* - * Start an handshake based on the ticket up to the point where early data - * can be sent from client side. Then send in a loop as much early data as - * possible without going over the maximum permitted size for the ticket. - * Finally, do a last writting to go past that maximum permitted size and - * check that we detect it. - */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO), 0); - - TEST_ASSERT(client_ep.ssl.early_data_state != - MBEDTLS_SSL_EARLY_DATA_STATE_NO_IND_SENT); - - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - - /* - * Write and if possible read as much as possible chunks of write_size - * bytes data without getting over the max_early_data_size limit. - */ - do { - uint32_t read_early_data_size = 0; - - /* - * The contents of the early data are not very important, write a - * pattern that varies byte-by-byte and is different for every chunk of - * early data. - */ - if ((written_early_data_size + write_size) > max_early_data_size) { - break; - } - - /* - * If the server rejected early data, base the determination of when - * to stop the loop on the expanded size (padding and encryption - * expansion) of early data on server side and the number of early data - * received so far by the server (multiple of the expanded size). - */ - if ((expanded_early_data_chunk_size != 0) && - ((server_ep.ssl.total_early_data_size + - expanded_early_data_chunk_size) > max_early_data_size)) { - break; - } - - for (size_t i = 0; i < write_size; i++) { - buf_write[i] = (unsigned char) (written_early_data_size + i); - } - - ret = write_early_data(&(client_ep.ssl), buf_write, write_size); - TEST_EQUAL(ret, write_size); - written_early_data_size += write_size; - - switch (scenario) { - case TEST_EARLY_DATA_ACCEPTED: - while (read_early_data_size < write_size) { - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); - - ret = mbedtls_ssl_read_early_data(&(server_ep.ssl), - buf_read, read_size); - TEST_ASSERT(ret > 0); - - TEST_MEMORY_COMPARE(buf_read, ret, - buf_write + read_early_data_size, ret); - read_early_data_size += ret; - - TEST_EQUAL(server_ep.ssl.total_early_data_size, - written_early_data_size); - } - break; - - case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ - case TEST_EARLY_DATA_HRR: - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - /* - * In this write loop we try to always stay below the - * max_early_data_size limit but if max_early_data_size is very - * small we may exceed the max_early_data_size limit on the - * first write. In TEST_EARLY_DATA_SERVER_REJECTS/ - * TEST_EARLY_DATA_HRR scenario, this is for sure the case if - * max_early_data_size is smaller than the smallest possible - * inner content/protected record. Take into account this - * possibility here but only for max_early_data_size values - * that are close to write_size. Below, '1' is for the inner - * type byte and '16' is to take into account some AEAD - * expansion (tag, ...). - */ - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { - if (scenario == TEST_EARLY_DATA_SERVER_REJECTS) { - TEST_LE_U(max_early_data_size, - write_size + 1 + - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - } else { - TEST_LE_U(max_early_data_size, - write_size + 1 + 16 + - MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); - } - goto exit; - } - - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - - TEST_EQUAL(server_pattern.counter, 1); - server_pattern.counter = 0; - if (expanded_early_data_chunk_size == 0) { - expanded_early_data_chunk_size = server_ep.ssl.total_early_data_size; - } - break; - } - TEST_LE_U(server_ep.ssl.total_early_data_size, max_early_data_size); - } while (1); - - mbedtls_debug_set_threshold(3); - ret = write_early_data(&(client_ep.ssl), buf_write, write_size); - TEST_EQUAL(ret, write_size); - - ret = mbedtls_snprintf(pattern, sizeof(pattern), - "EarlyData: Too much early data received"); - TEST_ASSERT(ret < (int) sizeof(pattern)); - - ret = mbedtls_ssl_handshake(&(server_ep.ssl)); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); - TEST_EQUAL(server_pattern.counter, 1); - -exit: - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_free_handshake_options(&client_options); - mbedtls_test_free_handshake_options(&server_options); - mbedtls_ssl_session_free(&saved_session); - mbedtls_free(buf_write); - mbedtls_free(buf_read); - mbedtls_debug_set_threshold(0); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -void inject_client_content_on_the_wire(int pk_alg, - int state, data_t *data, - char *log_pattern, int expected_ret) -{ - /* This function allows us to inject content at a specific state - * in the handshake, or when it's completed. The content is injected - * on the mock TCP socket, as if we were an active network attacker. - * - * This function is suitable to inject: - * - crafted records, at any point; - * - valid records that contain crafted handshake messages, but only - * when the traffic is still unprotected (for TLS 1.2 that's most of the - * handshake, for TLS 1.3 that's only the Hello messages); - * - handshake messages that are fragmented in a specific way, - * under the same conditions as above. - */ - enum { BUFFSIZE = 16384 }; - mbedtls_test_ssl_endpoint server, client; - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - mbedtls_test_ssl_log_pattern srv_pattern; - memset(&srv_pattern, 0, sizeof(srv_pattern)); - int ret = -1; - - PSA_INIT(); - - srv_pattern.pattern = log_pattern; - options.srv_log_obj = &srv_pattern; - options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(3); - - options.pk_alg = pk_alg; - - ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, - BUFFSIZE); - TEST_EQUAL(ret, 0); - - /* Make the server move to the required state */ - ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, state); - TEST_EQUAL(ret, 0); - - /* Send the crafted message */ - ret = mbedtls_test_mock_tcp_send_b(&client.socket, data->x, data->len); - TEST_EQUAL(ret, (int) data->len); - - /* Have the server process it. - * Need the loop because a server that support 1.3 and 1.2 - * will process a 1.2 ClientHello in two steps. - */ - do { - ret = mbedtls_ssl_handshake_step(&server.ssl); - } while (ret == 0 && server.ssl.state == state); - TEST_EQUAL(ret, expected_ret); - TEST_ASSERT(srv_pattern.counter >= 1); - -exit: - mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&server); - mbedtls_test_ssl_endpoint_free(&client); - mbedtls_debug_set_threshold(0); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ -void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, - char *log_pattern, int expected_ret) -{ - /* This function sends a long message (claiming to be a ClientHello) - * fragmented in 1-byte fragments (except the initial fragment). - * The purpose is to test how the stack reacts when receiving: - * - a message larger than our buffer; - * - a message smaller than our buffer, but where the intermediate size of - * holding all the fragments (including overhead) is larger than our - * buffer. - */ - enum { BUFFSIZE = 16384 }; - mbedtls_test_ssl_endpoint server, client; - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_platform_zeroize(&client, sizeof(client)); - - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - mbedtls_test_ssl_log_pattern srv_pattern; - memset(&srv_pattern, 0, sizeof(srv_pattern)); - - unsigned char *first_frag = NULL; - int ret = -1; - - size_t hs_len = (size_t) hs_len_int; - size_t first_frag_content_len = (size_t) first_frag_content_len_int; - - PSA_INIT(); - - srv_pattern.pattern = log_pattern; - options.srv_log_obj = &srv_pattern; - options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(1); - - // Does't really matter but we want to know to declare dependencies. - options.pk_alg = MBEDTLS_PK_ECDSA; - - ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, - BUFFSIZE); - TEST_EQUAL(ret, 0); - - /* Make the server move past the initial dummy state */ - ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, - MBEDTLS_SSL_CLIENT_HELLO); - TEST_EQUAL(ret, 0); - - /* Prepare initial fragment */ - const size_t first_len = 5 // record header, see below - + 4 // handshake header, see balow - + first_frag_content_len; - TEST_CALLOC(first_frag, first_len); - unsigned char *p = first_frag; - // record header - // record type: handshake - *p++ = 0x16, - // record version (actually common to TLS 1.2 and TLS 1.3) - *p++ = 0x03, - *p++ = 0x03, - // record length: two bytes - *p++ = (unsigned char) (((4 + first_frag_content_len) >> 8) & 0xff); - *p++ = (unsigned char) (((4 + first_frag_content_len) >> 0) & 0xff); - // handshake header - // handshake type: ClientHello - *p++ = 0x01, - // handshake length: three bytes - *p++ = (unsigned char) ((hs_len >> 16) & 0xff); - *p++ = (unsigned char) ((hs_len >> 8) & 0xff); - *p++ = (unsigned char) ((hs_len >> 0) & 0xff); - // handshake content: dummy value - memset(p, 0x2a, first_frag_content_len); - - /* Send initial fragment and have the server process it. */ - ret = mbedtls_test_mock_tcp_send_b(&client.socket, first_frag, first_len); - TEST_ASSERT(ret >= 0 && (size_t) ret == first_len); - - ret = mbedtls_ssl_handshake_step(&server.ssl); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - - /* Dummy 1-byte fragment to repeatedly send next */ - const unsigned char next[] = { - 0x16, 0x03, 0x03, 0x00, 0x01, // record header (see above) - 0x2a, // Dummy handshake message content - }; - for (size_t left = hs_len - first_frag_content_len; left != 0; left--) { - ret = mbedtls_test_mock_tcp_send_b(&client.socket, next, sizeof(next)); - TEST_ASSERT(ret >= 0 && (size_t) ret == sizeof(next)); - - ret = mbedtls_ssl_handshake_step(&server.ssl); - if (ret != MBEDTLS_ERR_SSL_WANT_READ) { - break; - } - } - TEST_EQUAL(ret, expected_ret); - TEST_EQUAL(srv_pattern.counter, 1); - -exit: - mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&server); - mbedtls_test_ssl_endpoint_free(&client); - mbedtls_debug_set_threshold(0); - mbedtls_free(first_frag); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int use_context) -{ - /* Test that the client and server generate the same key. */ - - int ret = -1; - uint8_t *key_buffer_server = NULL; - uint8_t *key_buffer_client = NULL; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options options; - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_EQUAL(ret, 0); - - TEST_ASSERT(exported_key_length > 0); - TEST_CALLOC(key_buffer_server, exported_key_length); - TEST_CALLOC(key_buffer_client, exported_key_length); - - memset(key_buffer_server, 0, exported_key_length); - memset(key_buffer_client, 0, exported_key_length); - - char label[] = "test-label"; - unsigned char context[128] = { 0 }; - ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, - key_buffer_server, (size_t) exported_key_length, - label, sizeof(label), - context, sizeof(context), use_context); - TEST_EQUAL(ret, 0); - ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, - key_buffer_client, (size_t) exported_key_length, - label, sizeof(label), - context, sizeof(context), use_context); - TEST_EQUAL(ret, 0); - TEST_EQUAL(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length), 0); - -exit: - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_free_handshake_options(&options); - mbedtls_free(key_buffer_server); - mbedtls_free(key_buffer_client); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void ssl_tls_exporter_uses_label(int proto) -{ - /* Test that the client and server export different keys when using different labels. */ - - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options options; - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_EQUAL(ret, 0); - - char label_server[] = "test-label-server"; - char label_client[] = "test-label-client"; - uint8_t key_buffer_server[24] = { 0 }; - uint8_t key_buffer_client[24] = { 0 }; - unsigned char context[128] = { 0 }; - ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, - key_buffer_server, sizeof(key_buffer_server), - label_server, sizeof(label_server), - context, sizeof(context), 1); - TEST_EQUAL(ret, 0); - ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, - key_buffer_client, sizeof(key_buffer_client), - label_client, sizeof(label_client), - context, sizeof(context), 1); - TEST_EQUAL(ret, 0); - TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); - -exit: - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_free_handshake_options(&options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void ssl_tls_exporter_uses_context(int proto) -{ - /* Test that the client and server export different keys when using different contexts. */ - - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options options; - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_EQUAL(ret, 0); - - char label[] = "test-label"; - uint8_t key_buffer_server[24] = { 0 }; - uint8_t key_buffer_client[24] = { 0 }; - unsigned char context_server[128] = { 0 }; - unsigned char context_client[128] = { 23 }; - ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, - key_buffer_server, sizeof(key_buffer_server), - label, sizeof(label), - context_server, sizeof(context_server), 1); - TEST_EQUAL(ret, 0); - ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, - key_buffer_client, sizeof(key_buffer_client), - label, sizeof(label), - context_client, sizeof(context_client), 1); - TEST_EQUAL(ret, 0); - TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); - -exit: - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_free_handshake_options(&options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void ssl_tls13_exporter_uses_length(void) -{ - /* In TLS 1.3, when two keys are exported with the same parameters except one is shorter, - * the shorter key should NOT be a prefix of the longer one. */ - - int ret = -1; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options options; - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, - &client_ep, - &options, - MBEDTLS_SSL_VERSION_TLS1_3); - TEST_EQUAL(ret, 0); - - char label[] = "test-label"; - uint8_t key_buffer_server[16] = { 0 }; - uint8_t key_buffer_client[24] = { 0 }; - unsigned char context[128] = { 0 }; - ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, - key_buffer_server, sizeof(key_buffer_server), - label, sizeof(label), - context, sizeof(context), 1); - TEST_EQUAL(ret, 0); - ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, - key_buffer_client, sizeof(key_buffer_client), - label, sizeof(label), - context, sizeof(context), 1); - TEST_EQUAL(ret, 0); - TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); - -exit: - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_free_handshake_options(&options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void ssl_tls_exporter_rejects_bad_parameters( - int proto, int exported_key_length, int label_length, int context_length) -{ - int ret = -1; - uint8_t *key_buffer = NULL; - char *label = NULL; - uint8_t *context = NULL; - mbedtls_test_ssl_endpoint client_ep, server_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - mbedtls_test_handshake_test_options options; - - TEST_ASSERT(exported_key_length > 0); - TEST_ASSERT(label_length > 0); - TEST_ASSERT(context_length > 0); - TEST_CALLOC(key_buffer, exported_key_length); - TEST_CALLOC(label, label_length); - TEST_CALLOC(context, context_length); - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_EQUAL(ret, 0); - - ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, - key_buffer, exported_key_length, - label, label_length, - context, context_length, 1); - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - -exit: - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_free_handshake_options(&options); - mbedtls_free(key_buffer); - mbedtls_free(label); - mbedtls_free(context); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void ssl_tls_exporter_too_early(int proto, int check_server, int state) -{ - enum { BUFFSIZE = 1024 }; - - int ret = -1; - mbedtls_test_ssl_endpoint server_ep, client_ep; - memset(&client_ep, 0, sizeof(client_ep)); - memset(&server_ep, 0, sizeof(server_ep)); - - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - options.server_min_version = proto; - options.client_min_version = proto; - options.server_max_version = proto; - options.client_max_version = proto; - - MD_OR_USE_PSA_INIT(); - - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options); - TEST_EQUAL(ret, 0); - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options); - TEST_EQUAL(ret, 0); - - ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE); - TEST_EQUAL(ret, 0); - - if (check_server) { - ret = mbedtls_test_move_handshake_to_state(&server_ep.ssl, &client_ep.ssl, state); - } else { - ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state); - } - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - TEST_EQUAL(ret, 0); - } - - char label[] = "test-label"; - uint8_t key_buffer[24] = { 0 }; - ret = mbedtls_ssl_export_keying_material(check_server ? &server_ep.ssl : &client_ep.ssl, - key_buffer, sizeof(key_buffer), - label, sizeof(label), - NULL, 0, 0); - - /* FIXME: A more appropriate error code should be created for this case. */ - TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - -exit: - mbedtls_test_ssl_endpoint_free(&server_ep); - mbedtls_test_ssl_endpoint_free(&client_ep); - mbedtls_test_free_handshake_options(&options); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data deleted file mode 100644 index 8220cb0b92..0000000000 --- a/tests/suites/test_suite_ssl.records.data +++ /dev/null @@ -1,162 +0,0 @@ -Recombine server flight 1: TLS 1.2, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.3, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.2, coalesce 2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:2:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.2, coalesce 3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:3:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.2, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -# TLS 1.3 has a single non-encrypted handshake record, so this doesn't -# actually perform any coalescing. Run the test case anyway, but this does -# very little beyond exercising the test code itself a little. -Recombine server flight 1: TLS 1.3, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.2, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.3, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.2, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.3, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -# The library doesn't support an initial handshake fragment that doesn't -# contain the full 4-byte handshake header. -Recombine server flight 1: TLS 1.2, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.2, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.2, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.2, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ - -Recombine server flight 1: TLS 1.3, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ - -Recombine server flight 1: TLS 1.2, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.2, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -Recombine server flight 1: TLS 1.2, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -Recombine server flight 1: TLS 1.3, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD - -# Since there is a single unencrypted handshake message in the first flight -# from the server, and the test code that recombines handshake records can only -# handle plaintext records, we can't have TLS 1.3 tests with coalesced -# handshake messages. Hence most coalesce-and-split test cases are 1.2-only. - -Recombine server flight 1: TLS 1.2, coalesce and split at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -# The last message of the first flight from the server is ServerHelloDone, -# which is an empty handshake message, i.e. of length 4. The library doesn't -# support fragmentation of a handshake header, so the last place where we -# can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the -# previous handshake message and 4 bytes of ServerHelloDone including header. -Recombine server flight 1: TLS 1.2, coalesce and split at end-5 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:-5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 - -Recombine server flight 1: TLS 1.2, coalesce and split at both ends -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data deleted file mode 100644 index 7817c4f501..0000000000 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ /dev/null @@ -1,215 +0,0 @@ -# (Minimal) ClientHello breakdown: -# 160303rlrl - record header, 2-byte record contents len -# 01hlhlhl - handshake header, 3-byte handshake message len -# 0303 - protocol version: 1.2 -# 0123456789abcdef (repeated, 4 times total) - 32-byte "random" -# 00 - session ID (empty) -# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) -# 0100 - compression methods: 1-byte len then "null" (only legal value now) -# [then end, or extensions, see notes below] -# elel - 2-byte extensions length -# ... -# 000a - elliptic_curves aka supported_groups -# 0004 - extension length -# 0002 - length of named_curve_list / named_group_list -# 0017 - secp256r1 aka NIST P-256 -# ... -# 002b - supported version (for TLS 1.3) -# 0003 - extension length -# 02 - length of versions -# 0304 - TLS 1.3 ("SSL 3.4") -# ... -# 000d - signature algorithms -# 0004 - extension length -# 0002 - SignatureSchemeList length -# 0403 - ecdsa_secp256r1_sha256 -# ... -# 0033 - key share -# 0002 - extension length -# 0000 - length of client_shares (empty is valid) -# -# Note: currently our TLS "1.3 or 1.2" code requires extension length to be -# present even it it's 0. This is not strictly compliant but doesn't matter -# much in practice as these days everyone wants to use signature_algorithms -# (for hashes better than SHA-1), secure_renego (even if you have renego -# disabled), and most people want either ECC or PSK related extensions. -# See https://github.com/Mbed-TLS/mbedtls/issues/9963 -# -# Also, currently we won't negotiate ECC ciphersuites unless at least the -# supported_groups extension is present, see -# https://github.com/Mbed-TLS/mbedtls/issues/7458 -# -# For TLS 1.3 with ephemeral key exchange, mandatory extensions are: -# - supported versions (as for all of TLS 1.3) -# - supported groups -# - key share -# - signature algorithms -# (see ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()). -# -# Note: cccc is currently not assigned, so can be used get a consistent -# "no matching ciphersuite" behaviour regardless of the configuration. -# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) -# 1301 is MBEDTLS_TLS1_3_AES_128_GCM_SHA256 (1.3) - -# See "ClientHello breakdown" above -# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 -Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 - -# See "ClientHello breakdown" above -# Same as the above test with s/c02b/cccc/ as the ciphersuite -Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# Same as the above test with s/1301/cccc/ as the ciphersuite -Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -# The purpose of this test case is to ensure nothing bad happens when the -# connection is closed while we're waiting for more fragments. -Inject ClientHello - TLS 1.3 4 + 71 then EOF (missing 1 byte) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -# The purpose of this test case is to ensure nothing bad happens when the -# connection is closed while we're waiting for more fragments. -Inject ClientHello - TLS 1.3 4 then EOF (missing 72 bytes) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD - -# The buffer is actually larger than IN_CONTENT_LEN as we leave room for -# record protection overhead (IV, MAC/tag, padding (up to 256 bytes)), CID... -# The maximum size for an unencrypted (and without CID which is DTLS only) -# handshake message we can hold in the buffer is -# MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4 -# (the 4 is for the handshake header). -# However, due to overhead, fragmented messages need to be 5 bytes shorter in -# order to actually fit (leave room for an extra record header). -Send large fragmented ClientHello: reassembled 1 byte larger than the buffer -send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would just fit except for overhead -send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit except for overhead (1) -send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 5:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit except for overhead (2) -send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 6:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit except for overhead (3) -send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 7:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit except for overhead (4) -send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 8:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -# Since we're sending dummy contents (all 0x2a) for the ClientHello, -# the first thing that's going to fail is the version check. The fact that we -# got around to checking it confirms reassembly completed sucessfully. -Send large fragmented ClientHello: just fits -send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 9:0:"Unsupported version of TLS":MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION - -# We're generating a virtual record header for the reassembled HS message, -# which requires that the length fits in two bytes. Of course we won't get -# there because if the length doesn't fit in two bytes then the message won't -# fit in the buffer, but still add a test just in case. -Send large fragmented ClientHello: length doesn't fit in two bytes -send_large_fragmented_hello:0x10000:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function deleted file mode 100644 index 7a22939eb4..0000000000 --- a/tests/suites/test_suite_ssl_decrypt.function +++ /dev/null @@ -1,313 +0,0 @@ -/* BEGIN_HEADER */ -/* Testing of mbedtls_ssl_decrypt_buf() specifically, focusing on negative - * testing (using malformed inputs). */ - -#include -#include -#include - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_SSL_TLS_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_NULL_CIPHERSUITES */ -void ssl_decrypt_null(int hash_id) -{ - mbedtls_ssl_transform transform_in, transform_out; - mbedtls_ssl_transform_init(&transform_in); - mbedtls_ssl_transform_init(&transform_out); - const mbedtls_ssl_protocol_version version = MBEDTLS_SSL_VERSION_TLS1_2; - const mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NULL; - mbedtls_record rec_good = { - .ctr = { 0 }, - .type = MBEDTLS_SSL_MSG_APPLICATION_DATA, - .ver = { 0, 0 }, /* Will be set by a function call below */ - .buf = NULL, - .buf_len = 0, - .data_offset = 0, - .data_len = 0, -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - .cid_len = 0, - .cid = { 0 }, -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - }; - mbedtls_ssl_write_version(rec_good.ver, - MBEDTLS_SSL_TRANSPORT_STREAM, - version); - /* We need to tell the compiler that we meant to leave out the null character. */ - const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC"; - mbedtls_ssl_context ssl; - mbedtls_ssl_init(&ssl); - uint8_t *buf = NULL; - - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_test_ssl_build_transforms(&transform_in, &transform_out, - cipher_type, hash_id, 0, 0, - version, - 0, 0), 0); - - const size_t plaintext_length = sizeof(sample_plaintext); - rec_good.buf_len = plaintext_length + transform_in.maclen; - rec_good.data_len = plaintext_length; - TEST_CALLOC(rec_good.buf, rec_good.buf_len); - memcpy(rec_good.buf, sample_plaintext, plaintext_length); - TEST_EQUAL(mbedtls_test_ssl_prepare_record_mac(&rec_good, - &transform_out), 0); - - /* Good case */ - mbedtls_record rec = rec_good; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), 0); - - /* Change any one byte of the plaintext or MAC. The MAC will be wrong. */ - TEST_CALLOC(buf, rec.buf_len); - for (size_t i = 0; i < rec.buf_len; i++) { - mbedtls_test_set_step(i); - rec = rec_good; - rec.buf = buf; - memcpy(buf, rec_good.buf, rec.buf_len); - buf[i] ^= 1; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INVALID_MAC); - } - mbedtls_free(buf); - buf = NULL; - - /* Shorter input buffer. Either the MAC will be wrong, or there isn't - * enough room for a MAC. */ - for (size_t n = 1; n < rec.buf_len; n++) { - mbedtls_test_set_step(n); - rec = rec_good; - TEST_CALLOC(buf, n); - rec.buf = buf; - rec.buf_len = n; - rec.data_len = n; - memcpy(buf, rec_good.buf, n); - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INVALID_MAC); - mbedtls_free(buf); - buf = NULL; - } - - /* For robustness, check a 0-length buffer (non-null, then null). - * This should not reach mbedtls_ssl_decrypt_buf() as used in the library, - * so the exact error doesn't matter, but we don't want a crash. */ - { - const uint8_t buf1[1] = { 'a' }; - rec = rec_good; - /* We won't write to buf1[0] since it's out of range, so we can cast - * the const away. */ - rec.buf = (uint8_t *) buf1; - rec.buf_len = 0; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INTERNAL_ERROR); - } - rec = rec_good; - rec.buf = NULL; - rec.buf_len = 0; - TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), - MBEDTLS_ERR_SSL_INTERNAL_ERROR); - -exit: - mbedtls_ssl_transform_free(&transform_in); - mbedtls_ssl_transform_free(&transform_out); - mbedtls_free(rec_good.buf); - mbedtls_ssl_free(&ssl); - mbedtls_free(buf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROTO_TLS1_2 */ -void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, - int length_selector) -{ - /* - * Test record decryption for CBC without EtM, focused on the verification - * of padding and MAC. - * - * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since - * the test framework doesn't support alternation in dependency statements, - * just depend on AES. - * - * The length_selector argument is interpreted as follows: - * - if it's -1, the plaintext length is 0 and minimal padding is applied - * - if it's -2, the plaintext length is 0 and maximal padding is applied - * - otherwise it must be in [0, 255] and is padding_length from RFC 5246: - * it's the length of the rest of the padding, that is, excluding the - * byte that encodes the length. The minimal non-zero plaintext length - * that gives this padding_length is automatically selected. - */ - mbedtls_ssl_context ssl; /* ONLY for debugging */ - mbedtls_ssl_transform t0, t1; - mbedtls_record rec, rec_save; - unsigned char *buf = NULL, *buf_save = NULL; - size_t buflen, olen = 0; - size_t plaintext_len, block_size, i; - unsigned char padlen; /* excluding the padding_length byte */ - int exp_ret; - int ret; - const unsigned char pad_max_len = 255; /* Per the standard */ - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - /* Set up transforms with dummy keys */ - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - 0, trunc_hmac, - MBEDTLS_SSL_VERSION_TLS1_2, - 0, 0); - - TEST_ASSERT(ret == 0); - - /* Determine padding/plaintext length */ - TEST_ASSERT(length_selector >= -2 && length_selector <= 255); - block_size = t0.ivlen; - if (length_selector < 0) { - plaintext_len = 0; - - /* Minimal padding - * The +1 is for the padding_length byte, not counted in padlen. */ - padlen = block_size - (t0.maclen + 1) % block_size; - - /* Maximal padding? */ - if (length_selector == -2) { - padlen += block_size * ((pad_max_len - padlen) / block_size); - } - } else { - padlen = length_selector; - - /* Minimal non-zero plaintext_length giving desired padding. - * The +1 is for the padding_length byte, not counted in padlen. */ - plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size; - } - - /* Prepare a buffer for record data */ - buflen = block_size - + plaintext_len - + t0.maclen - + padlen + 1; - TEST_CALLOC(buf, buflen); - TEST_CALLOC(buf_save, buflen); - - /* Prepare a dummy record header */ - memset(rec.ctr, 0, sizeof(rec.ctr)); - rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* Prepare dummy record content */ - rec.buf = buf; - rec.buf_len = buflen; - rec.data_offset = block_size; - rec.data_len = plaintext_len; - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Set dummy IV */ - memset(t0.iv_enc, 0x55, t0.ivlen); - memcpy(rec.buf, t0.iv_enc, t0.ivlen); - - /* - * Prepare a pre-encryption record (with MAC and padding), and save it. - */ - TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0)); - - /* Pad */ - memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1); - rec.data_len += padlen + 1; - - /* Save correct pre-encryption record */ - rec_save = rec; - rec_save.buf = buf_save; - memcpy(buf_save, buf, buflen); - - /* - * Encrypt and decrypt the correct record, expecting success - */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - - /* - * Modify each byte of the pre-encryption record before encrypting and - * decrypting it, expecting failure every time. - */ - for (i = block_size; i < buflen; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ - rec.buf[i] ^= 0x01; - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure */ - TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC, - mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - - /* - * Use larger values of the padding bytes - with small buffers, this tests - * the case where the announced padlen would be larger than the buffer - * (and before that, than the buffer minus the size of the MAC), to make - * sure our padding checking code does not perform any out-of-bounds reads - * in this case. (With larger buffers, ie when the plaintext is long or - * maximal length padding is used, this is less relevant but still doesn't - * hurt to test.) - * - * (Start the loop with correct padding, just to double-check that record - * saving did work, and that we're overwriting the correct bytes.) - */ - for (i = padlen; i <= pad_max_len; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Set padding bytes to new value */ - memset(buf + buflen - padlen - 1, i, padlen + 1); - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure except the first time */ - exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; - TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - mbedtls_free(buf); - mbedtls_free(buf_save); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data deleted file mode 100644 index e7bdba396f..0000000000 --- a/tests/suites/test_suite_ssl_decrypt.misc.data +++ /dev/null @@ -1,399 +0,0 @@ -Decrypt null cipher, MD5 -depends_on:PSA_WANT_ALG_MD5 -ssl_decrypt_null:MBEDTLS_MD_MD5 - -Decrypt null cipher, SHA-1 -depends_on:PSA_WANT_ALG_SHA_1 -ssl_decrypt_null:MBEDTLS_MD_SHA1 - -Decrypt null cipher, SHA-256 -depends_on:PSA_WANT_ALG_SHA_256 -ssl_decrypt_null:MBEDTLS_MD_SHA256 - -Decrypt null cipher, SHA-384 -depends_on:PSA_WANT_ALG_SHA_384 -ssl_decrypt_null:MBEDTLS_MD_SHA384 - -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 diff --git a/tests/suites/test_suite_test_helpers.data b/tests/suites/test_suite_test_helpers.data deleted file mode 100644 index 1d221d7bf1..0000000000 --- a/tests/suites/test_suite_test_helpers.data +++ /dev/null @@ -1,23 +0,0 @@ -Memory poison+unpoison: offset=0 len=42 -memory_poison_unpoison:0:42 - -Memory poison+unpoison: offset=0 len=1 -memory_poison_unpoison:0:1 - -Memory poison+unpoison: offset=0 len=2 -memory_poison_unpoison:0:2 - -Memory poison+unpoison: offset=1 len=1 -memory_poison_unpoison:1:1 - -Memory poison+unpoison: offset=1 len=2 -memory_poison_unpoison:1:2 - -Memory poison+unpoison: offset=7 len=1 -memory_poison_unpoison:7:1 - -Memory poison+unpoison: offset=7 len=2 -memory_poison_unpoison:7:2 - -Memory poison+unpoison: offset=0 len=0 -memory_poison_unpoison:0:0 diff --git a/tests/suites/test_suite_test_helpers.function b/tests/suites/test_suite_test_helpers.function deleted file mode 100644 index 0139faf14f..0000000000 --- a/tests/suites/test_suite_test_helpers.function +++ /dev/null @@ -1,40 +0,0 @@ -/* BEGIN_HEADER */ - -/* Test some parts of the test framework. */ - -#include -#include - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES */ - -/* END_DEPENDENCIES */ - -/* BEGIN_CASE depends_on:MBEDTLS_TEST_MEMORY_CAN_POISON */ -/* Test that poison+unpoison leaves the memory accessible. */ -/* We can't test that poisoning makes the memory inaccessible: - * there's no sane way to catch an Asan/Valgrind complaint. - * That negative testing is done in framework/tests/programs/metatest.c. */ -void memory_poison_unpoison(int align, int size) -{ - unsigned char *buf = NULL; - const size_t buffer_size = align + size; - TEST_CALLOC(buf, buffer_size); - - for (size_t i = 0; i < buffer_size; i++) { - buf[i] = (unsigned char) (i & 0xff); - } - - const unsigned char *start = buf == NULL ? NULL : buf + align; - mbedtls_test_memory_poison(start, (size_t) size); - mbedtls_test_memory_unpoison(start, (size_t) size); - - for (size_t i = 0; i < buffer_size; i++) { - TEST_EQUAL(buf[i], (unsigned char) (i & 0xff)); - } - -exit: - mbedtls_free(buf); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data deleted file mode 100644 index de89239e76..0000000000 --- a/tests/suites/test_suite_timing.data +++ /dev/null @@ -1,8 +0,0 @@ -Timing: get timer -timing_get_timer: - -Timing: delay 0ms -timing_delay:0: - -Timing: delay 100ms -timing_delay:100: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function deleted file mode 100644 index 4143a1c511..0000000000 --- a/tests/suites/test_suite_timing.function +++ /dev/null @@ -1,57 +0,0 @@ -/* BEGIN_HEADER */ - -/* This test module exercises the timing module. Since, depending on the - * underlying operating system, the timing routines are not always reliable, - * this suite only performs very basic sanity checks of the timing API. - */ - -#include - -#include "mbedtls/timing.h" - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_TIMING_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void timing_get_timer() -{ - struct mbedtls_timing_hr_time time; - - memset(&time, 0, sizeof(time)); - - (void) mbedtls_timing_get_timer(&time, 1); - - /* Check that a non-zero time was written back */ - int all_zero = 1; - for (size_t i = 0; i < sizeof(time); i++) { - all_zero &= ((unsigned char *) &time)[i] == 0; - } - TEST_ASSERT(!all_zero); - - (void) mbedtls_timing_get_timer(&time, 0); - - /* This goto is added to avoid warnings from the generated code. */ - goto exit; -} -/* END_CASE */ - -/* BEGIN_CASE */ -void timing_delay(int fin_ms) -{ - mbedtls_timing_delay_context ctx; - int result; - if (fin_ms == 0) { - mbedtls_timing_set_delay(&ctx, 0, 0); - result = mbedtls_timing_get_delay(&ctx); - TEST_ASSERT(result == -1); - } else { - mbedtls_timing_set_delay(&ctx, fin_ms / 2, fin_ms); - result = mbedtls_timing_get_delay(&ctx); - TEST_ASSERT(result >= 0 && result <= 2); - } -} -/* END_CASE */ diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data deleted file mode 100644 index 3c818583fd..0000000000 --- a/tests/suites/test_suite_version.data +++ /dev/null @@ -1,15 +0,0 @@ -Check compile time library version -check_compiletime_version:"4.0.0" - -Check runtime library version -check_runtime_version:"4.0.0" - -Check for MBEDTLS_VERSION_C -check_feature:"MBEDTLS_VERSION_C":0 - -Check for MBEDTLS_TIMING_C when already present -depends_on:MBEDTLS_TIMING_C -check_feature:"MBEDTLS_TIMING_C":0 - -Check for unknown define -check_feature:"MBEDTLS_UNKNOWN":-1 diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function deleted file mode 100644 index af0eb86d23..0000000000 --- a/tests/suites/test_suite_version.function +++ /dev/null @@ -1,71 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/version.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_VERSION_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void check_compiletime_version(char *version_str) -{ - char build_str[100]; - char build_str_full[100]; - unsigned int build_int; - - memset(build_str, 0, 100); - memset(build_str_full, 0, 100); - - mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH); - - mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR, - MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH); - - build_int = MBEDTLS_VERSION_MAJOR << 24 | - MBEDTLS_VERSION_MINOR << 16 | - MBEDTLS_VERSION_PATCH << 8; - - TEST_ASSERT(build_int == MBEDTLS_VERSION_NUMBER); - TEST_ASSERT(strcmp(build_str, MBEDTLS_VERSION_STRING) == 0); - TEST_ASSERT(strcmp(build_str_full, MBEDTLS_VERSION_STRING_FULL) == 0); - TEST_ASSERT(strcmp(version_str, MBEDTLS_VERSION_STRING) == 0); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void check_runtime_version(char *version_str) -{ - char build_str[100]; - const char *get_str; - char build_str_full[100]; - const char *get_str_full; - unsigned int get_int; - - memset(build_str, 0, 100); - memset(build_str_full, 0, 100); - - get_int = mbedtls_version_get_number(); - get_str = mbedtls_version_get_string(); - get_str_full = mbedtls_version_get_string_full(); - - mbedtls_snprintf(build_str, 100, "%u.%u.%u", - (get_int >> 24) & 0xFF, - (get_int >> 16) & 0xFF, - (get_int >> 8) & 0xFF); - mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str); - - TEST_ASSERT(strcmp(build_str, version_str) == 0); - TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0); - TEST_ASSERT(strcmp(version_str, get_str) == 0); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_VERSION_FEATURES */ -void check_feature(char *feature, int result) -{ - int check = mbedtls_version_check_feature(feature); - TEST_ASSERT(check == result); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data deleted file mode 100644 index 09bd6523a0..0000000000 --- a/tests/suites/test_suite_x509_oid.data +++ /dev/null @@ -1,106 +0,0 @@ -OID get Any Policy certificate policy -oid_get_certificate_policies:"551D2000":"Any Policy" - -OID get certificate policy invalid oid -oid_get_certificate_policies:"5533445566":"" - -OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier -oid_get_certificate_policies:"551D23":"" - -OID get Ext Key Usage - id-kp-serverAuth -oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication" - -OID get Ext Key Usage - id-kp-clientAuth -oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication" - -OID get Ext Key Usage - id-kp-codeSigning -oid_get_extended_key_usage:"2B06010505070303":"Code Signing" - -OID get Ext Key Usage - id-kp-emailProtection -oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection" - -OID get Ext Key Usage - id-kp-timeStamping -oid_get_extended_key_usage:"2B06010505070308":"Time Stamping" - -OID get Ext Key Usage - id-kp-OCSPSigning -oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing" - -OID get Ext Key Usage - id-kp-wisun-fan-device -oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)" - -OID get Ext Key Usage invalid oid -oid_get_extended_key_usage:"5533445566":"" - -OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier -oid_get_extended_key_usage:"551D23":"" - -OID get x509 extension - id-ce-basicConstraints -oid_get_x509_extension:"551D13":MBEDTLS_X509_EXT_BASIC_CONSTRAINTS - -OID get x509 extension - id-ce-keyUsage -oid_get_x509_extension:"551D0F":MBEDTLS_X509_EXT_KEY_USAGE - -OID get x509 extension - id-ce-extKeyUsage -oid_get_x509_extension:"551D25":MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE - -OID get x509 extension - id-ce-subjectAltName -oid_get_x509_extension:"551D11":MBEDTLS_X509_EXT_SUBJECT_ALT_NAME - -OID get x509 extension - id-netscape-certtype -oid_get_x509_extension:"6086480186F8420101":MBEDTLS_X509_EXT_NS_CERT_TYPE - -OID get x509 extension - id-ce-certificatePolicies -oid_get_x509_extension:"551D20":MBEDTLS_X509_EXT_CERTIFICATE_POLICIES - -OID get x509 extension - invalid oid -oid_get_x509_extension:"5533445566":0 - -OID get x509 extension - wrong oid - id-ce -oid_get_x509_extension:"551D":0 - -OID hash id - id-md5 -depends_on:PSA_WANT_ALG_MD5 -oid_get_md_alg_id:"2A864886f70d0205":MBEDTLS_MD_MD5 - -OID hash id - id-sha1 -depends_on:PSA_WANT_ALG_SHA_1 -oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1 - -OID hash id - id-sha224 -depends_on:PSA_WANT_ALG_SHA_224 -oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224 - -OID hash id - id-sha256 -depends_on:PSA_WANT_ALG_SHA_256 -oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256 - -OID hash id - id-sha384 -depends_on:PSA_WANT_ALG_SHA_384 -oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384 - -OID hash id - id-sha512 -depends_on:PSA_WANT_ALG_SHA_512 -oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512 - -OID hash id - id-sha3-224 -depends_on:PSA_WANT_ALG_SHA3_224 -oid_get_md_alg_id:"608648016503040207":MBEDTLS_MD_SHA3_224 - -OID hash id - id-sha3-256 -depends_on:PSA_WANT_ALG_SHA3_256 -oid_get_md_alg_id:"608648016503040208":MBEDTLS_MD_SHA3_256 - -OID hash id - id-sha3-384 -depends_on:PSA_WANT_ALG_SHA3_384 -oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384 - -OID hash id - id-sha3-512 -depends_on:PSA_WANT_ALG_SHA3_512 -oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512 - -OID hash id - id-ripemd160 -depends_on:PSA_WANT_ALG_RIPEMD160 -oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 - -OID hash id - invalid oid -oid_get_md_alg_id:"2B864886f70d0204":-1 diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function deleted file mode 100644 index b988aa0f67..0000000000 --- a/tests/suites/test_suite_x509_oid.function +++ /dev/null @@ -1,92 +0,0 @@ -/* BEGIN_HEADER */ -#include "x509_oid.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "string.h" -/* END_HEADER */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void oid_get_certificate_policies(data_t *oid, char *result_str) -{ - mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; - int ret; - const char *desc; - - asn1_buf.tag = MBEDTLS_ASN1_OID; - asn1_buf.p = oid->x; - asn1_buf.len = oid->len; - - ret = mbedtls_x509_oid_get_certificate_policies(&asn1_buf, &desc); - if (strlen(result_str) == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); - } else { - TEST_ASSERT(ret == 0); - TEST_ASSERT(strcmp((char *) desc, result_str) == 0); - } -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void oid_get_extended_key_usage(data_t *oid, char *result_str) -{ - mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; - int ret; - const char *desc; - - asn1_buf.tag = MBEDTLS_ASN1_OID; - asn1_buf.p = oid->x; - asn1_buf.len = oid->len; - - ret = mbedtls_x509_oid_get_extended_key_usage(&asn1_buf, &desc); - if (strlen(result_str) == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); - } else { - TEST_ASSERT(ret == 0); - TEST_ASSERT(strcmp((char *) desc, result_str) == 0); - } -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ -void oid_get_x509_extension(data_t *oid, int exp_type) -{ - mbedtls_asn1_buf ext_oid = { 0, 0, NULL }; - int ret; - int ext_type; - - ext_oid.tag = MBEDTLS_ASN1_OID; - ext_oid.p = oid->x; - ext_oid.len = oid->len; - - ret = mbedtls_x509_oid_get_x509_ext_type(&ext_oid, &ext_type); - if (exp_type == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); - } else { - TEST_ASSERT(ret == 0); - TEST_ASSERT(ext_type == exp_type); - } -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ -void oid_get_md_alg_id(data_t *oid, int exp_md_id) -{ - mbedtls_asn1_buf md_oid = { 0, 0, NULL }; - int ret; - mbedtls_md_type_t md_id = 0; - - md_oid.tag = MBEDTLS_ASN1_OID; - md_oid.p = oid->x; - md_oid.len = oid->len; - - ret = mbedtls_x509_oid_get_md_alg(&md_oid, &md_id); - - if (exp_md_id < 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); - TEST_ASSERT(md_id == 0); - } else { - TEST_ASSERT(ret == 0); - TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); - } -} -/* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data deleted file mode 100644 index 14e7afa740..0000000000 --- a/tests/suites/test_suite_x509parse.data +++ /dev/null @@ -1,3486 +0,0 @@ -X509 CRT information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #1 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #2 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" - -X509 CRT information #3 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" - -X509 CRT information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_MD5 -x509_cert_info:"../framework/data_files/parse_input/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC, SHA256 Digest, hardware module name SAN -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-othername.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2023-06-20 09\:04\:43\nexpires on \: 2033-06-17 09\:04\:43\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n" - -X509 CRT information EC, SHA256 Digest, binary hardware module name SAN -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-nonprintable_othername.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2023-06-20 09\:49\:20\nexpires on \: 2033-06-17 09\:49\:20\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n" - -X509 CRT information EC, SHA256 Digest, directoryName SAN -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-directoryname.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-10 16\:59\:29\nexpires on \: 2033-01-07 16\:59\:29\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n" - -X509 CRT information EC, SHA256 Digest, two directoryName SANs -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-two-directorynames.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-12 10\:34\:11\nexpires on \: 2033-01-09 10\:34\:11\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n directoryName \: O=MALFORM_ME\n" - -X509 CRT information EC, SHA256 Digest, Wisun Fan device -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server5-fan.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2023-06-20 09\:49\:35\nexpires on \: 2033-06-17 09\:49\:35\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n" - -X509 CRT information, NS Cert Type -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" - -X509 CRT information, Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, Key Usage with decipherOnly -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n" - -X509 CRT information, Subject Alt Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" - -X509 CRT information, Multiple different Subject Alt Name -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n" - -X509 CRT information, Subject Alt Name + Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n iPAddress \: 192.168.1.1\n iPAddress \: 192.168.69.144\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, Subject Alt Name with uniformResourceIdentifier -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CRT information, RSA Certificate Policy any -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, ECDSA Certificate Policy any -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, RSA Certificate Policy any with qualifier -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, ECDSA Certificate Policy any with qualifier -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" - -X509 CRT information, RSA Certificate multiple Policies -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" - -X509 CRT information, ECDSA Certificate multiple Policies -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" - -X509 CRT information, RSA Certificate unsupported policy -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" - -X509 CRT information, ECDSA Certificate unsupported policy -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" - -X509 CRT information, Key Usage + Extended Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" - -X509 CRT information RSA signed by EC -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA -x509_cert_info:"../framework/data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information EC signed by RSA -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_cert_info:"../framework/data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" - -X509 CRT information Bitstring in subject name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=#030B0037313031303132323535\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" - -X509 CRT information Non-ASCII string in issuer name and subject name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nsubject name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" - -X509 CRT information Parsing IPv4 and IPv6 IP names -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_cert_info:"../framework/data_files/server5-tricky-ip-san.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2023-06-05 11\:30\:36\nexpires on \: 2033-06-02 11\:30\:36\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n" - -X509 SAN parsing otherName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-othername.crt.der":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n":0 - -X509 SAN parsing binary otherName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-nonprintable_othername.crt.der":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n":0 - -X509 SAN parsing directoryName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-directoryname.crt.der":"type \: 4\ndirectoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n":0 - -X509 SAN parsing directoryName, seq malformed -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-directoryname-seq-malformed.crt.der":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -X509 SAN parsing two directoryNames, second DN OID malformed -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 SAN parsing dNSName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0 - -X509 SAN parsing Multiple different types -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0 - -X509 SAN parsing, no subject alt name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA -x509_parse_san:"../framework/data_files/parse_input/server4.crt":"":0 - -X509 SAN parsing, unsupported otherName name -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/server5-unsupported_othername.crt.der":"":0 - -X509 SAN parsing rfc822Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_san:"../framework/data_files/parse_input/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0 - -X509 CRT information Parsing IP (invalid data) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_parse_san:"../framework/data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" - -X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" - -X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" - -X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" - -X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" - -X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" - -X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" - -X509 CRL information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1)\n" - -X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224)\n" - -X509 CRL information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256)\n" - -X509 CRL information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384)\n" - -X509 CRL information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512)\n" - -X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" - -X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" - -X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" - -X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" - -X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:PSA_HAVE_ALG_SOME_ECDSA -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" - -X509 CRL Malformed Input (trailing spaces at end of file) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_512:PSA_HAVE_ALG_ECDSA_VERIFY -mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT - -X509 CRL Unsupported critical extension (issuingDistributionPoint) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idp.pem":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL Unsupported non-critical extension (issuingDistributionPoint) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idpnc.pem":0 - -X509 CSR Information RSA with MD5 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" - -X509 CSR Information RSA with SHA256, containing commas -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" - -X509 CSR Information EC with SHA1 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA224 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA256 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA384 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information EC with SHA512 -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA-PSS with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" - -X509 CSR Information RSA with SHA256 - Microsoft header -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" - -X509 CSR Information v3 extensions #1 (all) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n" - -X509 CSR Information v3 extensions #2 (nsCertType only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n" - -X509 CSR Information v3 extensions #3 (subjectAltName only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" - -X509 CSR Information v3 extensions #4 (keyUsage only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n" - -X509 Verify Information: empty -x509_verify_info:0:"":"" - -X509 Verify Information: one issue -x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n" - -X509 Verify Information: two issues -x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" - -X509 Verify Information: two issues, one unknown -x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x80000000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" - -X509 Verify Information: empty, with prefix -x509_verify_info:0:" ! ":"" - -X509 Verify Information: one issue, with prefix -x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n" - -X509 Verify Information: two issues, with prefix -x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" - -X509 Get Distinguished Name #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -X509 Get Distinguished Name #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" - -X509 Get Distinguished Name #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost" - -X509 Get Distinguished Name #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" - -X509 Get Distinguished Name #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1" - -X509 Get Distinguished Name #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.hashsymbol.crt":"subject":"C=NL, O=\\#PolarSSL, CN=PolarSSL Server 1" - -X509 Get Distinguished Name #7 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.spaces.crt":"subject":"C=NL, O=\\ PolarSSL\\ , CN=PolarSSL Server 1" - -X509 Get Distinguished Name #8 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets:"../framework/data_files/server1.asciichars.crt":"subject":"C=NL, O=\\E6\\9E\\81\\E5\\9C\\B0SSL, CN=PolarSSL Server 1" - -X509 Get Modified DN #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"Modified":"C=NL, O=Modified, CN=PolarSSL Server 1":0 - -X509 Get Modified DN #2 Name exactly 255 bytes -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, CN=PolarSSL Server 1":0 - -X509 Get Modified DN #3 Name exceeds 255 bytes -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL - -X509 Get Modified DN #4 Name exactly 255 bytes, with comma requiring escaping -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"1234567890,1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL - -X509 Get Modified DN #5 Name exactly 255 bytes, ending with comma requiring escaping -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234,":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL - -X509 Get Next DN #1 No Multivalue RDNs -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, CN=PolarSSL Server 1":0:"C O CN":3:"C=NL, O=PolarSSL, CN=PolarSSL Server 1" - -X509 Get Next DN #2 Initial Multivalue RDN -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, CN=PolarSSL Server 1":0x01:"C CN":2:"C=NL + O=PolarSSL, CN=PolarSSL Server 1" - -X509 Get Next DN #3 Single Multivalue RDN -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, CN=PolarSSL Server 1":0x03:"C":1:"C=NL + O=PolarSSL + CN=PolarSSL Server 1" - -X509 Get Next DN #4 Consecutive Multivalue RDNs -mbedtls_x509_dn_get_next:"C=NL, O=PolarSSL, title=Example, CN=PolarSSL Server 1":0x05:"C title":2:"C=NL + O=PolarSSL, title=Example + CN=PolarSSL Server 1" - -# Parse the following valid DN: -# -# 31 0B <- Set of -# 30 09 <- Sequence of -# 06 03 55 04 06 <- OID 2.5.4.6 countryName (C) -# 13 02 4E 4C <- PrintableString "NL" -# 31 11 <- Set of -# 30 0F <- Sequence of -# 06 03 55 04 0A <- OID 2.5.4.10 organizationName (O) -# 0C 08 50 6F 6C 61 72 53 53 4C <- UTF8String "PolarSSL" -# 31 19 <- Set of -# 30 17 <- Sequence of -# 06 03 55 04 03 <- OID 2.5.4.3 commonName (CN) -# 0C 10 50 6F 6C 61 72 53 53 4C 20 54 65 73 74 20 43 41 <- UTF8String "PolarSSL Test CA" -# -X509 Get Name Valid DN -mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3119301706035504030C10506F6C617253534C2054657374204341":0 - -# Parse the following corrupted DN: -# -# 31 0B <- Set of -# 30 09 <- Sequence of -# 06 03 55 04 06 <- OID 2.5.4.6 countryName (C) -# 13 02 4E 4C <- PrintableString "NL" -# 31 11 <- Set of -# 30 0F <- Sequence of -# 06 03 55 04 0A <- OID 2.5.4.10 organizationName (O) -# 0C 08 50 6F 6C 61 72 53 53 4C <- UTF8String "PolarSSL" -# 30 19 <- Sequence of (corrupted) -# 30 17 <- Sequence of -# 06 03 55 04 03 <- OID 2.5.4.3 commonName (CN) -# 0C 10 50 6F 6C 61 72 53 53 4C 20 54 65 73 74 20 43 41 <- UTF8String "PolarSSL Test CA" -# -# The third 'Set of' is corrupted to instead be a 'Sequence of', causing an -# error and forcing mbedtls_x509_get_name() to clean up the names it has -# already allocated. -# -X509 Get Name Corrupted DN Mem Leak -mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3019301706035504030C10506F6C617253534C2054657374204341":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 Time Expired #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server1.crt":"valid_from":1 - -X509 Time Expired #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server1.crt":"valid_to":0 - -X509 Time Expired #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server2.crt":"valid_from":1 - -X509 Time Expired #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/server2.crt":"valid_to":0 - -X509 Time Expired #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/test-ca.crt":"valid_from":1 - -X509 Time Expired #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_time_is_past:"../framework/data_files/test-ca.crt":"valid_to":0 - -X509 Time Future #1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5.crt":"valid_from":0 - -X509 Time Future #2 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5.crt":"valid_to":1 - -X509 Time Future #3 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5-future.crt":"valid_from":1 - -X509 Time Future #4 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/server5-future.crt":"valid_to":1 - -X509 Time Future #5 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/test-ca2.crt":"valid_from":0 - -X509 Time Future #6 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 -mbedtls_x509_time_is_future:"../framework/data_files/test-ca2.crt":"valid_to":1 - -X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" - -X509 CRT verification #1a (Revoked Cert, Future CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #2 (Revoked Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" - -X509 CRT verification #2a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #3a (Revoked Cert, Expired CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #4 (Valid Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" - -X509 CRT verification #4a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #5 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #5' (Revoked Cert, differing DN string formats #1) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_utf8.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #5'' (Revoked Cert, differing DN string formats #2) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_printable.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #5''' (Revoked Cert, differing upper and lower case) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_uppercase.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #6 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #7 (Revoked Cert, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #8 (Valid Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #8a (Expired Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5-expired.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" - -X509 CRT verification #8b (Future Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" - -X509 CRT verification #8c (Expired Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" - -X509 CRT verification #8d (Future Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server7-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" - -X509 CRT verification #9 (Not trusted Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #10 (Not trusted Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 forbidden) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_md5.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" - -X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 allowed) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_md5.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"all":"NULL" - -X509 CRT verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #14 (Valid Cert SHA1 Digest forbidden in default profile) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" - -X509 CRT verification #15 (Valid Cert SHA224 Digest) -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #16 (Valid Cert SHA256 Digest) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #17 (Valid Cert SHA384 Digest) -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha384.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #18 (Valid Cert SHA512 Digest) -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #19 (Valid Cert, denying callback) -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none" - -X509 CRT verification #19 (Not trusted Cert, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all" - -X509 CRT verification #21 (domain matching wildcard certificate, case insensitive) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL" - -X509 CRT verification #22 (domain not matching wildcard certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #23 (domain not matching wildcard certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #24 (domain matching CN of multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #25 (domain matching multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.net":0:0:"compat":"NULL" - -X509 CRT verification #26 (domain not matching multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #27.1 (domain not matching multi certificate: suffix) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #27.2 (domain not matching multi certificate: head junk) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #28 (domain not matching wildcard in multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" - -X509 CRT verification #29 (domain matching wildcard in multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL" - -X509 CRT verification #30 (domain matching multi certificate without CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #31 (domain not matching multi certificate without CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #32 (Valid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #33 (Valid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #34 (Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #35 (Revoked, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #36 (Valid, EC CA, SHA1 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5-sha1.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_224 -x509_verify:"../framework/data_files/server5-sha224.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5-sha384.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #39 (Valid, EC CA, SHA512 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_512:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5-sha512.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #40 (Valid, depth 0, RSA, CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/test-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #41 (Valid, depth 0, EC, CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/test-ca2.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #42 (Depth 0, not CA, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #43 (Depth 0, not CA, EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/server5.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #44 (Corrupted signature, EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #45 (Corrupted signature, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2-badsign.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #45b (Corrupted signature, intermediate CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server7.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server8_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #50 (Valid, multiple CAs) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #51 (Valid, multiple CAs, reverse order) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat21.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #52 (CA keyUsage valid) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt_crl.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #53 (CA keyUsage missing cRLSign) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #55 (CA keyUsage missing keyCertSign) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crl.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #56 (CA keyUsage plain wrong) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-ds.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #60 (Valid, RSASSA-PSS, SHA-384) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha384.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #61 (Valid, RSASSA-PSS, SHA-512) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #62 (Revoked, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #64 (Valid, RSASSA-PSS, SHA-1, not top) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server9-with-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #65 (RSASSA-PSS, SHA1, bad cert signature) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-badsign.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-defaults.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #70 (v1 trusted CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server1-v1.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #71 (v1 trusted CA, other) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2-v1.crt":"../framework/data_files/server1-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #72 (v1 chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server2-v1-chain.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #73 (selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #74 (signed by selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server6-ss-child.crt":"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - -X509 CRT verification #75 (encoding mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #76 (multiple CRLs, not revoked) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #77 (multiple CRLs, revoked) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #78 (multiple CRLs, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #79 (multiple CRLs, revoked by future) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification #81 (multiple CRLs, none relevant) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #82 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-future-present.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #83 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-present-future.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #84 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-present-past.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #85 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-past-present.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #86 (Not yet valid CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-future-invalid.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" - -X509 CRT verification #87 (Expired CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-past-invalid.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" - -X509 CRT verification #88 (Spurious cert in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server7_spurious_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #89 (Spurious cert later in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"../framework/data_files/server10_int3_spurious_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #90 (EE with same name as trusted root) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server5-ss-forgeca.crt":"../framework/data_files/test-int-ca3.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL" - -X509 CRT verification #91 (same CA with good then bad key) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca-good-alt.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #91 (same CA with bad then good key) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca-alt-good.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" - -X509 CRT verification #92 (bad name, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" - -X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" - -X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" - -X509 CRT verification #95 (Suite B Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" - -X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/cert_sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" - -X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/cert_sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" - -X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" - -X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE -x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" - -X509 CRT verification: domain identical to IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: domain identical to IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: matching IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL" - -X509 CRT verification: mismatching IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: IPv4 with trailing data in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: matching IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL" - -X509 CRT verification: mismatching IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: matching URI in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":0:0:"":"NULL" - -X509 CRT verification: URI with trailing data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609cz":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: URI with preceding data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"zurn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT verification: URI with bad data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C -x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"bad\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" - -X509 CRT parse CN: IPv4 valid address -x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4 - -X509 CRT parse CN: IPv4 leading zeroes #1 -x509_crt_parse_cn_inet_pton:"010.10.10.10":"":0 - -X509 CRT parse CN: IPv4 leading zeroes #2 -x509_crt_parse_cn_inet_pton:"10.10.10.001":"":0 - -X509 CRT parse CN: IPv4 excess 0s -x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0 - -X509 CRT parse CN: IPv4 short address -x509_crt_parse_cn_inet_pton:"10.10.10":"":0 - -X509 CRT parse CN: IPv4 invalid ? char -x509_crt_parse_cn_inet_pton:"10.10?10.10":"":0 - -X509 CRT parse CN: IPv4 invalid - char -x509_crt_parse_cn_inet_pton:"10.-10.10.10":"":0 - -X509 CRT parse CN: IPv4 invalid + char -x509_crt_parse_cn_inet_pton:"10.+10.10.10":"":0 - -X509 CRT parse CN: IPv4 begin dot -x509_crt_parse_cn_inet_pton:".10.10.10.10":"":0 - -X509 CRT parse CN: IPv4 end dot -x509_crt_parse_cn_inet_pton:"10.10.10.10.":"":0 - -X509 CRT parse CN: IPv4 consecutive dots -x509_crt_parse_cn_inet_pton:"10.10..10.10.":"":0 - -X509 CRT parse CN: IPv4 overlarge octet 256 -x509_crt_parse_cn_inet_pton:"10.256.10.10":"":0 - -X509 CRT parse CN: IPv4 overlarge octet 999 -x509_crt_parse_cn_inet_pton:"10.10.10.999":"":0 - -X509 CRT parse CN: IPv4 overlarge octet 1000 -x509_crt_parse_cn_inet_pton:"10.1000.10.10":"":0 - -X509 CRT parse CN: IPv4 additional octet -x509_crt_parse_cn_inet_pton:"10.10.10.10.10":"":0 - -X509 CRT parse CN: IPv6 valid address -x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8":"00010002000300040005000600070008":16 - -X509 CRT parse CN: IPv6 valid address shorthand -x509_crt_parse_cn_inet_pton:"6263\:\:1":"62630000000000000000000000000001":16 - -X509 CRT parse CN: IPv6 valid address shorthand start -x509_crt_parse_cn_inet_pton:"\:\:1":"00000000000000000000000000000001":16 - -X509 CRT parse CN: IPv6 valid address extra 0s -x509_crt_parse_cn_inet_pton:"0001\:\:0001\:0001":"00010000000000000000000000010001":16 - -X509 CRT parse CN: IPv6 invalid address excess 0s -x509_crt_parse_cn_inet_pton:"1\:00000\:1\:0":"":0 - -X509 CRT parse CN: IPv6 invalid address - start single colon -x509_crt_parse_cn_inet_pton:"\:6263\:\:1":"":0 - -X509 CRT parse CN: IPv6 invalid address - end single colon -x509_crt_parse_cn_inet_pton:"6263\:\:1\:":"":0 - -X509 CRT parse CN: IPv6 short address -x509_crt_parse_cn_inet_pton:"1\:1\:1":"":0 - -X509 CRT parse CN: IPv6 wildcard address -x509_crt_parse_cn_inet_pton:"\:\:":"00000000000000000000000000000000":16 - -X509 CRT parse CN: IPv6 address too long -x509_crt_parse_cn_inet_pton:"1\:2\:3\:4\:5\:6\:7\:8\:9":"":0 - -X509 CRT parse CN: IPv6 long hextet -x509_crt_parse_cn_inet_pton:"12345\:\:1":"":0 - -X509 CRT parse CN: IPv6 invalid char -x509_crt_parse_cn_inet_pton:"\:\:\:1":"":0 - -X509 CRT parse CN: IPv6 invalid - char -x509_crt_parse_cn_inet_pton:"\:\:-1\:1":"":0 - -X509 CRT parse CN: IPv6 invalid + char -x509_crt_parse_cn_inet_pton:"\:\:+1\:1":"":0 - -X509 CRT parse CN: IPv6 valid address IPv4-mapped -x509_crt_parse_cn_inet_pton:"\:\:ffff\:1.2.3.4":"00000000000000000000ffff01020304":16 - -X509 CRT parse CN: IPv6 invalid address IPv4-mapped #1 -x509_crt_parse_cn_inet_pton:"\:\:ffff\:999.2.3.4":"":0 - -X509 CRT parse CN: IPv6 invalid address IPv4-mapped #2 -x509_crt_parse_cn_inet_pton:"\:\:ffff\:1111.2.3.4":"":0 - -X509 CRT parse CN: IPv6 invalid address IPv4-mapped #3 -x509_crt_parse_cn_inet_pton:"\:\:1.2.3.4\:ffff":"":0 - -X509 CRT verification with ca callback: failure -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -x509_verify_ca_cb_failure:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR - -X509 CRT verification callback: bad name -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_callback:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n" - -X509 CRT verification callback: trusted EE cert -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 -x509_verify_callback:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n" - -X509 CRT verification callback: trusted EE cert, expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server5-ss-expired.crt":"../framework/data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n" - -X509 CRT verification callback: simple -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: simple, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server5-expired.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" - -X509 CRT verification callback: simple, root expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two trusted roots -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: two trusted roots, reversed order -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server1_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca, root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" - -X509 CRT verification callback: intermediate ca, int expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server7_int-ca-exp.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: intermediate ca, root expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE -x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates, root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates, top int trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: two intermediates, low int trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" - -X509 CRT verification callback: no intermediate, bad signature -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_callback:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" - -X509 CRT verification callback: one intermediate, bad signature -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 -x509_verify_callback:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" - -X509 CRT ASN1 (Empty Certificate) -x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, bad tag) -x509parse_crt:"0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, no length) -x509parse_crt:"30":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, bad length encoding) -x509parse_crt:"3085":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, length data incomplete) -x509parse_crt:"308200":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv Certificate, length out of bounds) -x509parse_crt:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRT ASN1 (inv TBS, invalid tag) -x509parse_crt:"30020500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (inv TBS, length missing) -x509parse_crt:"300130":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv TBS, invalid length encoding) -x509parse_crt:"30023085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (inv TBS, length data incomplete) -x509parse_crt:"300430839999":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv TBS, length out of bounds) -x509parse_crt:"30023003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30153000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, invalid version tag, serial missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301730020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, valid outer version tag, no outer length) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30163001a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv inner version tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30193004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, valid inner version tag, no inner length) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30183003a00102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid inner version tag, inv inner length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30193004a0020285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, valid inner version tag, inner length too large for int) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -# tbsCertificate.version = 0x01000000000000000000000000000000 rejected by mbedtls_asn1_get_int -x509parse_crt:"30293014a012021001000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, valid inner version tag, inner vs. outer length mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301b3006a00402010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid version tag, length exceeds TBS) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 4) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRT ASN1 (TBS, valid version tag + length, version number overflow) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRT ASN1 (TBS, serial missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301a3005a003020102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv serial, tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301c3007a0030201020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv serial, length missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301b3006a00302010282300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv serial, inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301c3007a0030201028285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv serial, length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"301c3007a0030201028201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, AlgID missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3020300ba0030201028204deadbeef300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv AlgID, OID missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201033000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, OID empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) - -X509 CRT ASN1 (TBS, inv AlgID, OID unknown) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) - -X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv AlgID, param length mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv AlgID, params present but empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG - -X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_X509_RSASSA_PSS_SUPPORT -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, Issuer missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"302f301aa0030201008204deadbeef300d06092a864886f70d01010b0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3030301ba0030201008204deadbeef300d06092a864886f70d01010b050030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, RDN empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, Validity missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303d3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Validity, length field missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303e3029a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Validity, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Validity, notBefore no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notBefore empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, notBefore invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, notAfter missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Validity, notAfter length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Validity, notAfter empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, notAfter invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE - -X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter') -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, Subject missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305b3046a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353900300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, RDNSequence length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDN inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, RDN empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds ) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, SubPubKeyInfo missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30693054a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306a3055a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv algorithm tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306c3057a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d30000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010005000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307a3065a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743010300d06092A864886F70D010101050003300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, no bitstring data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv bitstring start) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301e300d06092A864886F70D0101010500030b0030080202ffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed, expanded length notation) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY - -# We expect an extension parsing error here because the IssuerID is optional. -# Hence, if we find an ASN.1 tag doesn't match the IssuerID, we assume the -# IssuerID is skipped and that the tag should hence belong to the next field, -# namely the v3 extensions. However, the tag the test exercises is a NULL tag, -# and hence we obtain an INVALID_TAG error during extension parsing. -X509 CRT ASN1 (TBS, inv IssuerID, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201030500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv IssuerID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, outer length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, inner length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, no extnValue) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, critical length 2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH):0 - -X509 CRT ASN1 (pathlen is INT_MAX-1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max-1.crt":0:1 - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, data remaining after name SEQUENCE) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, name component unexpected tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName component empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName invalid OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName EXPLICIT tag missing -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected EXPLICIT tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inv outer length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner tag invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #3) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS - -X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage repeated) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS - -X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT (TBS, valid v3Ext in v3 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 - -X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3132303531303133323334315a170d3232303531313133323334315a303a310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c311830160603550403130f7777772e6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b93c4ac5c8a38e9017a49e52aa7175266180e7c7b56d8cffaab64126b7be11ad5c73160c64114804ffd6e13b05db89bbb39709d51c14dd688739b03d71cbe276d01ad8182d801b54f6e5449af1cbaf612edf490d9d09b7edb1fd3cfd3cfa24cf5dbf7ce453e725b5ea4422e926d3ea20949ee66167ba2e07670b032fa209edf0338f0bce10ef67a4c608dac1edc23fd74add153df95e1c8160463eb5b33d2fa6de471cbc92aeebdf276b1656b7dcecd15557a56eec7525f5b77bdfabd23a5a91987d97170b130aa76b4a8bc14730fb3af84104d5c1dfb81dbf7b01a565a2e01e36b7a65ccc305af8cd6fcdf1196225ca01e3357ffa20f5dcfd69b26a007d17f70203010001a38181307f30090603551d1304023000301d0603551d0e041604147de49c6be6f9717d46d2123dad6b1dfdc2aa784c301f0603551d23041830168014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30320603551d11042b3029c20b6578616d706c652e636f6d820b6578616d706c652e6e6574820d2a2e6578616d706c652e6f7267300d06092a864886f70d010105050003820101004f09cb7ad5eef5ef620ddc7ba285d68cca95b46bda115b92007513b9ca0bceeafbc31fe23f7f217479e2e6bcda06e52f6ff655c67339cf48bc0d2f0cd27a06c34a4cd9485da0d07389e4d4851d969a0e5799c66f1d21271f8d0529e840ae823968c39707cf3c934c1adf2fa6a455487f7c8c1ac922da24cd9239c68aecb08df5698267cb04eede534196c127dc2ffe33fad30eb8d432a9842853a5f0d189d5a298e71691bb9cc0418e8c58acffe3dd2e7aabb0b97176ad0f2733f7a929d3c076c0bf06407c0ed5a47c8ae2326e16aeda641fb0557cdbddf1a4ba447cb39958d2346e00ea976c143af2101e0aa249107601f4f2c818fdcc6346128b091bf194e6":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (SignatureAlgorithm missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv SignatureAlgorithm, bad tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (inv SignatureAlgorithm, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH - -X509 CRT ASN1 (Signature missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv Signature, bad tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (inv Signature, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv Signature, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT ASN1 (inv Signature, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRT ASN1 (inv Signature, inv data #1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string with invalid encoding (missing number of unused bits) -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (inv Signature, inv data #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string with invalid encoding (number of unused bits too large) -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (empty Signature) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = empty bit string in DER encoding -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 - -X509 CRT ASN1 (dummy 24-bit Signature) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string "011001100110111101101111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 - -# The ASN.1 module rejects non-octet-aligned bit strings. -X509 CRT ASN1 (inv Signature: not octet-aligned) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -# signature = bit string "01100110011011110110111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CRT ASN1 (inv Signature, length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT ASN1 (well-formed) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (GeneralizedTime in notBefore, UTCTime in notAfter) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (UTCTime in notBefore, GeneralizedTime in notAfter) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 CN) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 C) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 L) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 ST) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 O) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with X520 OU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with unknown X520 part) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with composite RDN) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, 1.3.6.1.4.1.311.60.2.1.3=#13025553, 1.3.6.1.4.1.311.60.2.1.2=#130844656C6177617265, O=Authorize.Net LLC, 2.5.4.15=#131450726976617465204F7267616E697A6174696F6E, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0 - -X509 CRT ASN1 (Name with PKCS9 email) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (Name with unknown PKCS9 part) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 - -X509 CRT ASN1 (ECDSA signature, RSA key) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA -x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 - -X509 CRT ASN1 (ECDSA signature, EC key) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1 -x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 - -X509 CRT ASN1 (RSA signature, EC key) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 - -X509 CRT ASN1 (Unsupported critical extension) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (Unsupported critical extension recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 - -X509 CRT ASN1 (Unsupported critical extension not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT ASN1 (Unsupported non critical extension recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 - -X509 CRT ASN1 (Unsupported non critical extension not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 - -X509 CRT ASN1 (Unsupported critical policy recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 - -X509 CRT ASN1 (Unsupported critical policy not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE - -X509 CRT ASN1 (Unsupported non critical policy recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 - -X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 - -X509 CRL ASN1 (Incorrect first tag) -x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CRL ASN1 (Correct first tag, data length does not match) -x509parse_crl:"300000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRL ASN1 (TBSCertList, tag missing) -x509parse_crl:"3000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, version tag len missing) -x509parse_crl:"3003300102":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, version correct, alg missing) -x509parse_crl:"30053003020100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, alg correct, incorrect version) -x509parse_crl:"300b3009020102300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRL ASN1 (TBSCertList, correct version, sig_oid1 unknown) -x509parse_crl:"300b3009020100300406000500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG - -X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown) -x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG - -X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, issuer set missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA - -X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH - -X509 CRL ASN1 (TBSCertList, sig present, len mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -# 305c -# 3047 tbsCertList TBSCertList -# 020100 version INTEGER OPTIONAL -# 300d signatureAlgorithm AlgorithmIdentifi -# 06092a864886f70d01010e -# 0500 -# 300f issuer Name -# 310d300b0603550403130441424344 -# 170c303930313031303030303030 thisUpdate Time -# 3014 revokedCertificates -# 3012 entry 1 -# 8202abcd userCertificate CertificateSerialNum -# 170c303831323331323335393539 revocationDate Time -# 300d signatureAlgorithm AlgorithmIdentifi -# 06092a864886f70d01010e -# 0500 -# 03020001 signatureValue BIT STRING -# The subsequent TBSCertList negative tests remove or modify some elements. -X509 CRL ASN1 (TBSCertList, sig present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 - -X509 CRL ASN1 (TBSCertList, signatureValue missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, single empty entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, good entry then empty entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, missing time in entry) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, missing time in entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (TBSCertList, invalid tag for time in entry) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, invalid tag for serial) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 -x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRL ASN1 (TBSCertList, no entries) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 - -X509 CRL ASN1 (invalid version 2) -x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRL ASN1 (invalid version overflow) -x509parse_crl:"3049303102047fffffff300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 - -X509 CRT parse file dir3/Readme -mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/Readme":MBEDTLS_ERR_X509_INVALID_FORMAT:0 - -X509 CRT parse file dir3/test-ca.crt -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca.crt":0:1 - -X509 CRT parse file dir3/test-ca2.crt -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca2.crt":0:1 - -# The parse_path tests are known to fail when compiled for a 32-bit architecture -# and run via qemu-user on Linux on a 64-bit host. This is due to a known -# bug in Qemu: https://gitlab.com/qemu-project/qemu/-/issues/263 -X509 CRT parse path #1 (one cert) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_path:"../framework/data_files/dir1":0:1 - -X509 CRT parse path #2 (two certs) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_parse_path:"../framework/data_files/dir2":0:2 - -X509 CRT parse path #3 (two certs, one non-cert) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_parse_path:"../framework/data_files/dir3":1:2 - -X509 CRT verify long chain (max intermediate CA, trusted) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_max:"../framework/data_files/dir-maxpath/00.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0 - -X509 CRT verify long chain (max intermediate CA, untrusted) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_max:"../framework/data_files/test-ca2.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED - -X509 CRT verify long chain (max intermediate CA + 1) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_max:"../framework/data_files/dir-maxpath/00.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1 - -X509 CRT verify chain #1 (zero pathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert14.crt ../framework/data_files/dir4/cert13.crt ../framework/data_files/dir4/cert12.crt":"../framework/data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #2 (zero pathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert23.crt ../framework/data_files/dir4/cert22.crt":"../framework/data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #3 (nonzero pathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert34.crt ../framework/data_files/dir4/cert33.crt ../framework/data_files/dir4/cert32.crt":"../framework/data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #4 (nonzero pathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert45.crt ../framework/data_files/dir4/cert44.crt ../framework/data_files/dir4/cert43.crt ../framework/data_files/dir4/cert42.crt":"../framework/data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 - -X509 CRT verify chain #5 (nonzero maxpathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert54.crt ../framework/data_files/dir4/cert53.crt ../framework/data_files/dir4/cert52.crt":"../framework/data_files/dir4/cert51.crt":0:0:"":0 - -X509 CRT verify chain #6 (nonzero maxpathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert63.crt ../framework/data_files/dir4/cert62.crt":"../framework/data_files/dir4/cert61.crt":0:0:"":0 - -X509 CRT verify chain #7 (maxpathlen root, self signed in path) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert74.crt ../framework/data_files/dir4/cert73.crt ../framework/data_files/dir4/cert72.crt":"../framework/data_files/dir4/cert71.crt":0:0:"":0 - -X509 CRT verify chain #8 (self signed maxpathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert61.crt ../framework/data_files/dir4/cert63.crt ../framework/data_files/dir4/cert62.crt":"../framework/data_files/dir4/cert61.crt":0:0:"":0 - -X509 CRT verify chain #9 (zero pathlen first intermediate, valid) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert83.crt ../framework/data_files/dir4/cert82.crt":"../framework/data_files/dir4/cert81.crt":0:0:"":0 - -X509 CRT verify chain #10 (zero pathlen root, valid) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":0:0:"":0 - -X509 CRT verify chain #11 (valid chain, missing profile) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 - -X509 CRT verify chain #12 (suiteb profile, RSA root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 - -X509 CRT verify chain #13 (RSA only profile, EC root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #13 (RSA only profile, EC trusted EE) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #14 (RSA-3072 profile, root key too small) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #15 (suiteb profile, rsa intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 - -X509 CRT verify chain #16 (RSA-only profile, EC intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server8.crt ../framework/data_files/test-int-ca2.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 - -X509 CRT verify chain #17 (SHA-512 profile) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 - -X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":-1:-2:"":2 - -X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":-1:-1:"":1 - -X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 - -X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-4:"":8 - -X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-3:"":4 - -X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-2:"":2 - -X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 - -X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca2.crt":-1:-4:"":8 - -X509 OID description #1 -x509_oid_desc:"2b06010505070301":"TLS Web Server Authentication" - -X509 OID description #2 -x509_oid_desc:"2b0601050507030f":"notfound" - -X509 OID description #3 -x509_oid_desc:"2b0601050507030100":"notfound" - -X509 OID numstring #1 (wide buffer) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":20:17 - -X509 OID numstring #2 (buffer just fits) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":18:17 - -X509 OID numstring #3 (buffer too small) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:PSA_ERROR_BUFFER_TOO_SMALL - -X509 OID numstring #4 (larger number) -x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14 - -X509 OID numstring #5 (arithmetic overflow) -x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_ASN1_INVALID_DATA - -X509 CRT keyUsage #1 (no extension, expected KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 - -X509 CRT keyUsage #2 (no extension, surprising KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0 - -X509 CRT keyUsage #3 (extension present, no KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":0:0 - -X509 CRT keyUsage #4 (extension present, single KU present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE:0 - -X509 CRT keyUsage #5 (extension present, single KU absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #6 (extension present, combined KU present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 - -X509 CRT keyUsage #7 (extension present, combined KU both absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #8 (extension present, combined KU one absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #9 (extension present, decOnly allowed absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 - -X509 CRT keyUsage #10 (extension present, decOnly non-allowed present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT keyUsage #11 (extension present, decOnly allowed present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_check_key_usage:"../framework/data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 - -X509 CRT extendedKeyUsage #1 (no extension, serverAuth) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.crt":"2b06010505070301":0 - -X509 CRT extendedKeyUsage #2 (single value, present) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv.crt":"2b06010505070301":0 - -X509 CRT extendedKeyUsage #3 (single value, absent) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-cli.crt":"2b06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT extendedKeyUsage #4 (two values, first) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv_cli.crt":"2b06010505070301":0 - -X509 CRT extendedKeyUsage #5 (two values, second) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv_cli.crt":"2b06010505070302":0 - -X509 CRT extendedKeyUsage #6 (two values, other) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-srv_cli.crt":"2b06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA - -X509 CRT extendedKeyUsage #7 (any, random) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509_check_extended_key_usage:"../framework/data_files/server5.eku-cs_any.crt":"2b060105050703ff":0 - -X509 RSASSA-PSS parameters ASN1 (good, all defaults) -x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (wrong initial tag) -x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence) -x509_parse_rsassa_pss_params:"a400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a00d300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_parse_rsassa_pss_params:"a009300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1) -x509_parse_rsassa_pss_params:"a00a300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_parse_rsassa_pss_params:"a00a300706052b0e03021a00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters) -x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID) -x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) - -X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 - -X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 -x509_parse_rsassa_pss_params:"a116301406092a864886f70d010108300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1) -x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1) -x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_X509_UNKNOWN_OID) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1a) -x509_parse_rsassa_pss_params:"a10f300d06092a864886f70d0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1b) -x509_parse_rsassa_pss_params:"a11b301906092a864886f70d010108300c0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c) -x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94) -x509_parse_rsassa_pss_params:"a20302015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0 - -X509 RSASSA-PSS parameters ASN1 (good, explicit saltLen = default) -x509_parse_rsassa_pss_params:"a203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #1) -x509_parse_rsassa_pss_params:"a20402015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #2) -x509_parse_rsassa_pss_params:"a20402015e00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (saltLen not an int) -x509_parse_rsassa_pss_params:"a2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (good, explicit trailerField = default) -x509_parse_rsassa_pss_params:"a303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 - -X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #1) -x509_parse_rsassa_pss_params:"a304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #2) -x509_parse_rsassa_pss_params:"a30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 RSASSA-PSS parameters ASN1 (trailerField not an int) -x509_parse_rsassa_pss_params:"a3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 RSASSA-PSS parameters ASN1 (trailerField not 1) -x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG - -X509 CSR ASN.1 (OK) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n":0 - -X509 CSR ASN.1 (Unsupported critical extension, critical=true) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (Unsupported non-critical extension, critical=false) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201243081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004b5e718a7df6b21912733e77c42f266b8283e6cae7adf8afd56b990c1c6232ea0a2a46097c218353bc948444aea3d00423e84802e28c48099641fe9977cdfb505a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101000403010101300a06082a8648ce3d0403020348003045022100f0ba9a0846ad0a7cefd0a61d5fc92194dc06037a44158de2d0c569912c058d430220421f27a9f249c1687e2fa34db3f543c8512fd925dfe5ae00867f13963ffd4f8d":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 - -X509 CSR ASN.1 (Unsupported non-critical extension, critical undefined) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201223081c802010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d030107034200045f94b28d133418833bf10c442d91306459d3925e7cea06ebb9220932e7de116fb671c5d2d6c0a3784a12897217aef8432e7228fcea0ab016bdb67b67ced4c612a025302306092a864886f70d01090e311630143012060b2b0601040183890c8622020403010101300a06082a8648ce3d04030203490030460221009b1e8b25775c18525e96753e1ed55875f8d62f026c5b7f70eb5037ad27dc92de022100ba1dfe14de6af6a603f763563fd046b1cd3714b54d6daf5d8a72076497f11014":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 - -X509 CSR ASN.1 (Unsupported critical extension accepted by callback, critical=true) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0:1 - -X509 CSR ASN.1 (Unsupported critical extension rejected by callback, critical=true) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):0 - -X509 CSR ASN.1 (bad first tag) -mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CSR ASN.1 (bad sequence: overlong) -mbedtls_x509_csr_parse:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT - -X509 CSR ASN.1 (total length mistmatch) -mbedtls_x509_csr_parse:"30010000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (bad CRI: not a sequence) -mbedtls_x509_csr_parse:"30023100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad CRI: overlong) -mbedtls_x509_csr_parse:"30023001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad CRI.Version: overlong) -mbedtls_x509_csr_parse:"30053002020100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad CRI.Version: not v1) -mbedtls_x509_csr_parse:"30053003020101":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -X509 CSR ASN.1 (bad CRI.Name: not a sequence) -mbedtls_x509_csr_parse:"300730050201003100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad CRI.Name: overlong) -mbedtls_x509_csr_parse:"30083005020100300100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad CRI.Name payload: not a set) -mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad CRI.Name payload: overlong) -mbedtls_x509_csr_parse:"300a30080201003002310100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad SubjectPublicKeyInfo: missing) -mbedtls_x509_csr_parse:"30143012020100300d310b3009060355040613024e4c":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad SubjectPublicKeyInfo: not a sequence) -mbedtls_x509_csr_parse:"30163014020100300d310b3009060355040613024e4c3100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong) -mbedtls_x509_csr_parse:"30173014020100300d310b3009060355040613024e4c300100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad attributes: missing) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081973081940201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad attributes: bad tag) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081993081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad attributes: overlong) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"30819a3081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa00100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sigAlg: missing) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081c23081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sigAlg: not a sequence) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad sigAlg: overlong) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sigAlg: unknown) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 -mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG - -X509 CSR ASN.1 (bad sig: missing) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d0401":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (bad sig: not a bit string) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010400":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (bad sig: overlong) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (extra data after signature) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 -mbedtls_x509_csr_parse:"308201193081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf9724300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (invalid version overflow) -mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION - -# Used test_csr_v3_all.csr.der as a base for malforming CSR extenstions/attributes -# Please see makefile for ../framework/data_files to check malformation details (test_csr_v3_all_malformed_xxx.csr files) -X509 CSR ASN.1 (attributes: invalid sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: invalid attribute id) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: not extension request) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0 - -X509 CSR ASN.1 (attributes: invalid extenstion request set tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: invalid extenstion request sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (attributes: invalid len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (attributes: invalid len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (attributes: extension request invalid len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (attributes: extension request invalid len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (extensions: invalid sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension id tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension data tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension data len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -X509 CSR ASN.1 (extensions: invalid extension data len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CSR ASN.1 (extensions: invalid extension key usage bitstream tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension subject alt name sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: invalid extension ns cert bitstream tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CSR ASN.1 (extensions: duplicated extension) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_DATA) - -X509 CSR ASN.1 (extensions: invalid extension type data) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0 - -X509 File parse (no issues) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_int-ca.crt":0:2 - -X509 File parse (extra space in one certificate) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_pem_space.crt":1:1 - -X509 File parse (all certificates fail) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_all_space.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, MBEDTLS_ERR_BASE64_INVALID_CHARACTER):0 - -X509 File parse (trailing spaces, OK) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_trailing_space.crt":0:2 - -X509 File parse (Algorithm Params Tag mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH:0 - -X509 File parse (does not conform to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field is present, mbedTLS generated before bugfix, OK) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509parse_crt_file:"../framework/data_files/parse_input/server5-non-compliant.crt":0 - -X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field must be absent for ECDSA) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -x509parse_crt_file:"../framework/data_files/parse_input/server5.crt":0 - -X509 File parse (RSASSA-PSS, MGF1 hash alg != message hash alg) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 -x509parse_crt_file:"../framework/data_files/server9-bad-mgfhash.crt":MBEDTLS_ERR_X509_INVALID_ALG - -X509 File parse & read the ca_istrue field (Not Set) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_get_ca_istrue:"../framework/data_files/parse_input/server1.crt":0 - -X509 File parse & read the ca_istrue field (Set) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 -mbedtls_x509_get_ca_istrue:"../framework/data_files/test-ca.crt":1 - -X509 File parse & read the ca_istrue field (Legacy Certificate) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 -mbedtls_x509_get_ca_istrue:"../framework/data_files/server1-v1.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS - -X509 Get time (UTC no issues) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 - -X509 Get time (Generalized Time no issues) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"99991231235959Z":0:9999:12:31:23:59:59 - -X509 Get time (UTC year without leap day) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"490229121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC year with leap day) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212Z":0:2000:2:29:12:12:12 - -X509 Get time (UTC invalid day of month #1) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000132121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid day of month #2) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001131121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid hour) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130241212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid min) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid sec) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC without time zone) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212":0:2000:2:29:12:12:12 - -X509 Get time (UTC with invalid time zone #1) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC with invalid time zone #2) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Date with invalid tag) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_CONTEXT_SPECIFIC:"000229121212":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):0:0:0:0:0:0 - -X509 Get time (UTC, truncated) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Generalized Time, truncated) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229121":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC without seconds) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212":MBEDTLS_ERR_X509_INVALID_DATE:2000:2:29:12:12:0 - -X509 Get time (UTC without seconds and with invalid time zone #1) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212J":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC without second and with invalid time zone #2) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0002291212+0300":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in month) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001%30231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in day) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011`0231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in hour) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302h1212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in min) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"00113023u012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (UTC invalid character in sec) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 - -X509 Get time (Generalized Time, year multiple of 400 is a leap year) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 - -X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400) -depends_on:MBEDTLS_X509_USE_C -x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 - -X509 CRT verify restart: trusted EE, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 -x509_verify_restart:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":0:0:0:0:0 - -X509 CRT verify restart: trusted EE, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 -x509_verify_restart:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":0:0:1:0:0 - -X509 CRT verify restart: no intermediate, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:0:0:0 - -X509 CRT verify restart: no intermediate, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:1:100:10000 - -X509 CRT verify restart: no intermediate, max_ops=40000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:40000:0:0 - -X509 CRT verify restart: no intermediate, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:500:20:80 - -X509 CRT verify restart: no intermediate, badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 - -X509 CRT verify restart: no intermediate, badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 - -X509 CRT verify restart: no intermediate, badsign, max_ops=40000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0 - -X509 CRT verify restart: no intermediate, badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 -x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80 - -X509 CRT verify restart: one int, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:0:0:0 - -X509 CRT verify restart: one int, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:1:100:10000 - -X509 CRT verify restart: one int, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:30000:0:0 - -X509 CRT verify restart: one int, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:500:25:100 - -X509 CRT verify restart: one int, EE badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 - -X509 CRT verify restart: one int, EE badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 - -X509 CRT verify restart: one int, EE badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 - -X509 CRT verify restart: one int, EE badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 - -X509 CRT verify restart: one int, int badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 - -X509 CRT verify restart: one int, int badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 - -X509 CRT verify restart: one int, int badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 - -X509 CRT verify restart: one int, int badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C -x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 - -X509 ext types accessor: ext type present -depends_on:MBEDTLS_X509_CRT_PARSE_C -x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_KEY_USAGE - -X509 ext types accessor: ext type not present -depends_on:MBEDTLS_X509_CRT_PARSE_C -x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME - -X509 CRT parse Subject Key Id - Correct Subject Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":0 - -X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Subject Key Id - Wrong OCTET_STRING length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT parse Authority Key Id - Correct Authority Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"C=NL, OU=PolarSSL, CN=PolarSSL Test CA":"680430CD074DE63FCDC051260FD042C2B512B6BA":0 - -X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_keyid.crt.der":"":"C=NL, OU=PolarSSL, CN=PolarSSL Test CA":"680430CD074DE63FCDC051260FD042C2B512B6BA":0 - -X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_issuer.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"":"":0 - -X509 CRT parse Authority Key Id - no Authority Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_authorityKeyId.crt.der":"":"":"":0 - -X509 CRT parse Authority Key Id - Wrong Length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -X509 CRT parse Authority Key Id - Wrong Sequence tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong KeyId Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong KeyId Tag Length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) - -X509 CRT parse Authority Key Id - Wrong Issuer Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong DirectoryName tag in issuer field -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong Serial Number Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) - -X509 CRT parse Authority Key Id - Wrong Serial Number Tag length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) - -# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer (see issue #7576) -X509 CRT parse Authority Key Id - Wrong Issuer sequence -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"../framework/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) - -OID get numeric string - hardware module name -oid_get_numeric_string:"2B06010505070804":0:"1.3.6.1.5.5.7.8.4" - -OID get numeric string - multi-byte subidentifier -oid_get_numeric_string:"29903C":0:"1.1.2108" - -OID get numeric string - second component greater than 39 -oid_get_numeric_string:"81010000863A00":0:"2.49.0.0.826.0" - -OID get numeric string - multi-byte first subidentifier -oid_get_numeric_string:"8837":0:"2.999" - -OID get numeric string - second subidentifier not terminated -oid_get_numeric_string:"0081":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" - -OID get numeric string - empty oid buffer -oid_get_numeric_string:"":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" - -OID get numeric string - no final / all bytes have top bit set -oid_get_numeric_string:"818181":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" - -OID get numeric string - 0.39 -oid_get_numeric_string:"27":0:"0.39" - -OID get numeric string - 1.0 -oid_get_numeric_string:"28":0:"1.0" - -OID get numeric string - 1.39 -oid_get_numeric_string:"4f":0:"1.39" - -OID get numeric string - 2.0 -oid_get_numeric_string:"50":0:"2.0" - -OID get numeric string - 1 byte first subidentifier beyond 2.39 -oid_get_numeric_string:"7f":0:"2.47" - -# Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits -OID get numeric string - 32-bit overflow -oid_get_numeric_string:"C080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID get numeric string - 32-bit overflow, second subidentifier -oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID get numeric string - overlong encoding -oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID get numeric string - overlong encoding, second subidentifier -oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function deleted file mode 100644 index e892ab9a9e..0000000000 --- a/tests/suites/test_suite_x509parse.function +++ /dev/null @@ -1,1794 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/private/bignum.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/x509_csr.h" -#include "x509_internal.h" -#include "mbedtls/pem.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" -#include "mbedtls/base64.h" -#include "mbedtls/error.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "string.h" - -#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 -#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ - than the current threshold 19. To test larger values, please \ - adapt the script framework/data_files/dir-max/long.sh." -#endif - -/* Test-only profile allowing all digests, PK algorithms, and curves. */ -const mbedtls_x509_crt_profile profile_all = -{ - 0xFFFFFFFF, /* Any MD */ - 0xFFFFFFFF, /* Any PK alg */ - 0xFFFFFFFF, /* Any curve */ - 1024, -}; - -/* Profile for backward compatibility. Allows SHA-1, unlike the default - profile. */ -const mbedtls_x509_crt_profile compat_profile = -{ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFFF, /* Any PK alg */ - 0xFFFFFFFF, /* Any curve */ - 1024, -}; - -const mbedtls_x509_crt_profile profile_rsa3072 = -{ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_RSA), - 0, - 3072, -}; - -const mbedtls_x509_crt_profile profile_sha512 = -{ - MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), - 0xFFFFFFFF, /* Any PK alg */ - 0xFFFFFFFF, /* Any curve */ - 1024, -}; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - -#if defined(MBEDTLS_FS_IO) -static int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - ((void) data); - ((void) crt); - ((void) certificate_depth); - *flags |= MBEDTLS_X509_BADCERT_OTHER; - - return 0; -} - -static int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - ((void) data); - ((void) crt); - ((void) certificate_depth); - *flags = 0; - - return 0; -} - -#if defined(MBEDTLS_X509_CRL_PARSE_C) && \ - defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) -{ - ((void) data); - ((void) child); - ((void) candidates); - - return -1; -} - -static int ca_callback(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) -{ - int ret = 0; - mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; - mbedtls_x509_crt *first; - - /* This is a test-only implementation of the CA callback - * which always returns the entire list of trusted certificates. - * Production implementations managing a large number of CAs - * should use an efficient presentation and lookup for the - * set of trusted certificates (such as a hashtable) and only - * return those trusted certificates which satisfy basic - * parental checks, such as the matching of child `Issuer` - * and parent `Subject` field. */ - ((void) child); - - first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if (first == NULL) { - ret = -1; - goto exit; - } - mbedtls_x509_crt_init(first); - - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - - while (ca->next != NULL) { - ca = ca->next; - if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) { - ret = -1; - goto exit; - } - } - -exit: - - if (ret != 0) { - mbedtls_x509_crt_free(first); - mbedtls_free(first); - first = NULL; - } - - *candidates = first; - return ret; -} -#endif /* MBEDTLS_X509_CRL_PARSE_C && MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -static int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - int *levels = (int *) data; - - ((void) crt); - ((void) certificate_depth); - - /* Simulate a fatal error in the callback */ - if (*levels & (1 << certificate_depth)) { - *flags |= (1 << certificate_depth); - return -1 - certificate_depth; - } - - return 0; -} - -/* strsep() not available on Windows */ -static char *mystrsep(char **stringp, const char *delim) -{ - const char *p; - char *ret = *stringp; - - if (*stringp == NULL) { - return NULL; - } - - for (;; (*stringp)++) { - if (**stringp == '\0') { - *stringp = NULL; - goto done; - } - - for (p = delim; *p != '\0'; p++) { - if (**stringp == *p) { - **stringp = '\0'; - (*stringp)++; - goto done; - } - } - } - -done: - return ret; -} - -typedef struct { - char buf[512]; - char *p; -} verify_print_context; - -static void verify_print_init(verify_print_context *ctx) -{ - memset(ctx, 0, sizeof(verify_print_context)); - ctx->p = ctx->buf; -} - -static int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) -{ - int ret; - verify_print_context *ctx = (verify_print_context *) data; - char *p = ctx->p; - size_t n = ctx->buf + sizeof(ctx->buf) - ctx->p; - ((void) flags); - - ret = mbedtls_snprintf(p, n, "depth %d - serial ", certificate_depth); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_serial_gets(p, n, &crt->serial); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, " - subject "); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_x509_dn_gets(p, n, &crt->subject); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, " - flags 0x%08x\n", *flags); - MBEDTLS_X509_SAFE_SNPRINTF; - - ctx->p = p; - - return 0; -} - -static int verify_parse_san(mbedtls_x509_subject_alternative_name *san, - char **buf, size_t *size) -{ - int ret; - size_t i; - char *p = *buf; - size_t n = *size; - - ret = mbedtls_snprintf(p, n, "type : %d", san->type); - MBEDTLS_X509_SAFE_SNPRINTF; - - switch (san->type) { - case (MBEDTLS_X509_SAN_OTHER_NAME): - ret = mbedtls_snprintf(p, n, "\notherName :"); - MBEDTLS_X509_SAFE_SNPRINTF; - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &san->san.other_name.type_id) == 0) { - ret = mbedtls_snprintf(p, n, " hardware module name :"); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf(p, n, " hardware type : "); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_oid_get_numeric_string(p, - n, - &san->san.other_name.value.hardware_module_name - .oid); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf(p, n, ", hardware serial number : "); - MBEDTLS_X509_SAFE_SNPRINTF; - - for (i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++) { - ret = mbedtls_snprintf(p, - n, - "%02X", - san->san.other_name.value.hardware_module_name.val.p[i]); - MBEDTLS_X509_SAFE_SNPRINTF; - } - } - break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ - case (MBEDTLS_X509_SAN_DNS_NAME): - ret = mbedtls_snprintf(p, n, "\ndNSName : "); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san->san.unstructured_name.len >= n) { - *p = '\0'; - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - n -= san->san.unstructured_name.len; - for (i = 0; i < san->san.unstructured_name.len; i++) { - *p++ = san->san.unstructured_name.p[i]; - } - break;/* MBEDTLS_X509_SAN_DNS_NAME */ - case (MBEDTLS_X509_SAN_RFC822_NAME): - ret = mbedtls_snprintf(p, n, "\nrfc822Name : "); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san->san.unstructured_name.len >= n) { - *p = '\0'; - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - n -= san->san.unstructured_name.len; - for (i = 0; i < san->san.unstructured_name.len; i++) { - *p++ = san->san.unstructured_name.p[i]; - } - break;/* MBEDTLS_X509_SAN_RFC822_NAME */ - case (MBEDTLS_X509_SAN_DIRECTORY_NAME): - ret = mbedtls_snprintf(p, n, "\ndirectoryName : "); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets(p, n, &san->san.directory_name); - if (ret < 0) { - return ret; - } - - p += ret; - n -= ret; - break;/* MBEDTLS_X509_SAN_DIRECTORY_NAME */ - default: - /* - * Should not happen. - */ - return -1; - } - ret = mbedtls_snprintf(p, n, "\n"); - MBEDTLS_X509_SAFE_SNPRINTF; - - *size = n; - *buf = p; - - return 0; -} -#endif /* MBEDTLS_FS_IO */ - -static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) -{ - (void) crt; - (void) critical; - mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *) p_ctx; - if (oid->tag == MBEDTLS_ASN1_OID && - MBEDTLS_OID_CMP(MBEDTLS_OID_CERTIFICATE_POLICIES, oid) == 0) { - /* Handle unknown certificate policy */ - int ret, parse_ret = 0; - size_t len; - unsigned char **p = (unsigned char **) &cp; - - /* Get main sequence tag */ - ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); - if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* - * Cannot be an empty sequence. - */ - if (len == 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - while (*p < end) { - const unsigned char *policy_end; - - /* - * Get the policy sequence - */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - policy_end = *p + len; - - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - /* - * Recognize exclusively the policy with OID 1 - */ - if (len != 1 || *p[0] != 1) { - parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - - *p += len; - - /* - * If there is an optional qualifier, then *p < policy_end - * Check the Qualifier len to verify it doesn't exceed policy_end. - */ - if (*p < policy_end) { - if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - /* - * Skip the optional policy qualifiers. - */ - *p += len; - } - - if (*p != policy_end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return parse_ret; - } else if (new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && - memcmp(new_oid->p, oid->p, oid->len) == 0) { - return 0; - } else { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } -} -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_X509_CSR_PARSE_C) && \ - !defined(MBEDTLS_X509_REMOVE_INFO) -static int parse_csr_ext_accept_cb(void *p_ctx, - mbedtls_x509_csr const *csr, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *cp, - const unsigned char *end) -{ - (void) p_ctx; - (void) csr; - (void) oid; - (void) critical; - (void) cp; - (void) end; - - return 0; -} - -static int parse_csr_ext_reject_cb(void *p_ctx, - mbedtls_x509_csr const *csr, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *cp, - const unsigned char *end) -{ - (void) p_ctx; - (void) csr; - (void) oid; - (void) critical; - (void) cp; - (void) end; - - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); -} -#endif /* MBEDTLS_X509_CSR_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ -/* END_HEADER */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509_accessor_ext_types(int ext_type, int has_ext_type) -{ - mbedtls_x509_crt crt; - int expected_result = ext_type & has_ext_type; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - crt.ext_types = ext_type; - - TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_TEST_HOOKS */ -void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret) -{ - uint32_t addr[4]; - size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn, addr); - TEST_EQUAL(addrlen, (size_t) ref_ret); - - if (addrlen) { - TEST_MEMORY_COMPARE(exp->x, exp->len, addr, addrlen); - } -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_parse_san(char *crt_file, char *result_str, int parse_result) -{ - int ret; - mbedtls_x509_crt crt; - mbedtls_x509_subject_alternative_name san; - mbedtls_x509_sequence *cur = NULL; - char buf[2000]; - char *p = buf; - size_t n = sizeof(buf); - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), parse_result); - - if (parse_result != 0) { - goto exit; - } - if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { - cur = &crt.subject_alt_names; - while (cur != NULL) { - ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); - /* - * If san type not supported, ignore. - */ - if (ret == 0) { - ret = verify_parse_san(&san, &p, &n); - mbedtls_x509_free_subject_alt_name(&san); - TEST_EQUAL(ret, 0); - } - cur = cur->next; - } - } - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_cert_info(char *crt_file, char *result_str) -{ - mbedtls_x509_crt crt; - char buf[2000]; - int res; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - res = mbedtls_x509_crt_info(buf, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_crl_info(char *crl_file, char *result_str) -{ - mbedtls_x509_crl crl; - char buf[2000]; - int res; - - mbedtls_x509_crl_init(&crl); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); - res = mbedtls_x509_crl_info(buf, 2000, "", &crl); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crl_free(&crl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ -void mbedtls_x509_crl_parse(char *crl_file, int result) -{ - mbedtls_x509_crl crl; - char buf[2000]; - - mbedtls_x509_crl_init(&crl); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result); - -exit: - mbedtls_x509_crl_free(&crl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_info(char *csr_file, char *result_str) -{ - mbedtls_x509_csr csr; - char buf[2000]; - int res; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0); - res = mbedtls_x509_csr_info(buf, 2000, "", &csr); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void x509_verify_info(int flags, char *prefix, char *result_str) -{ - char buf[2000]; - int res; - - USE_PSA_INIT(); - memset(buf, 0, sizeof(buf)); - - res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags); - - TEST_ASSERT(res >= 0); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:PSA_WANT_ALG_ECDSA */ -void x509_verify_restart(char *crt_file, char *ca_file, - int result, int flags_result, - int max_ops, int min_restart, int max_restart) -{ - int ret, cnt_restart; - mbedtls_x509_crt_restart_ctx rs_ctx; - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - uint32_t flags = 0; - - /* - * See comments on ecp_test_vect_restart() for op count precision. - * - * For reference, with Mbed TLS 2.6 and default settings: - * - ecdsa_verify() for P-256: ~ 6700 - * - ecdsa_verify() for P-384: ~ 18800 - * - x509_verify() for server5 -> test-ca2: ~ 18800 - * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 - */ - mbedtls_x509_crt_restart_init(&rs_ctx); - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - MD_OR_USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - - psa_interruptible_set_max_ops(max_ops); - - cnt_restart = 0; - do { - ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, - &mbedtls_x509_crt_profile_default, NULL, &flags, - NULL, NULL, &rs_ctx); - } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); - - TEST_EQUAL(ret, result); - TEST_EQUAL(flags, (uint32_t) flags_result); - - TEST_ASSERT(cnt_restart >= min_restart); - TEST_ASSERT(cnt_restart <= max_restart); - - /* Do we leak memory when aborting? */ - ret = mbedtls_x509_crt_verify_restartable(&crt, &ca, NULL, - &mbedtls_x509_crt_profile_default, NULL, &flags, - NULL, NULL, &rs_ctx); - TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS); - -exit: - mbedtls_x509_crt_restart_free(&rs_ctx); - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */ -void x509_verify(char *crt_file, char *ca_file, char *crl_file, - char *cn_name_str, int result, int flags_result, - char *profile_str, - char *verify_callback) -{ - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - mbedtls_x509_crl crl; - uint32_t flags = 0; - int res; - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; - char *cn_name = NULL; - const mbedtls_x509_crt_profile *profile; - - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - mbedtls_x509_crl_init(&crl); - MD_OR_USE_PSA_INIT(); - - if (strcmp(cn_name_str, "NULL") != 0) { - cn_name = cn_name_str; - } - - if (strcmp(profile_str, "") == 0) { - profile = &mbedtls_x509_crt_profile_default; - } else if (strcmp(profile_str, "next") == 0) { - profile = &mbedtls_x509_crt_profile_next; - } else if (strcmp(profile_str, "suite_b") == 0) { - profile = &mbedtls_x509_crt_profile_suiteb; - } else if (strcmp(profile_str, "compat") == 0) { - profile = &compat_profile; - } else if (strcmp(profile_str, "all") == 0) { - profile = &profile_all; - } else { - TEST_FAIL("Unknown algorithm profile"); - } - - if (strcmp(verify_callback, "NULL") == 0) { - f_vrfy = NULL; - } else if (strcmp(verify_callback, "verify_none") == 0) { - f_vrfy = verify_none; - } else if (strcmp(verify_callback, "verify_all") == 0) { - f_vrfy = verify_all; - } else { - TEST_FAIL("No known verify callback selected"); - } - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0); - - res = mbedtls_x509_crt_verify_with_profile(&crt, - &ca, - &crl, - profile, - cn_name, - &flags, - f_vrfy, - NULL); - - TEST_EQUAL(res, result); - TEST_EQUAL(flags, (uint32_t) flags_result); - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - /* CRLs aren't supported with CA callbacks, so skip the CA callback - * version of the test if CRLs are in use. */ - if (strcmp(crl_file, "") == 0) { - flags = 0; - - res = mbedtls_x509_crt_verify_with_ca_cb(&crt, - ca_callback, - &ca, - profile, - cn_name, - &flags, - f_vrfy, - NULL); - - TEST_EQUAL(res, result); - TEST_EQUAL(flags, (uint32_t) (flags_result)); - } -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - mbedtls_x509_crl_free(&crl); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name, - int exp_ret) -{ - int ret; - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - uint32_t flags = 0; - - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - - if (strcmp(name, "NULL") == 0) { - name = NULL; - } - - ret = mbedtls_x509_crt_verify_with_ca_cb(&crt, ca_callback_fail, &ca, - &compat_profile, name, &flags, - NULL, NULL); - - TEST_EQUAL(ret, exp_ret); - TEST_EQUAL(flags, (uint32_t) (-1)); -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_verify_callback(char *crt_file, char *ca_file, char *name, - int exp_ret, char *exp_vrfy_out) -{ - int ret; - mbedtls_x509_crt crt; - mbedtls_x509_crt ca; - uint32_t flags = 0; - verify_print_context vrfy_ctx; - - mbedtls_x509_crt_init(&crt); - mbedtls_x509_crt_init(&ca); - MD_OR_USE_PSA_INIT(); - - verify_print_init(&vrfy_ctx); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); - - if (strcmp(name, "NULL") == 0) { - name = NULL; - } - - ret = mbedtls_x509_crt_verify_with_profile(&crt, &ca, NULL, - &compat_profile, - name, &flags, - verify_print, &vrfy_ctx); - - TEST_EQUAL(ret, exp_ret); - TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0); - -exit: - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_free(&ca); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_dn_gets_subject_replace(char *crt_file, - char *new_subject_ou, - char *result_str, - int ret) -{ - mbedtls_x509_crt crt; - char buf[2000]; - int res = 0; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - crt.subject.next->val.p = (unsigned char *) new_subject_ou; - crt.subject.next->val.len = strlen(new_subject_ou); - - res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); - - if (ret != 0) { - TEST_EQUAL(res, ret); - } else { - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - TEST_EQUAL(strcmp(buf, result_str), 0); - } -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str) -{ - mbedtls_x509_crt crt; - char buf[2000]; - int res = 0; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - memset(buf, 0, 2000); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - if (strcmp(entity, "subject") == 0) { - res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject); - } else if (strcmp(entity, "issuer") == 0) { - res = mbedtls_x509_dn_gets(buf, 2000, &crt.issuer); - } else { - TEST_FAIL("Unknown entity"); - } - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp(buf, result_str), 0); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_get_name(char *rdn_sequence, int exp_ret) -{ - unsigned char *name = NULL; - unsigned char *p; - size_t name_len; - mbedtls_x509_name head; - int ret; - - USE_PSA_INIT(); - memset(&head, 0, sizeof(head)); - - name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len); - p = name; - - ret = mbedtls_x509_get_name(&p, (name + name_len), &head); - if (ret == 0) { - mbedtls_asn1_free_named_data_list_shallow(head.next); - } - - TEST_EQUAL(ret, exp_ret); - -exit: - mbedtls_free(name); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_dn_get_next(char *name_str, - int next_merged, - char *expected_oids, - int exp_count, - char *exp_dn_gets) -{ - int ret = 0, i; - size_t len = 0, out_size; - mbedtls_asn1_named_data *names = NULL; - mbedtls_x509_name parsed; - memset(&parsed, 0, sizeof(parsed)); - mbedtls_x509_name *parsed_cur; - // Size of buf is maximum required for test cases - unsigned char buf[80] = { 0 }; - unsigned char *out = NULL; - unsigned char *c = buf + sizeof(buf); - const char *short_name; - - USE_PSA_INIT(); - - // Additional size required for trailing space - out_size = strlen(expected_oids) + 2; - TEST_CALLOC(out, out_size); - - TEST_EQUAL(mbedtls_x509_string_to_names(&names, name_str), 0); - - ret = mbedtls_x509_write_names(&c, buf, names); - TEST_LE_S(0, ret); - - TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0); - TEST_EQUAL(mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed), 0); - - // Iterate over names and set next_merged nodes - parsed_cur = &parsed; - for (; next_merged != 0 && parsed_cur != NULL; next_merged = next_merged >> 1) { - parsed_cur->next_merged = next_merged & 0x01; - parsed_cur = parsed_cur->next; - } - - // Iterate over RDN nodes and print OID of first element to buffer - parsed_cur = &parsed; - len = 0; - for (i = 0; parsed_cur != NULL; i++) { - TEST_EQUAL(mbedtls_x509_oid_get_attr_short_name(&parsed_cur->oid, - &short_name), 0); - len += mbedtls_snprintf((char *) out + len, out_size - len, "%s ", short_name); - parsed_cur = mbedtls_x509_dn_get_next(parsed_cur); - } - out[len-1] = 0; - - TEST_EQUAL(exp_count, i); - TEST_EQUAL(strcmp((char *) out, expected_oids), 0); - mbedtls_free(out); - out = NULL; - - out_size = strlen(exp_dn_gets) + 1; - TEST_CALLOC(out, out_size); - - TEST_LE_S(0, mbedtls_x509_dn_gets((char *) out, out_size, &parsed)); - TEST_EQUAL(strcmp((char *) out, exp_dn_gets), 0); -exit: - mbedtls_free(out); - mbedtls_asn1_free_named_data_list(&names); - mbedtls_asn1_free_named_data_list_shallow(parsed.next); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - if (strcmp(entity, "valid_from") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result); - } else if (strcmp(entity, "valid_to") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result); - } else { - TEST_FAIL("Unknown entity"); - } - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - if (strcmp(entity, "valid_from") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result); - } else if (strcmp(entity, "valid_to") == 0) { - TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result); - } else { - TEST_FAIL("Unknown entity"); - } - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void x509parse_crt_file(char *crt_file, int result) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void mbedtls_x509_get_ca_istrue(char *crt_file, int result) -{ - mbedtls_x509_crt crt; - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - TEST_EQUAL(mbedtls_x509_crt_get_ca_istrue(&crt), result); -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509parse_crt(data_t *buf, char *result_str, int result) -{ - mbedtls_x509_crt crt; -#if !defined(MBEDTLS_X509_REMOVE_INFO) - unsigned char output[2000] = { 0 }; -#else - ((void) result_str); -#endif - /* Tests whose result is MBEDTLS_ERR_PK_INVALID_PUBKEY might return - * MBEDTLS_ERR_ASN1_UNEXPECTED_TAG until psa#308 is merged. This variable - * is therefore used for backward compatiblity and will be removed in - * mbedtls#10229. */ - int result_back_comp = result; - int res; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - res = mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len); - TEST_ASSERT((res == result) || (res == result_back_comp)); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - res = mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len); - TEST_ASSERT((res == result) || (res == result_back_comp)); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - memset(output, 0, 2000); - - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL); - TEST_ASSERT((res == result) || (res == result_back_comp)); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL); - TEST_ASSERT((res == result) || (res == result_back_comp)); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509parse_crt_cb(data_t *buf, char *result_str, int result) -{ - mbedtls_x509_crt crt; - mbedtls_x509_buf oid; - -#if !defined(MBEDTLS_X509_REMOVE_INFO) - unsigned char output[2000] = { 0 }; - int res; -#else - ((void) result_str); -#endif - - oid.tag = MBEDTLS_ASN1_OID; - oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); - oid.p = (unsigned char *) MBEDTLS_OID_PKIX "\x01\x1F"; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb, - &oid), result); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - memset(output, 0, 2000); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - - mbedtls_x509_crt_free(&crt); - mbedtls_x509_crt_init(&crt); - - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb, - &oid), (result)); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - if ((result) == 0) { - res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } -#endif /* !MBEDTLS_X509_REMOVE_INFO */ - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void x509parse_crl(data_t *buf, char *result_str, int result) -{ - mbedtls_x509_crl crl; - unsigned char output[2000]; - int res; - - mbedtls_x509_crl_init(&crl); - USE_PSA_INIT(); - - memset(output, 0, 2000); - - - TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result)); - if ((result) == 0) { - res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl); - - TEST_ASSERT(res != -1); - TEST_ASSERT(res != -2); - - TEST_EQUAL(strcmp((char *) output, result_str), 0); - } - -exit: - mbedtls_x509_crl_free(&crl); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret) -{ - mbedtls_x509_csr csr; - char my_out[1000]; - int my_ret; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - - memset(my_out, 0, sizeof(my_out)); - - my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len); - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_EQUAL(my_out_len, strlen(ref_out)); - TEST_EQUAL(strcmp(my_out, ref_out), 0); - } - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_parse_with_ext_cb(data_t *csr_der, char *ref_out, int ref_ret, int accept) -{ - mbedtls_x509_csr csr; - char my_out[1000]; - int my_ret; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - - memset(my_out, 0, sizeof(my_out)); - - my_ret = mbedtls_x509_csr_parse_der_with_ext_cb(&csr, csr_der->x, csr_der->len, - accept ? parse_csr_ext_accept_cb : - parse_csr_ext_reject_cb, - NULL); - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_EQUAL(my_out_len, strlen(ref_out)); - TEST_EQUAL(strcmp(my_out, ref_out), 0); - } - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret) -{ - mbedtls_x509_csr csr; - char my_out[1000]; - int my_ret; - - mbedtls_x509_csr_init(&csr); - USE_PSA_INIT(); - - memset(my_out, 0, sizeof(my_out)); - - my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file); - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); - TEST_EQUAL(my_out_len, strlen(ref_out)); - TEST_EQUAL(strcmp(my_out, ref_out), 0); - } - -exit: - mbedtls_x509_csr_free(&csr); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_parse_file(char *crt_path, int ret, int nb_crt) -{ - mbedtls_x509_crt chain, *cur; - int i; - - mbedtls_x509_crt_init(&chain); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, crt_path), ret); - - /* Check how many certs we got */ - for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { - if (cur->raw.p != NULL) { - i++; - } - } - - TEST_EQUAL(i, nb_crt); - -exit: - mbedtls_x509_crt_free(&chain); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt) -{ - mbedtls_x509_crt chain, *cur; - int i; - - mbedtls_x509_crt_init(&chain); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret); - - /* Check how many certs we got */ - for (i = 0, cur = &chain; cur != NULL; cur = cur->next) { - if (cur->raw.p != NULL) { - i++; - } - } - - TEST_EQUAL(i, nb_crt); - -exit: - mbedtls_x509_crt_free(&chain); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int, - int ret_chk, int flags_chk) -{ - char file_buf[128]; - int ret; - uint32_t flags; - mbedtls_x509_crt trusted, chain; - - /* - * We expect chain_dir to contain certificates 00.crt, 01.crt, etc. - * with NN.crt signed by NN-1.crt - */ - mbedtls_x509_crt_init(&trusted); - mbedtls_x509_crt_init(&chain); - MD_OR_USE_PSA_INIT(); - - /* Load trusted root */ - TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0); - - /* Load a chain with nb_int intermediates (from 01 to nb_int), - * plus one "end-entity" cert (nb_int + 1) */ - ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir, - nb_int + 1); - TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf)); - TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0); - - /* Try to verify that chain */ - ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags, - NULL, NULL); - TEST_EQUAL(ret, ret_chk); - TEST_EQUAL(flags, (uint32_t) flags_chk); - -exit: - mbedtls_x509_crt_free(&chain); - mbedtls_x509_crt_free(&trusted); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca, - int flags_result, int result, - char *profile_name, int vrfy_fatal_lvls) -{ - char *act; - uint32_t flags; - int res; - mbedtls_x509_crt trusted, chain; - const mbedtls_x509_crt_profile *profile = NULL; - - mbedtls_x509_crt_init(&chain); - mbedtls_x509_crt_init(&trusted); - MD_OR_USE_PSA_INIT(); - - while ((act = mystrsep(&chain_paths, " ")) != NULL) { - TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0); - } - TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0); - - if (strcmp(profile_name, "") == 0) { - profile = &mbedtls_x509_crt_profile_default; - } else if (strcmp(profile_name, "next") == 0) { - profile = &mbedtls_x509_crt_profile_next; - } else if (strcmp(profile_name, "suiteb") == 0) { - profile = &mbedtls_x509_crt_profile_suiteb; - } else if (strcmp(profile_name, "rsa3072") == 0) { - profile = &profile_rsa3072; - } else if (strcmp(profile_name, "sha512") == 0) { - profile = &profile_sha512; - } - - res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile, - NULL, &flags, verify_fatal, &vrfy_fatal_lvls); - - TEST_EQUAL(res, (result)); - TEST_EQUAL(flags, (uint32_t) (flags_result)); - -exit: - mbedtls_x509_crt_free(&trusted); - mbedtls_x509_crt_free(&chain); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ -void x509_oid_desc(data_t *buf, char *ref_desc) -{ - mbedtls_x509_buf oid; - const char *desc = NULL; - int ret; - - USE_PSA_INIT(); - - oid.tag = MBEDTLS_ASN1_OID; - oid.p = buf->x; - oid.len = buf->len; - - ret = mbedtls_x509_oid_get_extended_key_usage(&oid, &desc); - - if (strcmp(ref_desc, "notfound") == 0) { - TEST_ASSERT(ret != 0); - TEST_ASSERT(desc == NULL); - } else { - TEST_EQUAL(ret, 0); - TEST_ASSERT(desc != NULL); - TEST_EQUAL(strcmp(desc, ref_desc), 0); - } - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ -void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret) -{ - mbedtls_x509_buf oid; - char num_buf[100]; - - USE_PSA_INIT(); - - memset(num_buf, 0x2a, sizeof(num_buf)); - - oid.tag = MBEDTLS_ASN1_OID; - oid.p = oid_buf->x; - oid.len = oid_buf->len; - - TEST_ASSERT((size_t) blen <= sizeof(num_buf)); - - TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret); - - if (ret >= 0) { - TEST_EQUAL(num_buf[ret], 0); - TEST_EQUAL(strcmp(num_buf, numstr), 0); - } - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_check_key_usage(char *crt_file, int usage, int ret) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ -void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret - ) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); - - TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len), - ret); - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ -void x509_get_time(int tag, char *time_str, int ret, int year, int mon, - int day, int hour, int min, int sec) -{ - mbedtls_x509_time time; - unsigned char buf[21]; - unsigned char *start = buf; - unsigned char *end = buf; - - USE_PSA_INIT(); - memset(&time, 0x00, sizeof(time)); - *end = (unsigned char) tag; end++; - *end = strlen(time_str); - TEST_ASSERT(*end < 20); - end++; - memcpy(end, time_str, (size_t) *(end - 1)); - end += *(end - 1); - - TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret); - if (ret == 0) { - TEST_EQUAL(year, time.year); - TEST_EQUAL(mon, time.mon); - TEST_EQUAL(day, time.day); - TEST_EQUAL(hour, time.hour); - TEST_EQUAL(min, time.min); - TEST_EQUAL(sec, time.sec); - } -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -void x509_parse_rsassa_pss_params(data_t *params, int params_tag, - int ref_msg_md, int ref_mgf_md, - int ref_salt_len, int ref_ret) -{ - int my_ret; - mbedtls_x509_buf buf; - mbedtls_md_type_t my_msg_md, my_mgf_md; - int my_salt_len; - - USE_PSA_INIT(); - - buf.p = params->x; - buf.len = params->len; - buf.tag = params_tag; - - my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md, - &my_salt_len); - - TEST_EQUAL(my_ret, ref_ret); - - if (ref_ret == 0) { - TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md); - TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md); - TEST_EQUAL(my_salt_len, ref_salt_len); - } - -exit: - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) -{ - mbedtls_x509_crt crt; - - mbedtls_x509_crt_init(&crt); - /* X509 relies on PK under the hood and the latter can use PSA to store keys - * and perform operations so psa_crypto_init() must be called before. */ - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); - - if (ref_ret == 0) { - TEST_EQUAL(crt.subject_key_id.tag, MBEDTLS_ASN1_OCTET_STRING); - TEST_EQUAL(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len), 0); - TEST_EQUAL(crt.subject_key_id.len, subjectKeyId->len); - } else { - TEST_EQUAL(crt.subject_key_id.tag, 0); - TEST_EQUAL(crt.subject_key_id.len, 0); - } - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ -void x509_crt_parse_authoritykeyid(char *file, - data_t *keyId, - char *authorityKeyId_issuer, - data_t *serial, - int ref_ret) -{ - mbedtls_x509_crt crt; - mbedtls_x509_subject_alternative_name san; - char name_buf[128]; - - mbedtls_x509_crt_init(&crt); - /* X509 relies on PK under the hood and the latter can use PSA to store keys - * and perform operations so psa_crypto_init() must be called before. */ - USE_PSA_INIT(); - - TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); - - if (ref_ret == 0) { - /* KeyId test */ - if (keyId->len > 0) { - TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING); - TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0); - TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len); - } else { - TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); - TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); - } - - - /* Issuer test */ - if (strlen(authorityKeyId_issuer) > 0) { - mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; - - TEST_EQUAL(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san), 0); - - TEST_ASSERT(mbedtls_x509_dn_gets(name_buf, sizeof(name_buf), - &san.san.directory_name) - > 0); - TEST_EQUAL(strcmp(name_buf, authorityKeyId_issuer), 0); - - mbedtls_x509_free_subject_alt_name(&san); - } - - /* Serial test */ - if (serial->len > 0) { - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, - MBEDTLS_ASN1_INTEGER); - TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p, - serial->x, serial->len), 0); - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len); - } else { - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); - } - - } else { - TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0); - TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0); - - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0); - TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0); - } - -exit: - mbedtls_x509_crt_free(&crt); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ -void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str) -{ - char buf[256]; - mbedtls_asn1_buf input_oid = { 0, 0, NULL }; - int ret; - - input_oid.tag = MBEDTLS_ASN1_OID; - /* Test that an empty OID is not dereferenced */ - input_oid.p = oid->len ? oid->x : (void *) 1; - input_oid.len = oid->len; - - ret = mbedtls_oid_get_numeric_string(buf, sizeof(buf), &input_oid); - - if (error_ret == 0) { - TEST_EQUAL(ret, strlen(result_str)); - TEST_ASSERT(ret >= 3); - TEST_EQUAL(strcmp(buf, result_str), 0); - } else { - TEST_EQUAL(ret, error_ret); - } -} -/* END_CASE */ diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data deleted file mode 100644 index 4d57a8fb69..0000000000 --- a/tests/suites/test_suite_x509write.data +++ /dev/null @@ -1,339 +0,0 @@ -Certificate Request check Server1 SHA1 -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0:0 - -Certificate Request check Server1 SHA224 -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0:0 - -Certificate Request check Server1 SHA256 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0:0 - -Certificate Request check Server1 SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0:0 - -Certificate Request check Server1 SHA512 -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0:0 - -Certificate Request check Server1 MD5 -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0:0 - -Certificate Request check Server1 key_usage -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0 - -Certificate Request check opaque Server1 key_usage -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check_opaque:"../framework/data_files/server1.key":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 - -Certificate Request check Server1 key_usage empty -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0:0 - -Certificate Request check Server1 ns_cert_type -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 - -Certificate Request check Server1 ns_cert_type empty -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1:0 - -Certificate Request check Server1 key_usage + ns_cert_type -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 - -Certificate Request check Server5 ECDSA, key_usage -depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_256 -x509_csr_check:"../framework/data_files/server5.key":"../framework/data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0 - -Certificate Request check Server1, set_extension -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha256.ext":MBEDTLS_MD_SHA256:0:0:0:0:1 - -Certificate Request check opaque Server5 ECDSA, key_usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256 -x509_csr_check_opaque:"../framework/data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 - -Certificate write check Server1 SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not before 1970 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not before 1970, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, not before 2050, not after 2059 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, one ext_key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"../framework/data_files/server1.key_ext_usage.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, two ext_key_usages -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"../framework/data_files/server1.key_ext_usages.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":0:1:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"../framework/data_files/server1.key_usage_noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"../framework/data_files/server1.cert_type_noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":1:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, RSA_ALT, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.ca_noauthid.crt":1:1:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":2:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":2:1:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, Serial starting with 0x80 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.80serial.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server1 SHA1, All 0xFF full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial_FF.crt":0:0:"../framework/data_files/test-ca.crt":0 - -Certificate write check Server5 ECDSA -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 -x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0 - -Certificate write check Server5 ECDSA, Opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 -x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 - -Certificate write check Server1 SHA1, SubjectAltNames -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 -x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.allSubjectAltNames.crt":0:0:"../framework/data_files/test-ca.crt":1 - -X509 String to Names #1 -mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0:0 - -X509 String to Names #2 -mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #3 (Name precisely 255 bytes) -mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0:0 - -X509 String to Names #4 (Name larger than 255 bytes) -mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #5 (Escape non-allowed characters) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #6 (Escape at end) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #7 (Invalid, no '=' or ',') -mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #8 (Escaped valid characters) -mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0:0 - -X509 String to Names #9 (Escaped ascii hexpairs uppercase encoded) -mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names #10 (Escaped ascii hexpairs lowercase encoded) -mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names #11 (Invalid hexpair escape at end of string) -mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #12 (Reject escaped null hexpair) -mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #13 (Invalid hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #14 (Accept numercoid/hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -# TODO: Should the trailing garbage be ignored? -X509 String to Names (hexstring: trailing garbage after DER is ignored) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726Baa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names: long hexstring (payload=256 bytes) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C82010041414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141, OU=PolarSSL":"C=NL, O=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, OU=PolarSSL":0:MAY_FAIL_DN_GETS - -X509 String to Names: long hexstring (payload=257 bytes) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C820101aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #15 (Odd length DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (empty DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (empty DER hexstring at end) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (1-byte DER hexstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (1-byte DER hexstring at end) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #16 (hexstring: DER length exceeds available data) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C0B4F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #17 (hexstring: Invalid OID) -mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names #18 (short name and hexstring) -mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0:0 - -X509 String to Names (null byte in hexstring with string type) -mbedtls_x509_string_to_names:"C=NL, O=#0C0100, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":MBEDTLS_ERR_X509_INVALID_NAME:0 - -X509 String to Names (null byte in hexstring with non-string type) -mbedtls_x509_string_to_names:"C=NL, O=#040100, OU=PolarSSL":"C=NL, O=\\x00, OU=PolarSSL":0:MAY_FAIL_GET_NAME - -X509 String to Names #19 (Accept non-ascii hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0:0 - -X509 String to Names #20 (Reject empty AttributeValue) -mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 - -# Note: the behaviour is incorrect, output from string->names->string should be -# the same as the input, rather than just the last component, see -# https://github.com/Mbed-TLS/mbedtls/issues/10189 -# Still including tests for the current incorrect behaviour because of the -# variants below where we want to ensure at least that no memory corruption -# happens (which would be a lot worse than just a functional bug). -X509 String to Names (repeated OID) -mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=ef":"CN=ef":0:0 - -# Note: when a value starts with a # sign, it's treated as the hex encoding of -# the DER encoding of the value. Here, 0400 is a zero-length OCTET STRING. -# The tag actually doesn't matter for our purposes, only the length. -X509 String to Names (repeated OID, 1st is zero-length) -mbedtls_x509_string_to_names:"CN=#0400,CN=cd,CN=ef":"CN=ef":0:0 - -X509 String to Names (repeated OID, middle is zero-length) -mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 - -X509 String to Names (repeated OID, last is zero-length) -mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=#0000":0:MAY_FAIL_GET_NAME - -X509 Round trip test (Escaped characters) -mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 - -X509 Round trip test (hexstring output for non string input) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0:0 - -X509 Round trip test (numercoid hexstring output for unknown OID) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":0:0 - -Check max serial length -x509_set_serial_check: - -Check max extension length -x509_set_extension_length_check: - -OID from numeric string - hardware module name -oid_from_numeric_string:"1.3.6.1.5.5.7.8.4":0:"2B06010505070804" - -OID from numeric string - multi-byte subidentifier -oid_from_numeric_string:"1.1.2108":0:"29903C" - -OID from numeric string - second component greater than 39 -oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00" - -OID from numeric string - multi-byte first subidentifier -oid_from_numeric_string:"2.999":0:"8837" - -OID from numeric string - empty string input -oid_from_numeric_string:"":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - first component not a number -oid_from_numeric_string:"abc.1.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - second component not a number -oid_from_numeric_string:"1.abc.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - first component too large -oid_from_numeric_string:"3.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - first component < 2, second > 39 -oid_from_numeric_string:"1.40":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - third component not a number -oid_from_numeric_string:"1.2.abc":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - non-'.' separator between first and second -oid_from_numeric_string:"1/2.3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - non-'.' separator between second and third -oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - non-'.' separator between third and fourth -oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - OID greater than max length (129 components) -oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - -OID from numeric string - OID with maximum subidentifier -oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F" - -OID from numeric string - OID with overflowing subidentifier -oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function deleted file mode 100644 index 760ff5fe03..0000000000 --- a/tests/suites/test_suite_x509write.function +++ /dev/null @@ -1,691 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/private/bignum.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" -#include "x509_internal.h" -#include "mbedtls/pem.h" -#include "mbedtls/oid.h" -#include "x509_oid.h" -#include "mbedtls/private/rsa.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include "mbedtls/psa_util.h" - -#if defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) -static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) -{ - unsigned char hash[PSA_HASH_MAX_SIZE]; - mbedtls_x509_csr csr; - int ret = 0; - - mbedtls_x509_csr_init(&csr); - - if (mbedtls_x509_csr_parse(&csr, buf, buflen) != 0) { - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - - psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(csr.sig_md); - size_t hash_size = 0; - psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len, - hash, PSA_HASH_MAX_SIZE, &hash_size); - - if (status != PSA_SUCCESS) { - /* Note: this can't happen except after an internal error */ - ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; - goto cleanup; - } - - if (mbedtls_pk_verify_ext(csr.sig_pk, &csr.pk, - csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), - csr.sig.p, csr.sig.len) != 0) { - ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; - goto cleanup; - } - -cleanup: - - mbedtls_x509_csr_free(&csr); - return ret; -} -#endif /* MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ - -#if defined(MBEDTLS_X509_CSR_WRITE_C) - -/* - * The size of this temporary buffer is given by the sequence of functions - * called hereinafter: - * - mbedtls_asn1_write_oid() - * - 8 bytes for MBEDTLS_OID_EXTENDED_KEY_USAGE raw value - * - 1 byte for MBEDTLS_OID_EXTENDED_KEY_USAGE length - * - 1 byte for MBEDTLS_ASN1_OID tag - * - mbedtls_asn1_write_len() - * - 1 byte since we're dealing with sizes which are less than 0x80 - * - mbedtls_asn1_write_tag() - * - 1 byte - * - * This length is fine as long as this function is called using the - * MBEDTLS_OID_SERVER_AUTH OID. If this is changed in the future, then this - * buffer's length should be adjusted accordingly. - * Unfortunately there's no predefined max size for OIDs which can be used - * to set an overall upper boundary which is always guaranteed. - */ -#define EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH 12 - -static int csr_set_extended_key_usage(mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len) -{ - unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 }; - unsigned char *p = buf + sizeof(buf); - int ret; - size_t len = 0; - - /* - * Following functions fail anyway if the temporary buffer is not large, - * but we set an extra check here to emphasize a possible source of errors - */ - if (oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(&p, buf, oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, ret)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - ret = mbedtls_x509write_csr_set_extension(ctx, - MBEDTLS_OID_EXTENDED_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), - 0, - p, - len); - - return ret; -} -#endif /* MBEDTLS_X509_CSR_WRITE_C */ - -/* Due to inconsistencies in the input size limits applied by different - * library functions, some write-parse tests may fail. */ -#define MAY_FAIL_GET_NAME 0x0001 -#define MAY_FAIL_DN_GETS 0x0002 - -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ -void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, - int key_usage, int set_key_usage, int cert_type, - int set_cert_type, int set_extension) -{ - mbedtls_pk_context key; - mbedtls_x509write_csr req; - unsigned char buf[4096]; - int ret; - unsigned char check_buf[4000]; - FILE *f; - size_t olen = 0; - size_t pem_len = 0, buf_index; - int der_len = -1; - const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - mbedtls_test_rnd_pseudo_info rnd_info; - mbedtls_x509_san_list san_ip; - mbedtls_x509_san_list san_dns; - mbedtls_x509_san_list san_uri; - mbedtls_x509_san_list san_mail; - mbedtls_x509_san_list san_dn; - mbedtls_x509_san_list *san_list = NULL; - mbedtls_asn1_named_data *ext_san_dirname = NULL; - - const char san_ip_name[] = { 0x7f, 0x00, 0x00, 0x01 }; // 127.0.0.1 - const char *san_dns_name = "example.com"; - const char *san_dn_name = "C=UK,O=Mbed TLS,CN=Mbed TLS directoryName SAN"; - const char *san_mail_name = "mail@example.com"; - const char *san_uri_name = "http://pki.example.com"; - - san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; - san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; - san_mail.node.san.unstructured_name.len = strlen(san_mail_name); - san_mail.next = NULL; - - san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; - san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; - san_dns.node.san.unstructured_name.len = strlen(san_dns_name); - san_dns.next = &san_mail; - - san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, - san_dn_name) == 0); - san_dn.node.san.directory_name = *ext_san_dirname; - san_dn.next = &san_dns; - - san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; - san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); - san_ip.next = &san_dn; - - san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; - san_uri.node.san.unstructured_name.len = strlen(san_uri_name); - san_uri.next = &san_ip; - - san_list = &san_uri; - - memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - - mbedtls_x509write_csr_init(&req); - mbedtls_pk_init(&key); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); - - mbedtls_x509write_csr_set_md_alg(&req, md_type); - mbedtls_x509write_csr_set_key(&req, &key); - TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0); - if (set_key_usage != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0); - } - if (set_cert_type != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0); - } - if (set_extension != 0) { - TEST_ASSERT(csr_set_extended_key_usage(&req, MBEDTLS_OID_SERVER_AUTH, - MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) == 0); - - TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0); - } - - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf)); - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); - } - - f = fopen(cert_req_check_file, "r"); //open the file - TEST_ASSERT(f != NULL); //check the file has been opened. - olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file - fclose(f); // close the file - - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); - - - der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); - TEST_ASSERT(der_len >= 0); - - if (der_len == 0) { - goto exit; - } - - der_len -= 1; - ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); - TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); - -exit: - mbedtls_asn1_free_named_data_list(&ext_san_dirname); - mbedtls_x509write_csr_free(&req); - mbedtls_pk_free(&key); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ -void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, - int cert_type) -{ - mbedtls_pk_context key; - mbedtls_pk_init(&key); - - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - - mbedtls_x509write_csr req; - mbedtls_x509write_csr_init(&req); - - unsigned char buf[4096]; - int ret; - size_t pem_len = 0; - const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - mbedtls_test_rnd_pseudo_info rnd_info; - - MD_OR_USE_PSA_INIT(); - - memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); - - /* Turn the PK context into an opaque one. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); - TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &key_id), 0); - mbedtls_pk_free(&key); - mbedtls_pk_init(&key); - TEST_EQUAL(mbedtls_pk_wrap_psa(&key, key_id), 0); - - mbedtls_x509write_csr_set_md_alg(&req, md_type); - mbedtls_x509write_csr_set_key(&req, &key); - TEST_ASSERT(mbedtls_x509write_csr_set_subject_name(&req, subject_name) == 0); - if (key_usage != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_key_usage(&req, key_usage) == 0); - } - if (cert_type != 0) { - TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0); - } - - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1); - - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - buf[pem_len] = '\0'; - TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); - - -exit: - mbedtls_x509write_csr_free(&req); - mbedtls_pk_free(&key); - psa_destroy_key(key_id); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_X509_CRT_PARSE_C:PSA_WANT_ALG_SHA_1 */ -void x509_crt_check(char *subject_key_file, char *subject_pwd, - char *subject_name, char *issuer_key_file, - char *issuer_pwd, char *issuer_name, - data_t *serial_arg, char *not_before, char *not_after, - int md_type, int key_usage, int set_key_usage, - char *ext_key_usage, - int cert_type, int set_cert_type, int auth_ident, - int ver, char *cert_check_file, int pk_wrap, int is_ca, - char *cert_verify_file, int set_subjectAltNames) -{ - mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; - mbedtls_pk_context *key = &issuer_key; - - mbedtls_x509write_cert crt; - unsigned char buf[4096]; - unsigned char check_buf[5000]; - unsigned char *p, *end; - unsigned char tag, sz; - int ret, before_tag, after_tag; - size_t olen = 0, pem_len = 0, buf_index = 0; - int der_len = -1; - FILE *f; - mbedtls_test_rnd_pseudo_info rnd_info; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_pk_type_t issuer_key_type; - mbedtls_x509_san_list san_ip; - mbedtls_x509_san_list san_dns; - mbedtls_x509_san_list san_uri; - mbedtls_x509_san_list san_mail; - mbedtls_x509_san_list san_dn; - mbedtls_asn1_named_data *ext_san_dirname = NULL; - const char san_ip_name[] = { 0x01, 0x02, 0x03, 0x04 }; - const char *san_dns_name = "example.com"; - const char *san_dn_name = "C=UK,O=Mbed TLS,CN=SubjectAltName test"; - const char *san_mail_name = "mail@example.com"; - const char *san_uri_name = "http://pki.example.com"; - mbedtls_x509_san_list *san_list = NULL; - - if (set_subjectAltNames) { - san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; - san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; - san_mail.node.san.unstructured_name.len = strlen(san_mail_name); - san_mail.next = NULL; - - san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; - san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; - san_dns.node.san.unstructured_name.len = strlen(san_dns_name); - san_dns.next = &san_mail; - - san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, - san_dn_name) == 0); - san_dn.node.san.directory_name = *ext_san_dirname; - san_dn.next = &san_dns; - - san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; - san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); - san_ip.next = &san_dn; - - san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; - san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; - san_uri.node.san.unstructured_name.len = strlen(san_uri_name); - san_uri.next = &san_ip; - - san_list = &san_uri; - } - - memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - - mbedtls_pk_init(&subject_key); - mbedtls_pk_init(&issuer_key); - mbedtls_pk_init(&issuer_key_alt); - mbedtls_x509write_crt_init(&crt); - MD_OR_USE_PSA_INIT(); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file, - subject_pwd) == 0); - - TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file, - issuer_pwd) == 0); - - issuer_key_type = mbedtls_pk_get_type(&issuer_key); - - /* Turn the issuer PK context into an opaque one. */ - if (pk_wrap == 2) { - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH, - &key_attr), 0); - TEST_EQUAL(mbedtls_pk_import_into_psa(&issuer_key, &key_attr, &key_id), 0); - mbedtls_pk_free(&issuer_key); - mbedtls_pk_init(&issuer_key); - TEST_EQUAL(mbedtls_pk_wrap_psa(&issuer_key, key_id), 0); - } - - if (pk_wrap == 2) { - TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE); - } - - if (ver != -1) { - mbedtls_x509write_crt_set_version(&crt, ver); - } - - TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x, - serial_arg->len) == 0); - TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before, - not_after) == 0); - mbedtls_x509write_crt_set_md_alg(&crt, md_type); - TEST_ASSERT(mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name) == 0); - TEST_ASSERT(mbedtls_x509write_crt_set_subject_name(&crt, subject_name) == 0); - mbedtls_x509write_crt_set_subject_key(&crt, &subject_key); - - mbedtls_x509write_crt_set_issuer_key(&crt, key); - - if (crt.version >= MBEDTLS_X509_CRT_VERSION_3) { - /* For the CA case, a path length of -1 means unlimited. */ - TEST_ASSERT(mbedtls_x509write_crt_set_basic_constraints(&crt, is_ca, - (is_ca ? -1 : 0)) == 0); - TEST_ASSERT(mbedtls_x509write_crt_set_subject_key_identifier(&crt) == 0); - if (auth_ident) { - TEST_ASSERT(mbedtls_x509write_crt_set_authority_key_identifier(&crt) == 0); - } - if (set_key_usage != 0) { - TEST_ASSERT(mbedtls_x509write_crt_set_key_usage(&crt, key_usage) == 0); - } - if (set_cert_type != 0) { - TEST_ASSERT(mbedtls_x509write_crt_set_ns_cert_type(&crt, cert_type) == 0); - } - if (strcmp(ext_key_usage, "NULL") != 0) { - mbedtls_asn1_sequence exts[2]; - memset(exts, 0, sizeof(exts)); - -#define SET_OID(x, oid) \ - do { \ - x.len = MBEDTLS_OID_SIZE(oid); \ - x.p = (unsigned char *) oid; \ - x.tag = MBEDTLS_ASN1_OID; \ - } \ - while (0) - - if (strcmp(ext_key_usage, "serverAuth") == 0) { - SET_OID(exts[0].buf, MBEDTLS_OID_SERVER_AUTH); - } else if (strcmp(ext_key_usage, "codeSigning,timeStamping") == 0) { - SET_OID(exts[0].buf, MBEDTLS_OID_CODE_SIGNING); - exts[0].next = &exts[1]; - SET_OID(exts[1].buf, MBEDTLS_OID_TIME_STAMPING); - } - TEST_ASSERT(mbedtls_x509write_crt_set_ext_key_usage(&crt, exts) == 0); - } - } - - if (set_subjectAltNames) { - TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0); - } - ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf)); - TEST_ASSERT(ret == 0); - - pem_len = strlen((char *) buf); - - // check that the rest of the buffer remains clear - for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) { - TEST_ASSERT(buf[buf_index] == 0); - } - - if (issuer_key_type != MBEDTLS_PK_RSA) { - mbedtls_x509_crt crt_parse, trusted; - uint32_t flags; - - mbedtls_x509_crt_init(&crt_parse); - mbedtls_x509_crt_init(&trusted); - - TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, - cert_verify_file) == 0); - TEST_ASSERT(mbedtls_x509_crt_parse(&crt_parse, - buf, sizeof(buf)) == 0); - - ret = mbedtls_x509_crt_verify(&crt_parse, &trusted, NULL, NULL, &flags, - NULL, NULL); - - mbedtls_x509_crt_free(&crt_parse); - mbedtls_x509_crt_free(&trusted); - - TEST_EQUAL(flags, 0); - TEST_EQUAL(ret, 0); - } else if (*cert_check_file != '\0') { - f = fopen(cert_check_file, "r"); - TEST_ASSERT(f != NULL); - olen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - TEST_ASSERT(olen < sizeof(check_buf)); - - TEST_EQUAL(olen, pem_len); - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); - } - - der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf)); - TEST_ASSERT(der_len >= 0); - - if (der_len == 0) { - goto exit; - } - - // Not testing against file, check date format - if (*cert_check_file == '\0') { - // UTC tag if before 2050, 2 digits less for year - if (not_before[0] == '2' && (not_before[1] > '0' || not_before[2] > '4')) { - before_tag = MBEDTLS_ASN1_GENERALIZED_TIME; - } else { - before_tag = MBEDTLS_ASN1_UTC_TIME; - not_before += 2; - } - if (not_after[0] == '2' && (not_after[1] > '0' || not_after[2] > '4')) { - after_tag = MBEDTLS_ASN1_GENERALIZED_TIME; - } else { - after_tag = MBEDTLS_ASN1_UTC_TIME; - not_after += 2; - } - end = buf + sizeof(buf); - for (p = end - der_len; p < end;) { - tag = *p++; - sz = *p++; - if (tag == MBEDTLS_ASN1_UTC_TIME || tag == MBEDTLS_ASN1_GENERALIZED_TIME) { - // Check correct tag and time written - TEST_ASSERT(before_tag == tag); - TEST_ASSERT(memcmp(p, not_before, sz - 1) == 0); - p += sz; - tag = *p++; - sz = *p++; - TEST_ASSERT(after_tag == tag); - TEST_ASSERT(memcmp(p, not_after, sz - 1) == 0); - break; - } - // Increment if long form ASN1 length - if (sz & 0x80) { - p += sz & 0x0F; - } - if (tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - p += sz; - } - } - TEST_ASSERT(p < end); - } - - der_len -= 1; - - ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); - TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); - -exit: - mbedtls_asn1_free_named_data_list(&ext_san_dirname); - mbedtls_x509write_crt_free(&crt); - mbedtls_pk_free(&issuer_key_alt); - mbedtls_pk_free(&subject_key); - mbedtls_pk_free(&issuer_key); - psa_destroy_key(key_id); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_WRITE_C */ -void x509_set_serial_check() -{ - mbedtls_x509write_cert ctx; - uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1]; - - USE_PSA_INIT(); - memset(invalid_serial, 0x01, sizeof(invalid_serial)); - - TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial, - sizeof(invalid_serial)), - MBEDTLS_ERR_X509_BAD_INPUT_DATA); - -exit: - ; - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */ -void mbedtls_x509_string_to_names(char *name, char *parsed_name, - int result, int may_fail) -{ - int ret; - size_t len = 0; - mbedtls_asn1_named_data *names = NULL; - mbedtls_x509_name parsed; - memset(&parsed, 0, sizeof(parsed)); - mbedtls_x509_name *parsed_cur = NULL; - mbedtls_x509_name *parsed_prv = NULL; - unsigned char buf[1024] = { 0 }; - unsigned char out[1024] = { 0 }; - unsigned char *c = buf + sizeof(buf); - - USE_PSA_INIT(); - - ret = mbedtls_x509_string_to_names(&names, name); - TEST_EQUAL(ret, result); - - if (ret != 0) { - goto exit; - } - - ret = mbedtls_x509_write_names(&c, buf, names); - TEST_LE_S(1, ret); - - TEST_EQUAL(mbedtls_asn1_get_tag(&c, buf + sizeof(buf), &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE), 0); - ret = mbedtls_x509_get_name(&c, buf + sizeof(buf), &parsed); - if ((may_fail & MAY_FAIL_GET_NAME) && ret < 0) { - /* Validation inconsistency between mbedtls_x509_string_to_names() and - * mbedtls_x509_get_name(). Accept it for now. */ - goto exit; - } - TEST_EQUAL(ret, 0); - - ret = mbedtls_x509_dn_gets((char *) out, sizeof(out), &parsed); - if ((may_fail & MAY_FAIL_DN_GETS) && ret < 0) { - /* Validation inconsistency between mbedtls_x509_string_to_names() and - * mbedtls_x509_dn_gets(). Accept it for now. */ - goto exit; - } - TEST_LE_S(1, ret); - TEST_ASSERT(strcmp((char *) out, parsed_name) == 0); - - /* Check that calling a 2nd time with the same param (now non-NULL) - * returns an error as expected. */ - ret = mbedtls_x509_string_to_names(&names, name); - TEST_EQUAL(ret, MBEDTLS_ERR_X509_BAD_INPUT_DATA); - -exit: - mbedtls_asn1_free_named_data_list(&names); - - parsed_cur = parsed.next; - while (parsed_cur != 0) { - parsed_prv = parsed_cur; - parsed_cur = parsed_cur->next; - mbedtls_free(parsed_prv); - } - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_WRITE_C */ -void x509_set_extension_length_check() -{ - int ret = 0; - - mbedtls_x509write_csr ctx; - mbedtls_x509write_csr_init(&ctx); - - unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 }; - unsigned char *p = buf + sizeof(buf); - - ret = mbedtls_x509_set_extension(&(ctx.MBEDTLS_PRIVATE(extensions)), - MBEDTLS_OID_EXTENDED_KEY_USAGE, - MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE), - 0, - p, - SIZE_MAX); - TEST_ASSERT(MBEDTLS_ERR_X509_BAD_INPUT_DATA == ret); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C */ -void oid_from_numeric_string(char *oid_str, int error_ret, - data_t *exp_oid_buf) -{ - mbedtls_asn1_buf oid = { 0, 0, NULL }; - mbedtls_asn1_buf exp_oid = { 0, 0, NULL }; - int ret; - - exp_oid.tag = MBEDTLS_ASN1_OID; - exp_oid.p = exp_oid_buf->x; - exp_oid.len = exp_oid_buf->len; - - ret = mbedtls_oid_from_numeric_string(&oid, oid_str, strlen(oid_str)); - - if (error_ret == 0) { - TEST_EQUAL(oid.len, exp_oid.len); - TEST_ASSERT(memcmp(oid.p, exp_oid.p, oid.len) == 0); - mbedtls_free(oid.p); - oid.p = NULL; - oid.len = 0; - } else { - TEST_EQUAL(ret, error_ret); - } -} -/* END_CASE */ diff --git a/tf-psa-crypto b/tf-psa-crypto deleted file mode 160000 index 0a7317cc51..0000000000 --- a/tf-psa-crypto +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 0a7317cc517bcb8a2505e43f52da6cbc40b7134b From e46d3c25fe707dfdd5fb5c9992c9fa8e06f75a5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 00:20:31 +0200 Subject: [PATCH 1073/1080] Fix import path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index 4fe7f54fc0..9645ce2b4e 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -101,8 +101,7 @@ import xml.etree.ElementTree as ET -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree +from . import build_tree class AbiChecker: From 3f06cd495c32e956d07579771a07eb2dd4306f5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 14 Oct 2025 15:09:11 +0200 Subject: [PATCH 1074/1080] Fix reporting invalid arguments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Argparse generally uses a return code of 2 for these situations. Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index 9645ce2b4e..9e396dbdc9 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -662,8 +662,7 @@ def run_main(): ) abi_args = parser.parse_args() if os.path.isfile(abi_args.report_dir): - print("Error: {} is not a directory".format(abi_args.report_dir)) - parser.exit() + parser.error("{} is not a directory".format(abi_args.report_dir)) old_version = SimpleNamespace( version="old", repository=abi_args.old_repo, From 499a9bee92be0d12c92880aac8213eae1846c237 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 00:55:01 +0200 Subject: [PATCH 1075/1080] Revert "Prevent unnecessary submodule fetches" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit https://github.com/Mbed-TLS/mbedtls/commit/0f2a4f3d1fcbcf0f298d4ae6c78c8f9fb423a17e The root cause of the issue has been patched in mbedtls-test. Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index 9e396dbdc9..d448aca5c8 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -203,25 +203,11 @@ def _update_git_submodules(self, git_worktree_path, version): stderr=subprocess.STDOUT ) self.log.debug(submodule_output.decode("utf-8")) - - try: - # Try to update the submodules using local commits - # (Git will sometimes insist on fetching the remote without --no-fetch - # if the submodules are shallow clones) - update_output = subprocess.check_output( - [self.git_command, "submodule", "update", "--init", '--recursive', '--no-fetch'], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) - except subprocess.CalledProcessError as err: - self.log.debug(err.stdout.decode("utf-8")) - - # Checkout with --no-fetch failed, falling back to fetching from origin - update_output = subprocess.check_output( - [self.git_command, "submodule", "update", "--init", '--recursive'], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) + update_output = subprocess.check_output( + [self.git_command, "submodule", "update", "--init", '--recursive'], + cwd=git_worktree_path, + stderr=subprocess.STDOUT + ) self.log.debug(update_output.decode("utf-8")) if not (os.path.exists(os.path.join(git_worktree_path, "crypto")) and version.crypto_revision): From 1fc71a32a6e310214c464e6921d2364229c459c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 01:11:35 +0200 Subject: [PATCH 1076/1080] Remove dead code related to the old crypto submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 49 ++------------------------ 1 file changed, 2 insertions(+), 47 deletions(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index d448aca5c8..bec4243864 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -193,9 +193,8 @@ def _get_clean_worktree_for_git_revision(self, version): return git_worktree_path def _update_git_submodules(self, git_worktree_path, version): - """If the crypto submodule is present, initialize it. - if version.crypto_revision exists, update it to that revision, - otherwise update it to the default revision""" + """Recursively checkout all submodules at the revision recorded in their + parent module""" submodule_output = subprocess.check_output( [self.git_command, "submodule", "foreach", "--recursive", f'git worktree add --detach "{git_worktree_path}/$displaypath" HEAD'], @@ -209,36 +208,12 @@ def _update_git_submodules(self, git_worktree_path, version): stderr=subprocess.STDOUT ) self.log.debug(update_output.decode("utf-8")) - if not (os.path.exists(os.path.join(git_worktree_path, "crypto")) - and version.crypto_revision): - return - - if version.crypto_repository: - fetch_output = subprocess.check_output( - [self.git_command, "fetch", version.crypto_repository, - version.crypto_revision], - cwd=os.path.join(git_worktree_path, "crypto"), - stderr=subprocess.STDOUT - ) - self.log.debug(fetch_output.decode("utf-8")) - crypto_rev = "FETCH_HEAD" - else: - crypto_rev = version.crypto_revision - - checkout_output = subprocess.check_output( - [self.git_command, "checkout", crypto_rev], - cwd=os.path.join(git_worktree_path, "crypto"), - stderr=subprocess.STDOUT - ) - self.log.debug(checkout_output.decode("utf-8")) def _build_shared_libraries(self, git_worktree_path, version): """Build the shared libraries in the specified worktree.""" my_environment = os.environ.copy() my_environment["CFLAGS"] = "-g -Og" my_environment["SHARED"] = "1" - if os.path.exists(os.path.join(git_worktree_path, "crypto")): - my_environment["USE_CRYPTO_SUBMODULE"] = "1" if os.path.exists(os.path.join(git_worktree_path, "scripts", "legacy.make")): command = [self.make_command, "-f", "scripts/legacy.make", "lib"] @@ -595,14 +570,6 @@ def run_main(): parser.add_argument( "-or", "--old-repo", type=str, help="repository for old version." ) - parser.add_argument( - "-oc", "--old-crypto-rev", type=str, - help="revision for old crypto submodule." - ) - parser.add_argument( - "-ocr", "--old-crypto-repo", type=str, - help="repository for old crypto submodule." - ) parser.add_argument( "-n", "--new-rev", type=str, help="revision for new version", required=True, @@ -610,14 +577,6 @@ def run_main(): parser.add_argument( "-nr", "--new-repo", type=str, help="repository for new version." ) - parser.add_argument( - "-nc", "--new-crypto-rev", type=str, - help="revision for new crypto version" - ) - parser.add_argument( - "-ncr", "--new-crypto-repo", type=str, - help="repository for new crypto submodule." - ) parser.add_argument( "-s", "--skip-file", type=str, help=("path to file containing symbols and types to skip " @@ -654,8 +613,6 @@ def run_main(): repository=abi_args.old_repo, revision=abi_args.old_rev, commit=None, - crypto_repository=abi_args.old_crypto_repo, - crypto_revision=abi_args.old_crypto_rev, abi_dumps={}, storage_tests={}, modules={} @@ -665,8 +622,6 @@ def run_main(): repository=abi_args.new_repo, revision=abi_args.new_rev, commit=None, - crypto_repository=abi_args.new_crypto_repo, - crypto_revision=abi_args.new_crypto_rev, abi_dumps={}, storage_tests={}, modules={} From 5e44f82650d670e15d8f0d8b542992db8da6fc7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 01:25:22 +0200 Subject: [PATCH 1077/1080] Log output of failed subprocesses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index bec4243864..6b46f6aaa3 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -538,12 +538,16 @@ def get_abi_compatibility_report(self): def check_for_abi_changes(self): """Generate a report of ABI differences between self.old_rev and self.new_rev.""" - build_tree.check_repo_path() - if self.check_api or self.check_abi: - self.check_abi_tools_are_installed() - self._get_abi_dump_for_ref(self.old_version) - self._get_abi_dump_for_ref(self.new_version) - return self.get_abi_compatibility_report() + try: + build_tree.check_repo_path() + if self.check_api or self.check_abi: + self.check_abi_tools_are_installed() + self._get_abi_dump_for_ref(self.old_version) + self._get_abi_dump_for_ref(self.new_version) + return self.get_abi_compatibility_report() + except subprocess.CalledProcessError as err: + self.log.error(err.stdout.decode("utf-8")) + raise err def run_main(): From d0ee3cb5ec205fe89f95f32079bdbc02f4bea59c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 02:43:52 +0200 Subject: [PATCH 1078/1080] Build library using CMake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 39 ++++++++++++++++---------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index 6b46f6aaa3..a21e0921b3 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -138,7 +138,7 @@ def __init__(self, old_version, new_version, configuration): self.check_storage_tests = configuration.check_storage self.brief = configuration.brief self.git_command = "git" - self.make_command = "make" + self.cmake_command = "cmake" def _setup_logger(self): self.log = logging.getLogger() @@ -150,6 +150,7 @@ def _setup_logger(self): @staticmethod def check_abi_tools_are_installed(): + return for command in ["abi-dumper", "abi-compliance-checker"]: if not shutil.which(command): raise Exception("{} not installed, aborting".format(command)) @@ -211,23 +212,30 @@ def _update_git_submodules(self, git_worktree_path, version): def _build_shared_libraries(self, git_worktree_path, version): """Build the shared libraries in the specified worktree.""" - my_environment = os.environ.copy() - my_environment["CFLAGS"] = "-g -Og" - my_environment["SHARED"] = "1" - - if os.path.exists(os.path.join(git_worktree_path, "scripts", "legacy.make")): - command = [self.make_command, "-f", "scripts/legacy.make", "lib"] - else: - command = [self.make_command, "lib"] + build_dir = os.path.join(git_worktree_path, "build") + os.mkdir(build_dir) + configure_output = subprocess.check_output( + [ + self.cmake_command, "..", + "-DCMAKE_BUILD_TYPE=Debug", + "-DENABLE_TESTING=OFF", + "-DENABLE_PROGRAMS=OFF", + "-DUSE_SHARED_MBEDTLS_LIBRARY=ON", + "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF", + "-DUSE_SHARED_TF_PSA_CRYPTO_LIBRARY=ON", + "-DUSE_STATIC_TF_PSA_CRYPTO_LIBRARY=OFF", + ], + cwd=build_dir, + stderr=subprocess.STDOUT + ) + self.log.debug(configure_output.decode("utf-8")) - make_output = subprocess.check_output( - command, - env=my_environment, - cwd=git_worktree_path, + build_output = subprocess.check_output( + [self.cmake_command, "--build", build_dir], stderr=subprocess.STDOUT ) - self.log.debug(make_output.decode("utf-8")) - for root, _dirs, files in os.walk(git_worktree_path): + self.log.debug(build_output.decode("utf-8")) + for root, _dirs, files in os.walk(build_dir): for file in fnmatch.filter(files, "*.so"): version.modules[os.path.splitext(file)[0]] = ( os.path.join(root, file) @@ -370,6 +378,7 @@ def _get_storage_format_tests(self, version, git_worktree_path): def _cleanup_worktree(self, git_worktree_path): """Remove the specified git worktree.""" + return shutil.rmtree(git_worktree_path) submodule_output = subprocess.check_output( [self.git_command, "submodule", "foreach", "--recursive", From c1b1d5fe5596044713d4e4f746f777d5d2d85899 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 03:19:49 +0200 Subject: [PATCH 1079/1080] Detect soname clashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The same library may be present in the same build tree, eg. libtfpsacrypto.so, which gets copied from the tf-psa-crypto/core/ to library/ during an Mbed TLS build. Make sure that the duplicated libraries are byte-for-byte identical, otherwise abort the test. Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index a21e0921b3..4bbf662d20 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -96,6 +96,7 @@ import argparse import logging import tempfile +import filecmp import fnmatch from types import SimpleNamespace @@ -237,9 +238,10 @@ def _build_shared_libraries(self, git_worktree_path, version): self.log.debug(build_output.decode("utf-8")) for root, _dirs, files in os.walk(build_dir): for file in fnmatch.filter(files, "*.so"): - version.modules[os.path.splitext(file)[0]] = ( - os.path.join(root, file) - ) + new_path = os.path.join(root, file) + path = version.modules.setdefault(os.path.splitext(file)[0], new_path) + if path != new_path and not filecmp.cmp(path, new_path, False): + raise Exception(f"The following libraries differ, but have the same soname:\n{path}\n{new_path}") @staticmethod def _pretty_revision(version): From 3d9ceefc9a16157e47fcb7ff45355cc94ab6cace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 03:56:22 +0200 Subject: [PATCH 1080/1080] Allow calling abi_check.py from tf-psa-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_framework/abi_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_framework/abi_check.py b/scripts/mbedtls_framework/abi_check.py index 4bbf662d20..f3cf489a52 100755 --- a/scripts/mbedtls_framework/abi_check.py +++ b/scripts/mbedtls_framework/abi_check.py @@ -550,7 +550,7 @@ def check_for_abi_changes(self): """Generate a report of ABI differences between self.old_rev and self.new_rev.""" try: - build_tree.check_repo_path() + build_tree.chdir_to_root() if self.check_api or self.check_abi: self.check_abi_tools_are_installed() self._get_abi_dump_for_ref(self.old_version)